Need Help on Internet Mail with Edge Subscription

Status
Not open for further replies.
S

SickNick2020

I have had Exchange 2010 on Windows Server 2008 set up internally and I am now setting it up for external mail for the first time. I am very new to e-mail servers and it seems to me exchange is one of the more complicated ones to set up to do external mail. Here is what I have done so far.
For one thing I have managed to send e-mail to my @gmail.com account with just a typical exchange setup (hub transport). I went on and set up a new machine with Windows Server 2008 and set up an Edge Transport server. Successfully installed it, along with Forefront.
I exported the Edge Subscription with

New-EdgeSubscription -FileName "C:\EdgeSubscriptionInfo.xml"
I then moved that file to the main exchange server and did a "New Edge Subscription" the site I gave it was "Default-First-Site-Name" that was the default it created I guess. And then I gave it the file and created a new subscription with send connectors.
I have added in my hub transport, accepted domains as *. Shoudld the IP point to the typical or to edge?
I have also enabled the default email address policy.
The target focus I have right now is I cannot communicate with Edge.
In my router I have this set up
50389, 50636, 389, 143, 110, 25 -> Edge Transport
80, 443, 53 -> Typical Exchange Server
I cannot send or recieve emails. When I run Start-EdgeSynchronization
I get "The LDAP server is not available."
I have ran into a bit of a brickwall here and wanted some help. I am not sure what I am doing wrong.
Thank you in advance.
 
M

Mike Crowley



Responses inline below:

I have had Exchange 2010 on Windows Server 2008 set up internally and I am now setting it up for external mail for the first time. I am very new to e-mail servers and it seems to me exchange is one of the more complicated ones to set up to do external mail. Indeed! Here is what I have done so far.
For one thing I have managed to send e-mail to my @gmail.com account with just a typical exchange setup (hub transport). I went on and set up a new machine with Windows Server 2008 and set up an Edge Transport server. Successfully installed it, along with Forefront.

Great. Not required for mail flow, but this will offload smtp processing as well as provide additional security
I exported the Edge Subscription with
New-EdgeSubscription -FileName "C:\EdgeSubscriptionInfo.xml"
I then moved that file to the main exchange server and did a "New Edge Subscription" the site I gave it was "Default-First-Site-Name" that was the default it created I guess. And then I gave it the file and created a new subscription with send connectors.

Correct. This assumes you have not gone into AD to give your site a more meaningful name.
I have added in my hub transport, accepted domains as *.

You should only add accepted domains for domains you accept mail for. J for example I accept mail for @mikecrowley.us. This is about inbound, not outbound.

Shoudld the IP point to the typical or to edge?

Accepted domains don"t “point” anywhere. Do you mean you"ve also created a connector for an accepted domain? This should not be necessary. The edge sync process creates all the connectors you"ll need automatically.
I have also enabled the default email address policy.
The target focus I have right now is I cannot communicate with Edge.
In my router I have this set up
50389, 50636, 389, 143, 110, 25 -> Edge Transport

110 is to be sent to CAS server – not edge. And that"s only if you"re doing pop3
80, 443, 53 -> Typical Exchange Server

Do not need 53. That is dns. In fact you"d really only want 443. (unless you meant 53 from your edge server to a dns server)
I cannot send or recieve emails. When I run Start-EdgeSynchronization
I get "The LDAP server is not available."

You run the Start-EdgeSynchronization from the HT, right? Not the edge server itself.
I have ran into a bit of a brickwall here and wanted some help. I am not sure what I am doing wrong.

I"m worried you"ve made changes to things that has broke mail flow. The default edge connectors are sufficient, and you"r accepted domain configuration might create a mail loop. For now, remove all non-edge connectors and accepted domains and see if you can send to the internet through edge. Then we can tackle the inbound side of things.
Thank you in advance.


Mike Crowley
Check out My Blog!
 
