Creating an Edge Subscription

Article
02/25/2011

Updated: February 1, 2011

Applies To: Forefront Threat Management Gateway (TMG)

This topic describes how to use the Exchange Management Console to create a new Edge Subscription for all the members of your Forefront TMG array. After you perform this procedure, the Edge Transport servers that are installed on each of your Forefront TMG array members are associated with the Hub Transport servers in an Active Directory site. For more information about Edge Subscriptions, see the following:

Exchange 2007	Exchange 2010
Understanding Edge Subscriptions	Understanding Edge Subscriptions

Prerequisites

You must have at least one Hub Transport server installed in the Active Directory site to which you want to subscribe.
Verify that you have configured the settings on the Hub Transport server that are replicated to the Edge Transport server. For more information, see Preparing to run the Microsoft Exchange EdgeSync service.
Read the following topics:
- Exporting Edge Subscription files
- Subscribing the Edge Transport Server to the Exchange Organization
Create the Edge Subscription files by clicking Generate Edge Subscription Files in the Tasks pane of the E-Mail Policy node. If you have multiple Forefront TMG array members, an Edge Subscription file will be created for each array member.
Copy the Edge Subscription files from the Edge Transport server to the Hub Transport server on which you will perform this procedure.

Note

The Edge Subscription files are written in clear text. You must protect these files throughout the subscription process. After the Edge Subscription files are imported to a Hub Transport server, you should immediately delete them from the Forefront TMG server, the Hub Transport server, and any removable media.

Using the Exchange Management Console to import the Edge Subscription file

To import the Edge Subscription file

On the computer running the appropriate Hub Transport server role, open the Exchange Management Console. Expand Organization Configuration, select Hub Transport, and then in the result pane, click the Edge Subscriptions tab.

Note

To perform this procedure, you must be assigned, either directly or using a universal security group, the Organization Management management role.
In the action pane, click New Edge Subscription. On the New Edge Subscription page, complete the following fields:
- Active Directory site—Click Browse, and then select an Active Directory site in the drop-down list. This field identifies the Active Directory site where the Hub Transport server is connecting to the Edge Transport server for which the Edge Subscription exists.
- Subscription file—Click Browse, and then select an Edge Subscription file.
- Automatically create a Send connector for this Edge Subscription—Select this check box to automatically create a Send connector that routes messages from the Exchange organization to the Internet. The Edge Subscription will be configured as the source server for the Send connector. The Send connector will be configured to route messages to all domains by using Domain Name System (DNS) MX resource records.
1. Click New.
On the Completion page, click Finish. A status of Completed indicates that the wizard completed the task successfully. A status of Failed indicates that the task was not completed. If the task fails, review the summary for an explanation, and then click Back to make any additional changes.
Repeat steps one through three for each Edge Subscription file.

Verifying synchronization

After you perform this procedure, verify that synchronization completed successfully by inspecting MsExchange EdgeSync events in the Application log in Event Viewer.

If necessary, you can start synchronization manually. Open the Exchange Management Shell from the Programs menu, and run the Start-EdgeSynchronization cmdlet to immediately start synchronization of configuration data from the Active Directory directory service to the Forefront TMG array members.

Recreating the Edge Subscription

You will need to recreate the Edge Subscription in the following scenarios:

Installing a new Hub Transport server—When an Edge Transport server is subscribed to an Active Directory site, all the Hub Transport servers that are currently installed in that Active Directory site can participate in the EdgeSync process. If one of those servers is removed, the Microsoft Exchange EdgeSync service that is running on the remaining Hub Transport servers continues the data synchronization process. However, if new Hub Transport servers are installed in the Active Directory site, they cannot participate in the EdgeSync process.
Joining a Forefront TMG server to the array—If you add a server to the array, you must re-subscribe the Edge Transport server.
Applying a license to the Edge Transport server— If the license key is applied on the Edge Transport server after you perform the Edge Subscription process, the licensing information is not updated in the Exchange organization, and you must re-subscribe the Edge Transport server.

To do recreate the Edge Subscription, generate the Edge Subscription files again, export them to the Hub Transport server, and re-import them.

Tasks

Subscribing the Edge Transport Server to the Exchange Organization