EdgeSync won't work, Outbound mail getting stuck!

  • Thread starter [Zid]
  • Start date Views 4,110


Hi, we have set up two TMG with Exchange Edge and Forefront.

From the TMG we created Edge Subscription files and " imported" them (think we only needed one since it finds all the transportservers in the AD, but we created two and imported two) on two HUB servers.

We can see two subscriptions, HUB01 and HUB02. After that we ran Start-EdgeSynchronization and everything said Success and we noticed that the accepted domains have been transfered over to the two edge servers.

We havent touched any settings on the Transport Servers at all, even Anonymous is disabled on the Default Receive Connector as by default.

Incoming mail works, we can from both internet and from other systems within the company send mail that works it's way down from Edge, Hub Transport and in to the Mailbox servers.

Outbound email have we tried both using a temporary smarthost and mx!

If I look at the Queue Viewer on any of the Hub Transport servers I can see:

Next Hop Domain: edgesync-default-first-site-name to internet
Delivery Type: SMTP Relay in Active Directory Site to Edge Transport Server
Status: Retry
Message Count: 6
Last Error: 451 4.4.0 Primary target IP-address responded with: " 451 5.7.3 Cannot achieve Exchange Server Authentication. " Attempting to fail over to alternate host..."

I can telnet from hub to edge and drop a message that works, I can telnet from edge to smarthost and the mail gets to its destination.

But from within outlook/owa the messages wont leave the organization?!

If I look at the connectivity log:
2010-07-08T07:57:34.462Z,08CCEBDFCE3B499F,SMTP,edgesync - default-first-site-name to internet,+,SmtpRelayWithinAdSiteToEdge 7548857b-9f56-4249-a776-28f855d5b06b
2010-07-08T07:57:34.462Z,08CCEBDFCE3B499F,SMTP,edgesync - default-first-site-name to internet,>," edge01.contoso.local[], edge02.contoso.local[]"
2010-07-08T07:57:34.462Z,08CCEBDFCE3B499F,SMTP,edgesync - default-first-site-name to internet,>,Established connection to
2010-07-08T07:57:34.462Z,08CCEBDFCE3B49A0,SMTP,edgesync - default-first-site-name to internet,>,Established connection to
2010-07-08T07:57:34.478Z,08CCEBDFCE3B49A0,SMTP,edgesync - default-first-site-name to internet,-,Messages: 0 Bytes: 0 (Retry : Cannot achieve Exchange Server authentication)

Could this be it? where do I change Exchange Server authentication on an EdgeSubscription? Usually we do this on a receive connector right?

Fazal Muhammad Khan_

Thank You for your Post here try modifying the properties on the edge server receive connector.

On the authentication tab select “Exchange Server Authentication” and on the Permission Groups tab select “Exchange Servers”.

Can you send email from your Organisation to the Internet now.


Fazal Muhammad Khan | MCT, MCSE, MCSA, MCTS | Infrastructure Consultant, Technology Services | CDC Pakistan Ltd. | https://fazalmkhan.spaces.live.com | OFFICE: +92 21 111 111 500 Ext: 1402 | +5 GMT


Hi, we found that setting, (since we are running it on the TMG server we had to change that using the TMG console), I receive no authentication error now but the mail doesnt seem to make its way to the recipients. No queue on the Hub now!

Might be the smarthost now...we are looking in to it!

Fazal Muhammad Khan_



Hi again,

The problem is solved. Choosed TLS and Exchange Server authentication instead of Externally Secured on inbound e-mail.
And I had to choose Externally Secured on Outbound e-mail that was going to another smarthost, not Exchange Server authenticatn...

Don't know why the last authentication should be Exchange Server authentication on the outbound one?!?

Fazal Muhammad Khan_

Glad to hear that your issue has ben resolved.

For any more querries please feel free to post back on the Forum


Fazal Muhammad Khan | MCT, MCSE, MCSA, MCTS | Infrastructure Consultant, Technology Services | CDC Pakistan Ltd. | https://fazalmkhan.spaces.live.com | OFFICE: +92 21 111 111 500 Ext: 1402 | +5 GMT

Similar threads