S

SickNick2020



Thank you so much for replying so quickly. So at the moment I am probably going to go into the office tomorrow where nobody will be there and have some downtime with the server. At the moment my gateway is my linksys router and I have that handling dhcp dns and nat. I have ran into many troubles with the domain controller. I could ping all my servers but could not perform a successful nslookup, generally my whole DNS setup was a mess. Active Directory is currently set up on the exchange server. FYI I am running a very powerful server which I have Hyper-V installed for virtual machines.

I was basically thinking of overhauling my whole virtual server setup to hopefully de-clutter things and get things in order. I was thinking of setting up a DHCP,DNS,NAT and Active Directory on one server and using it as my gateway. Then next set up another server with a typical exchange setup. And another server with Edge Transport on it.

Before I go too deep, let me know what you think of this set up. I am definitely going to run into some confusion with port forwarding with what goes where, plus I never did port forwarding from a server only a router.

Any tips would be greatly appreciated. Thank you again
 
M

Mike Crowley



In your case I would recommend SBS 2008 instead of all that you're trying to do and figure out. It's an out of the box product that has Active Directory 2008 and Exchange 2007 configured and working for you.

See more here:
http://microsoft.com/sbs

Mike Crowley
Check out My Blog!
 
S

SickNick2020



I never looked into that, that definitely looks like a cool product, but for now since I have the software and I don't want to really spend any more on software, I much rather go with what I already have. As you can tell my experience is minimal, I am still a student.

I have done many installations with Windows Server 2003, 2008, and Linux regarding DHCP,DNS,NAT,Active Directory, and LDAP, so I am not really worried about that part of the set up.

When it comes to Exchange, I am completely new to it. I had it working perfectly fine but without internet email. That's all I really want to add to it but I figured let me set up all the other stuff separate just for the sake of being organized and to be more "at home" with some configurations.

Sorry if I am sounding a bit thick headed lol. But I am still taking any tips and suggestions. Thank you again
 
M

Mike Crowley

I have done many installations with Windows Server 2003, 2008, and Linux regarding DHCP,DNS,NAT,Active Directory, and LDAP, so I am not really worried about that part of the set up.

I am. :) You mentioned above that DNS wasn't working right. That you had "many troubles". AD is hugley dependant on DNS and therefore Exchange is too. If AD and DNS are not perfect, Exchange will not work properly.

Exchange works out of the box with really just one exception. It does not send or receive mail. If you blow everything away, rebuild DNS and AD properly and then install Exchange 2010 it will work. To then enable sending and receiving of mail, see here:

http://msexchangeteam.com/archive/2006/11/17/431555.aspx (for 2007, but still applies to 2010)


Mike Crowley
Check out My Blog!
 
S

SickNick2020

I will update you and let you know how it goes. Thank you so much for the link I never ran into that one so it should be useful. Hopefully all goes well :)
 
S

SickNick2020



Sorry for the late update, I have a few things that are a little shaky so I am going to walk you through exactly what I did.

In Hyper-V I created two network adapters. I called one of them Virtual Local Network, which is set up as External and I picked my NIC that connects to my Linksys. My Linksys is connected to my cable modem. The second one I created I called Virtual Switch. I bridged these two Virtual Networks.

Next I set up 3 VM's. The first VM got both Virtual NIC's, this is the one I installed AD,DNS,DHCP,NAT, and AD-CA. Through this VM I changed the IP of Virtual Switch to 192.168.1.1. When I installed NAT I chose the Virtual Local Network Adapter. Everything was successful I enabled DNS Dynamic Updates, and off I go to exchange installation.

On my other 2 VM's I gave them the Virtual Switch. I joined one of them to the domain, lets call it example.com. I added the DNS suffix for the second one that would be running edge. So installed the typical setup on the one that is on the domain, and edge on the other one. All installed successfully. I then set up my edge synchronization and successfully got it connected, also I chose too Automatically add the send connectors when I gave it the XML file. All went well with Test-EdgeSynchronization and Start-EdgeSynchronization.

