Certificate Expire in Exchange HUB and Exchange EDGE 2007 SP1
Posted on 2009-04-17
I have this two problems in my exchange infrastructure. We have 1 Back End 2003, and two hub 2007 SP1 - installed one hub trasnsport HUB1 last year 04-2008 - and the other HUB - hub 2 installed this year 03-2009 -. Both Hub server have CLIENT ACCESS ROLE. In the DMZ we have two EDGE SERVER -EDGE1 and EDGE2 - installed last year 04/2008. On the EDGE Servers we have Recipient Filtering enabled. When on the HUB1 and on the two EDGE the certificate expired, we have problem to receive email with the new mailbox created on BE 2003. I think the ADAM database on both Edge server is not synchronized with my Active Directory in the LAN, infact on the event viewer of each server there is a warning that the certificate is expired. On the EDGE1,EDGE2 I runned this command from the power shell "new-exchangecertificate" for renewal the certificate and rebooted all my edge and hub server.
After this the mail in inbound works fine for all users, but the outbound mail doen't works.
The edgesync don't work on the hub server, on the viewer recommend to resubscribe the EDGE Server. On both edge server I had delete the subscription from the power shell with the command "remove-subscription",after this the receive connector are empty; regenerate the subcription from the power shell with the command "New-EdgeSubscrption -FileName.....". After this I have imported the two XML file generated on the Console of HUB1 - under Organization - Hub Transport -. and the receive connector on both Edge Server are created. I rebooted all my server Edge and Hub, and after this operation I have this problem:
1. The inbound mail from Internet don't work for any user, and I receive this error: These recipients of your message have been processed by the mail server:
email@example.com <; Failed; 5.1.1 (bad destination mailbox address)
Remote MTA mail.atm-mi.it: SMTP diagnostic: 550 5.1.1 User unknown
2. the edgesync on the HUB2 don't work when I run the command "Start-EdgeSync".
After this I have turned off the HUB2, renewal the certificate on HUB1 because was expired, but the inbound mail doen't work. I have disabled the "Recipient Filtering" in both oh EDGE server and the inbound mail works fine.
What can do I for this two problem?
1. re-enabled the Recipient Filtering on the EdgeServer
2. Power on the second HUB, and repair the synchronization with the Edge.
For the first point I think to reimport the XML file from the Hub server, because when I make this operation from the console the certificate on the Hub is expired.
Have you any idea, wich is the correct procedure for renewal the certificate on Exchange 2007?