There are two different log sets that you can use for this:

• Protocol logs
• Message Tracking logs

One of the best ways to describe the difference between these is that protocol logs will capture SMTP connections that may or may not make it all the way in to the Transport pipeline. For example a connection from a spammer that gets blocked by IP filtering will appear in the protocol logs but not the message tracking logs.

The detail captured in a protocol log will look a lot like what you would see if you were manually testing SMTP via telnet on a server.

Message tracking logs will capture messages that get processed through the Transport pipeline, and capture information such as message submission and delivery rather than the SMTP conversation that protocol logging reflects.

Message tracking is also turned on by default and is set per-server, whereas protocol logging is not turned on by default and is set per-connector.

For this demonstration I’ll be using my Edge Transport server simply because it has slightly more interesting data since it receives a lot of connections from the internet.

Get Top Sender IP’s from Protocol Logs with Log Parser

To get the top sender IP’s from the protocol logs we can use this Log Parser query.

SELECT EXTRACT_PREFIX(remote-endpoint,0,':') as IP,
	REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as Name,
	Count(*) as Hits
FROM *.log
WHERE data LIKE '%EHLO%'
GROUP BY IP
ORDER BY Hits DESC

When run from the folder containing the protocol logs (in this case C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\ProtocolLog\SmtpReceive) it looks like this:

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT EXTRACT_PREFIX(remote-endpoint,0,':') as IP,REVERSEDNS(EXTRACT_PREFIX(remote-endpoint,0,':')) as Name,Count(*) as Hits from *.log WHERE data LIKE '%EHLO%' GROUP BY IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1

This will give you output similar to this:

IP              Name                                    Hits
--------------- --------------------------------------- ----
83.222.31.220   v8622.vps.masterhost.ru                 52
204.13.248.72   mho-02-ewr.mailhop.org                  12
50.78.250.97    dcmail.designercabinetry.com            9
10.1.1.21       ho-ex2010-mb1.exchangeserverpro.net     8
64.61.92.26     static-64-61-92-26.isp.broadviewnet.net 7
217.108.179.228 mailhost.el-internationale.com          7
69.60.118.117   mail1.ambr.com.br                       4
10.1.1.22       ho-ex2010-mb2.exchangeserverpro.net     4
95.154.196.147  95.154.196.147                          4
118.22.2.202    pc2.land-ho-unet.ocn.ne.jp              3
187.108.193.223 cloud.newmediahost.com.br               2
109.169.77.169  109.169.77.169                          2
59.106.64.208   ns1.uranaikan.info                      2
204.13.248.71   mho-01-ewr.mailhop.org                  2
78.129.222.16   78.129.222.16                           2
199.119.76.15   mail.seoauditions.com                   1

Statistics:
-----------
Elements processed: 3359
Elements output:    16
Execution time:     17.41 seconds

This part of the query string is important to note:

WHERE data LIKE '%EHLO%'

This means that only those log entries where the EHLO occurred will be counted in the stats that Log Parser outputs. If you leave it out you’ll see a “Hit” for every log entry a remote IP generated. Depending on how “chatty” that particular SMTP conversation was it may skew the results a little. However since we’re looking more for indicative numbers rather than precise numbers it doesn’t matter which way you choose to go (at least not to me).

Get Top Sender IP’s from Message Tracking Logs with Log Parser

For message tracking logs the syntax is a little different because the field names in the log files are different.

SELECT client-ip as IP,
	REVERSEDNS(client-ip) as Name,
	Count(*) as Hits
FROM *.log
WHERE (event-id='RECEIVE')
GROUP BY IP
ORDER BY Hits DESC

When run from the folder containing the message tracking logs (in this case C:\Program Files\Microsoft\Exchange Server\V14\TransportRoles\Logs\MessageTracking) it will look like this:

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT client-ip as IP,REVERSEDNS(client-ip) as Name,Count(*) as Hits from *.log WHERE (event-id='RECEIVE') GROUP BY IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1

If you get too much output you can limit it to the top X results by modifying the query slightly:

"C:\Program Files (x86)\Log Parser 2.2\logparser.exe" "SELECT TOP 20 client-ip as IP,REVERSEDNS(client-ip) as Name,Count(*) as Hits from *.log WHERE (event-id='RECEIVE') GROUP BY IP ORDER BY Hits DESC" -i:CSV -nSkipLines:4 -rtp:-1

This will give you output similar to this:

