locked
SP1 upgrade fails in Install-MailboxRole due to not being able to resolve Discovery Management group RRS feed

  • Question

  • SP1 Upgrade failed in our environment in Install-MailboxRole with this error:

    [08/25/2010 20:41:47.0638] [2] Processing object "example.com/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}".
    [08/25/2010 20:41:47.0638] [2] Checking if the specified user or group "example.com/Microsoft Exchange Security Groups/Discovery Management" is a Security Identifier.
    [08/25/2010 20:41:47.0638] [2] Checking if the specified user or group "example.com/Microsoft Exchange Security Groups/Discovery Management" is a SAM account or a foreign forest account.
    [08/25/2010 20:41:47.0653] [2] [ERROR] Unexpected Error
    [08/25/2010 20:41:47.0653] [2] [ERROR] Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
    [08/25/2010 20:41:47.0653] [2] [ERROR] The trust relationship between the primary domain and the trusted domain failed.

    [08/25/2010 20:41:47.0653] [2] Ending processing Add-MailboxPermission
    [08/25/2010 20:41:47.0684] [1] The following 1 error(s) occurred during task execution:
    [08/25/2010 20:41:47.0684] [1] 0.  ErrorRecord: Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
    [08/25/2010 20:41:47.0684] [1] 0.  ErrorRecord: Microsoft.Exchange.Data.Common.LocalizedException: Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.

       at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
       at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
       at System.Security.Principal.NTAccount.Translate(Type targetType)
       at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
       --- End of inner exception stack trace ---
    [08/25/2010 20:41:47.0684] [1] [ERROR] The following error was generated when "$error.Clear();
              $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
              $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
              $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
              if( $dismbx -ne $null)
              {
                $srvname = $dismbx.ServerName;
                if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
                {
                  Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
                  $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
                  if( $mountedMdb -eq $null )
                  {
                    Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
                    mount-database $dismbx.Database;
                  }

                  $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
                  if( $mountedMdb -ne $null )
                  {
                    $dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagementWkGuid;
                    $dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
                    if( $dmRoleGroup -ne $null )
                    {
                      Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
                    }
                  }
                }
              }
            " was run: "Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".
    [08/25/2010 20:41:47.0684] [1] [ERROR] Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
    [08/25/2010 20:41:47.0684] [1] [ERROR] The trust relationship between the primary domain and the trusted domain failed.

    [08/25/2010 20:41:47.0684] [1] [ERROR-REFERENCE] Id=MailboxServiceControlLast___05b3bbd421504e0c93fefa6d5d1ae590 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
    [08/25/2010 20:41:47.0684] [1] Setup is stopping now because of one or more critical errors.
    [08/25/2010 20:41:47.0684] [1] Finished executing component tasks.
    [08/25/2010 20:41:47.0716] [1] Ending processing Install-MailboxRole

    I replaced our domain with example.com, but the Discovery Management group does exist. I tried setup twice, and the error happened on both occasions. After this I started all the services that weren't already running, and everything seems to running fine, but I would like to know how to recover from this and correctly finish the installation.


    Gerard
    Wednesday, August 25, 2010 9:41 PM

Answers

  • I guess a solution to this problem could be to delete the Discovery Search Mailbox before upgrading, and recreate it later.

    After removing the Discovery Search Mailbox I was able to complete the upgrade with no further errors.


    Gerard
    • Proposed as answer by Alexei Segundo Thursday, August 26, 2010 11:19 PM
    • Marked as answer by emma.yoyo Wednesday, September 1, 2010 1:53 AM
    Thursday, August 26, 2010 10:27 PM

All replies

  • Hi Gerard

    Does the group exist in the location that setup is looking for it, i.e. off the root of the domain under the "Microsoft Exchange Security Groups" OU?  I'm thinking you've perhaps moved it?

    Alexei

    Wednesday, August 25, 2010 9:55 PM
  • Hi Gerard

    Does the group exist in the location that setup is looking for it, i.e. off the root of the domain under the "Microsoft Exchange Security Groups" OU?  I'm thinking you've perhaps moved it?

