Exchange 2010 SP1 Edge Subscription File

Home Forums Messaging Software Exchange 2007 / 2010 / 2013 Exchange 2010 SP1 Edge Subscription File

This topic contains 3 replies, has 3 voices, and was last updated by Avatar Egyptian_ _Hacker394 8 years, 3 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Participant
    #155466
    UPDATE: SOLVED Run the Exchange Management Shell “As Administrator” No problem after that.
    Interestingly, this is the first time during this Exchange 2010 setup I’ve had to “Run As” administrator.
    And that includes un-installing the Exchange 2010 mailbox servers.

    When attempting to create an Exchange 2010 SP1 Edge subscription file, I get the following:

    [PS] C:Windowssystem32>New-EdgeSubscription -FileName “c:exedge-01.xml”

    Confirm
    If you create an Edge Subscription, this Edge Transport server will be managed via EdgeSync replication. As a result, any of the following objects that were created manually will be deleted: accepted domains, message classifications, remote domains, and Send connectors. After creating the Edge Subscription, you must manage these objects from inside the organization and allow EdgeSync to update the Edge Transport server. Also, the InternalSMTPServers list of the TransportConfig object will be overwritten during the synchronization process.
    EdgeSync requires that this Edge Transport server is able to resolve the FQDN of the Hub Transport servers in the Active Directory site to which the Edge Transport server is being subscribed, and those Hub Transport servers be able to resolve the FQDN of this Edge Transport server. You should complete the Edge Subscription inside the organization in the next “1440” minutes before the bootstrap account expires.

    [Y] Yes [A] Yes to All [N] No [L] No to All Suspend [?] Help (default is “Y”): y

    New-EdgeSubscription : The command couldn’t add the certificate to the AD LDS directory service store. Error: Access is denied.
    At line:1 char:21
    + New-EdgeSubscription < <<< -FileName "c:exedge-01.xml"
    + CategoryInfo : InvalidOperation: (exedge-01.prod.x.tld:String) [New-EdgeSubscription], InvalidOperationException
    + FullyQualifiedErrorId : 78E1D1AB,Microsoft.Exchange.Management.SystemConfigurationTasks.NewEdgeSubscription

    [PS] C:Windowssystem32>

    The Edge subscription file is necessary to synchronize the Edge with Hub Transport servers.

    Trying to search for the error

    http://www.google.com/search?q=%22The+command+couldn%27t+add+the+certificate+to+the+AD+LDS+directory+service+store.%22

    produces only one result, that isn’t helpful. In the book, the example setup does not use an Edge server, and instead uses the Hub Transport to route mail to and from the internet, and doesn’t go into Edge Subscription files (or at least the available sample chapters do not).

    Any ideas of what to look for next would be greatly appreciated. If I had any hair, I’d be pulling it out.

    UPDATE: Now the search produces two results, with this post being the top hit. That was fast.

    PS: The Edge server can resolve the Hub Transport servers:

    [PS] C:Windowssystem32>nslookup exhts-01.prod.x.tld
    Server: dcp01.prod.x.tld
    Address: 172.18.50.131

    Name: exhts-01.prod.x.tld
    Addresses: 172.18.51.3
    10.192.1.3

    [PS] C:Windowssystem32>nslookup exhts-02.prod.x.tld
    Server: dcp01.prod.x.tld
    Address: 172.18.50.131

    Name: exhts-02.prod.x.tld
    Addresses: 172.18.51.4
    10.192.1.4

    [PS] C:Windowssystem32>

    Avatar
    Robert R.
    Participant
    #353185

    Re: Exchange 2010 SP1 Edge Subscription File

    To verify that I have the proper permission, per Microsoft’s “Transport Permissions: Exchange 2010 SP1 Help” article :

    [PS] C:Windowssystem32>Get-ManagementRoleAssignment

    The term ‘Get-ManagementRoleAssignment’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:29
    + Get-ManagementRoleAssignment < <<<
    + CategoryInfo : ObjectNotFound: (Get-ManagementRoleAssignment:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    [PS] C:Windowssystem32>

    I am a member of (local) Administrators and (local) Backup Administrators (and also domain Domain Admins and forest Enterprise Admins).

    Avatar
    FischFra
    Member
    #366029

    Re: Exchange 2010 SP1 Edge Subscription File

    Robert R.;242242 wrote:
    To verify that I have the proper permission, per Microsoft’s “Transport Permissions: Exchange 2010 SP1 Help” article :

    [PS] C:Windowssystem32>Get-ManagementRoleAssignment

    The term ‘Get-ManagementRoleAssignment’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:29
    + Get-ManagementRoleAssignment < <<<
    + CategoryInfo : ObjectNotFound: (Get-ManagementRoleAssignment:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    [PS] C:Windowssystem32>

    I am a member of (local) Administrators and (local) Backup Administrators (and also domain Domain Admins and forest Enterprise Admins).

    Windows permisions like local Administrator, Domain or Enterprise Administrators means nothing for Exchange 2010. In order to fullfil the job as a Exchange admin you have to have permissions within the RBAC (Role Based Access Control) system of Exchange 2010.

    You might want to seacrh for RBAC on the Technet to get familiar with the new split permission model of Exchange 2010.

    #384356

    Re: Exchange 2010 SP1 Edge Subscription File

    Run the Exchange Management Shell as Admnistrator.

    Right click EMS and select ‘Run as Administrator’.

    Smidge

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.