I've been tasked with restructuring the topology for a company who were using a single server as a DC with Exchange installed on it to allow external client access and also make it more secure.
As a starter I separated the roles out across 3 servers (VMs):
1) Active Directory
2) Exchange (Mailbox/Hub/Cas)
3) EDGE/TMG/ADLDS - Not domain joined
The TMG box has two network interfaces, 192.168.0.2 ('External' directly connected to CISCO 1760) and 10.0.0.5 ('Internal' connected to gigabit switch)
I created the subscription file from TMG after running the Email Policy wizard, and imported it on the hub server. The hub is subscribed to the edge server, and I get this positive result when I start the sync:
RunspaceId : 7ee0a85a-e64b-43fc-9bda-464f15f125be
Result : Success
Type : Recipients
Name : SRV-WAS1
FailureDetails :
StartUTC : 01/04/2013 17:31:37
EndUTC : 01/04/2013 17:31:37
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
RunspaceId : 7ee0a85a-e64b-43fc-9bda-464f15f125be
Result : Success
Type : Configuration
Name : SRV-WAS1
FailureDetails :
StartUTC : 01/04/2013 17:31:37
EndUTC : 01/04/2013 17:31:38
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
The only difference I saw between the various procedures I've read on how to configure the edge server through TMG is that it didn't prompt me to automatically create the Email policy as the final step of the wizard, so I manually enabled it under TMG > Edit System Policy > Various > Email Policy.
I also created an Accepted Authoritative Domain entry for our public domain name on the Hub Server.
Here's where Im at the the moment:
Any pointers on where I should start looking to troubleshoot this problem would be great.
TIA
As a starter I separated the roles out across 3 servers (VMs):
1) Active Directory
2) Exchange (Mailbox/Hub/Cas)
3) EDGE/TMG/ADLDS - Not domain joined
The TMG box has two network interfaces, 192.168.0.2 ('External' directly connected to CISCO 1760) and 10.0.0.5 ('Internal' connected to gigabit switch)
I created the subscription file from TMG after running the Email Policy wizard, and imported it on the hub server. The hub is subscribed to the edge server, and I get this positive result when I start the sync:
RunspaceId : 7ee0a85a-e64b-43fc-9bda-464f15f125be
Result : Success
Type : Recipients
Name : SRV-WAS1
FailureDetails :
StartUTC : 01/04/2013 17:31:37
EndUTC : 01/04/2013 17:31:37
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
RunspaceId : 7ee0a85a-e64b-43fc-9bda-464f15f125be
Result : Success
Type : Configuration
Name : SRV-WAS1
FailureDetails :
StartUTC : 01/04/2013 17:31:37
EndUTC : 01/04/2013 17:31:38
Added : 0
Deleted : 0
Updated : 0
Scanned : 0
TargetScanned : 0
The only difference I saw between the various procedures I've read on how to configure the edge server through TMG is that it didn't prompt me to automatically create the Email policy as the final step of the wizard, so I manually enabled it under TMG > Edit System Policy > Various > Email Policy.
I also created an Accepted Authoritative Domain entry for our public domain name on the Hub Server.
Here's where Im at the the moment:
- DNS Resolves the FQDN of the EDGE box from all machines in the internal network via an A record created on the DC.
- The EDGE Server resolves the FQDN of the Hub Server via an entry in its hosts file.
- I have internal email working between outlook clients.
- I can telnet to port 25 on the Hub Server from any machine on the Internal Network.
- I cannot telnet to port 25 on the EDGE Server from the machine itself or any other machine on the 'Internal' network.
- I still don't have any email flow inbound or outbound.
Any pointers on where I should start looking to troubleshoot this problem would be great.
TIA