I’ve been seeing a few common questions regarding Edge Transport servers lately so I thought I would put the answers all in one place, as they all basically relate to the same underlying point about how EdgeSync works.
Q: Why does my Edge Transport server have a little blue icon on it?
A: It is the warning for the trial period running out. To fix it, use the Exchange management tools on the Edge Transport server to apply your product key, then recreate the Edge subscription.
Q: Why does my Edge Transport server have the wrong version number displayed?
A: The version number displayed is the one that was written to Active Directory at the time the Edge subscription was created. Because EdgeSync is a one way process, the version number does not update as you update the Edge Transport server to newer versions. If you want the version number to reflect the current value, recreate the Edge subscription.
Q: Why can’t I manage Exchange Certificates for my Edge Transport server in the management console?
A: Certificates for the Edge Transport server can only be managed using the management tools on the Edge Transport server.
Q: What, do you mean I have to recreate the Edge subscription just for little things like product keys and version numbers?
A: No, you don’t have to. If the blue icon and incorrect version number aren’t bothering you or causing you any administrative pain then you can just leave it alone.
Just remember that EdgeSync is a one-way process in which data is synchronized to the Edge Transport server. The Edge Transport server typically sits in a secure perimeter network where it is exposed to the internet to some degree. Allowing such a server to write changes back into the Active Directory would be a security risk.
To demonstrate, the screenshot above was taken when my Edge Transport server already had a product key applied and had already been updated to Exchange Server 2010 SP3, as you can see here when viewed using the Exchange management console on the Edge Transport server itself.
After recreating the Edge subscription, the view of the Edge Transport server reflects the current version number and license status.
More about the Edge Transport server role:
- Exchange 2010 Edge Transport Server Introduction
- Installing an Exchange Server 2010 Edge Transport Server
- Exchange 2010 Edge Transport Server: Configuring EdgeSync
- Exchange 2010 Edge Transport Server Backup and Recovery
- How to Manage AD LDS on an Edge Transport Server with ADSIEdit
- MSExchange EdgeSync Service Won’t Start and Event ID 1045 is Logged
- A Guide to Back Pressure in Microsoft Exchange Server
- Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
- NDR 550 5.5.1 User Unknown for Internal Relay Domain
- Exchange 2010 Edge Transport Server: Configuring IP Block List Providers
It seems as though there is no way in EMC to manage certs on the edge servers and trying to import new certs via EMS fails with access denied. Do you know if this is normal? I don’t know how to get a new cert installed.
“Allowing such a server to write changes back into the Active Directory would be a security risk” – I like that – how about Microsoft design for CAS server – DMZ not suported … well, well … Allowing such design is insane at best …
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
It isn’t so much that CAS is not supported in a DMZ, rather that firewalling the CAS from the rest of the Exchange servers and DCs it needs to talk to is not supported.
More info here:
http://blogs.technet.com/b/exchange/archive/2013/02/18/exchange-firewalls-and-support-oh-my.aspx
After recreating the EDGE-sync, now everything is perfect
But, when i go logging to EDGE server and go to properties of EDGE server i see i have product ID and its not trial version ?
can you please help me is there is any other way to check about the licences, still receiving and sending email is working fine .
The Real Person!
Author Paul Cunningham acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.
So what you’re saying is, when you look at the Exchange Management Console on the Edge Transport server, you see no little blue icon because the server has had a product key applied to it.
But when you look at the Exchange Management Console on one of the other servers, the Edge Transport server is showing the little blue icon?
Thank you Paul