Edgesync Credentials Not Found For Edge Transport

[Samhain_Knight]

Hi,

I have an Edge Server deployed in a DMZ. I generated and imported the edge
subscription w/o errors. But when i run test-edgesynchronizaion on the Hub
transport server i get "No Edgesync credentials were found for edge transport
server..." I also receive error 1032 MSExchange EdgeSync "no credentials for
edge server" in the Hub tranport servers app log.

I can see the Edge user "ESRAUsername" in the xml subsription file. Looks
like everything was created during the subcription generation process. Anyone
have any thoughts or recomendations on how to troubleshoot/fix this problem.

Thanks!

[Samhain_Knight]

I found out what was the cause of this problem and fixed it. It was a
certifacte mismatch between the Hub Transport server and the Edge Server. I
had to generate a new certifcate on the hub server and then unsubscribe and
re-subscribe the Edge server and everything syncs now.

Here's how you can do it:

This issue can be caused by two factors:

1. A new Hub server is installed after Edge sync has been run, so it will
not participate in the EdgeSync process
or
2. The Exchange Server Certificate on the hub server is missing (corrupted
or deleted by mistake)

So, firstly, please confirm if this hub server is newly added after the
subscription, if true, we need to remove the existing subscription from all
the edge and hub servers using the “remove-edgesubscription” CMDlet then
re-subscribe; If false, please perform the following troubleshooting steps to
check the certificate:

============================================

1. Verify that Hub is able to resolve Edge over DNS and is able to
communicate with Edge on port 50636.
2. Run "Get-ExchangeCertificate" cmdlet on Hub and see if there are any
certificates.
3. If there are no certificates found, go to Step 10 directly.
4. If certificates are found, make a note of thumbprints of all the
certificates.
5. Making a note of the thumbprint of the Hub Server Certificate stored in
AD by running the following steps:

a. Unzip the attached file to the c:\ drive
b. In the Exchange management shell change to the c:\ directory and run the
command:

. c:\certlib.ps1

Note: In Step b, the command is: period space c:\certlib.ps1

c. Run the following command:

GetTLSCertfromAD "<server name>" | fl

Note: You need to replace <server name> in the above CMDlet with the actual
name of your hub server.

d. Make a note of the thumbprint for the certificate displayed.

6. Compare this thumbprint to see if it matches any of the thumbprints noted
earlier using "Get-ExchangeServerCertificate" cmdlet on Hub in Step 4.
7. If it matches with any of the earlier thumbprints, the Exchange Server
Certificate is corrupted causing mail flow issue.
8. If there are no matches found, the Exchange Server Certificate is missing.
9. In either case we will create a new Self-Signed Exchange Server
Certificate to resolve the original issue.
10. In the Exchange Management Shell, run the "New-ExchangeCertificate"
cmdlet.
11. It throws a warning and creates a new Exchange Server Certificate.
12. Restart the Transport Service on the Hub.
13. Verify that the thumbprint of the new certificate now matches with the
version stored in AD using steps 2 to 6.
14. Remove the present Edge Subscription from the Hub and restart Transport
Service.
15. Run "Remove-EdgeSubscription" on the Edge and restart Transport Service.
16. Create a new Edge Subscription on the Edge using "New-EdgeSubscription"
cmdlet and import the xml file to Hub.
17. Re-subscribe the Edge using the new Subscription file.
18. Initiate synchronization using "Start-EdgeSynchronization" CMDlet.

Now the EdgeSync shall work fine.