IP              Name                                 Hits
--------------- ------------------------------------ ----
204.93.210.179  mariajunco.com                       32
10.1.1.22       ho-ex2010-mb2.exchangeserverpro.net  23
216.151.172.180 hosted.airvm.net                     22
10.1.1.21       ho-ex2010-mb1.exchangeserverpro.net  22
83.142.48.139   83.142.48.139                        17
67.215.235.199  67.215.235.199.static.quadranet.com  13
109.169.76.124  109.169.76.124                       10
109.169.55.146  109.169.55.146                       10
109.169.62.15   109.169.62.15                        10
109.169.60.137  109.169.60.137                       9
173.254.208.113 173.254.208.113.static.quadranet.com 9
59.106.64.208   ns1.uranaikan.info                   8
72.11.150.131   72.11.150.131.static.quadranet.com   7
109.169.73.116  109.169.73.116                       7
109.169.55.135  109.169.55.135                       7
189.39.9.214    mail3.ibcbrasil.com.br               5
204.13.248.72   mho-02-ewr.mailhop.org               5
109.169.87.100  109.169.87.100                       4
109.169.84.105  109.169.84.105                       4
169.232.46.177  out-58.smtp.ucla.edu                 3

Statistics:
-----------
Elements processed: 1018
Elements output:    20
Execution time:     74.03 seconds (00:01:14.03)

You can use this information in a lot of situations such as when investigating load issues, or planning to decommission servers

Related posts:

• The Case of the Hub Transport Server Load Imbalance
• Generate SMTP Error Statistics using Log Parser and Exchange Server 2010 Protocol Logs
• Calculate Hourly Email Traffic using Message Tracking Logs and Log Parser
• Calculate Daily Email Traffic using Message Tracking Logs and Log Parser
• Reporting Exchange Server 2010 Message Tracking Event IDs with Log Parser

This article Report Top Sender IP’s on Exchange Server 2010 using Log Parser is © 2012 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

For Internal Relay domains the Exchange servers behave like this:

If I have a local recipient within the organization with the SMTP address that the email is addressed to then deliver it to that mailbox. Otherwise, send it outside the organization.

Internal Relay domains are commonly used in shared SMTP namespace scenarios, where two separate mail systems both use the same domain name for email. If you want to know more about this scenario read How to Share an Email Domain Between Two Mail Systems.

The steps for setting up an Internal Relay domain are usually:

1. Add the domain name to the Accepted Domains for the organization
2. Create a Send Connector to route the non-local recipients in that domain to another external mail system

However the fact is that it will work just fine if you only do step 1, and let your main Send Connector for the “*” namespace (ie, all external domains) handle the routing outwards from the organization (either via smart host or DNS).

That is, unless you are using Edge Transport servers.

If you are using Edge Transport servers, have configured an Internal Relay domain, and have not configured a specific Send Connector for that namespace, you may see non-delivery messages when internal senders try to send to external recipients of that namespace.

This happens because an infinite loop is created between the Hub Transport and Edge Transport servers.

1. The Hub Transport is correctly routing emails for non-local recipients in the Internal Relay domain name out of the organization via the Edge Transport servers.
2. However the Edge Transport servers recognize the Internal Relay domain as being local to the organization, and therefore route the email back into the Hub Transport server (as they would if they’d received an email sent from an external sender and addressed to a recipient of that domain name).

Under those conditions you may see non-delivery reports for emails sent to non-local recipients of the Internal Relay domain.

In the diagnostic information will be the reason, an infinite loop.

#554 5.4.6 Hop count exceeded – possible mail loop ##

You will also see the loop in action in the message headers provided with the NDR.

The solution for this problem is to configure a Send Connector for the organization that is specifically for that Internal Relay domain name, that is a lower cost than the default Send Connector.

On an Exchange 2010 server in your organization (not the Edge Transport server) open the Exchange Management Console and navigate to Organization Configuration/Hub Transport. Select the New Send Connector task in the Actions pane of the console.

Give the Send Connector a name and click Next to continue.

Add the SMTP address space for the Internal Relay domain. Choose a cost that is lower than the default Send Connector that EdgeSync creates, which is a cost of 100 by default. Click Next to continue.

You can choose to route via DNS or a smart host, whichever suits your specific scenario. DNS is probably going to be fine if the MX records for that domain already point to where you want the mail to be routed to. Otherwise a smart host may be required. Click Next to continue.

Set the source server depending on which server you want to send out the emails to that domain. For Internal Relay domains the source server for the Send Connector must be a Hub Transport server, not an Edge Transport server, in order to achieve the desired email routing for all scenarios. This means that the Hub Transport server you choose must be able to make SMTP connections through your firewall to wherever it needs to route the email for the Internal Relay domain.

Finally, click New to complete the wizard and create the new Send Connector.

With the Send Connector in place you should see the correct routing behaviour in each scenario. Outside senders who send to a non-local recipient in the Internal Relay domain will be correctly routed into the Exchange organization first, and then back out the Send Connector from the Hub Transport server. Meanwhile email sent to local recipients of the Internal Relay domain will be delivered locally.

Email sent from internal senders to non-local recipients of the Internal Relay domain will be correctly routed out the Send Connector as well, while email sent to local recipients of the Internal Relay domain will be delivered locally as expected.