    Alexei

    Yes, the group exists where it is supposed to be, it wasn't moved. Here is the LDP output:

    Dn: CN=Discovery Management,OU=Microsoft Exchange Security Groups,DC=example,DC=com
    cn: Discovery Management;
    description: Members of this management role group can perform searches of mailboxes in the Exchange organization for data that meets specific criteria.;
    distinguishedName: CN=Discovery Management,OU=Microsoft Exchange Security Groups,DC=example,DC=com;
    dSCorePropagationData (5): 25-8-2010 22:00:11 W. Europe Daylight Time; 25-8-2010 21:59:25 W. Europe Daylight Time; 25-8-2010 21:59:25 W. Europe Daylight Time; 30-11-2009 10:42:34 W. Europe Daylight Time; 0x1 = ( NEW_SD ), 0x1 = ( NEW_SD ), 0x1 = ( NEW_SD ), 0x1 = ( NEW_SD );
    groupType: 0x80000008 = ( UNIVERSAL_GROUP | SECURITY_ENABLED );
    instanceType: 0x4 = ( WRITE );
    internetEncoding: 0;
    managedBy: CN=Organization Management,OU=Microsoft Exchange Security Groups,DC=example,DC=com;
    msExchGroupDepartRestriction: 0;
    msExchGroupJoinRestriction: 0;
    msExchModerationFlags: 6;
    msExchProvisioningFlags: 0;
    msExchRecipientTypeDetails: 1073741824;
    msExchTransportRecipientSettingsFlags: 3;
    msExchUserBL (2): CN=Mailbox Search-Discovery Management,CN=Role Assignments,CN=RBAC,CN=Example,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com; CN=Legal Hold-Discovery Management,CN=Role Assignments,CN=RBAC,CN=Example,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=example,DC=com;
    msExchVersion: 44220983382016;
    name: Discovery Management;
    objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=example,DC=com;
    objectClass (2): top; group;
    objectGUID: e04aea38-a49e-49b7-bef0-f019470ebe8b;
    objectSid: S-1-5-21-515967899-1214440339-682003330-17233;
    sAMAccountName: Discovery Management;
    sAMAccountType: 268435456 = ( GROUP_OBJECT );
    uSNChanged: 3506954;
    uSNCreated: 3506917;
    whenChanged: 21-11-2009 17:40:44 W. Europe Daylight Time;
    whenCreated: 21-11-2009 17:40:43 W. Europe Daylight Time;

    Gerard

    Wednesday, August 25, 2010 10:09 PM
  • Hi Gerard

    That's pretty much exactly what I have.

    I assume this is a single domain forest?

    The only other thing I can think of is to make sure you are running the upgrade with elevation (Run as Administrator), as there have been some UAC issues with Update Rollups.

    Alexei

    Wednesday, August 25, 2010 10:36 PM
  • Hi Gerard

    That's pretty much exactly what I have.

    I assume this is a single domain forest?

    The only other thing I can think of is to make sure you are running the upgrade with elevation (Run as Administrator), as there have been some UAC issues with Update Rollups.

    Alexei


    Correct, single domain forest with all roles on a single machine and an Edge server. I'm aware of the UAC issues with the Rollup patches (quite annoying). I didn't start it with "Run as administrator" or from an elevated Command Window, but setup does actually ask for elevation.. I could try that, but surely if this was an UAC problem, I would have run in to it earlier in the upgrade process?
    Gerard
    Wednesday, August 25, 2010 10:46 PM
  • Hi Gerard

    That's pretty much exactly what I have.

    I assume this is a single domain forest?

    The only other thing I can think of is to make sure you are running the upgrade with elevation (Run as Administrator), as there have been some UAC issues with Update Rollups.

    Alexei


    Tried one more time, after reboot ran the setup from a Command Window with "Run administrator", same error..
    Gerard
    Wednesday, August 25, 2010 11:17 PM
  • Hi Gerard

    The only other thing I can think is that the media you are using is corrupt in some way.  Maybe try downloading again and retry.

    Other than that, I'm all out of ideas, sorry.  Hopefully someone else will share their thoughts.

    Alexei

    Thursday, August 26, 2010 1:57 AM
  • Have you already run through the other normal stuff like...

    setup.com /ps

    setup.com /preparead

    setup.com /pad

     

    ...before doing this?


    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    Thursday, August 26, 2010 2:25 AM
  • I have the same Problem....
    1 Windows 2008 Forest/Domain, Forest Trust to a Windows 2003 Forest and external 2 Way Trust to a Windows 2000 Forest/Domain
    I installed a new Server and moving the Mailboxes now...

