Hello to everyone. I have a simple question but it's very hard for me to find the answer, I have 2 organizations in the 2 forests: One forest called WEST.LOCAL and the Second forest called CENTER.LOCAL, and of course there is a 2 exchange servers in those forests. There is a R70 firewall between two forests, the 3rd leg of R70 goes to DMZ where the EDGE server is, after the EDGE there is a router+modem to the internet. my question is: How can i configure exactly the two forests and the two exchange servers that i could send and receive emails between two forests??? and how can i send receive emails to and from the internet??? 10x.eternals81

2 steps. 1. First you need to set up your edge and HT's in each org to be able to send and receive internet email. You need to ensure you have all the pre-reqs set up such as publshing your mx records in public DNS and opening port 25 to your edge and edge to HT Configure Mail Flow Between an Edge Transport Server and Hub Transport Servers Without Using EdgeSync http://technet.microsoft.com/en-us/library/bb232082.aspx Once you have confirmed each edge server can send\receive internet in theory you don't need to do anything else for each forest to send and receive email to each other because each org will just use mx dns lookup to send. However you can create smtp connectors to directly send to each forest using smarthosts. Configure Cross-Forest Connectors http://technet.microsoft.com/en-us/library/bb123546.aspxJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

First of all i want to thank you for giving me a good answer, i learned a lot from it. I did every thing you have linked me except the cross-forest connector between Exchange 2010 servers using external authentication because i have one exchange 2007 and one exchange 2010. Second, the email could not arrived to another forest, when i opened a queue viewer it giving me this error on the second row is West.local(next hop domain)-SmartHostConnectorDelivery(Delivery Type),the first row is the submission(next hop domain) witch is undefined(Delivery Type): "451 4.4.0 Primary Target IP address responded with 454 4.7.5 Certificate Validation Failure....Attempted failover to alternative host but that did not succeed. Either there are no alternative hosts or delivery failed to all alternative hosts". If you have any idea how to solve it please let me know. love you all.eternals81

And what about other tabs of the hub transport in the organization configuration (accepted domain, email address policies, transport rules, Edge subscription, journal rules, remote domains,global settings), how should i configure them??? And what about the other tabs of the Edge Transport(accepted domain,transport rules, anti spams), how should i configure them??? 10x again to everyone. love you all.eternals81

Set the authentication to none unless you really want to set up forest to forest authentication for sending email which is not necessarily. That error is because it's trying to perform certificate based authentication. Go to the connector, click the network tab, click the change button and select none. Then try sending each other email. Also were you able to get both your forest to at least send\receive internet email? Also you need to ensure you have all your SSL certs set up for both forests. You need to purchase 2 certs with the following subject names: mail.company1.com autodiscover.company1.com hostname.company1.com (optional) mail.company2.com autodiscover.company2.com hostname.company2.com (optional)James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Yesssss, thanks it is working now but i can only check between two forests. for your question: no, i did not even tried to send or receive email to from the internet because i guess i should pay the DNS services in my provider, am i right??? How to set up my SSL certs for my both forests??? how do i do it?? thanks again, you are the greatest people!!!eternals81

Yes you need to purchase your DNS names with a provider than publish the DNS records for your mail servers. The same provider can also issue your certs depending on the provider such as godaddy. You need to send the provider your cert request. http://exchangeserverpro.com/configure-an-ssl-certificate-for-exchange-server-2010James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

What do you mean purchasing DNS names? How to publish DNS records for my mail servers?eternals81

do you already own domains for these exchange orgs? www.company1.com www.company2.com? If not you will need to purchase the domain, go to godaddy.com and enter your domain name you wish to choose and see if it is available to purchase. Once you purchase the domain you will be provided an account and pw to log into their manage domain console to add the DNS records for your mail server.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Do you have an example or link how to do it??eternals81

To set up mx records use instructions below. The steps will differ depending on the provider you go with but are pretty similar nonetheless. As far as purchasing domains you can contact their 800 number and they will be able to assist you in your requirements. Managing DNS for Your Domain Names http://support.godaddy.com/help/680?locale=en James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

hi, Any update? Please remember to mark as answer. thanks,CastinLu TechNet Community Support