for the past one week we have not been able to recieve nor send mail within/outside our network. from the event log if find the error message below. i have check our firewall for the closed ports and they are ok, i also check the send connection in the edge server and is ok. so can anybody help pls

Failed to connect to the Edge Transport server ADAM instance with exception The supplied credential is invalid..  This could be caused by a failure to resolve the Edge Transport server name EXCH-EDGE.nddc.gov.ng in DNS, a failure trying to connect to port 50636 on EXCH-EDGE.nddc.gov.ng, network connectivity issues, an invalid certificate, or an expired subscription.  Verify your network and server configuration.

Check the ADAM service is running under which account

By default it should be network if its running in a different account check if the password of that account is expired

Hi,

According to the error message, it indicate that the Microsoft Exchange EdgeSync service did not validate the future replication account credentials that are required to replicate Active Directory data to the Edge Transport server.

It might be caused by DNS, certificate and network connectivity as error description mentioned. We need to check them one by one.
Firstly, confirm network connectivity and DNS:
1. Check port 50636 is open between the hub and edge. Do telnet tests and confirm and check with network team if firewall is allowing this.
2. In the host of the edge, put in an entry so that is can resolve the HUB FQDN
3. Check DNS resolution from both the HUB and Edge, make sure they can resolve each other.

Secondly, check the services on HUB and Edge server:
1. Restart the following services on HUB Transport Server
   Microsoft Exchange EdgeSync
   Microsoft Exchange Transport
2. Restart the following services on Edge Server
   Microsoft Exchange ADAM
   Microsoft Exchange Credential service
   Microsoft exchange Transport

Lastly, use get-exchangecertificate | FL to confirm if the certificate meet the FQDN of Edge Server, if it has been enabled for SMTP service.  If not, then it could be the certificate related issue. You can refer to the Felix post in similar thread to solve the problem: https://social.technet.microsoft.com/Forums/en-US/4349b146-ad6e-44a2-9d3e-52158eee8a5d/edgesync-errors?forum=exchangesvrsecuremessaginglegacy

Hi,

According to the error message, it indicate that the Microsoft Exchange EdgeSync service did not validate the future replication account credentials that are required to replicate Active Directory data to the Edge Transport server.

It might be caused by DNS, certificate and network connectivity as error description mentioned. We need to check them one by one.
Firstly, confirm network connectivity and DNS:
1. Check port 50636 is open between the MBX and Edge. Do telnet tests and confirm and check with network team if firewall is allowing this.
2. In the host of the Edge, put in an entry so that is can resolve the MBX FQDN.
3. Check DNS resolution from both the MBX and Edge, make sure they can resolve each other.

Secondly, check the services on MBX and Edge server:
1. Restart the following services on MBX Server
   Microsoft Exchange EdgeSync
   Microsoft Exchange Transport
2. Restart the following services on Edge Server
   Microsoft Exchange ADAM
   Microsoft Exchange Credential service
   Microsoft exchange Transport

Lastly, use get-exchangecertificate | FL to confirm if the certificate meet the FQDN of Edge Server, if it has been enabled for SMTP service.  If not, then it could be the certificate related issue. You can refer to the Felix post in similar thread to solve the problem: https://social.technet.microsoft.com/Forums/en-US/4349b146-ad6e-44a2-9d3e-52158eee8a5d/edgesync-errors?forum=exchangesvrsecuremessaginglega

First if i telnet port 50636 from edge server to hub transport server i.e. on edge server: telnet hub trans ip 50636, it does not open but if i telnet from hub transport server to edge it opens\ i.e. on hub trans server: telnet edge server ip 50636, it opens. so could tht be the problem? also how to i Check DNS resolution from both the servers

TCP port 50636  should be open only from hub to Edge server. Do not open these ports on perimeter firewall and vice versa from edge to hub. These ports should be open only on intranet firewall.

I Ran into this same error message 6 months back and the issue was the ADAM service which was runining

I suspect the above issue is not because if the certs and ports, its an issue with credentials. EdgeSync uses ADAM credentials to connect to the edge server, and those are periodically changed by the "Edge Credential Service" running on the edge server. 

I suspecting and im very much sure that service is not running now on your computer because the credentials are not updated
 

Below are my suggestions 

1. Make sure the credential service is up and running on the edge. 
2. If the service is not running then Create a new subscription file by calling new-edgesubscription again. 
3. Reimport the subscription. 
4. Call start-edgesynchronization immediately after you subscribe. 

 
Let me know if the above works

credential services, ADAM services, transport services are all running. i have created, imported the new edgesubscription manually called it but yet the mailing is not dropping.

however, currently it can send mail outside the network but cannot recieve.