This configuration achieves the desired message delivery without infinite loop conditions.

Bottom line is, if you are using Internal Relay domains and also Edge Transport servers you must configure a Send Connector for handling non-local recipients in that domain, or else you will create an infinite loop condition.

Related posts:

• Exchange 2007/2010 Transport Rule Logging
• Report Top Sender IP’s on Exchange Server 2010 using Log Parser
• How to Migrate a Relay Connector from Exchange Server 2007 to 2010
• Review of CodeTwo Exchange Rules Pro
• Exchange Server 2007/2010: How to Change the Primary Email Domain

This article Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010 is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

This won’t suit all transport rules, for example if you’re using them to apply disclaimers that is probably not something you want to be constantly logging.

But for scenarios such as data leak prevention logging may be more appropriate.

Fortunately Exchange 2007 and 2010 do both allow transport rules to be logged, simply by adding “log an event with message” as an Action in the configuration of the rule.

Configure the message to say something relevant to the transport rule.

Every time the rule conditions are met and the server takes the configured action an event log entry will also be logged.

Those event log entries can then be reported on by running a script or scraped with your network monitoring system.

Related posts:

• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Review of CodeTwo Exchange Rules Pro
• Report Top Sender IP’s on Exchange Server 2010 using Log Parser
• How to Migrate a Relay Connector from Exchange Server 2007 to 2010
• Poll: Do You Run an Edge Transport Server?

This article Exchange 2007/2010 Transport Rule Logging is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

This tutorial demonstrates how to install an Exchange Server 2007 Edge Transport server on Windows Server 2008.

Installing Exchange 2007 Edge Transport Server Pre-Requisites on Windows Server 2008

On Windows Server 2008 the pre-requisite roles and features for the Exchange 2007 Edge Transport server role can be installed using ServerManagerCmd.exe.

Launch an elevated command prompt and run the following command.

ServerManagerCmd -i Web-Metabase Web-Lgcy-Mgmt-Console PowerShell ADLDS

Next download the Windows Installer 4.5 file from Microsoft and install it on the server. The Windows6.0-KB942288-v2-x64.msu file is the correct one for a 64-bit Windows Server 2008 server.

A restart will be required before you move on to the next step.

Installing the Exchange 2007 Edge Transport Server Role

To install the Exchange 2007 Mailbox server role download the Exchange Server 2007 SP3 setup files from Microsoft and extract them to a folder on the server’s hard disk.

Launch an elevated command prompt and run the following command.

setup /m:install /r:e,t

Welcome to Microsoft Exchange Server 2007 Unattended Setup

Preparing Exchange Setup

The following server roles will be installed
    Management Tools
    Edge Transport Server Role

Performing Microsoft Exchange Server Prerequisite Check

    Edge Transport Role Checks       ......................... COMPLETED

Configuring Microsoft Exchange Server

    Copying Exchange files           ......................... COMPLETED
    Exchange Management Tools        ......................... COMPLETED
    Edge Transport Server Role       ......................... COMPLETED

The Microsoft Exchange Server setup operation completed successfully.

Reboot the server before proceeding to apply the latest updates and configure the server for your environment.

Related posts:

• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Exchange 2007/2010 Transport Rule Logging
• Installing an Exchange 2007 Mailbox Server on Windows Server 2008
• Installing an Exchange 2007 Hub Transport Server on Windows Server 2008
• Poll: Do You Run an Edge Transport Server?

This article Installing an Exchange 2007 Edge Transport Server on Windows Server 2008 is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

The IP Block List Providers anti-spam feature is one example. It is enabled by default, but no block list providers are included in the configuration.

IP block list providers are an effective way to block the majority of spam, because they maintain comprehensive databases of IP addresses on the internet that are known and suspected spam sources. This allows an Exchange server to determine whether or not to block an incoming email during the initial stages of the SMTP connection, based on the IP address of the sending host.

Blocking spam at such an early stage of the communication sequence uses less bandwidth and processor resources than email content filtering, because the full email message is never transmitted to the Exchange server.

One of the best IP block list providers is Spamhaus. You can configure an Edge Transport server to use Spamhaus as an IP block list provider by following these steps.

Log on to your Edge Transport server and launch the Exchange Management Console. In the Anti-spam tab right-click IP Block List Providers and select Properties.

Select the Providers tab and then click Add.

Enter the Provider Name of Spamhaus and the Lookup Domain of zen.spamhaus.org.

Click OK and OK again to apply the change.

The Edge Transport server will now lookup the IP address of connecting hosts to determine whether or not to accept mail from them.

