We are running Essential Business Server, and Edge Transport synchronization began failing at some point last year (we found this out when we couldn't increase the max. email receive size!). Since then, we have been directing emails directly into the Messaging Server and have left the Edge Transport Role on the Security server doing nothing. We now want to get Edge Transport up and running again, and started I the process by uninstalling the Edge Transport Role from the Security Server with the plan of reinstalling and then configuring from scratch. However, when I came to reinstall (after a reboot), although the installation passes all of the readiness checks, but at the last point of installation I get the message "Port 50389 is already in use" and the installation quits out (without even rolling back the changes). I know that this port is for Secure LDAP, but I don't understand what could be using this, and how to get around it! I've run PORTQRY on the server and the 50389 port returns FILTERED. I've also run logging on the local TMG management console and it's not getting blocked/triggered there. Any suggestions will be greatly appreciated. Thanks!

1. Whether users only cannot receive internet emails? Can users receive Emails from internal? 2. Have you registered/subscribed the Exchange 2007 Edge Transport server? Whether DNS MX record is pointing to the Edge server now? 4. Whether the old Exchange 2007 server is currently powered on?

Hi Verify that the network firewall that separates the Edge Transport server from the Exchange Server 2007 Hub Transport server(s) is configured to enable communications through the correct ports. The Edge Transport server uses custom LDAP ports. The following ports are needed for the directory synchronization: LDAP: Port 50389/TCP Secure LDAP: Port 50636/UDP Port 50389 is only used locally by Edge itself to access ADAM. The second question: The Microsoft Exchange Best Practices Analyzer reads the following registry entries to determine the ports that are used by the Active Directory Application Mode (ADAM) directory service on the Edge Transport server: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0\EdgeTransportRole\AdamSettings\MsExchangeAdam\LdapPort HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0\EdgeTransportRole\AdamSettings\MsExchangeAdam\SslPort ADAM is a Lightweight Directory Access Protocol (LDAP) directory service that is designed specifically for use with directory-enabled applications. ADAM stores and replicates only application-specific information and does not require deployment on a domain controller or depend on the Active Directory directory service. ADAM does not provide network operating system authentication or authorization. In Microsoft Exchange Server 2007, the Edge Transport server role uses ADAM to store configuration information and recipient data for content filtering. When ADAM is synchronized with Active Directory, it can also be used to perform recipient lookup for message security. You can read this article http://64.4.11.252/en-us/library/bb693319(EXCHG.80).aspx Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hello Terence, thanks for the reply. I have created a rule in the TMG firewall which allows access on Port 50389 from the localhost to the localhost and to the Exchange server. The problem is still present when I rerun the Edge Transport Role installation. The registry keys you reference are not present on the server. Should I be creating them manually? Thanks.

Hi If you can’t find registry keys, there is no need to create them. I don’t know which service obtains 50389. Can you run netstat.exe –a –n –o and you will find out pid of this port. Then run tasklist and you can find out which exe using this port. please killing it in memory by task management. This blog explains the process. Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Terence, Unfortunately this hasn't worked. The output of netstat does not include any entries for port 50389. I sent the output to a log file and searched through it in notepad! Thanks,

I have a question, as you mentioned that you uninstall the server old server, is that the same server you are reinstalling the EDGE server?Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah

That's right, I uninstalled the Exchange Edge Transport Role from the EBS Security server, and I'm now trying to reinstall the role back onto that same server.

Seems like the port is still assigned to the same server.. Did you try to disconnect the server from the network and try it? I know its a weird try, but have u tried it. Till than i will get some more information.... Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah

Hi Gulab, There is no chance of disconnecting the server from the network to try, it's a critical server that handles firewall for the whole site. If that goes down, everything goes down. Could this problem be anything to do with ADAM? Should I try uninstalling that before reinstalling the Edge Transport Role? Thanks,

Any more ideas please? Thanks,

Anything at all???

Uninstall ADAM and try reinstall EDGE and post the result.Gulab | MCTS-MCITP Messaging: 2010 | MCTS-MCITP Messaging: 2007 | MCC 2011 | Skype: Gulab.Mallah

Your problem seems to be the DNS Server role, installed on the same machine. After installing some update or SP it reserves a range of ports for itself. You should prereserve this port or remove DNS Service completely. Check this: http://blog.mreza.info/archive/2009/09/02/pow-9-exchange-server-2007-edge-amp-dns-server.aspx For my W2K8 R2 this command works fine: dnscmd /Config /SocketPoolExcludedPortRanges 50389-50389 50636-50636