Learn how to a build a cloud-first strategyRegister Now


Certificate Expire in Exchange HUB and Exchange EDGE 2007 SP1

Posted on 2009-04-17
Medium Priority
Last Modified: 2012-05-06
Hi experts,,
I have this two problems in my exchange infrastructure. We have 1 Back End 2003, and two hub 2007 SP1 - installed one hub trasnsport HUB1 last year 04-2008 - and the other HUB - hub 2 installed this year 03-2009 -. Both Hub server have CLIENT ACCESS ROLE. In the DMZ we have  two EDGE SERVER -EDGE1 and EDGE2 - installed last year  04/2008. On the EDGE Servers we have Recipient Filtering enabled.  When on the HUB1 and on the two EDGE the certificate expired, we have problem to receive email with the new mailbox created on BE 2003.  I think the ADAM database on both Edge server is not synchronized with my Active Directory in the LAN, infact on the event viewer of each server there is a warning  that the certificate is expired. On the EDGE1,EDGE2 I runned this command from the power shell "new-exchangecertificate" for renewal the certificate and rebooted all my edge and hub server.
After this the mail in inbound works fine for all users, but the outbound mail doen't works.
The edgesync don't work on the hub server, on the viewer recommend to resubscribe the EDGE Server. On both edge server I had delete the subscription from the power shell with the command "remove-subscription",after this the receive connector are empty; regenerate the subcription from the power shell with the command "New-EdgeSubscrption -FileName.....". After this I have imported the two XML file generated on the Console of HUB1 - under Organization - Hub Transport -. and the receive connector on both Edge Server are created. I rebooted all my server Edge and Hub, and after this operation I have this problem:
1.  The inbound mail from Internet don't work for any user, and I receive this error: These recipients of your message have been processed by the mail server:
user@mydomain.com <; Failed; 5.1.1 (bad destination mailbox address)
Remote MTA mail.atm-mi.it: SMTP diagnostic: 550 5.1.1 User unknown
2. the edgesync on the HUB2 don't work when I run the command "Start-EdgeSync".
After this I have turned off the HUB2, renewal the certificate on HUB1 because was expired, but the inbound mail doen't work. I have disabled the "Recipient Filtering" in both oh EDGE server and the inbound mail works fine.
What can do I for this two problem?
1.  re-enabled the Recipient Filtering on the EdgeServer
2. Power on the second HUB, and repair the synchronization with the Edge.

For the first point I think to reimport the XML file from the Hub server, because when I make this operation from the console the certificate on the Hub is expired.
Have you any idea, wich is the correct procedure for renewal the certificate on Exchange 2007?
Question by:delcurat
  • 3
  • 2

Author Comment

ID: 24179288
Hi consultkhan,
thanks for your reply.  I have a question: for re-enabling the Recipent Filtering, will I must remove te edge subscrition on EDGE, regenerate the xml, and import an other time the subscription on the Hub server. n the scond hub what can I do?
LVL 13

Accepted Solution

consultkhan earned 1500 total points
ID: 24183975
You could resubscribe edge to hug or do the following on hub transport server,enable receipient filtering first

start-edgesynchronization (run this from shell)
you could re-do the complete synchronization again.

Author Comment

ID: 24184131
I have removed the subscription on the two EDGE server, and regenerate in both of them the XML, with the command New-Edgesubscription -FileNeme "c:\name.xml".
I have imported the two file on the HUB server and now all work. I have enable the Recipient Fileter on both EDGE Server and it work.
The last problem is this:
On the second HUB (hub02) I get this error in the event viewer for both EDGE server:
The connection to the ADAM instance of the Edge Transport server failed with exception "The LDAP server is unavailable.". This could be caused by a failure to resolve the Edge Transport server name edge01 in DNS, a failure when trying to connect to port 50636 on Edge Transport server edge01, network connectivity issues, an invalid certificate, or an expired subscription. Verify the configurations of your network and server.
And in the power shell I get the error that wou find in the attachment file, when I force the sync, with the command "Start-EdgeSync..".
I have reimported the two XML file and rebooted the server but the problem persist.
Have you got any idea for solve the edgesync on the second HUB?


Author Comment

ID: 24184235
Sorry I have solved. The port on my firewall was closed. Now the sync work fine in both of server.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If something goes wrong with Exchange, your IT resources are in trouble.All Exchange server migration processes are not designed to be identical and though migrating email from on-premises Exchange mailbox to Cloud’s Office 365 is relatively simple…
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month21 days, 3 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question