Understanding Edge Transport Server Cloned Configuration

 

Applies to: Exchange Server 2010 SP3, Exchange Server 2010 SP2

The Microsoft Exchange Server 2010 Edge Transport server role stores its configuration information in Active Directory Lightweight Directory Services (AD LDS). You can install more than one Edge Transport server in the perimeter network and use Domain Name System (DNS) round robin, a simple mechanism that's used by DNS servers to share and distribute loads for network resources, to help balance network traffic among the Edge Transport servers.

To make sure that all Edge Transport servers that you deploy are using the same configuration information, you can use the provided cloned configuration scripts in the Exchange Management Shell to duplicate the configuration of a source server to a target server.

You use cloned configuration to deploy new Edge Transport servers based on a configured source server. The configuration information for the source server is duplicated and then exported to an XML file. The XML file is then imported to the target server.

This topic provides an overview of the cloned configuration process. For detailed steps about configuring your Edge Transport servers using cloned configuration, see Configure Edge Transport Server Using Cloned Configuration.

Cloned Configuration and EdgeSync

Run the EdgeSync process after you import the cloned configuration. To perform recipient lookup and message security tasks, the computer that has the Edge Transport server role installed requires data that resides in Active Directory. EdgeSync is a collection of processes that are run on a computer that has the Hub Transport server role installed to establish one-way replication of recipient and configuration information from Active Directory to the AD LDS instance on an Edge Transport server. The Microsoft Exchange EdgeSync service copies only the information that's required for the Edge Transport server to perform anti-spam tasks and the information about the connector configuration that's required to enable end-to-end mail flow. The Microsoft Exchange EdgeSync service performs scheduled updates so that the information in AD LDS remains current.

Cloned configuration doesn't duplicate the Edge Subscription settings of a server. The certificates that are used by the Microsoft Exchange EdgeSync service aren't cloned. You must run the EdgeSync process separately for each Edge Transport server. The Microsoft Exchange EdgeSync service overwrites any settings that are included in both cloned configuration information and in EdgeSync replication information. These settings include Send connectors, Receive connectors, accepted domains, and remote domains.

Cloned Configuration Process

The cloned configuration process consists of three steps:

  1. Export the configuration on the source server.

    In this step, you run the ExportEdgeConfig.ps1 script to export the source server's configuration information to an intermediate XML file.

  2. Validate the configuration on the target server.

    In this step, you run the ImportEdgeConfig.ps1 script. This script checks the existing information in the intermediate XML file to see whether the settings that were exported are valid for the target server and then creates an answer file. The answer file specifies the server-specific information that's used during the next step when you import the configuration on the target server. The answer file contains entries for each source server setting that isn't valid for the target server. You can modify these settings so that they're valid for the target server. If all settings are valid, the answer file contains no entries.

  3. Import the configuration on the target server.

    In this step, the ImportEdgeConfig.ps1 script uses the intermediate XML file and the answer file to clone an existing configuration or to restore the server to a specific configuration.

These steps are described in detail in the following sections.

Step 1: Export the Configuration

After you install and configure the Edge Transport server role, run the ExportEdgeConfig.ps1 script. This script retrieves the source server's configuration information and stores the information in an intermediate XML file.

The following information is exported from the source server and stored in the intermediate XML file:

  • Transport server-related information and log file path information. The following file paths are exported:

    • ReceiveProtocolLogPath

    • SendProtocolLogPath

    • MessageTrackingLogPath

    • PickupDirectoryPath

    • RoutingTableLogPath

  • Transport agent-related information that includes the status and priority settings of each transport agent.

  • All Send connector-related information. If any Send connectors are configured to use credentials, the password is written to the intermediate XML file as an encrypted string. You can use the -key parameter with the ImportEdgeConfig.ps1 and ExportEdgeConfig.ps1 scripts to specify the 32-byte string to use for password encryption and decryption. If you don't use the -key parameter, a default encryption key is used.

  • Receive connector-related information. To modify the local network binding and port properties, you must modify the configuration information in the answer file that's created in the validate configuration step.

  • Accepted domain configuration.

  • Remote domain configuration.

  • Anti-spam features configuration settings. The following information is exported:

    • IP Allow list information. Only the IP Allow list entries that were manually configured by the administrator are exported.

    • IP Block list information.

    • Content filter configuration.

    • Recipient filter configuration.

    • Address rewrite entries.

    • Attachment filter entries.

Step 2: Validate the Configuration

The target server is an Exchange 2010 server that has a clean installation of the Edge Transport server role. Run the ImportEdgeConfig.ps1 script on the target server to validate the existing information in the intermediate XML file and to create the answer file. The answer file specifies the server-specific information that's used during the next step in the cloned configuration process when you import the configuration on the target server. The answer file contains entries for each source server setting that isn't valid for the target server. You can modify these settings so that they're valid for the target server. If all settings are valid, the answer file contains no entries. The intermediate XML file can be used for different target servers. The answer file is specific to a target server.

The ImportEdgeConfig.ps1 script performs the following tasks during this step:

  • The script verifies that the data paths and log paths can be created on the target server. If the paths can't be created, a blank path is inserted into the answer file.

  • For each Send connector in the XML file, the script adds a blank entry for the source IP address in the answer file.

  • For each Receive connector in the XML file, the script adds a blank entry for the local network bindings in the answer file.

You must manually modify the answer file to provide the following information about server-specific settings:

  • Fill in the data paths and log paths. If these paths are left blank in the answer file, the paths that are configured in the intermediate XML file are used in the next step when you import the configuration on the target server.