Related posts:

• Report Top Sender IP’s on Exchange Server 2010 using Log Parser
• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Exchange 2007/2010 Transport Rule Logging
• Exchange 2010 Edge Transport Server: Configuring EdgeSync
• Installing an Exchange Server 2010 Edge Transport Server

This article Exchange 2010 Edge Transport Server: Configuring IP Block List Providers is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

The Edge Subscription is a relationship between an Edge Transport server and an Active Directory site, and allows the Edge Transport server to receive information about the Exchange organization such as recipients, domain names, and safelists/blocklists for anti-spam.

This information is synchronized at regular intervals through a process called EdgeSync.

Firewall Ports for Exchange Server 2010 Edge Transport Servers

For EdgeSync and mail flow to work there are a few network ports that need to be open on the firewall between the Internet, the Edge Transport server, and the internal Hub Transport server.

Edge Transport Server Network Ports for EdgeSync

• Secure LDAP (TCP 50636) from the Hub Transport server to the Edge Transport server

Edge Transport Server Network Ports for Mail Flow

• SMTP (TCP 25) from the Internet to the Edge Transport server
• SMTP (TCP 25) from the Edge Transport server to the Hub Transport server
• SMTP (TCP 25) from the Hub Transport server to the Edge Transport server
• DNS (UDP 53) from the Edge Transport server to a DNS server capable of public DNS lookups (ie to look up MX records)

Configuring ISA Server 2006 for Edge Transport Servers

If you are using ISA Server 2006 as your firewall and want to create the access rules for the Edge Transport server the first thing you’ll need to configure is a new network protocol for the secure LDAP connection. ISA Server 2006 is pre-configured with a secure LDAP protocol however the EdgeSync process uses the non-standard port of TCP 50636.

Create a new network protocol named “EdgeSync” for TCP 50636 outbound.

Configure the ISA Server 2006 firewall policy with access rules for the Edge Transport network access required.

Creating the Edge Subscription for Exchange Server 2010 Edge Transport Servers

With the firewall access all configured correctly the next step is to configure the Edge Subscription itself.

On the Edge Transport server open the Exchange Management Shell and run the following command using the New-EdgeSubscription cmdlet.

[PS] C:\>New-EdgeSubscription -FileName C:\edgesubscription.xml

Confirm
If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync replication. As a result,
any of the following objects that were created manually will be deleted: accepted domains, message classifications,
remote domains, and Send connectors. After creating the Edge Subscription, you must manage these objects from inside
the organization and allow EdgeSync to update the Edge Transport server. Also, the InternalSMTPServers list of the
TransportConfig object will be overwritten during the synchronization process.
 EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Hub Transport servers in the
Active Directory site to which the Edge Transport server is being subscribed, and those Hub Transport servers be able
to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription inside the organization in
 the next "1440" minutes before the bootstrap account expires.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

There are two important things to be aware of here:

• You must complete the next step of the Edge Subscription process within 1440 minutes (24 hours), otherwise you’ll need to generate a new Edge Subscription again
• The Hub Transport servers in the Active Directory site that will be subscribed must be able to resolve the FQDN of the Edge Transport server. You can either add DNS records manually or use a HOSTS file entry.

Copy the “edgesubscription.xml” file to the Hub Transport server. Launch the Exchange Management Console and navigate to Organization Management/Hub Transport.

In the Actions pane click on New Edge Subscription.

Browse and select the Active Directory site to be subscribed, as well as the XML file that you copied from the Edge Transport server.

Click the New button to complete the wizard.

After the Edge Subscription has been created you will see two Send Connectors configured for your organization.

It can take up to an hour before the first Edge synchronization process runs, but you can run it manually if you need to. On the Hub Transport server launch the Exchange Management Shell and run the following command using the Start-EdgeSynchronization cmdlet.

[PS] C:\>Start-EdgeSynchronization -Server esp-ho-ex2010a

RunspaceId     : b7415ae2-f763-449e-bb36-20a6a18759cd
Result         : Success
Type           : Configuration
Name           : esp-ho-ex2010e
FailureDetails :
StartUTC       : 5/7/2011 1:27:39 PM
EndUTC         : 5/7/2011 1:28:07 PM
Added          : 290
Deleted        : 0
Updated        : 0
Scanned        : 295
TargetScanned  : 0

RunspaceId     : b7415ae2-f763-449e-bb36-20a6a18759cd
Result         : Success
Type           : Recipients
Name           : esp-ho-ex2010e
FailureDetails :
StartUTC       : 5/7/2011 1:27:39 PM
EndUTC         : 5/7/2011 1:28:08 PM
Added          : 401
Deleted        : 0
Updated        : 0
Scanned        : 401
TargetScanned  : 0

After the initial Edge synchronization has occurred you will be able to see the Send Connectors and Accepted Domains configured on the Edge Transport server.

Testing Mail Flow

After the Edge Subscription is in place and you’ve synchronized at least once you can send email between your Exchange organization and an external mailbox, and then inspect the email message headers to verify that the messages are traversing your Edge Transport server.

