Guy Recommends

Beat spammers with anti-spam software for Exchange Server – GFI MailEssentials.
Download FREE trial

---

---

OpusFlow Exchange
Group Calendar

Exchange 2007 Server - Hub Transport Role

Exchange 2007 Server - Hub Transport Role

First things, first, some organizations forget to deploy ANY Hub servers, and then wonder why they have email routing problems.  Without at least one Exchange 2007 server with the Hub Transport role enabled, no internal email gets delivered.

Topics for The Hub Transport Role

• Adding the Hub Transport Role
• Hub Transport Components and Processes
• Routing Internal Email
• Routing External Email
• How the Hub Transport Server Interacts with Other Roles
• Planning, Creating and Managing Business Rules
• Troubleshooting Hub Transport
• Summary - Exchange 2007 Server Hub Transport Role

Adding the Hub Transport Role to Exchange 2007 Server

The fundamental procedure for installing Microsoft Exchange 2007 is the same regardless of which Server Role you wish to enable.  Once you have installed the operating system, and built your Exchange 2007 server, navigate to the Control Panel, Add or Remove Programs, now you can add the Hub Transport Role.  Alternatively, you can plan ahead and select this, and other server roles, during the Exchange 2007 setup.

Exchange 2007 Hub Transport Components and Processes

Let us consider what happens to 'native' clients.  By native I mean: Microsoft Office Outlook 200x, Office Outlook Web Access, Outlook by Phone.  Let us analyze what happens when one of these accounts with an Exchange 2007 mailbox, sends a message.  We will pick up the trail from the message waiting in the outbox. 

The Exchange Mail Submission service, contacts the Store driver which transfers the email into the 'Submission queue' on the Hub Transport server.  This queue leads to the Categorizer, which is the heart of the Hub Transport server.  Rather like the snail-mail postal service, the Categorizer looks up the recipient's mailbox, then resolves the best route to that site.  Unlike the snail-mail service, the Categorizer can also do other stuff, such as content conversion and applying any mail flow rules that are in operation.

The categorizer has two helpers, 'Local Delivery' and 'SMTP Send'.  From their descriptive names, I am sure you can work out which one is for a mailbox delivery to a server in the same site, and which one requires remote delivery with external routing.

Because I want to build up concepts slowly but surely, the above diagram focuses only on internal email.  To make the diagram more realistic, the Categorizer would also have arrows indicating delivery of email from the internet.  My point is that the Categorizer is the central component, and deals with routing all email irrespective of its source.

Routing Internal Email

Studying your Active Directory Sites is the key to routing Exchange 2007 email.  Each internal recipient, by definition, has a mailbox server.  The role of the Hub Transport server is to find that mailbox server, and deliver the email to the recipient.  When an Exchange Organization has multiple sites, it's the Hub Transport server that calculates the best route to send the email.

Incidentally, 'Bridgehead Server' was the old name for the Microsoft Exchange 2007 Hub Transport Server.

Configuring the Hub Transport Server

Your first decision is configure global settings at the Organization level, or configure individual servers.  As usual there are PowerShell commands as an alternative to the Exchange Management Console, for example:

set-ExchangeServer  (For Active Directory)
or
set-TransportServer configures the pickup directory or replay directory (Nul)

External DNS is for routing to the internet.

Send connections - On Server not Configurations

SMTP Connectors to IP or EDGE are for partner domains.  Where you use Smart Host there is no need for external DNS.  Check out the Permissions settings.

Receive Connector

The default maybe OK, don't do more work than necessary.  The hidden message is for small organizations use  the default settings, but for large sites, tweak the values.

Why would you need to configure a receive connector?  Extra receive connector from specific servers outside your organization.

Mailbox < -> Hub Configuration

Plan multiple routes for fault tolerance.  Remember the fundamental messaging routing rules - No AD, No messaging.  Exchange Server 2007 implements 'Queue at point of failure', as a result alternative routes not used.  Compared with Hub Transport, the Edge servers have extra capabilities, for example, security with Exchange host services.

