We’ll start this article with a short description of the Exchange Server Edge Transport role and we will then explore how it is possible to back up an Exchange Server with Windows Server 2003 built-in tools and how you can use the Exchange Server Edge cloning process to back up the Edge Transport Server functions.
What is the Edge Transport Server Role?
An Edge Transport Server role is new to Exchange Server 2007. An Edge Transport Server is a special Exchange role which is typically placed in the DMZ (DeMilitarized Zone) of an Enterprise. The role of the Exchange Server 2007 Edge Transport Server is to be an SMTP Gateway for incoming and outgoing E-Mail messages. While transferring messages through the Edge Server, e-mail messages will be scanned, and message hygiene functions like SenderID, Intelligent Message filtering and different White- and Blacklists will be carried out. As an additional service it is possible to install Microsoft Forefront Edge Server Security products to scan E-Mail messages against viruses and additional anti spam methods.
Exchange Server 2007 Edge Transport servers are not part of the internal Active Directory domain and are typically installed into a Windows Server workgroup. Exchange Server 2007 Edge Transport server uses AD/AM – Active Directory Application mode, a minimal Directory service to store information about Exchange recipients and some other information. A process called EdgeSync synchronizes information from internal Active Directory servers into the AD/AM database instance.
Figure 1: Exchange Server 2007 roles (Source: Microsoft)
The primary Edge Transport Server backup method is to use the Edge Cloning feature, but in addition to a cloned configuration you should back up the System State on every Exchange Edge Server and the Exchange Message Tracking and protocol log files which are typically stored in C:\Program Files\Microsoft\Exchange Server\TransportRoles\Logs.
Figure 2: Back up the System State of the Edge Transport server role
Using Edge Cloning
As you now know, Exchange Server 2007 Edge Transport servers store their information in an ADAM database. ADAM supports replication but Exchange Server 2007 doesn’t use this feature so if you must implement multiple Edge Transport servers in the DMZ you have to manually create the required configuration or you must use a process called Edge cloning which is used to easily configure multiple Edge Transport servers. To enable cloned Edge Transport Servers you must use the Exchange Management Shell (EMS) to execute some predefined scripts. You will export the Edge Server configuration on the source Transport Server into an XML file. The cloned Edge configuration will then be deployed on the destination Server. After successfully importing the XML file on the destination server you can start the Edge Sync process.
There are some things to keep in mind: An Edge Server cloned configuration does not replicate the Edge Subscription settings of the source server. The certificates that must be used by the EdgeSync service are also not cloned. You must run the EdgeSync process separately for each Edge Transport Server. Edge cloning is a process of configuring multiple Edge Transport servers with identical configurations. Edge cloning can be used to back up the configuration on one Edge Transport server, and then replicate it to another Edge Transport server for redundancy or disaster recovery.
The cloned configuration process consists of three steps
First you must export the configuration on the Source Edge Transport Server. You must run the ExportEdgeConfig.ps1 script to an intermediate XML file.
Syntax: ./ExportEdgeConfig -cloneConfigData:”C:\CloneConfigData.xml”
Figure 3: Export Edge configuration
Next you must validate the configuration on the Edge Transport server where you want to import the configuration. Run the ImportEdgeConfig.ps1 script. The script checks the intermediate XML file that you previously created by the Edge Transport export process to see that the exported settings are valid for the target server and then creates the answer file. The answer file is typically empty and contains only data when there are server settings that are not valid in the intermediate XML file from the source Server.
The following picture shows an example of the exported XML file.
Figure 4: Intermediate XML export file
After that, import the configuration on the Edge Transport target server. The ImportEdgeConfig.ps1 script uses the intermediate XML file and the answer file to clone an existing configuration or to restore the destination Edge Transport server to a specific configuration.
The Edge Transport Server export process exports the following configuration settings to the intermediate XML file.
- Transport agent-related information that includes the status and priority settings of each transport agent.
- All Send connector-related information
- Receive connector-related information. To modify the local network binding and port properties, you must modify the configuration information in the answer file that is created in the validate configuration step.
- Accepted domain configuration.
- Remote domain configuration.
- Anti-spam features configuration settings.
Validating the Configuration
The target server is an Exchange 2007 server that has a clean installation of the Edge Transport server role. Run the ImportEdgeConfig.ps1 script on the target server to validate the existing information in the intermediate XML file and to create the answer file. The answer file specifies the server-specific information that is used during the next step in the cloned configuration process when you import the configuration on the target server. The answer file contains entries for each source server setting that is not valid for the target server. You can modify these settings so that they are valid for the target server. If all settings are valid, the answer file contains no entries. The intermediate XML file can be used for different target servers. The answer file is specific to a target server.
Syntax: ./importedgeconfig.ps1 -cloneConfigData “C:\CloneConfigData.xml” -isImport $false -CloneConfigAnswer “C:\CloneConfigAnswer.xml”
Figure 5: Check the Export file
Importing the Configuration
You must run the ImportEdgeConfig.ps1 script to validate and import the configuration from the source server to the destination server.
