Inbound email stuck in queue at Edge server

Posted on 2011-09-20
Last Modified: 2012-08-14
Dear experts,

This one's been a real pain for me recently. I have a DC, an exchange 2007 server and an ISA server.  The ISA server hosts the exchange Edge Transport services and the exchange server is the Hub Transport.

Outbound mail is being processed fine but inbound mail is queueing up on the edge server. It will sit there for a random amount of time. Then all of a sudden a few will get delivered to the user's mailboxes. This happens constatntly and the users are complaing of delays receiving email.

Now - I had been seeing events suggesting that a certificate had expired. so i generated a new one using the exchange cmdlet - and subsequently wrecked something.  So I performed the following, restarting the relevant services where appropriate:

- generated new cert (I received a warning that the cert was missing in AD but that it was now fixed)
- removed the edge subscription from the HT and the ET
- created a new edge subscription and used the xml file to create a new one on the HT
- started the edge synchronisation

But still the mail is queueing up at the edge server.  I ran through the mailflow trouble shooter and get the following errors:

One or more inconsistencies were found with Active Directory Application Mode (ADAM) instance on server This is an indication that EdgeSync has not successfully replicated critical configuration information from Active Directory to this ADAM instance.

No EdgeSync credentials were found in Active Directory for Edge Transport server role computer %EDGECN%. This occurs when the tool is unable to retrieve one or more values for the 'msExchEdgeSyncCredential' attribute on the server object '%EDGEDN%' in Active Directory.

The test-edgesynchronisation returns a successful message
The necessary rules are in place in ISA

What have i missed?
Question by:tech53
  • 6
  • 2

Author Comment

ID: 36572720
Anyone any ideas on this?

Author Comment

ID: 36573680
the result from the test-edgesynchronization command is:

Name                        : EdgeServer
LeaseHolder                 : HubTransportServer
LeaseType                   : Option
ConnectionResult            : Succeeded
FailureDetail               :
LeaseExpiry                 : 21/09/2011 15:11:22
LastSynchronized            : 21/09/2011 14:11:22
CredentialStatus            : Synchronized
TransportServerStatus       : Synchronized
TransportConfigStatus       : Synchronized
AcceptedDomainStatus        : Synchronized
SendConnectorStatus         : Synchronized
MessageClassificationStatus : Synchronized
RecipientStatus             : Synchronized
CredentialRecords           : Number of credentials 3


Expert Comment

ID: 36581636

try running the start-edgesyncronization command on your hub transport server.  

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.


Author Comment

ID: 36583143
I've done that too - several times! It returns a successful result.  

Expert Comment

ID: 36583214

is the exchange credential service started on the edge transport server ?

Start the Microsoft Exchange ADAM service
1.Click Start, click Run, type services.msc, and then click OK.

2.In the Services, locate the Microsoft Exchange ADAM service in the details pane.

3.Right-click the service, and then click Start.


Author Comment

ID: 36930484
The ADAM sevice is started ok.

Right.  The sync erros have disappeared now following a server reboot.  Event logs on the ISA and exchange box are nice and clean.

So i ran the exchange analyser and discovered a few issues. One particualr issue is described below:

Cannot find 'Host' or 'MX' record(s) for domain exch1
Domain exch1 is a remote domain to which server security1 is trying to send messages but neither the 'MX' records nor 'Host' records of domain exch1 can be obtained from any DNS server security1 uses. This may be causing message backups in the queue or non-delivery reports if the DNS response is 'non-existent domain'.

exch1 is the name of the HT server and security1 is the name of the ISA server, yet it seems to refer to the HT server as a domain rather than a host. The error i see against the queue for the HT is
2421 4.4.2 Connection dropped..."

See this link: 

Thats exactly what i'm experienceing, but I dont see a resolution.

Accepted Solution

tech53 earned 0 total points
ID: 37060471
Ok.  I got the issue resolved.  It was caused by an upchaining issue.  I generated the self signed cert on the exchange server. But the exchange server was not the CA. I generated the cert request and had it authorised by the internal CA. Then i installed the cert on the exchange server and all is good.

Thanks for all your help.

Author Closing Comment

ID: 37087348
see my previous post

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This video discusses moving either the default database or any database to a new volume.
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question