Received: from esp-ho-ex2010e.exchangeserverpro.net (10.0.3.2) by
 esp-ho-ex2010a.exchangeserverpro.net (10.0.1.4) with Microsoft SMTP Server
 (TLS) id 14.1.289.1; Sat, 7 May 2011 23:50:10 +1000
Received: from (192.168.0.45) by esp-ho-ex2010e.exchangeserverpro.net
 (10.0.3.2) with Microsoft SMTP Server id 14.1.218.12; Sat, 7 May 2011
 23:50:07 +1000
MIME-Version: 1.0
Content-Type: text/plain

Related posts:

• Report Top Sender IP’s on Exchange Server 2010 using Log Parser
• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Exchange 2007/2010 Transport Rule Logging
• Exchange 2010 Edge Transport Server: Configuring IP Block List Providers
• Installing an Exchange Server 2010 Edge Transport Server

This article Exchange 2010 Edge Transport Server: Configuring EdgeSync is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

To host the Edge Transport server role I am using a server running Windows Server 2008 R2 with Service Pack 1. The server is located in the DMZ of the network.

In the last part of this series the pre-requisites for Edge Transport servers were installed.

You also need to make sure that the server has been configured with a fully qualified domain name (FQDN). A domain-joined server has an FQDN that matches the DNS name of the domain that it is joined to, but the Edge Transport server is usually installed on standalone servers and so this will not automatically be configured for you.

The next step is to install Exchange Server 2010 SP1.

Open a command prompt and navigate to the folder that contains the Exchange Server 2010 SP1 setup files.  Run the following command to install the Edge Transport server role.

setup /m:install /r:e,t /installwindowscomponents

Note: the /installwindowscomponents switch isn’t required if you’ve already install the correct pre-requisites, but I always include it anyway.

Welcome to Microsoft Exchange Server 2010 Unattended Setup

Setup will continue momentarily, unless you press any key and cancel the
installation. By continuing the installation process, you agree to the license
terms of Microsoft Exchange Server 2010.
If you don't accept these license terms, please cancel the installation. To
review the license terms, please go to

http://go.microsoft.com/fwlink/?LinkId=150127&clcid=0x409/

Press any key to cancel setup................
No key presses were detected.  Setup will continue.
Preparing Exchange Setup

    Copying Setup Files                           COMPLETED

The following server role(s) will be installed
Languages
Management Tools
Edge Transport Role

Performing Microsoft Exchange Server Prerequisite Check

    Configuring Prerequisites                                 COMPLETED
    Language Pack Checks                                      COMPLETED
    Edge Transport Role Checks                                COMPLETED

Configuring Microsoft Exchange Server

    Preparing Setup                                           COMPLETED
    Stopping Services                                         COMPLETED
    Copying Exchange Files                                    COMPLETED
    Language Files                                            COMPLETED
    Restoring Services                                        COMPLETED
    Languages                                                 COMPLETED
    Exchange Management Tools                                 COMPLETED
    Edge Transport Role                                       COMPLETED
    Finalizing Setup                                          COMPLETED

The Microsoft Exchange Server setup operation completed successfully.
Setup has made changes to operating system settings that require a reboot to
take effect. Please reboot this server prior to placing it into production.

After setup has finished restart the server, then apply the latest Update Rollup for Exchange Server 2010 SP1.

In the next part of this series we’ll look at setting up EdgeSync for the Edge Transport server.

Related posts:

• Report Top Sender IP’s on Exchange Server 2010 using Log Parser
• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Exchange 2007/2010 Transport Rule Logging
• Exchange 2010 Edge Transport Server: Configuring IP Block List Providers
• Exchange 2010 Edge Transport Server: Configuring EdgeSync

This article Installing an Exchange Server 2010 Edge Transport Server is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

But despite this specialized role most businesses do not deploy an Edge Transport server in their Exchange organization. This can be for one of several reasons, such as having an existing email security server or appliance running in the network, integrating an email security product on their internet-facing Hub Transport server, or simply for reasons of cost.

However the Edge Transport server is certainly a useful role to deploy, and in this upcoming series of tutorials we’ll walk through the process of installing an Edge Transport server and explore some of the features of the Edge Transport server role.

Where to Deploy Exchange Server 2010 Edge Transport Servers

The Edge Transport server is designed to operate in perimeter networks, in other words a DMZ. Of course you could place it in the internal network if you wanted to, but this detracts from some of the security benefits of deploying in a DMZ.

Unlike other Exchange server roles the Edge Transport server does not need to be a member of an Active Directory domain, so locating it within a DMZ does not create any difficult firewall configurations. There are only a few firewall ports that need to be open for the Edge Transport server to do its job.

For this tutorial series the Edge Transport server is being deployed in a DMZ that is secured by a 3-legged ISA Server 2006 firewall.

