What would you do differently or suggest? ... And, Is this Okay?
This is currently working right now with CA Issued Certificate to the Edge Transport and SelfSigned Certificate on the Hub Server. I would like to get it working with each server's CA Issued Certificate, but...
I was unable to get EdgeSubscription to work by Enabling the CA Issued Certificate for each server. The error logged something like unable to decrypt Edge Transport...Bad Key. Certificates requestes were generated for each server.
Here's What Worked:
EdgeTransport
Import-ExchangeCertificate -FileData ([Byte[]]$(Get-Content -Path c:\certificates\ExportedCert.pfx -Encoding byte -ReadCount 0)) -PrivateKeyExportable $true -Password:(Get-Credential).password
Enable-ExchangeCertificate -thumbprint some_number -services "SMTP"
Bravo HubTransport
New-ExchangeCertificate -Services "IMAP, POP, IIS, SMTP" -PrivateKeyExportable $true
Followed by a Successful New-EdgeSubscription, Test-EdgeSubscription, and Start-EdgeSubscription.
Also, I was able to send an email from Powershell to a User through the EdgeTransport
Topology:
1 Edge Transport Exchange 2010 sp1
- Server 2008 r2 sp1
- WorkGrouped
- Not in DMZ. Will move to DMZ after proof of concept
- CA Issued Certificate while on the domain, then it was taken off the domain and put in a work group.
2 Hub Transports Exchange 2007 sp2
- Both Hub Transports are running Server 2008 r2 sp 1
- Joined to the Domain
- CA Issued Certificates for each hub transport
- Alpha Transport - Test Synchronization return Failed Status.
- Bravo Transport - Test Synchronization return unable to find Bravo Transport in Active Directory.
- 50389 LDP Connection Test Succeeds from Alpha and Bravo Transports to Edge Server.
- 50636 LDP Connection Test Succeeds only after importing the Edge Server Certificate to Hub Transport Server's Trusted Root Certificates.
Thanks,
Homer