Thanks for taking the time to read this.

I'm trying to wrap my head around some of the Exchange 2013 concepts.  

I currently have an Exchange 2013 Server in the LAN.

I also have an Edge Transport Server in the DMZ.

I subscribed the Edge Transport Server to the Exchange 2013.

It sends mail out, without issue.

Inbound email does not work.  I believe I know why...

The Edge Transport Server has a single Receive Connector (When I type Get-ReceiveConnector it shows one Receive Connector only with the name of EdgeInternal)   I had removed the defaults, and created this EdgeInternal to handle anonymous email from the Internal network.  Since this doesn't accept emails from non-internal IP addresses, it denies email from the outside.  So I am of the mind that I need another ReceiveConnector on the Edge Transport Server.  (Which was probably the default)

Now, I can create a new ReceiveConnector on the Edge Transport Server.  That is no problem.  But, when I look at the Exchange 2013 Mailbox Server's Admin page, I notice that in Mail Flow -> Receive Connectors that I have multiple Receive Connectors there that the Edge Transport server does not have.  But these are assigned to the "FrontendTransport" according to the Mailbox Server admin page.

So why don't these show up in the Edge Transport Get-ReceiveConnectors?  Obviously they aren't there.

I pretty much expect that I'm doing something wrong here...

Do I remove all of the Edge Transport Receive Connectors in the Edge Transport Shell?  And does it then default to the rules that are setup in the Mailbox server?  

Or, is there something I need to do to synchronize the receive connectors (Probably all the connectors) with the Edge Transport Server?

I'm missing something fundamental here on how this is supposed to work and I'm hoping one of you guru's can clue me in.

Thanks!

Kevin J Baird

Have you gone through the process to sync the Edge Servers with your Exchange Org?

https://technet.microsoft.com/en-us/library/Aa997438(v=EXCHG.150).aspx

Yes, it is subscribed.

None of these are visible on the Transport Server when I do a Get-ReceiveConnector.  However, when I force a sync, the sync goes through without error.  Email is sent out without error.  It's like the connectors aren't syncing to the Edge Transport Server.

• Edited by Kevin J Baird 14 hours 6 minutes ago More clarity...

Yes, it is subscribed.

None of these are visible on the Transport Server when I do a Get-ReceiveConnector.  However, when I force a sync, the sync goes through without error.  Email is sent out without error.  It's like the connectors aren't syncing to the Edge Transport Server.

• Edited by Kevin J Baird Friday, August 28, 2015 5:24 PM More clarity...

Yes, it is subscribed.

None of these are visible on the Transport Server when I do a Get-ReceiveConnector.  However, when I force a sync, the sync goes through without error.  Email is sent out without error.  It's like the connectors aren't syncing to the Edge Transport Server.

• Edited by Kevin J Baird Friday, August 28, 2015 5:24 PM More clarity...

Hi,

Because the Edge Transport server is installed in the perimeter network, it's never a member of your organization's internal Active Directory forest and doesn't have access to Active Directory information. So I think we don't create the connector on the edge server.

https://technet.microsoft.com/en-us/library/bb124701(v=exchg.160).aspx

Please try to telnet port 25 to check if it can connect to mail.contoso.com.

In addiction, I suggest we can do an mail flow connectivity test with https://testconnectivity.microsoft.com/

Regards,

David 

David,

  The technet link you provided specifically says...

"Edge Transport servers handle all inbound and outbound Internet mail flow"

When the sync process runs, according to all the documentation I've read, it is supposed to create the Receive Connector and sync them with the setup on the Mailbox server.  So if I add one on the Mailbox server (Which it shows them on the Mailbox server, as my screenshot above shows.) it is supposed to Sync them to the Edge Transport Server.

That does not happen for me.  It says sync is fine, I ran a sync manually, it says it ran fine.  No errors in the Event Log.  It simply doesn't sync the Receive Connectors.

I exported the XML subscription file again, and imported it on the mailbox server.  Same problem.  Receive connectors don't sync.

Just for the record, this is a vanilla setup.  New servers.  Nothing else on them them but Exchange.  No other Exchange Servers.  

I don't know what else to look at, since nothing is reporting an error.  It just doesn't sync those connectors.  Weird...

• Edited by Kevin J Baird 16 hours 22 minutes ago

David,

  The technet link you provided specifically says...

"Edge Transport servers handle all inbound and outbound Internet mail flow"

When the sync process runs, according to all the documentation I've read, it is supposed to create the Receive Connector and sync them with the setup on the Mailbox server.  So if I add one on the Mailbox server (Which it shows them on the Mailbox server, as my screenshot above shows.) it is supposed to Sync them to the Edge Transport Server.

That does not happen for me.  It says sync is fine, I ran a sync manually, it says it ran fine.  No errors in the Event Log.  It simply doesn't sync the Receive Connectors.

I exported the XML subscription file again, and imported it on the mailbox server.  Same problem.  Receive connectors don't sync.

Just for the record, this is a vanilla setup.  New servers.  Nothing else on them them but Exchange.  No other Exchange Servers.  

I don't know what else to look at, since nothing is reporting an error.  It just doesn't sync those connectors.  Weird...

• Edited by Kevin J Baird Monday, August 31, 2015 3:06 PM

David,

  The technet link you provided specifically says...