Preparing the Server to Install the Exchange Server 2010 Edge Transport Server Role

The Edge Transport server role has the same basic operating system requirements as other server roles. Edge Transport servers can be deployed on the following operating systems:

• Windows Server 2008 64-bit Standard or Enterprise, with Service Pack 2
• Windows Server 2008 R2 Standard or Enterprise

For this demonstration Windows Server 2008 R2 Enterprise with Service Pack 1 is being used to run the Edge Transport server role.

To install the Edge Transport server pre-requisites open an elevated Windows PowerShell prompt and run the following command.

PS C:\> Import-Module ServerManager

Next run this command to install the required roles and features for the Edge Transport server.

PS C:\> Add-WindowsFeature NET-Framework,RSAT-ADDS,ADLDS -Restart

Note that using the -Restart parameter will cause the server to restart automatically to complete the installation of the roles and features.

In the next part of this series we’ll look at installing the Exchange 2010 Edge Transport server role.

Related posts:

• Report Top Sender IP’s on Exchange Server 2010 using Log Parser
• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Exchange 2007/2010 Transport Rule Logging
• Exchange 2010 Edge Transport Server: Configuring IP Block List Providers
• Exchange 2010 Edge Transport Server: Configuring EdgeSync

This article Exchange 2010 Edge Transport Server Introduction is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

Please vote in the poll below.  If you’d like to explain why you do or don’t run an Edge Transport server please leave a comment below.

Note: there is a poll embedded in this post. You may need to click through to the original article to see it.

Related posts:

• Avoiding Infinite Loops with Internal Relay Domains in Exchange 2007/2010
• Poll: Do You Still Use Public Folders in Your Exchange Environment?
• Exchange 2007/2010 Transport Rule Logging
• Poll: Which Exchange mobile access platform do you use?
• Poll: Which Version of Exchange Server Are You Running?

This article Poll: Do You Run an Edge Transport Server? is © 2011 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com

Typically deployed within a secure perimeter network, or DMZ, the Edge Transport Server is basically a smart host or SMTP relay server for the organization, and can protect from viruses, spam, and also perform other rule-based actions to control the flow of email in and out of the network.

What Needs to be Backed Up on Edge Transport Servers

To plan for backup and recovery of the Edge Transport server you first need to understand where the server stores its configuration and data.

Active Directory Lightweight Directory Service – each Edge Transport server runs its own instance of AD LDS, which is used to store a subset of information about recipients in the Exchange organization, as well as information about the connectors that are established between the Edge Transport server and the Hub Transport servers for mail flow.  The AD LDS database and log files are stored on the file system of the server.

Edge Configuration – the Edge Transport server configuration can be exported to an XML file for cloning between servers and for recovery purposes.  The Edge configuration file is stored on the file system of the server.  This does not include the Edge Subscription information that connects the Edge Transport server to Hub Transport servers.

System State – the system state contains information such as service startup and dependency settings in the registry, which is important if any settings have been modified from the defaults.  The System State is also important if extra third party applications or agents have been installed on the Edge Transport server, local security policies have been applied, administrative accounts or groups created or modified, and a range of other items that may be important in a recovery.

Other Files – other files such as transport queue databases and log files are also stored on the file system.

Planning the Edge Transport Server Backup

When you are planning the Edge Transport server backup strategy there are different approaches you can take depending on your requirements.

Backing up Everything

A full system backup of the server encompasses all of the required information for a recovery, however this takes longer to backup and consumes the most backup storage.

This makes it impractical if frequent backups are required throughout the day, for example in a high volume email environment the transport queue databases might be backed up every 5 minutes to reduce the risk of losing in-transit emails if the server crashed.

A full backup can also take longer to recover in some cases, however this is less of a concern if multiple Edge Transport servers are deployed.

Backing up the Minimum

A backup of just the Edge Transport configuration is the most efficient in terms of time frames and storage space, and can be run only when a configuration change has been made.

However the recovery time may be longer because a new host would need to be provisioned from scratch to import the config.

There may also be more manual intervention required because importing the configuration to a new server still requires the Edge Subscription to be set up again.  In addition, this backup strategy does not protect the transport queue databases, log files, or any third party applications and agents installed on the server.

Backing Up and Restoring Edge Transport Servers

For the purposes of this demonstration I’ve made a few changes to a default Edge Transport server install on Windows Server 2008 R2.

The default log file paths have been modified:

An Edge Subscription is in place:

.NET Framework 4 has been installed via Microsoft Update:

Exporting/Importing the Edge Configuration

The Edge Configuration can be exported and imported using a script provided with Exchange Server 2010.  The script is located in the \Scripts folder of your Exchange Server 2010 installation folder, which by default would be:

C:\Program Files\Microsoft\Exchange Server\V14\Scripts

On the Edge Transport server launch an Exchange Management Shell and run the script to export the Edge Configuration.