  • For each Send connector entry, fill in the source IP address. If this field is left blank, an error occurs in the import configuration step.

  • For each Receive connector entry, fill in the local network bindings. If the local network bindings are left blank, an error occurs in the next step when you import the configuration on the target server.

Step 3: Import the Configuration

Perform this step on any target server to clone the configuration of an existing Edge Transport server or to restore the server to a specific configuration. Run the ImportEdgeConfig.ps1 script to validate and import the new configuration. After you run this script, the target server's configuration matches the settings in the intermediate XML file and the answer file.

Important

It's a best practice to back up the existing server configuration before you run the import configuration process, so that if the cloning operation fails, the server can be restored to the previous stable state.

This step uses the server-specific information that's provided in the answer file. If a setting isn't specified in the answer file, the data in the intermediate XML file is used. Before the script modifies the configuration, the script validates the data in the intermediate XML file and the answer file.

The following configuration settings of the target server are modified during the import configuration step:

  • The transport agent configuration is modified.

  • The existing connectors on the target server are removed, and the connectors that are present in the intermediate XML file are added.

  • The existing accepted domains are removed, and the accepted domain entries in the intermediate XML file are added.

  • The existing remote domains are removed, and the remote domain entries in the intermediate XML file are added.

  • The existing IP Allow list entries are removed, and the IP Allow list entries in the intermediate remote domains file are added.

  • The existing IP Block list entries are removed, and the IP Block list entries in the intermediate remote domains file are added.

  • The following anti-spam configuration is cloned to the target server:

    • Content filter configuration

    • Recipient filter configuration

    • Address rewrite entries

    • Attachment filter entries

Transport Configuration Information

The settings of the transport configuration object define server-wide e-mail transport settings for an Edge Transport server. When you import the intermediate XML file to the target server, all the settings of the transport configuration object except for the following are imported:

  • General names and creation dates from the exported XML file

  • Send connector information

  • Receive connector information

  • Attachment filter entries

  • The MaxDumpsterSizePerStorageGroup attribute entry

After the import process is complete, you may also configure the settings by using the Set-TransportConfig cmdlet. For more information, see Set-TransportConfig.

The following table describes the attributes that are associated with the transport configuration object and the default values. You configure this object on both Hub Transport servers and Edge Transport servers. However, many attributes apply only to Hub Transport servers and configuring those attributes on an Edge Transport server will have no effect.

Transport configuration attributes and default values

Attribute Description Default value

ClearCategories

This attribute specifies whether to clear Microsoft Office Outlook categories during content conversion.

True

GenerateCopyOfDSNFor

This attribute specifies the delivery status notification (DSN) codes that cause the DSN message to be copied to the postmaster e-mail address. DSN codes are entered as x.y.z and are separated by commas.

5.4.8, 5.4.6, 5.4.4, 5.2.4, 5.2.0, 5.1.4

InternalSMTPServers

This attribute specifies a list of internal SMTP server IP addresses or IP address ranges that should be ignored by Sender ID and connection filtering.

Null

JournalingReportNdrTo

This attribute specifies the e-mail address to which journal reports are sent if the journaling mailbox is unavailable. This attribute doesn't apply to the configuration of an Edge Transport server.

Null

MaxDumpsterSizePerStorageGroup

This attribute specifies the maximum size of the transport dumpster on a Hub Transport server. This attribute doesn't apply to the configuration of an Edge Transport server.

18 MB

MaxDumpsterTime

This attribute specifies how long an e-mail message should remain in the transport dumpster on a Hub Transport server. This attribute doesn't apply to the configuration of an Edge Transport server.

7.00:00:00

MaxReceiveSize

This attribute specifies the maximum message size that can be received by recipients in the organization. This attribute doesn't apply to the configuration of an Edge Transport server.

10 MB

MaxRecipientEnvelopeLimit

This attribute specifies the maximum number of recipients that are allowed in a single e-mail message. This attribute doesn't apply to the configuration of an Edge Transport server.

5,000

MaxSendSize

This attribute specifies the maximum message size that can be sent by senders in the organization. This attribute doesn't apply to the configuration of an Edge Transport server.

10 MB

TLSReceiveDomainSecureList

This attribute specifies the remote domains that will use mutual Transport Layer Security (TLS) authentication through Receive connectors configured to support Domain Security. Multiple domains may be separated by commas. The wildcard character (*) isn't supported in the domains that are listed in this attribute.

Null

TLSSendDomainSecureList

This attribute specifies the remote domains that will use mutual TLS authentication when e-mail is sent through a Send connector configured to support Domain Security and the address space of the target domain. Multiple domains may be separated by commas. The wildcard character (*) isn't supported in the domains that are listed in this attribute.

Null

VerifySecureSubmitEnabled

This attribute verifies that e-mail clients that are submitting messages from mailboxes on Mailbox servers are using encrypted MAPI submission. This attribute doesn't apply to the configuration of an Edge Transport server. The valid values for this attribute are $true or $false.

False

VoicemailJournalingEnabled

This attribute specifies whether Unified Messaging voice mail is journaled by the Journaling agent. This attribute doesn't apply to the configuration of an Edge Transport server.

True

Xexch50Enabled

This attribute specifies whether Xexch50 authentication should be enabled for backward compatibility with Exchange Server 2003 servers.

True

Note

If the Edge Transport server is subscribed to the Exchange organization later, the value of the InternalSMTPServers attribute is overwritten during the EdgeSync process. For more information, see Understanding Edge Subscriptions.

 © 2010 Microsoft Corporation. All rights reserved.