Step by Step Guide on Exchange Server 2010 Edge Transport Role

Edge Transport Role in Exchange Server 2010 provides an important layer of security between external and internal messaging infrastructure. The Edge server analyses messages and can identify spam, content, connection trends and take the appropriate action to prevent delivery of potentially harmful content, spam, and other undesired messages. So, all message coming to and going form entire organization scanned through Edge Transport Server and verify with the policies deployed in it then pass through toward external networks. The Edge Transport server plays a vital role in the messaging infrastructure, protecting the organization from attack and the preventing delivery of unnecessary email, which ultimately can save an organization’s reputation, reduce administrative overhead, and increase productivity.

Installation Prerequisite:

Windows Server 2008 x64 SP 2 or Windows Server 2008 R2

Microsoft .NET Framework 3.5

Windows Remote Management 2.0

Windows PowerShell V2

Active Directory Lightweight Directory Services (AD LDS)

Exchange Server 2010 HT, CAS, Mailbox Roles installed in a separate Windows Server 2008 computer


 1 2 3 4 5 6 7 


Edge Transport Config:

Now from Start>All Programs>Microsoft Exchange Server 2010>Exchange Management Console you have to configure Anti-Spam, Receive Connectors, Send Connectors, Transport Rules, Accepted Domains tabs available in Edge Transport console. on Anti-Spam tab, you have to configure Content Filtering, IP Allow List, IP Allow List Providers, IP Block List, IP Block List Providers, Recipient Filtering, Sender Filtering, Sender ID and Sender Reputation through action pan.

EdgeSync Config on an Edge Transport Server:

In Edge Transport Server, Open the Exchange Management Shell> Type following

New-EdgeSubscription –FileName “C:\Edgeinfo.xml”

Copy the Edge subscription file to the Hub Transport server into C:\Edgeinfo.xml

In Hub Transport Server, Open Exchange Management Console>Organization Configuration>Hub Transport section

In the action pane, click New Edge Subscription>New Edge Subscription Wizard.

Click Browse>select Active Directory site>Select Default First Site

Browse to the location of the Edge subscription file you copied from the Edge Transport server and click Next>Finish

Verify synchronization to the Edge Transport server’s AD LDS and review the application log in Event Viewer on both Hub and Edge Transport servers


Further Study:

Microsoft Tech

Edge Transport Overview

Key Words: Edge Transport, Exchange 2010, AD LDS, Windows Server 2008












About Raihan Al-Beruni

My Name is Raihan Al-Beruni. I am working as an Infrastructure Architect in Data Center Technologies in Perth, Western Australia. I have been working on Microsoft technologies for more than 15 years. Other than Microsoft technologies I also work on Citrix validated solution and VMware data center virtualization technologies. I have a Masters degree in E-Commerce. I am certified in Microsoft, VMware, ITIL and EMC. My core focus is on cloud technologies. In my blog I share my knowledge and experience to enrich information technology community as a whole. I hope my contribution through this blog will help someone who wants more information on data center technologies.
This entry was posted in Exchange Server and tagged , . Bookmark the permalink.

43 Responses to Step by Step Guide on Exchange Server 2010 Edge Transport Role

  1. vasim memon says:

    Hello Brother,

    Can u give doc, regarding how to configure POP/SMTP/Configuration guide for ex 2010……

    Waiting for your replyy


  2. Pingback: Exchange 2010 deployment in different firewall scenario « Information Technology Blog

  3. Sunil says:

    I am looking for HA solution for Edge/CAS/Hub transport any suggestion/design guides



  4. sujith says:

    Hi Brother,
    I am planning to configure an exchange server 2010 with dynamic ip address.Do have any experience on this,please help me out,
    thank you


  5. Ali Zulfiqar says:


    MS recommends the Edge transport server role be outside the AD environment and on another server for spam/AV protection. do you see any options here/ or pls validate this assumption.



    • In best practice architecture, Edge Transport or ET is placed in DMZ. ET uses Antivirus and Antispam engine from Mcafee or Trend Micro. You need to install antivirus on the same server. You can place ET in internal network also. You can have more than one ET if you want. You can use ironport and ET together. Microsoft provide full flexibility to a systems architecture. It’s really up to you what you want.


      • Ali Zulfiqar says:

        Thank you so much bro,

        I have one more question to you, currently we are using win sbs 2003 and exchange in one box as domain controller and file server for users about 20-24 and i want to discard the present machine and implement all new win server ent 2008 and exchange 2010, can u please advise the equipment to implement, like if i need to buy 2 server machines along with 2 sets of win server 2008 and exchange 2010. this would be my first experience in implementation.

        god bless u


  6. melek somai says:


    Thanks for your post.
    I have established a Back to back DMZ network with 2 TMG Firewalls (one in the front and one in the back)
    I was also able to correctly configure exchange server 2010 (one internal server with Hub/CAS/Mailbox and an Edge Server in the DMZ)
    The EdgeSync between the Edge in the DMZ and the Hub in the internal network was successfully done ( the test-edgesynchronization command in the powerShell returned a “Success” status).
    But, I’m actually blocked :
    1- I want to configure the OWA to be able to connect from the internet. So, How should I configure the front and the back TMG servers to be able to do it. Should I configure both or only the front one ?

