Tag Archives: Edge Transport Server

Cisco IronPort and Exchange 2016

If you have been following my blogs over the years you should be aware that I’ve always been using Exchange Edge Transport servers in front of my Mailbox servers for message hygiene purposes. My last (well known) environment looked like this:

image

There are two Mailbox servers (Exchange 2013 and Exchange 2016) and two Edge Transport servers (also Exchange 2013 and Exchange 2016). MX records point to both Edge Transport servers and there are two Edge Synchronizations. And the Edge Transport servers were capable for DKIM signing (as posted in a previous blogpost), but lacked DKIM verification and DMARC validation.

The most important part in the Edge Transport server is the Real Time Blocklist, configured to use Spamhaus for connection filtering. While this works pretty well (there still is quite some spam that gets delivered into mailboxes) there is always room for improvement. I have been looking at cloud solution, but they didn’t always deliver what was expected.

A couple of my customers are using Cisco Email Security Appliance (previously known as IronPort) solutions on-premises and are happy with it, so time to start testing a Cisco Email Security Appliance (ESA) in my own environment. Continue reading Cisco IronPort and Exchange 2016

Health Manager does not start on Exchange 2013 Edge Transport Server

After installing an Exchange 2013 Edge Transport Server (CU6) I noticed the Microsoft Exchange Health Manager was not running. When trying to start this service the following error occurred:

Windows could not start the Microsoft Exchange Health Manager service on Local Computer.

Error 1075: The dependency service does not exist or has been marked for deletion.

image

Continue reading Health Manager does not start on Exchange 2013 Edge Transport Server

Exchange 2013 Edge Transport Server and SSL Certificates

When installing an Exchange 2013 Edge Transport server a self-signed certificate is created and configure for use with the SMTP Transport server. The self-signed certificate has the NetBIOS hostname as the Common Name and the FQDN in the Subject Alternate Names field.

You can view this self-signed certificate using the Certificate MMC snap-in:

image

Continue reading Exchange 2013 Edge Transport Server and SSL Certificates

Configuring Exchange 2013 Edge Transport server

In my previous article I explained how to install and Exchange 2013 Edge Transport server and how to create and activate the Edge Synchronization process. In this blog post I’d like to explain a bit more how to configure Message Hygiene on the Edge Transport server.

Exchange Management Shell

The only possibility to configure the Exchange 2013 Edge Transport server is by using the Exchange Management Shell (PowerShell). There’s no GUI available for managing the Edge Transport server. The bright side of this is that there’s no IIS anymore on the Edge Transport server and that the attack surface of this server is smaller, something that’s important when connecting a server directly to the Internet. Continue reading Configuring Exchange 2013 Edge Transport server