392 Chapter 7 • Managing the Edge Transport Server 9. When you have selected the Edge Transport server role as well as the installation path, click Next. If the readiness check completes without any issues, you can begin the installation by clicking the Install button. The Installation Wizard will now copy the required fi les and then begin the installation. Since the server on which the Edge Transport role exists is a standalone machine that doesn’t belong to an Active Directory forest, and since this type of installation is pretty small, the installation process will complete relatively fast. 10. When the installation has completed, click Finish. Verifying Deployment Now that the Exchange 2007 Edge Transport server role has been properly installed, you’re faced with several tasks that need to be completed before you’re done. The fi rst task on the list is to verify the installation and review the server setup logs. If the installation process fails or errors occur during the installation, it’s a very good idea to follow the suggestions to track down the source of the problem (reviewing the setup logs, confi rming that events 1003 and 1004 appear in the Application log, and checking that all required services are installed as well as operating in the correct startup mode and so on), but if the installation process completes without any issues, you can move right on to the next task on the list. Creating and Importing an Edge Subscription File This task is perhaps the most interesting one of them all; it’s the task where you subscribe the edge transport server by establishing a one-way replication of recipient and confi guration information from the Active Directory service to ADAM using the EdgeSync service (see Figure 7.13). The EdgeSync service makes it a rather painless process to confi gure the edge transport server so that you can take advantage of its full feature set. Figure 7.13 One-Way Replication with the EdgeSync Service Firewall Edge Transport Firewall Perimeter Network EdgeSync ADAM Internal Network Hub Transport Domain Controller EdgeSync AD Managing the Edge Transport Server • Chapter 7 393 To confi gure an edge transport server subscription, you need to perform the following steps: 1. Export the edge transport server to an XML fi le using the New-EdgeSubscription CMDlet. To do so, open the Exchange Management Shell (EMS), type New-EdgeSubscription –fi le “C:\EdgeSubscriptionFile.xml” (or whatever you want to name the fi le; the name of the fi le doesn’t have any impact on anything), and press Enter, as shown in Figure 7.14. SOME INDEPENDENT ADVICE Although the recommended method for establishing end-to-end mail fl ow between the Edge Transport server(s) and the Hub Transport servers within the Exchange organization is to create an edge subscription for the Edge Transport server, you can also do so by manually creating and confi guring the Send connectors (that the EdgeSync service creates automatically). Although this will establish working end-to-end mail fl ow between the Edge Transport server(s) and the Hub transport server(s), you should bear in mind that you cannot use the recipient lookup feature or safe list aggregation, because these features require that the Edge Transport server has a subscription to the organization. NOTE When you run the New-EdgeSubscription CMDlet, an ADAM account is created as well. This account is used to secure Lightweight Directory Access Protocol (LDAP) communications during data transfer. The credentials for the account are also retrieved when you run the CMDlet Figure 7.14 Creating a New Edge Subscription File 2. You now need to confi rm that you really want to create an edge subscription, since this process makes certain confi gurations of the Edge Transport server so that it’s ready to be to managed via EdgeSync. Because this is exactly what you want to do, type Y and then press Enter. 394 Chapter 7 • Managing the Edge Transport Server 3. Since the XML fi le, which you can see in Figure 7.15, saved in the root of the C: drive needs to be imported on a Hub Transport server, you need to transfer the fi le to a Hub Transport server in the Exchange 2007 organization. You could do so by copying the fi le to a diskette or, perhaps even smarter, by using the Disk Drives feature in a Remote Desktop Connection client (if you have enabled Remote Desktop on the Edge Transport server and have TCP port 3389 open in the fi rewall between the parameter network and the internal network). Figure 7.15 The Edge Subscription XML File WARNING Any accepted domains, message classifi cations, remote domains, and send connectors will be overwritten when you make a new edge subscription fi le. Also bear in mind that the Internal SMTP Servers list (a list of all internal SMTP server IP addresses or IP address ranges that should be ignored by the Sender ID and Connection fi ltering agents) of the TransportConfi g object will be overwritten during the synchronization process. In addition, the Management Shell tasks that manage these types of objects will be locked out on the edge transport server, which means that you need to manage those objects from within the organization and then have the EdgeSync service update the edge transport server. When you run the New-EdgeSubscription CMDlet on a newly installed Edge Transport server, this information can be ignored, since you haven’t confi gured anything manually on the server yet. Managing the Edge Transport Server • Chapter 7 395 4. When the fi le has been transferred to a Hub Transport server, you need to import it by opening the Exchange Management Console (EMC), expanding the Organization Confi guration node, and selecting Hub Transport. NOTE To import the Edge Subscription fi le on a Hub Transport server, you must log on with an account that is local Administrator on the respective Hub Transport server as well as belonging to the Exchange Organization Administrators group. 5. Now click the Edge Subscriptions tab (see Figure 7.16). Figure 7.16 The Edge Subscriptions Tab on the Hub Transport Server 396 Chapter 7 • Managing the Edge Transport Server 6. Since you have to create a new edge subscription, click New Edge Subscription in the Action pane (or if you prefer, right-click somewhere in the Work pane and select New Edge Subscription in the context menu). NOTE Importing the Edge Subscription fi le will establish an authenticated communication channel as well as completing the edge subscription process by beginning an initial replication. The Send connector, which is used when messages are sent to the Internet via the Edge Transport server, is created by default. In addition, the EdgeSync service will replicate the Send Connector confi guration, accepted domains, remote domains, and safe sender lists as well as recipient data (SMTP address including contacts, distribution lists, and proxy addresses) from Active Directory to the ADAM store. NOTE If your Active Directory topology consists of multiple Active Directory sites, it’s recommended that you import the Edge Subscription fi le on a Hub Transport server that is located in the site that has the best network connectivity to the perimeter network (the DMZ or screened subnet) in which the Edge Transport server is deployed. 7. You will now be taken to the New Edge Subscription Wizard, where you have to specify the Active Directory site in which the Edge Transport server will become a member. If you have only one site, select Default-First-Site-Name. If your Exchange organization is deployed across multiple sites, click the drop-down list and choose the respective site. 8. Now specify the location of the Edge Subscription fi le by clicking Browse and then New (see Figure 7.17). 9. Wait for the New Edge Subscription Wizard to complete and then click Finish. . required fi les and then begin the installation. Since the server on which the Edge Transport role exists is a standalone machine that doesn’t belong to an Active Directory forest, and since this. rming that events 1003 and 1004 appear in the Application log, and checking that all required services are installed as well as operating in the correct startup mode and so on), but if the. anything), and press Enter, as shown in Figure 7.14. SOME INDEPENDENT ADVICE Although the recommended method for establishing end-to-end mail fl ow between the Edge Transport server(s) and the Hub