     

    Thursday, August 26, 2010 11:54 AM
  • I had a similar issue; however I have x2 cas and x2 hub/mbx.

    I resolved the issue by selecting Discovery Search Mailbox; Manage Full Access Permission and removing the discovery management group; then adding it back again with Manage Full Access Permission.

    I also made sure that the Discovery Mailbox had no search data.

    Install SP1 again.

    Hopefully this might help.

    Tony

    Thursday, August 26, 2010 12:30 PM
  • I've absolutely the same error. I've new W2k8 R2 Server. DC is on it. Also there is another DC W2000 in the network.

    I think that it's a BUG.

    Dear Tony, I've just tried your solution, and it doesn't work for me.

     

    Any ideas?

     

    Misha.

     

    Thursday, August 26, 2010 6:11 PM
  • I've narrowed it by trying the PowerShell script that was run in PowerShel ISE, the error happens at the Add-MailboxPermission line.

    # This fails with the error shown above:
    Add-MailboxPermission 'DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}' -User 'example.com/Microsoft Exchange Security Groups/Discovery Management' -AccessRights FullAccess

    # This works fine:
    Add-MailboxPermission 'DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}' -User 'EXAMPLE\Discovery Management' -AccessRights FullAccess

    I guess a solution to this problem could be to delete the Discovery Search Mailbox before upgrading, and recreate it later.

    @Brian: Where does it say that you need to run those in order to upgrade? Don't you think the Readiness Checks would have warned about that?


    Gerard
    Thursday, August 26, 2010 9:07 PM
  • Hi Gerard

    Is your discovery search mailbox user account maybe a member of one of the groups protected by the AdminSDHolder (e.g. Enterprise Admins)?  If this is the case then you could try:

    1. Removing the user from the protected group.
    2. Re-set the inheritance flag on the user object
    3. Restart the SP1 upgrade

    Alexei

    Thursday, August 26, 2010 9:25 PM
  • Hi Gerard

    Is your discovery search mailbox user account maybe a member of one of the groups protected by the AdminSDHolder (e.g. Enterprise Admins)?  If this is the case then you could try:

    1. Removing the user from the protected group.
    2. Re-set the inheritance flag on the user object
    3. Restart the SP1 upgrade

    Alexei


    No, the user account is only member of "Domain Users".

    Regards,
    Gerard.


    Gerard
    Thursday, August 26, 2010 9:43 PM
  • I guess a solution to this problem could be to delete the Discovery Search Mailbox before upgrading, and recreate it later.

    After removing the Discovery Search Mailbox I was able to complete the upgrade with no further errors.


    Gerard
    • Proposed as answer by Alexei Segundo Thursday, August 26, 2010 11:19 PM
    • Marked as answer by emma.yoyo Wednesday, September 1, 2010 1:53 AM
    Thursday, August 26, 2010 10:27 PM
  • You'll want to recreate the default Discovery Search Mailbox again with setup.com /preparead.
    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    • Proposed as answer by J-H Tuesday, August 31, 2010 5:43 AM
    Friday, August 27, 2010 2:00 AM
  • Hi all,

    Many thanks for the solution, the installation completed for me too.

    However I'm now left with a disconnected mailbox and no user object to associate it with.

    I've ran setup.com /preparead and this completed without errors however the mailbox was not recreated.

    Any guidance would be much appreciated.

    Pete ....

    Friday, August 27, 2010 10:48 AM
  • Dear all!

     

    After SP1 installing I can't find Exchange Management Shell shortcut in my Programs menu. May I ask you to write the string from the shortcut for me? I can't find it in the internet.

     

    Thank you!

     

    Misha

    Friday, August 27, 2010 12:59 PM
  • Hi Brian

    I run the AD preparation steps but also encountered this error about the discovery search mailbox.

    The AD properties like homeMDB are set for the AD account.

    Do you know if it would be a solution to disconnect the mailbox from the user,  then run setup /mode:upgrade and afterwards reconnect the mailbox to the AD account?

    Do you have a different recommendation?

    Thanks

    Friday, August 27, 2010 5:00 PM
  • I used an old Exchange 2010 test lab (without SP1) to verify what happens related to the Discovery Mailbox when I execute setup /prepareAD.