"Edge Transport servers handle all inbound and outbound Internet mail flow"

When the sync process runs, according to all the documentation I've read, it is supposed to create the Receive Connector and sync them with the setup on the Mailbox server.  So if I add one on the Mailbox server (Which it shows them on the Mailbox server, as my screenshot above shows.) it is supposed to Sync them to the Edge Transport Server.

That does not happen for me.  It says sync is fine, I ran a sync manually, it says it ran fine.  No errors in the Event Log.  It simply doesn't sync the Receive Connectors.

I exported the XML subscription file again, and imported it on the mailbox server.  Same problem.  Receive connectors don't sync.

Just for the record, this is a vanilla setup.  New servers.  Nothing else on them them but Exchange.  No other Exchange Servers.  

I don't know what else to look at, since nothing is reporting an error.  It just doesn't sync those connectors.  Weird...

• Edited by Kevin J Baird Monday, August 31, 2015 3:06 PM

  That's the point of this post.

It is not syncing the receive connectors to the Edge Transport Server.

As shown in the screenshot above, the Edge Transport Server is subscribed to the Mailbox server.

The Receive Connectors exist in the admin console.  (Again, shown in the screenshot above.)

They do not exist on the Edge Transport Server.  

If I run the sync manually, and force an update.  It still does not sync the Receive Connectors.

If you are experienced with this configuration and know what you're doing, contact me directly and I'll give you RDP access into both servers, and you can see this for yourself, and/or potentially identify the problem.  As I'm stumped.

Hi Kevin,

did you try https://testconnectivity.microsoft.com/ to see where the problem is?

keep in mind your edge server needs 2 nic's , one on the public side and one on the internal lan.

have a look on this website.

http://www.exchangeranger.com/2014/10/how-to-install-and-configure-exchange.html

• Proposed as answer by Jörg-Devoteam 13 hours 33 minutes ago

Yes, I tried https://testconnectivity.microsoft.com

It said this...

"The server returned status code 530 - The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.7.1 Client was not authenticated"

That is because THE RECEIVE CONNECTORS AREN'T SYNCING!

I'm not sure about the need for two NICs.  My Mailbox server can see the Edge Transport server fine.  But I'll go ahead and connect another one and try a forced sync again and see if that works.  For the record though, the DMZ is open to the LAN completely.  And the LAN has a hole in it for port 25 from the DMZ.  None of the documentation I've read calls for a second NIC card, but I'll give it a shot.

have a look on this article about creating the send and receive connectors

https://technet.microsoft.com/en-us/library/bb232082(v=exchg.150).aspx

Kevin,

are you able to do a ping from your edge server to the mailbox server?

Ok, I added the other NIC to the LAN side.  And the Receive Connectors still do not sync...

Here is what it says when I perform the sync on the Mailbox server.

* * *

***

It says success, and the name is EDGE, which is the name of the Transport Server.  No errors.

Here is what happens on the EDGE Transport Server when I Get-ReceiveConnectors

* * *

***

These two (EDGE and Default Frontend EDGE) I created myself on the Edge server.  The ones that were created on the Mailbox Server as seen above in the second response in this thread, have not carried over.  They don't sync, either direction.

I have tried to subscribe, twice.  It works fine.  It just doesn't sync.  Really strange...

Kevin,

are you able to do a ping from your edge server to the mailbox server?

An Edge subscription doesn't sync all of the receive connectors on the internal servers. Otherwise, if you set up internal relays they would be propagated to the outside world.

I'm pretty sure that an Edge subscription only configures the necessary receive connector on the Edge server to receive securely from the internal Hub Transport servers. It probably relies on the default receive connector on the Edge server to get Internet mail.

This document specifies exactly what's created: https://technet.microsoft.com/en-us/library/Aa997438%28v=EXCHG.160%29.aspx

have a look on this article about creating the send and receive connectors

https://technet.microsoft.com/en-us/library/bb232082(v=exchg.150).aspx

An Edge subscription doesn't sync all of the receive connectors on the internal servers. Otherwise, if you set up internal relays they would be propagated to the outside world.

I'm pretty sure that an Edge subscription only configures the necessary receive connector on the Edge server to receive securely from the internal Hub Transport servers. It probably relies on the default receive connector on the Edge server to get Internet mail.

This document specifies exactly what's created: https://technet.microsoft.com/en-us/library/Aa997438%28v=EXCHG.160%29.as

Yes, the Edge should accept email from anyone without authentication. That's your requirement to receive Internet mail.

Then it forwards the mail internally if it has a valid recipient for an authoritiative domain.

Hi Kevin,

did you try https://testconnectivity.microsoft.com/ to see where the problem is?

keep in mind your edge server needs 2 nic's , one on the public side and one on the internal lan.

have a look on this website.

http://www.exchangeranger.com/2014/10/how-to-install-and-configure-exchange.html

• Proposed as answer by Jörg-Devoteam Tuesday, September 01, 2015 5:56 PM

Thanks Byron, I marked you as having the answer.  I ultimately recreated the Internet Receiver myself, and everything started working fine.  I was under the assumption that I might have to do this (As mentioned in the original posting) but wasn't clear on whether the Receive Connectors sync.  Now I know they do not.  So all is well and good.

Thanks agian