you can just test if the port is open with a tool, like nmap or other tools, and it seems that he tested all the requierments, one of them is the port TCP 50636 is open between Mailbox Server(s) and the Edge Server.

How did you find that?

I am migrating from Exchange 2010 to 2016. I am confused with Edge role on Exchange 2016 in regards to its secure communication, everywhere documentation states that it needs port 25 for standard SMTP communication but there is no straighforward guideline how Exchange 2016 Edge establishes secure communication with other external mail servers using TLS (secure email delivery between mail servers) or with clients trying to authenticate to SMTP over TLS (e.g. scan to email devices). Can Edge use port 587 for secure SMTP communication or does it use port 25 for TLS? Previously on Exchange 2010 I forwarded all secure SMTP traffic on port 587 to Exchange 2010 CAS. Where should I forward port 587 now (Edge or Mailbox server)? Should I use and can I use public wildcard SSL certificate (*.companydomain.com) on new 2016 Edge server and assign it to SMTP services? If certificate is renewed does it need Edge subscription recreation as per article https://itblog.ldlnet.net/index.php/2019/01/25/update-edge-server-certificate-in-a-hybrid-exchange-environment/ ?

DNS Failed to resolve domain.

‘[{LED=};{MSG=};{FQDN=};{IP=};{LRT=}]’.

I attempt to re-subscribe the 2nd edge server, and it gives me this error:

EdgeSync requires that the Mailbox servers in Active Directory site SiteXYZbe able to resolve the IP address
for EDGE-SERVER.Domain.Com and be able to connect to that host on port 50636.

From one of my exchange servers, I can telnet to the edge server over port 50636 successfully.
ADAM is running on the edge server without issue.

Any suggestions?

i have problem with DSN emails. All DSN email are failed on edge server with error: RecipientStatus: {[{LRT=};{LED=550 5.7.1 Not authorized};{FQDN=};{IP=}]}. What to configure on edge or hub transport server to allow DSN emails?
We have 1 edge server and 1 Hub/CAS/MBX server. Both Exchange 2013.

Always great and clear instructions and articles. Wanted to offer a possible edit to the above as I ran into an error creating the Edge subscription XML file using your suggested command. I had to launch the Exchange Management Shell using the “Run As Administrator” option before the command would complete successfully. When I ran the Shell not as an admin (even though logged in as a domain admin to the Edge server), it game me an error saying something along the lines of “couldn’t create certificate in the AD LDS store, access is denied”. But when running the Shell as administrator, worked just fine.

Thanks again for your great documentation!

Jay

My deployment is as follow:

– One Mailbox Exchange server 2016

– One Edge Server 2016 in the DMZ

– One TMG 2010 SP2 to handle the web part of my Exchange.

Since yesterday, i’m able to send mail from inside to outside, but can’t receive from outside, because it’s stuck in queue at my edege level.

I have a firewall in front of my edge server 2016. The underlining firewall is configure to NAT my mail.domain.cm port 25 to my edge server 2016; and it’s doing it well because i can telnet on port 25 from the firewall to my edge, and i can also telnet from my edge to my Mailbox Exchange Server 2016, but the mail didn’t go trough the Mailbox Exchange Server.