    I deleted the Discovery Search Mailbox user account (including its mailbox).

    I rerun setup /prepareAD.

    The corresponding user account was created but this account has no mailbox.

    Do I have to create the corresponding mailbox manually? - http://technet.microsoft.com/en-us/library/dd638177.aspx

     

    Sunday, August 29, 2010 8:47 PM
  • /preparead only creates the user account, the actual Exchange install should create the mailbox for it. In this case I would recreate the mailbox manually for that account before installing SP1.
    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    Sunday, August 29, 2010 10:24 PM
  • Thank you very much Brian!

    I had 2 x HT&CAS servers. The SP1 upgrade finished without any problem.

    The upgrade on the first MB server failed with the error described above.

    I deleted the Discover Search Mailbox user account.

    I rerun the upgrade on the MB server. The upgrade failed because “PowerShell” was still running in the background. I already had read about this problem in Tony’s blog article http://thoughtsofanidlemind.wordpress.com/2010/08/25/exchange-2010-sp1-reaches-rtm-status/. I killed PowerShell and run the upgrade again. This time it finished without any problems.

    I run setup /prepareAD. This created the Discover Search Mailbox AD account without a mailbox.

    I run the upgrade on the second MB server. The upgrade finished without any issues, and it created the mailbox for the Discovery Search Mailbox AD account.

    Now I have to spend some time to verify if mailbox searches using the Discovery Search Mailbox work without any problems.

    Tuesday, August 31, 2010 5:43 AM
  • The upgrade should have been done after /preparead was run.

    What kind of forest do you have? Is it a single domain? Multiple domains?


    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    Friday, September 3, 2010 1:18 PM
  • It is a single domain AD forest.

    The forest has E2K7 servers and had 2 x HTCAS with E2K10 RTM and 2 x MB with E2K10 RTM.

    These were my steps with E2K10 SP1:
    setup /PrepareSchema
    setup /PrepareAD
    setup /PrepareAllDomains

    On the both systems with the E2K10 RTM HTCAS
    Setup.com /M:Upgrade /InstallWindowsComponents
    ->Success
    On the first system with the E2K10 RTM MB
    Setup.com /M:Upgrade /InstallWindowsComponents
    ->Setup failed; I tried it multiple times without success.
    I deleted the Discovery Search Mailbox AD account.
    Setup.com /M:Upgrade /InstallWindowsComponents
    ->Success

    setup /PrepareAD
    New AD account Discovery Search Mailbox without a mailbox

    On the second system with the E2K10 RTM MB
    Setup.com /M:Upgrade /InstallWindowsComponents
    ->Success

    The AD account Discovery Search Mailbox has now a mailbox

    Friday, September 3, 2010 2:42 PM
  • Great!
    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    Friday, September 3, 2010 3:09 PM
  • Hi, I've the same problem, but it's possible that only assining the Discovery Management to Administrator user can solve the problem and don't need to delete the Discovery Search Mailbox?? I look and the group Discovery Management in my AD don't have the Adminitrator user like member of Discovery Management, then I do the next instruction in powershell

     Get-RoleGroupMember "Discovery Management" to view the user's list in the Discovery Management, and they haven't users in this Role.

    Do a 

    Add-RoleGroupMember "Discovery Management" -Member Administrator

    to add administrator to my Discovery Management rule and then Administrator is in the group and the Role.

    This night test if this solve my problem, I tell us.

     

    Thank you so much.

    Tuesday, September 7, 2010 2:43 PM
  • By default no user is granted Discovery Management rights, not even the administrators. This is a normal condition and adding Administrator to this role group will not create the Discovery Mailbox user object and mailbox if it has been deleted or the database it was on deleted without properly moving the mailbox to another database first.
    Microsoft Premier Field Engineer, Exchange
    MCSA 2000/2003, CCNA
    MCITP: Enterprise Messaging Administrator 2010
    Former Microsoft MVP, Exchange Server
    My posts are provided “AS IS” with no guarantees, no warranties, and they confer no rights.
    Tuesday, September 7, 2010 2:47 PM
  • That's ok! I delete Discovery Mailbox and everythings allright.


    Thank you so much!

