We have two hub transport servers, two CAS servers, and two edge server separated from the others by an isa 2006 server. Mail flow functions, and both edge-servers are active. We use a SAN certificate on all servers and on ISA listener. This SAN certificate has two FQDN: mail.viauc.dk and autodiscover.viauc.dk. The existing edge subscription was at a time, when we did not use a SAN certificate, but two separate certificates.
Now test-edgesynchronization result in: Name EDGE02 LeaseHolder LeaseType 0 ConnectionResult Failed FailureDetail The supplied credential is invalid. LeaseExpiry 01-01-0001 00:00:00 LastSynchronized 01-01-0001 00:00:00 CredentialStatus Skipped TransportServerStatus Skipped TransportConfigStatus Skipped AcceptedDomainStatus Skipped SendConnectorStatus Skipped MessageClassificationStatus Skipped RecipientStatus Skipped CredentialRecords Number of credentials 0
Name EDGE01 LeaseHolder LeaseType 0 ConnectionResult Failed FailureDetail The supplied credential is invalid. LeaseExpiry 01-01-0001 00:00:00 LastSynchronized 01-01-0001 00:00:00 CredentialStatus Skipped TransportServerStatus Skipped TransportConfigStatus Skipped AcceptedDomainStatus Skipped SendConnectorStatus Skipped MessageClassificationStatus Skipped RecipientStatus Skipped CredentialRecords Number of credentials 0
In the application log on the hub servers we get these two events: eventID 1024: The connection to the ADAM instance of the Edge Transport server failed with exception "The supplied credential is invalid.". This could be caused by a failure to resolve the Edge Transport server name DMZ-EDGE01.via.dk in DNS, a failure when trying to connect to port 50636 on Edge Transport server DMZ-EDGE01.via.dk, network connectivity issues, an invalid certificate, or an expired subscription. Verify the configurations of your network and server. eventID 1036: Microsoft Exchange couldn't connect to DMZ-EDGE01.via.dk by using credentials cn=ESRA.DMZ-EDGE01.FND-HUB01.1,CN=Services,CN=Configuration,CN={8B2E60D2-86DA-4C43-B7C1-A27F59C2BE17}. The password hash is cNL/wm/qZ7B50Y1am0JWsIcbog/uIM+/nYQB0Le4rFk=. An expired replication account is the cause. Resubscribe the Edge Transport server by running the New-EdgeSubscription command on both Edge Transport server DMZ-EDGE01.via.dk and this server again. You do not have to run the Remove-EdgeSubscription command. I would like to resubscribe my edge servers, but one source (http://www.petri.co.il/forums/showthread.php?t=26386) states that he had to remove his SAN certificate from the edge-server and install a self-signed certificate in order for the subscription process to succeed.
Another (http://www.networksteve.com/exchange/topic.php?TopicId=22011) states that SAN certificates on edge server are only necessary if you use TLS in mail-traffic (Which we don’t). In all other cases a self-signed certificate should be sufficient.
Are there compatibility issues with San certificates and edgesubscription? If Yes what are these issues and how are they best solved.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2007] >> Secure Messaging >> Edge subscription and SAN certificates 
Edge subscription and SAN certificates - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