.\ExportEdgeConfig.ps1 -cloneConfigData C:\EdgeConfig\ex2-edgeconfig.xml

Edge configuration is exported successfully to C:\EdgeConfig\ex2-edgeconfig.xml

For this demonstration the server operating system has been manually reinstalled to simulate a recovery scenario, and the Exchange Server 2010 reinstalled with the Edge Transport server role.

Note: the Edge Transport server can be a domain member however it is not a valid role for using Setup /m:RecoverServer to restore a failed server. In some scenarios you may encounter an error that “The Exchange Server is in an inconsistent state” when trying to reinstall the server.  If you do then click here for the solution.

When the new Edge Transport server is ready you can import the Edge Configuration to it using a script that is once again located in your Exchange Server 2010 installation folder.

Launch the Exchange Management Shell, and then run the import script to validate that the configuration can be applied.  This checks for such things as valid file system directories to confirm that that they can be recreated when the configuration is imported.

.\ImportEdgeConfig.ps1 -cloneConfigData C:\EdgeConfig\ex2-edgeconfig.xml -isImport $false -cloneConfigAnswer C:\EdgeConfig\ex2-answer.xml

Warning:Passwords will be encrypted with the default script encryption key

Validation succeeded for ConnectivityLogPath element of type DirectoryPath
Validation succeeded for MessageTrackingLogPath element of type DirectoryPath
Validation succeeded for PickupDirectoryPath element of type DirectoryPath
Validation succeeded for PipelineTracingPath element of type DirectoryPath
Validation succeeded for ReceiveProtocolLogPath element of type DirectoryPath
Validation succeeded for ReplayDirectoryPath element of type DirectoryPath
Validation succeeded for RoutingTableLogPath element of type DirectoryPath
Validation succeeded for RootDropDirectoryPath element of type NullableDirectoryPath
Validation succeeded for SendProtocolLogPath element of type DirectoryPath
Validation succeeded for SourceIPAddress element of type IPAddress
Validation succeeded for SourceIPAddress element of type IPAddress
Validation succeeded for Bindings element of type Bindings
Validation succeeded for Fqdn element of type FQDN

Answer File is successfully created: C:\EdgeConfig\ex2-answer.xml

Next, import the configuration file by switching the -isImport parameter to $true.

.\ImportEdgeConfig.ps1 -cloneConfigData C:\EdgeConfig\ex2-edgeconfig.xml -isImport $true -cloneConfigAnswer C:\EdgeConfig\ex2-answer.xml

Warning:Passwords will be encrypted with the default script encryption key

WARNING: The contents of the pipeline tracing log may contain sensitive information. Make sure all content is either
removed or secured appropriately.

WARNING: The command completed successfully but no settings of 'exchangeserverpro.local' have been modified.
WARNING: The following service restart is required for the change(s) to take effect : MSExchangeTransport

Confirm
Are you sure you want to perform this action?
Removing Receive connector "EX2\Default internal receive connector EX2".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): a

WARNING: The command completed successfully but no settings of 'IPAllowListConfig' have been modified.
WARNING: The command completed successfully but no settings of 'IPAllowListProviderConfig' have been modified.
WARNING: The command completed successfully but no settings of 'IPBlockListConfig' have been modified.

WARNING: Edge Transport servers don't use the MaxDumpsterSizePerStorageGroup, MaxDumpsterTime, MaxReceiveSize,
MaxRecipientEnvelopeLimit, and SupervisionTags parameters. Therefore, setting these parameters will have no effect.

Importing Edge configuration information Succeeded.

Note the warning that the Transport service requires a restart. This does not happen automatically, so run the following command from the Exchange Management Shell.

restart-service msexchangetransport

Although the relevant Connectors are added to the Edge Transport server when the Edge Configuration is imported, they are not correctly set up on both ends (ie on the AD Site/Hub Transport servers as well). To do this you will need to re-run the Edge Subscription process.

Create an Edge Subscription file on the Edge Transport server by running the following command in an Exchange Management Shell.

New-EdgeSubscription -FileName c:\edgesubscription.xml

Confirm
If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync replication. As a result,
any of the following objects that were created manually will be deleted: accepted domains, message classifications,
remote domains, and Send connectors. After creating the Edge Subscription, you must manage these objects from inside
the organization and allow EdgeSync to update the Edge Transport server. Also, the InternalSMTPServers list of the
TransportConfig object will be overwritten during the synchronization process.
 EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Hub Transport servers in the
Active Directory site to which the Edge Transport server is being subscribed, and those Hub Transport servers be able
to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription inside the organization in
 the next "1440" minutes before the bootstrap account expires.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "Y"): y

Copy the XML file to an Exchange 2010 server in the organization. Launch the Exchange Management Console and navigate to Organization Management/Hub Transport. Start the New Edge Subscription task.

