Renewing Edge Synchronization

If you have added any domain on HUB server and you are not able to see this domain on Edge server then might be your synchronization between your hub and edge servers are not working. To test this you can run following command;

Test-EdgeSynchronization

If the connection result is showing failed then you need to do edge subscription again for this edge server. Following are the steps for this

1. On the edge server which is not synchronizing run following command;

New-EdgeSubscription -filename "C:\temp\edgesub.xml"

now copy this .xml file to hub server and run following command

New-EdgeSubscription -filename "C:\temp\edgesub.xml" –site London

Please note the site parameter is required to bind this edge server to a specific AD site.

Now run following command

Start-EdgeSynchronization

You will notice that now the edge server is synchronizing data with HUB server.

For verification you can run test command again and this time it should show you the success message

Test-EdgeSynchronization

Edge server Configured as Regional or Remote Site Mail relay server

I have one of the requirements from my regional Admins to allow mail relay for their regions. Mostly they want mail relay for;

1.local exchange or SMTP servers.

2. Printers and scanners wants to send emails

3. Devices and Application servers wants to send alert notifications.

4. Some of the devices and servers only support Anonymous permissions settings.

In order to provide this functionality, i can create a site specific receive connector on HUB and allow only their specific server IPs to allow relay emails, but there is a problem, i don’t have any control on their site and server security and allowing relay directly to HUB server means their communication is directly terminating to our Enterprise/Business zone which is a high security risk. I thought why shouldn’t i use my edge servers sitting in DMZ zone and allow relay from them? .  I have checked connectivity of these sites from DMZ and found that i can reach them. I was researching on it and had also discussed it with one of my friends (Nicolas Blank, an expert in exchange configuration and migration) he also agreed on my idea and had guided me to following article

http://www.msexchange.org/articles_tutorials/exchange-server-2007/security-message-hygiene/using-exchange-2007-edge-server-mail-relay-exchange-2003-organization-part1.html

After reading this article i am now more confident about this configuration, I think that in a scenario where we don’t have any control on remote site security and we have a demand to open anonymous security then its better to open relay on edge servers rather then on HUB servers.