First things, first, some organizations forget to deploy ANY Hub servers, and
then wonder why they have email routing problems.
Without at least one Exchange 2007 server with the Hub Transport role enabled,
no internal email gets delivered.
The fundamental procedure for installing
Microsoft Exchange 2007 is the same regardless
of which Server Role you wish to enable. Once you have installed the
operating system, and built your
Exchange 2007 server, navigate to the Control Panel, Add or Remove Programs, now you can add the Hub Transport
Role. Alternatively, you can plan ahead and select this,
and other server roles, during the Exchange 2007 setup.
Let us consider what happens to 'native' clients. By native I mean:
Microsoft Office Outlook 200x, Office Outlook Web Access, Outlook by Phone.
Let us analyze what happens when one of these accounts with an Exchange 2007 mailbox, sends a message.
We will pick up the trail from the message waiting in the outbox.
The Exchange Mail Submission service, contacts
the Store driver which transfers the email into the 'Submission queue' on
the Hub Transport server. This queue leads to the Categorizer, which
is the heart of the Hub Transport server. Rather
like the snail-mail postal service, the Categorizer looks up the recipient's
mailbox, then resolves the best route to that site. Unlike the
snail-mail service, the Categorizer can also do other stuff, such as content
conversion and applying any mail flow rules that are in operation.
The categorizer has two helpers, 'Local Delivery' and 'SMTP Send'.
From their descriptive names, I am sure you can work out which one is for a
mailbox delivery to a server in the same
site, and which one requires remote delivery with external routing.
Because I want to build up concepts slowly but surely, the above diagram
focuses only on internal email. To make the diagram more realistic,
the Categorizer would also have arrows indicating delivery of email from the
internet. My point is that the Categorizer is the central component,
and deals with routing all email irrespective of its source.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
Perhaps the NPM's best feature is the way it suggests solutions to network
problems. Its
second best feature is the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you take advantage of SolarWinds' offer.
Studying your
Active Directory Sites is the key to routing Exchange 2007 email. Each internal recipient,
by definition, has a mailbox server. The role of the Hub Transport server
is to find that mailbox server, and deliver the email to the recipient. When an Exchange
Organization has multiple sites, it's the Hub Transport server that calculates
the best route to send the email.
Incidentally, 'Bridgehead Server' was the old name for the Microsoft Exchange
2007 Hub Transport Server.
Configuring the Hub Transport Server
Your first decision is configure global settings at the Organization level,
or configure individual servers. As usual there are PowerShell
commands as an alternative to the Exchange Management Console, for example:
set-ExchangeServer (For Active Directory) or set-TransportServer
configures the pickup directory or replay directory (Nul)
External DNS is for routing to the internet.
Send connections - On Server not Configurations
SMTP Connectors to IP or EDGE are for partner domains. Where you use
Smart Host there is no need for external DNS. Check out the Permissions
settings.
Receive Connector
The default maybe OK, don't do more work than necessary. The hidden message
is for small organizations use the default settings, but for large
sites, tweak the values.
Why would you need to configure a receive connector? Extra receive connector from specific servers outside your organization.
Mailbox < -> Hub Configuration
Plan multiple routes for fault tolerance. Remember the fundamental messaging
routing rules - No AD, No messaging. Exchange Server 2007 implements 'Queue at point of failure',
as a result alternative routes not used. Compared with Hub Transport,
the
Edge servers have extra capabilities, for example, security with Exchange host
services.
There are several strategies for sending and receiving email from external
recipients. Microsoft say that the best method is to use a dedicated Edge
server, however most Exchange 2007 Organizations, at least in the UK, seem to
avoid the Edge server and choose other methods. This maybe because they
already had tried and trusted connections to the internet before they
transitioned to Exchange 2007. Here are the common strategies for sending
and receiving external email.
Edge Server
Non-Microsoft connection to the internet. (Maybe you already have a
3rd party connection.)
Create a send and receive Connector from the Hub Transport Server
to the internet. Not recommended as it exposes the internal
network to extra attacks from the internet.
When planning, create a server with the Hub Transport role before
creating and configuring the Mailbox role. For small companies it may not be
feasible to have multiple Exchange 2007 servers, thus administrators may
look at ways to house two or more Exchange 2007 roles on one server.
Here are common scenarios, some good, some not recommended.
Hub Transport and CAS (Client Access Server). This combination
works well, add both roles before setting up the Mailbox server role.
Hub Transport and Mailbox. Problem if the Mailbox servers setup in
a cluster. OK if no cluster.
Hub Transport and Unified Messaging Server. No problems
Hub Transport and Edge Transport. Impossible, even if you
found a work-around this is an undesirable combination.
Coexistence Between Exchange 2007 and Exchange 2003 (or Exchange 2000)
This is the situation, you install the first Exchange 2007 Hub Transport
server in an existing Exchange 2003 or Exchange 2000 organization. As
it completes configuring the Hub Role, the wizard creates a new routing
group for all Exchange 2007 servers. However, it requires your
intervention to specify an Exchange 2003 or Exchange 2000 bridgehead server
to which it will connect the new Exchange 2007 routing group.
Trap: Do not rename the Exchange Routing Group
(DWBGZMFD01QNBJR). The setup wizard also creates two reciprocal
routing group connectors between the specified bridgehead server and the Hub
Transport server that you are installing. Just to double-check, you
should now have one Exchange 2007 routing group and two reciprocal routing
group connectors to the bridgehead Exchange 2003 server.
