Q3)Can I have the 3rd party cert on all my servers and just ensure SMTP on the Mailbox servers is using the self-signed cert (so that Edgesync will work) Q2) Why did the Edgesync still fail when I had completely removed the 3rd party cert from servers in SiteB? I assume Edgesync is AD site based so that even though Mailbox servers in SiteA still had the 3rd party cert that shouldn't matter as I was doing
Q1) Do I need the 3rd party certificate on my Mailbox servers so autodiscover won't throw up certificate errors? We are using Hardware Load Balancers that have the cert installed. Name,InternalTransportCertificateThumbprint shows the self-signed cert is being used The Edgeserver has both the self signed cert and 3rd party cert with SMTP assigned but the Get-TransportServer | FL
It was only when I assigned SMTP to the self-signed cert on the Edge server that I was able to create the Edegesync. 
Restarted Transport service on all Mailbox servers in SiteB and Edge, same error. Tried to create the Edge subscription, same error even though the 3rd party cert was no longer on Mailbox servers in SiteB. I then thought ok, let's removed the 3rd party cert from the Mailbox servers in SiteB. I then tried to create the Edge subscription but still received the same error. Get-TransportServer | Format-List Name,InternalTransportCertificateThumbprint I then ran this command to verify that SMTP is assigned to the self signed cert. Keep the 3rd party cert on Mailbox servers but assign SMTP to the self signed by using the command on MailboxĮnable-ExchangeCertificate -Thumbprint 123456789012345678901234567890 -Services SMTP. + FullyQualifiedErrorId : 6F28D1AB.NewEdgeSubscription + CategoryInfo : InvalidOperation: (:), InvalidOperationException Sharing the same certificate between Edge and Hub Transport servers is not allowed. Sport server with thumbprint 123456789012345678901234567890 is a duplicate of the certificate of one of the HubTransport servers. I understand I need a "proper" 3rd party certificate on the Edge server to perform TLS but when creating the Edgesync I would get the following error on the Mailbox server: The subscription file failed to load for the following reason: The direct trust certificate of the subscribed Edge Tran This certificate was installed on all Mailbox servers and both Edge servers (not sure if this is needed) We have a 3rd party SAN cert that has all our autodiscover. I have an Edge server in each site and a DAG that contains two Mailbox servers in SiteA and one Mailbox server in siteB 
The scenario I have is an active/active setup with two different AD sites.
0 kommentar(er)
