RE: Edgesync Credentials Not Found For Edge Transport

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: Samhain_Knight <samhain.knight@xxxxxxxxx>
• Date: Fri, 7 Mar 2008 10:08:01 -0800

---

I found out what was the cause of this problem and fixed it. It was a
certifacte mismatch between the Hub Transport server and the Edge Server. I
had to generate a new certifcate on the hub server and then unsubscribe and
re-subscribe the Edge server and everything syncs now.

Here's how you can do it:

This issue can be caused by two factors:

1. A new Hub server is installed after Edge sync has been run, so it will
not participate in the EdgeSync process
or
2. The Exchange Server Certificate on the hub server is missing (corrupted
or deleted by mistake)

So, firstly, please confirm if this hub server is newly added after the
subscription, if true, we need to remove the existing subscription from all
the edge and hub servers using the “remove-edgesubscription” CMDlet then
re-subscribe; If false, please perform the following troubleshooting steps to
check the certificate:

============================================

1. Verify that Hub is able to resolve Edge over DNS and is able to
communicate with Edge on port 50636.
2. Run "Get-ExchangeCertificate" cmdlet on Hub and see if there are any
certificates.
3. If there are no certificates found, go to Step 10 directly.
4. If certificates are found, make a note of thumbprints of all the
certificates.
5. Making a note of the thumbprint of the Hub Server Certificate stored in
AD by running the following steps:

a. Unzip the attached file to the c:\ drive
b. In the Exchange management shell change to the c:\ directory and run the
command:

.. c:\certlib.ps1

Note: In Step b, the command is: period space c:\certlib.ps1

c. Run the following command:

GetTLSCertfromAD "<server name>" | fl

Note: You need to replace <server name> in the above CMDlet with the actual
name of your hub server.

d. Make a note of the thumbprint for the certificate displayed.

6. Compare this thumbprint to see if it matches any of the thumbprints noted
earlier using "Get-ExchangeServerCertificate" cmdlet on Hub in Step 4.
7. If it matches with any of the earlier thumbprints, the Exchange Server
Certificate is corrupted causing mail flow issue.
8. If there are no matches found, the Exchange Server Certificate is missing.
9. In either case we will create a new Self-Signed Exchange Server
Certificate to resolve the original issue.
10. In the Exchange Management Shell, run the "New-ExchangeCertificate"
cmdlet.
11. It throws a warning and creates a new Exchange Server Certificate.
12. Restart the Transport Service on the Hub.
13. Verify that the thumbprint of the new certificate now matches with the
version stored in AD using steps 2 to 6.
14. Remove the present Edge Subscription from the Hub and restart Transport
Service.
15. Run "Remove-EdgeSubscription" on the Edge and restart Transport Service.
16. Create a new Edge Subscription on the Edge using "New-EdgeSubscription"
cmdlet and import the xml file to Hub.
17. Re-subscribe the Edge using the new Subscription file.
18. Initiate synchronization using "Start-EdgeSynchronization" CMDlet.

Now the EdgeSync shall work fine.



"Samhain_Knight" wrote:

Hi,

I have an Edge Server deployed in a DMZ. I generated and imported the edge
subscription w/o errors. But when i run test-edgesynchronizaion on the Hub
transport server i get "No Edgesync credentials were found for edge transport
server..." I also receive error 1032 MSExchange EdgeSync "no credentials for
edge server" in the Hub tranport servers app log.

I can see the Edge user "ESRAUsername" in the xml subsription file. Looks
like everything was created during the subcription generation process. Anyone
have any thoughts or recomendations on how to troubleshoot/fix this problem.

Thanks!

.

---

• References:
  • Edgesync Credentials Not Found For Edge Transport
    • From: Samhain_Knight

• Prev by Date: Re: How do I cheat the Exchange 2007 Prerequisites check?
• Next by Date: Exchange 2000 to Exchange 2003 swing migration - DCOM errors
• Previous by thread: Edgesync Credentials Not Found For Edge Transport
• Next by thread: Exchange/Outlook question
• Index(es):
  • Date
  • Thread

---

Relevant Pages certlib.ps1 where can I get it from? ... I have a problem with mail delivery from an Exchange 2007 edge server to the ... and replacing the certificate on the hub server. ... (microsoft.public.exchange.admin) Re: smtp smarthost on edge ... ok its there on the hub transport. ... i had the hub server up and running before i added the edge. ... MVP - Exchange ... (microsoft.public.exchange.admin) Re: Ex 07 SP1 on Srv 08 Hub Transport installation error ... Never mind, I found how to add that, but when I try to reinstall the Hub ... Transport, it still fails with the following error message: ... Brand new installation of Server 2008 Enterprise Edition x64 ... (microsoft.public.exchange.setup) Re: Sending outside email in Exch 2007 ... In Organization Configuration under Hub ... transport in the connector I had "Route mail through the following smart ... simply change IP of the new server to the IP of the old one? ... MVP - Exchange ... (microsoft.public.exchange.admin) Re: Exchange 2007 und Drittanbieter SMTP Gateway ... Server der die Rollen Client Access und Hub Transport übernimmt. ... Der Edge Server bietet Dir einiges mehr. ... Du brauchst den Edge aber nicht zwingend. ... (microsoft.public.de.exchange)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Exchange  > microsoft.public.exchange.setup  > 2008-03