Syntax: ./importedgeconfig.ps1 -cloneConfigData “C:\CloneConfigData.xml” -isImport $true -CloneConfigAnswer “C:\CloneConfigAnswer.xml”
The import process takes a while and if everything is moving along well, you will get the following message after the import process: “Importing Edge configuration information succeeded”.
What is not part of the cloning process?
When the configuration information is exported from the source Edge Transport server, the Transport configuration object which contains E-Mail transport settings will not be submitted to the intermediate XML file which you must import into the destination Edge Server. If you want to have these settings on the cloned destination Exchange Edge Server you have to use an Exchange Management Shell CMDlet (Set-TransportConfig).
What’s new in Exchange Server 2007 SP1 for the Edge Transport Server role?
There are few exciting new functions with Exchange Server 2007 SP1 and the Edge Transport server role. Edge Transport servers that have Exchange Server 2007 SP1 installed include the transport configuration object in the information that is written to the intermediate XML file. Therefore, the settings of the transport configuration object on the target server have the same values as the source server after the intermediate XML file is imported.
The following table lists the attributes and default values that are used with the Transport configuration object in Exchange Server 2007 RTM and Exchange Server 2007 SP1. Most of the objects are only configurable on Hub Transport Server but it is possible to configure these objects on Exchange Server 2007 Edge Server too, but these settings have no effects.
Exchange 2007 RTM default value
Exchange 2007 SP1 default value
|ClearCategories||This attribute specifies whether to clear Microsoft Office Outlook categories during content conversion.||True||True|
|GenerateCopyOfDSNFor||This attribute specifies the delivery status notification (DSN) codes that cause the DSN message to be copied to the postmaster e-mail address. DSN codes are entered as x.y.z and are separated by commas.||5.4.8, 5.4.6, 5.4.4, 5.2.4, 5.2.0, 5.1.4||5.4.8, 5.4.6, 5.4.4, 5.2.4, 5.2.0, 5.1.4|
|InternalSMTPServers||This attribute specifies a list of internal Simple Mail Transfer Protocol (SMTP) server IP addresses or IP address ranges that should be ignored by Sender ID and connection filtering.||Null||Null|
|JournalingReportNdrTo||This attribute specifies the e-mail address to which journal reports are sent if the journaling mailbox is unavailable. This attribute doesn’t apply to the configuration of an Edge Transport server.||Null||Null|
|MaxDumpsterSizePerStorageGroup||This attribute specifies the maximum size of the transport dumpster on a Hub Transport server. This attribute doesn’t apply to the configuration of an Edge Transport server.||18 MB||18 MB|
|MaxDumpsterTime||This attribute specifies how long an e-mail message should remain in the transport dumpster on a Hub Transport server. This attribute doesn’t apply to the configuration of an Edge Transport server.||7.00:00:00||7.00:00:00|
|MaxReceiveSize||This attribute specifies the maximum message size that can be received by recipients in the organization. This attribute doesn’t apply to the configuration of an Edge Transport server.||Unlimited||10 MB|
|MaxRecipientEnvelopeLimit||This attribute specifies the maximum number of recipients that are allowed in a single e-mail message. This attribute doesn’t apply to the configuration of an Edge Transport server.||Unlimited||5,000|
|MaxSendSize||This attribute specifies the maximum message size that can be sent by senders in the organization. This attribute doesn’t apply to the configuration of an Edge Transport server.||Unlimited||10 MB|
|TLSReceiveDomainSecureList||This attribute specifies the remote domains that will use mutual Transport Layer Security (TLS) authentication through Receive connectors configured to support Domain Security. Multiple domains may be separated by commas. The wildcard character (*) is not supported in the domains that are listed in this attribute.||Null||Null|
|TLSSendDomainSecureList||This attribute specifies the remote domains that will use mutual TLS authentication when e-mail is sent through a Send connector configured to support Domain Security and the address space of the target domain. Multiple domains may be separated by commas. The wildcard character (*) is not supported in the domains that are listed in this attribute.||Null||Null|
|VerifySecureSubmitEnabled||The valid values for this attribute are $True or $False. The VerifySecureSubmitEnabled attribute verifies that e-mail clients that are submitting messages from mailboxes on Mailbox servers are using encrypted MAPI submission. This attribute doesn’t apply to the configuration of an Edge Transport server.||False||False|
|VoicemailJournalingEnabled||This attribute specifies whether Unified Messaging voice mail is journaled by the Journaling agent. This attribute doesn’t apply to the configuration of an Edge Transport server.||True||True|
|Xexch50Enabled||This attribute specifies whether Xexch50 authentication should be enabled for backward compatibility with Exchange Server 2003 servers.||True||True|
Table 1: New Edge Transport Server features in Exchange Server 2007 SP1 (Source: Microsoft)
Using Edge Transport Server Cloned Configuration