As part of the routing group connector setup, you will see a universal
security group (USG) called ExchangeLegacyInterop. Members of this USG
have the permissions required to send and receive email to Exchange 2007.
If you need to create more routing group connectors to Exchange 2003 then
use the new-RoutingGroupConnector cmdlet in the Exchange Management Shell.
To become expert at the PowerShell syntax try
get-Help new-RoutingGroupConnector
Guy Recommends:
The SolarWinds Exchange Monitor
Here is a
free tool to monitor your Exchange Server. Download and
install the utility, then inspect your mail queues, monitor the Exchange
server's memory, confirm there is enough disk space and check the CPU
utilization. This is the real deal - there is no catch. SolarWinds
provides this fully-functioning product for free, as part of their commitment to
supporting the network management community.
In addition to routing mail, the Hub role applies business policies, for
example, you can add separate disclaimers to different Active Directory groups.
You could investigate the benefits of adding the Hub Transport role to multiple
Exchange 2007 servers. Load balancing and redundancy would be two obvious
advantages.
The Hub server checks the recipient of each email and resolves whether that
person has a mailbox in the Exchange Organization, or whether it has an external
address. The routing and the categorizing components combine to plan
the delivery of the email.
Checklist for Business Rules to Apply to Your Hub Server
Should you keep copies of messages as part of a long-term document
retention commitment? Do you need journaling?
Does your company send confidential messages?
Are their emails that should be prioritized? Or messages to be
scheduled?
Would you like to add disclaimers to the bottom of certain emails?
Would you like to restrict the size of attachments?
Configuring the Transport Rules Agent
As with the Edge Server, the Hub Transport Server relies on there components to
put your business rules into practice. The three mechanisms are:
Conditions: Subject = Job, Recipients = Manager. You can set
rules on many other message fields.
Actions: Modify (disclaimer), log (journal), redirect, or even drop
the message.
Exceptions: Identify emails which are exempt from the rule.
Getting Started - Creating a Transport Rule
Launch the Exchange Management Console.
In the left tree, click Organization Configuration --> click Hub
Transport.
In the result pane, click the Transport Rules tab.
Now, in the action pane, click New Transport Rule.
Now its over to the Transport Rule wizard to guide you through the
parameters for your rule.
There are also three PowerShell cmdlets to help you create and configure
Transport Rules:
new-TransportRule
get-TransportRulePredicate
get-TransportRuleAction
»
Improvements that SP1 Brings to Hub Transport Servers
NLB (Network Load Balancing) for inbound SMTP connections.
Another job for PowerShell (EWS is the name of the Virtual Directory)
When resource such as memory, queue length, or even disk space are
approaching critical values, you will start seeing Event IDs 15001, 15002,
15003, 15004 and 15005 logged in the system log. If you experience
these 'Back Pressure' problems try and alleviate the underlying cause, for
example freeing up disk space would be the easiest. However, as an
emergency measure, or for troubleshooting you could configure some of the
values that trigger these Event IDs. Provided you have the necessary
knowledge, you could experiment with the EdgeTransport.exe. file that is
located in the C:\Program Files\Microsoft\Exchange Server\Bin directory.
Specific Problem with Queues
Problems with queues at the Edge Server In the Queue
Viewer, you see this error message:
451 5.7.3 'Cannot achieve Exchange Server authentication'.
Solution: Launch the Exchange Management Console
Navigate to Server Configuration --> Hub Transport.
Right-click the Receive connector, and then select Properties.
Select the Authentication tab.
Make sure there is a tick in the Transport Layer Security (TLS) check box.
Also tick the Exchange Server authentication check box.
Click Apply.
Synchronize with the Hub Transport Server
To complete the job, force synchronization with one of these PowerShell
commands.
To troubleshoot connection problems, try this simple command, substitute
the name of the Exchange server for 'BigServer':
Telnet Bigserver 25
You should see something like:
220 BigServer.CP.com Microsoft ESMTP MAIL Service, ......
Installation Problems
Any problems with the installation, then check the \ExchangeSetupLogs folder, in particular examine
the ExchangeSetup.log file. Also, remember the Eventlogs, both System
and Application.
Guy Recommends: SolarWinds' Free Bulk Mailbox Import Tool
Import users, complete with mailbox from a spreadsheet. Just provide a list of the
users with the fields in the
top row, and save as .csv file. Then launch this FREE utility and match
your Exchange fields with AD's
attributes, click and import the users. Optionally, you can
provide the name of the OU where the new mailboxes will be born.
There are also two bonus tools in the free download, and all 3 have been approved by Microsoft:
Bulk-import new users and mailboxes into Active Directory.
The Exchange 2007 server hub transport role is central to your plans for an
efficient email system. Its twin functions are to discover which server
holds the recipients mailbox, and to calculate the best route to deliver the
email.
Each Exchange 2007 organization needs at least one server with the Hub Transport
role enabled. When you plan your Exchange system, it would be easy to
combine the Transport role with other roles such as CAS or Unified Messaging.
If you like this page then please share it with your friends
Here is a
free tool to monitor your Exchange Server.
Download the utility, then inspect your mail queues, monitor Exchange server's
memory, confirm there is enough disk space and check the CPU utilization.