    Tuesday, September 7, 2010 6:05 PM
  • Ohh yeahhhh deleted discovery mailbox is working great!!!!
    Wednesday, October 13, 2010 3:21 AM
  • Had a similar problem after installation.  ExBPA was reporting that setup didn't finish on 2 of my mailbox servers.  Found watermarks of incomplete installation at HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MailboxRole.  Fixed this on one MBX server by running CHANGE on the Exchange installation on that server.  On the other MBX server change failed with the error discussed in this thread, "Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management". 

    Since this installation was in pilot and had user mailboxes live on it did not want to just delete the Discovery mailbox.  Found that the Discovery Mailbox was in the local db of the failing MBX server.  I moved the Discovery mailbox to one of the DAG dbs and reran the CHANGE for the Exchange installation.  This completed successfully and the watermarks disappeared from the registry.

    Post is AS IS.  I guarantee nothing other than this worked for me.

    Monday, April 4, 2011 8:10 PM
  • I had the same issue and removing the Discovery Search Mailbox did resolve the issue, thanks guys

    Monday, October 24, 2011 8:47 AM
  • Have a look at this TechNet article to recreate the Disvovery Search Mailbox after you had te remove it: http://technet.microsoft.com/en-us/library/gg588318.aspx


    With kind regards / Met vriendelijke groet, Jetze Mellema | http://jetzemellema.blogspot.com/
    Monday, December 5, 2011 9:54 AM
  • This problem is actually still present in SP2 ..
    Gerard
    Monday, December 12, 2011 11:00 PM
  • HI folks,

    Possible quick fix – worth a try??

    We began an upgrade yesterday from Exchange 2003 to Exchange
    2010 which went successfully (to our surprise).

    We then applied Exchange SP1 and received the very same
    error you have posted here.

    After some tinkering about SP1 installed second time round
    however when running the SP2 update again we received the same error failing at
    the Mailbox Role. This failed 3 times so I started to look through the forums
    and with all your comments I quickly realised that this “discovery search
    mailbox” that Exchange 2010 created during installation was possibly the
    culprit!



    I was a bit dubious about deleting this mailbox as I can see
    that other people have had real trouble recreating it successfully and we are
    working in our production environment so I looked at other possibilities to
    resolve this issue.



    I don’t know if this was pure luck or a real genuine
    solution however I carried out the following steps and then ran the SP2
    installer which completed 100% successfully:



    • Opened up “Exchange Management Console”
    • Expand “Recipient Configuration”
    • Highlight “Mailbox”
    • Find the “Discovery Search Mailbox”
    • Right Click
    • Choose “properties”
    • Select the “account” tab
    • Uncheck “User must change password at next logon”
    • Click “Apply”
    • Click “OK”

    I then proceeded to restart the Exchange server – if anything
    it gives you time for any changes to replicate throughout your Domain.

    Logged back in ensuring Exchange was back up and running –
    exited EMC and then proceeded to run the SP2 update as administrator.

    Hey presto it worked!!

    Like I say this could have been pure luck or might actually
    be a really easy fix so I thought I should post it here in hope that it can
    help someone else. Good luck

    For older exchange 2010 installations doing an update you may
    also perhaps need to set the account password to never expire.

    P.s. I’m new here please be kind J

    • Proposed as answer by Roshan_X Monday, June 25, 2012 3:27 AM
    Friday, March 2, 2012 9:49 AM
  • I am experiencing the same issue during an Exchange 2010 SP2 install, I performed an install on my test rig where I overcam the issue after much pain by trying all sorts including the deletion of the discovery mailbox user and rerunning the prepareAD command. I cant remeber the actual fix as i was trying to get past it to enable me to complete some design testing. This same issues is now occuring when our integrators are producing the build documentation for the install in live. I dont want to bodge it in their environment as its likely this issue will arise in live. Ive started looking again and this is what ive experienced.

    I am performing an install of Exchange 2010 SP2 into an Exchange 2003 organisation, when perform the first mailbox server installation the error you detail is seen.