Routing External Email

There are several strategies for sending and receiving email from external recipients.  Microsoft say that the best method is to use a dedicated Edge server, however most Exchange 2007 Organizations, at least in the UK, seem to avoid the Edge server and choose other methods.  This maybe because they already had tried and trusted connections to the internet before they transitioned to Exchange 2007.  Here are the common strategies for sending and receiving external email.

• Edge Server
• Non-Microsoft connection to the internet. (Maybe you already have a 3rd party connection.)
• Create a send and receive Connector from the Hub Transport Server to the internet.  Not recommended as it exposes the internal network to extra attacks from the internet.

How the Hub Transport Server Interact with Other Server Roles

When planning, create a server with the Hub Transport role before creating and configuring the Mailbox role. For small companies it may not be feasible to have multiple Exchange 2007 servers, thus administrators may look at ways to house two or more Exchange 2007 roles on one server.  Here are common scenarios, some good, some not recommended.

• Hub Transport and CAS (Client Access Server).  This combination works well, add both roles before setting up the Mailbox server role.
• Hub Transport and Mailbox.  Problem if the Mailbox servers setup in a cluster.  OK if no cluster.
• Hub Transport and Unified Messaging Server.  No problems
• Hub Transport and Edge Transport.  Impossible, even if you found a work-around this is an undesirable combination.

Coexistence Between Exchange 2007 and Exchange 2003 (or Exchange 2000)

This is the situation, you install the first Exchange 2007 Hub Transport server in an existing Exchange 2003 or Exchange 2000 organization.  As it completes configuring the Hub Role, the wizard creates a new routing group for all Exchange 2007 servers.  However, it requires your intervention to specify an Exchange 2003 or Exchange 2000 bridgehead server to which it will connect the new Exchange 2007 routing group.

Trap: Do not rename the Exchange Routing Group (DWBGZMFD01QNBJR).  The setup wizard also creates two reciprocal routing group connectors between the specified bridgehead server and the Hub Transport server that you are installing.  Just to double-check, you should now have one Exchange 2007 routing group and two reciprocal routing group connectors to the bridgehead Exchange 2003 server.

As part of the routing group connector setup, you will see a universal security group (USG) called ExchangeLegacyInterop.  Members of this USG have the permissions required to send and receive email to Exchange 2007.  If you need to create more routing group connectors to Exchange 2003 then use the new-RoutingGroupConnector cmdlet in the Exchange Management Shell.  To become expert at the PowerShell syntax try
get-Help new-RoutingGroupConnector 

Planning, Creating and Managing Business Rules

In addition to routing mail, the Hub role applies business policies, for example, you can add separate disclaimers to different Active Directory groups.

You could investigate the benefits of adding the Hub Transport role to multiple Exchange 2007 servers.  Load balancing and redundancy would be two obvious advantages.

The Hub server checks the recipient of each email and resolves whether that person has a mailbox in the Exchange Organization, or whether it has an external address.  The routing and the categorizing components combine to plan the delivery of the email.

Checklist for Business Rules to Apply to Your Hub Server

• Should you keep copies of messages as part of a long-term document retention commitment?   Do you need journaling?
• Does your company send confidential messages?
• Are their emails that should be prioritized?  Or messages to be scheduled?
• Would you like to add disclaimers to the bottom of certain emails?
• Would you like to restrict the size of attachments?

Configuring the Transport Rules Agent

As with the Edge Server, the Hub Transport Server relies on there components to put your business rules into practice.  The three mechanisms are:

1. Conditions: Subject = Job, Recipients = Manager.  You can set rules on many other message fields.
2. Actions: Modify (disclaimer), log (journal), redirect, or even drop the message.
3. Exceptions: Identify emails which are exempt from the rule.