    2- My FAI, is disabling the MX records, so the only available solution is an FAI Smtp server to which I have to forward mails. For the incoming mails, it will be forwarded directly to my server. So, how can I configure both the Edge and the Front TMG server to be able to work within this restrictions ?

    Looking forwards to your answer !!


  7. Pingback: Blogging year 2010—-what stats says | MicrosoftGURU

  8. melek somai says:

    A more explicit explanation :

    I have a back to back network (Internet-DMZ-Intranet) with 2 TMG servers.

    I have also installed the following servers :
    1- An exchange server including (HT, CAS, MailBox) in the intranet domain.
    But, as you mentioned in your response, I should remove the CAS from the internal server and put it in the DMZ. Can I remove this component from my exchange server without any trouble ? or is there any steps to follow to make a clean remove ?

    2-An edge server in the DMZ with a workable synchronization with the HT.

    3- My ISP cannot register my MX Record due to some government restrictions.
    It provides an alternative solution by redirecting all incoming mails to our server and I should send all my ougoing messages to its SMTP server.

    So, my question is :
    How should I configure my front TMG ? To which server (edge or HT/Mailbox) should I open the SMTP port ? Is there any step by step guide for that.

    Thanks a lot for your help.


    • I understand you are worried placing CAS in DMZ. Then use reverse proxy. An ET in DMZ should work with HT. You just need to allow DNS in DMZ.
      No 3 Q is weird for me. You need an MX record you can have it anywhere in the world.


  9. melek somai says:

    Thanks a lot for your quick answer !🙂

    About Q 3, the ISP is also blocking any SMTP request from outside. So i cannot receive any email from any different Server. The only solution is its routing solution😦.
    I’m acutually working on it. As soon as I find a solution, I’ll let you know.


  10. LE says:

    Can you tell me how to install a good certificate on the edge server because I have a problem after following your configuration using outlook 2010 anywhere I cannot connect to the Exchange server 2010 from internet.
    I get an error message about the proxy server.
    Thank you


  11. Percy says:

    This guide was brilliant, even better was that there is a wizard that will walk you thru the edge subscription steps instead of the powershell stuff.



  12. Trevor says:


    Thank you for the detailed instructions! Do you know if the Exchange 2010 ET and the Lync 2010 Access Edge (AE) can coexist on the same server?

    Thank you!



  13. Gani says:

    hi, thanks for your step, by step guide for edge deployment.
    could you provide after edge subscription, what are the configuration left on edge server
    (like send connector, recieve connector, accepted domain ) do we have to create them on hub server / edge. please explain



  14. Masud says:


    Thanks for your helpful blog . Can you give step by step for configure of external mail of exchange 2007 in one server (win2008 with active director)



  15. Mark Ayer says:

    Please i need help.After configuring my edge transport i try synchronizing and had this error report:

    EdgeSync service cannot connect to this subscription because of error “The LDAP server is


  16. rashid Iqbal says:

    most of the emails come from outside are blocked by our exchange server. we have exchange server + edge sync(i think tmg) for sending/receiving emails from outside.

    Kindly advise.


  17. Priyank says:

    Hi guys,

    i am trying to install exchange on one of my member server but it is failing while installation,when i checked DNS health on my DC the test is failing ,can you please suggest how to solve this issue

    Command use for DNS health:dcdiag /test:DNS

    OS :Windows server 2008 R2


  18. sri says:

    Hi Raihan,

    If i upgrading the exchange server edge 2007 to edge server 2010,

    do i have to reconfigure anti-spam settings (ip block list, block senders etc..) in exchange 2010 server


  19. says:


    I am getting hub transport role installation to solve



  20. says:

    hey, i am getting spam attack on exchange 2010, how i can block that too many mails are genrated. any help


  21. Bharat Shivraj says:

    Hi Raihan,

    I am hoping you can help with my Exchange 2010 SP1 setup. All I am trying to accomplish is to relay mail from Exchange to Internet using SMTP, nothing complicated. Currently my mail leaves but it can take up to an hour for it to resolve DNS for the external emails am I missing something. I have SMTP and and port 53 opened on the firewall. I have setup a send and receive connector and using External DSN Lookups. Let me know if I have missed something, your help is appreciated.


    • How did you configure Exchange I mean what is your design layout? Can you telnet servername 25
      can you use smtpdiag, check EMC>Tools>traffic flow


      • Bharat shivraj says:

        Hi Riahan,

        I can telnet and everything is fine it is just that the mail sits in the Queue for a while and gets an error dnslookup error but the a few minutes later it resolves dns and then leaves Exchange. In order for me to get DNS to work I had to track down our various customer MX records and add it to our exchange to speed up the lookup but this isn’t the ideal method as you can tell.


        Sent from my iPhone


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s