I Pinged and NSLOOKUP for all the machines all was good. I made myself an exchange account and logged into OWA. I was not able to send/receive with the default settings. Another very weird problem that I am stumped on, is that I connected one of my PC's to the network gave it a static IP, and gave it the default gateway 192.168.1.1 (Virtual Switch) instead of my linksys with I have on 192.168.1.2. Internet worked. I pinged 192.168.1.1, it worked, I did an NSLOOKUP with the server names, host.example.com, exchange.example.com, edge.example.com, and found nothing, on the flip side. NSLOOKUP to 192.168.1.1, 192.168.1.150(Exchange), 192.168.1.160(Edge) worked and gave me back there full name. WTF? But when I do it on the server, I get them either way. I set up forward and reverse with dynamic updates, and all the names and ips are in, forward and reverse, even the PC I joined. That doesn't seem like a big deal right now, exchange has to finish up though. Any suggestions?
 
S

SickNick2020

Still trying, I set up an Internet Send Connector, and my mail went out, I set up a receive connector using my edge servers IP and nothing came in it got rejected. The default set up wont go out. I am really stuck :-(
 
M

Mike Crowley



Initially you talked about using Edge subscriptions and edge servers but to simplify it i pointed out that the hub can send and accept mail without edge. Now it sounds like you are using Edge again. If so, here are the steps you need to complete:
define an accepted domain create an edge subscription from the edge server import this subscription to a hub transport server

That's it. the act of importing a subscription takes care of all connectors. it will also send the information about accepted domains to your edge servers.

So maybe, delete all connectors on Exchange 2010, and then redo my steps 1-3.

Mike Crowley
Check out My Blog!
 
S

SickNick2020



OK here is what I have going. I redid my edge subscription. Tested successfully and synced successfully

Under accepted domains in Hub Transport, I have my domain, it was set up already. Lets say it is example.com and it is set up as authoritative, and default = true.

Under Hub Transport - Send Connectors Tab, I have:

EdgeSync - Default-First-Site-Name to Internet

EdgeSync - Inbound to Default-First-Site-Name

They are both enabled, and I did not touch them.

Under Hub Transport - Receive Connectors, I have:

Client EXCHANGE

Default EXCHANGE

On Default EXCHANGE, the only thing I changed because I saw this done in a tutorial, was under Properties -> Permission Groups, I added Anonymous Users.

Under Edge Transport - Receive Connectors, I have:

Default internal receieve connector EDGE and it is enabled. I changed the permission groups for this one to Anonymous users as well.

So now I am able to Send without an extra send connector like I was doing before. But I still cannot receive. I pass the Outbound SMTP tests on the exchange analyzer, but I fail with inbound.

I get this message every single time.

The error that the other server returned was: 550 550 #5.1.0 Address rejected

Any ideas on where to start with troubleshooting?
 
M

Mike Crowley

You do not need anonymous enabled on the HT receive connector because you have this on the Edge instead Address rejected might be because the edge server hasn't yet synced the user account information to the ADLDS database yet. Telnet to your edge server and test this and paste back the error you get in telnet. http://exchange.mvps.org/smtp_frames.htm

Mike Crowley
Check out My Blog!
 
S

SickNick2020



Ok so I took out anonymous on the hub like you mentioned in the first part. Here is what I got from telnet ran from Typical ExchangeServer:

220 Edge.example.com Microsoft ESMTP MAIL Service ready at Sat, 12 Jun 2010 12:58:36 -0400
helo example.com
250 Edge.example.com Hello [192.168.1.150]
mail from:me@gmail.com
250 2.1.0 Sender OK
rcpt to:sicknick@example.com
250 2.1.5 Recipient OK
data
354 Start mail input; end with <CRLF>.<CRLF>
To:Sick Nick
From:Nick Sick
Subject:Testing
Hello edge

.
250 2.6.0 <ed626df2-e6c2-42a4-bd6b-b3e470ba99bc@Edge.example.com> [InternalId=8] Queued mail for delivery

I checked my exchange inbox and I got the message, I tried emailing again from gmail. I got the same error. The message was in weird characters with no subject or body but that shouldnt mean anything I am assuming.

I did it from my laptop also without a problem. Where is it getting rejected?
 
Status
Not open for further replies.
Top