Getting Started - Creating a Transport Rule

• Launch the Exchange Management Console.
• In the left tree, click Organization Configuration --> click Hub Transport.
• In the result pane, click the Transport Rules tab.
• Now, in the action pane, click New Transport Rule.
• Now its over to the Transport Rule wizard to guide you through the parameters for your rule.

There are also three PowerShell cmdlets to help you create and configure Transport Rules:
new-TransportRule
get-TransportRulePredicate
get-TransportRuleAction

Improvements that SP1 Brings to Hub Transport Servers

NLB (Network Load Balancing) for inbound SMTP connections. 

Another job for PowerShell  (EWS is the name of the Virtual Directory)

Set-WebServicesVirtualDirectory -Identity "EWS*" `
-ExternalUrl "https://bigserver.cp.com/EWS/exchange.asmx" `
-InternalUrl "https://bigserver.cp.com/EWS/exchange.asmx"

Troubleshooting Exchange 2007 Server Hub Transport

'Back Pressure' Problems

When resource such as memory, queue length, or even disk space are approaching critical values, you will start seeing Event IDs 15001, 15002, 15003, 15004 and 15005 logged in the system log.  If you experience these 'Back Pressure' problems try and alleviate the underlying cause, for example freeing up disk space would be the easiest.  However, as an emergency measure, or for troubleshooting you could configure some of the values that trigger these Event IDs.  Provided you have the necessary knowledge, you could experiment with the EdgeTransport.exe. file that is located in the C:\Program Files\Microsoft\Exchange Server\Bin directory.

Specific Problem with Queues

Problems with queues at the Edge Server
In the Queue Viewer, you see this error message:
451 5.7.3 'Cannot achieve Exchange Server authentication'.

Solution: Launch the Exchange Management Console

• Navigate to Server Configuration --> Hub Transport.
• Right-click the Receive connector, and then select Properties.
• Select the Authentication tab.
• Make sure there is a tick in the Transport Layer Security (TLS) check box.
• Also tick the Exchange Server authentication check box.
• Click Apply.

Synchronize with the Hub Transport Server
To complete the job, force synchronization with one of these PowerShell commands.

Start-EdgeSynchronization  [Exchange 2007 RTM]

Start-EdgeSynchronization -server HubServerName [Exchange SP1]

Good old Telnet

To troubleshoot connection problems, try this simple command, substitute the name of the Exchange server for 'BigServer':

Telnet Bigserver 25

You should see something like:
220 BigServer.CP.com Microsoft ESMTP MAIL Service, ......

Installation Problems

Any problems with the installation, then check the \ExchangeSetupLogs folder, in particular examine the ExchangeSetup.log file.  Also, remember the Eventlogs, both System and Application.

Exchange Server 2007 is a complex topic, do you need practical hands on training?  As an MCT trainer, I can thoroughly recommend TrainSignal.  In particular, I like the way that TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Exchange 2007 or go for a combination of modules.  Learn more about Microsoft Exchange Server 2007 here

Summary - Exchange 2007 Server Hub Transport Role

The Exchange 2007 server hub transport role is central to your plans for an efficient email system.  Its twin functions are to discover which server holds the recipients mailbox, and to calculate the best route to deliver the email. 

Each Exchange 2007 organization needs at least one server with the Hub Transport role enabled.  When you plan your Exchange system, it would be easy to combine the Transport role with other roles such as CAS or Unified Messaging.

See more Microsoft Exchange Server 2007 topics:

• Exchange 2007 Home   • SP1   • Migration Advice   • Transition Checklist   •Compatibility   • ExBPA

• Install   • Server Roles   • CAS Role   • Hub Transport  • SMTP Connector   • NDRs  • Exchange CCR

• Mailbox Role   • Create Mailbox   • Mailbox Stores   • Recipients   • OWA   • GAL   • Eseutil   • Edge

Please write in if you see errors of any kind.  Please report any factual mistakes, grammatical errors or broken links, I will be happy to not only to correct the fault, but also to give you credit.

 *