    Configuring Microsoft Exchange Server

        Preparing Setup                                          COMPLETED
        Stopping Services                                        COMPLETED
        Copying Exchange Files                               COMPLETED
        Language Files                                            COMPLETED
        Restoring Services                                       COMPLETED
        Languages                                                  COMPLETED
        Exchange Management Tools                      COMPLETED
        Mailbox Server Role                                     FAILED
         The following error was generated when "$error.Clear();
              $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
              $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
              $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1

    I decided to run the commands manually one at a time on the server and it appears that the problem is with the Get-Mailbox -Filter command, it appears that when using a variable within the filter no results are returned. The first line $name = ... will set $name to DiscoverySearchMailbox {...}. If you replace the $name in the command $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1 it returns the mailbox correctly. I tried this on several different Exchange 2010 rigs with it installed an without and they all failed when running the filter command using a variable, however when runnin git on Exchange 2007 the command executed correctly.

    It appears deleting the discovery mailbox prior to running the installer can be used to get past the error, what interests me is the change in behaviour of the -filter command in 2010. If this is the case im not sure how anyone has successfully installed Exchange 2010 into 2003 environment without hitting this issue. Interested in what others have seen regarding this issue.

    Sam


    • Edited by SN83UK Wednesday, June 6, 2012 3:10 PM
    Wednesday, June 6, 2012 3:06 PM
  • Hey Pauly,

    I got the similar error when upgrading  exchange 2010 sp1 to sp2. I was able to upgrade the first server in the DAG successfully but when i upgrade the second i got the discovery mailbox error. And we faced the same issue when upgrading to SP1 MSFT engineers helped and deleted the discovery mailbox and re-create it was the solution. But this time i was able to got it resolved by un-checking the "user must change password at next logon" 

    Thanks a lot for posting the above solution, keep up the good work.

    thanks

    roshan 


    -roshan

    Monday, June 25, 2012 3:27 AM
  • removing the discovery mailbox worked for me too.

    http://elderec.org/2011/07/exchange-2010-sp1-upgrade-error-couldnt-resolve-the-user-or-group-domain-localmicrosoft-exchange-security-groupsdiscovery-management/

    the same issue occurred when trying to upgrade to SP3.

    Installing Exchange 2010 Service packs are a pain, I had to disable anti-virus, kill the NetApp Snap Manager process, stop VMware tools and run this command:
    Set-ExecutionPolicy RemoteSigned -scope LocalMachine.

    Monday, March 4, 2013 12:59 AM
  • Thank you to everyone for all your earlier posts on this subject.

    I have just spent may hours wrestling with this issue.

    In the end what worked for me was completing a Local Move of the Discovery Search Mailbox away from the server I was updating to another Ex2010 server in the environment.

    I agree with wingadean; surely Service Pack upgrades should be simpler than this...?

    Friday, May 17, 2013 12:30 PM
  • It's ridiculous and I'm embarrassed for Microsoft that I'm even replying to this thread that is over 4 years old, but I'm upgrading my Exchange 2013 environment from CU11 to CU18 and ran into this problem.  CU18 update was failing repeadedly.

    Deleting the Discovery Management mailbox, and re-running setup resolved the issue.  I've been working with Exchange for over 10 years and this stuff never ceases to amaze me.  

    Hey Microsoft Exchange Gurus...why does this happen and why does this continue to be an issue years after the fact?  

    I just don't get it.

    Every day is a school day.


    Tuesday, October 17, 2017 7:59 PM
  • I just had the same experience with Exchange 2013 CU18.  This time around, it's **not** the Discovery Search Mailbox.  I had an old trust with a different domain in a different forest.  That old forest only exists in a forgotten backup saveset someplace, but I kept the trust alive all these years just in case. 

    *That* was the problem - a trust relationship where the other side of the trust is no good.  I got rid of that old trust with AD Domains and Trusts and bing, bang, boom, the CU18 setup ran to completion this time.  My Outlook clients can connect and email is flowing again.

    This kind of stuff is why IT people are always sleep-deprived.  If any Microsoft engineers are still following this thread, you might want to consider adding another prerequisite to make sure all cross-forest-trusts are good.

    See 

    https://social.technet.microsoft.com/Forums/zh-CN/14f43801-de8c-4cbf-995c-57aad9d65ca8/cu-10-install-error?forum=exchangesvrdeploy

    - Greg Scott


    Greg Scott

    Sunday, November 26, 2017 12:58 PM
  • I had the same issue with CU23 on Exchange 2013. Dump the *Disabled* Discovery Mailbox and it installs fine. 

    B


    All my life I wanted to be somebody. I guess I should have been more specific. -- The Covert Comic

    Tuesday, July 23, 2019 6:45 PM