Select the Active Directory Site you wish to create the subscription with, and then browse and select the XML file that you copied from the Edge Transport server.

Click New to complete the Edge Subscription wizard.

The Edge Transport server role has now been recovered by:

1. Reinstalling the operating system and Exchange Server 2010
2. Importing a backup of the Edge Configuration
3. Re-establishing the Edge Subscription

By only backing up the exported Edge Configuration file this technique takes up the least backup time and storage, however the restoration is more effort (note that the use of virtualization, templates or other automated build processes would speed it up to varying degrees).

• The customized log path settings were restored
• The Edge Subscription was manually recreated
• Additional applications were not recovered and need manual reinstallation

So depending on the server there will be additional effort to bring it back to full service, if only the Edge Configuration was ever backed up.

Full System Backup/Restore for Edge Transport Servers

For this demonstration I used Windows Server Backup to take a full system backup of the Edge Transport server to use for bare metal restore.

This backup takes longer than if you were only exporting and backing up the Edge Configuration on a regular basis.  However the restore process is simpler and possibly even faster than the previous method, because the full system is being restored, although this would depending on your backup infrastructure and whether the restore media was on hand or needed to be brought in from offsite.

Once the full system restore is complete the server is ready to go, including the Exchange Server 2010 installation and all other applications and configurations on the server.

Although the Edge Subscription is restored by this method, if you test it from the Hub Transport server you may find that it is temporarily broken.

[PS] C:\>Test-EdgeSynchronization

RunspaceId                  : 6143dd90-7b9b-40f2-8120-15e58a8e2f54
SyncStatus                  : Failed
UtcNow                      : 9/08/2010 2:29:59 AM
Name                        : EX2
LeaseHolder                 : CN=EX1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Gr
                              oups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange
                              serverpro,DC=local
LeaseType                   : Option
FailureDetail               : The EdgeSync cookie has not been updated as expected. It may indicate EdgeSync has encoun
                              tered synchronization errors. For more information, check the EdgeSync logs.
LeaseExpiryUtc              : 9/08/2010 2:46:13 AM
LastSynchronizedUtc         : 9/08/2010 1:46:13 AM
TransportServerStatus       : Skipped
TransportConfigStatus       : Skipped
AcceptedDomainStatus        : Skipped
RemoteDomainStatus          : Skipped
SendConnectorStatus         : Skipped
MessageClassificationStatus : Skipped
RecipientStatus             : Skipped
CredentialRecords           : Number of credentials 3
CookieRecords               : Number of cookies 2

You can usually fix this by simply restarting the EdgeSync service on the Hub Transport server.

[PS] C:\>Restart-Service MSExchangeEdgeSync

The Edge Subscription should now test successfully.

[PS] C:\>Test-EdgeSynchronization

RunspaceId                  : 6143dd90-7b9b-40f2-8120-15e58a8e2f54
SyncStatus                  : Normal
UtcNow                      : 9/08/2010 2:32:16 AM
Name                        : EX2
LeaseHolder                 : CN=EX1,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Gr
                              oups,CN=First Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exchange
                              serverpro,DC=local
LeaseType                   : Option
FailureDetail               :
LeaseExpiryUtc              : 9/08/2010 3:30:15 AM
LastSynchronizedUtc         : 9/08/2010 2:30:15 AM
TransportServerStatus       : Skipped
TransportConfigStatus       : Skipped
AcceptedDomainStatus        : Skipped
RemoteDomainStatus          : Skipped
SendConnectorStatus         : Skipped
MessageClassificationStatus : Skipped
RecipientStatus             : Skipped
CredentialRecords           : Number of credentials 3
CookieRecords               : Number of cookies 2

The Edge Transport server role has now been recovered by performing a full system restore of the server.

• The custom log path settings were restored
• The Edge Subscription was maintained
• The additional applications were also recovered

By taking full system backups of the Edge Transport server the restoration process was simplified, however the backups themselves take up more time and backup storage.

Summary

As you can see there are pros and cons to each backup strategy for the Edge Transport server role in Exchange Server 2010.  In most environments the full system backup/restore method works best as it simplifies almost every aspect of the process, with the only trade off being the extra time and storage capacity needed during backups.  The config export/import method tends to be more suited to migrating the Edge Transport server to new hardware, or adding additional Edge Transport servers into the environment.

Related posts:

• Exchange Server 2010 Mailbox Server Backup and Recovery
• Exchange Server 2010 Client Access Server Backup and Recovery
• Exchange 2010 Hub Transport Server Backup and Recovery
• Introduction to Exchange Server 2010 Backup and Recovery
• Exchange 2010 Mailbox Database Backup and Restore with Windows Server Backup

This article Exchange 2010 Edge Transport Server Backup and Recovery is © 2010 ExchangeServerPro.com

Get more Exchange Server tips at ExchangeServerPro.com