locked
Exchange 2013 Cu6 fails to install RRS feed

  • Dotaz

  • When I attempt to install CU6 on Exchange 2013 I get this error message and cannot continue, occurs after reboot as well and trying to re-run setup.  Any ideas how to fix?

    Thanks,

    Setup Error 2nd time 5 of 9 after restart

    Error:
    The following error was generated when "$error.Clear(); 
              $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
              $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
              $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
              if( $dismbx -ne $null)
              {
              $srvname = $dismbx.ServerName;
              if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
              {
              Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
              $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
              if( $mountedMdb -eq $null )
              {
              Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
              mount-database $dismbx.Database;
              }

              $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
              if( $mountedMdb -ne $null )
              {
              $dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagement_InitInfo.WellKnownGuid;
              $dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
              if( $dmRoleGroup -ne $null )
              {
                trap [Exception]
                {
                  Add-MailboxPermission $dismbx -User $dmRoleGroup.Name -AccessRights FullAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
                  continue;
                }
                
                Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
              }
              }
              }
              }
            " was run: "Microsoft.Exchange.Data.Common.LocalizedException: Couldn't resolve the user or group "Domain.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.

       at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
       at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
       at System.Security.Principal.NTAccount.Translate(Type targetType)
       at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
       --- End of inner exception stack trace ---
       at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
       at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
       at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
       at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetSecurityPrincipal(IRecipientSession session, SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
       at Microsoft.Exchange.Management.RecipientTasks.SetMailboxPermissionTaskBase.InternalValidate()
       at Microsoft.Exchange.Management.RecipientTasks.AddMailboxPermission.InternalValidate()
       at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
       at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

    úterý 9. září 2014 18:45

Odpovědi

Všechny reakce

    • Označen jako odpověď GChristopherG úterý 9. září 2014 20:15
    úterý 9. září 2014 19:09
  • Hey Thanks for confirming!  I had found two other similar solutions for 2010, but wasn't sure how they would apply to 2013. One said to delete and recreate the Discovery mailbox first then rerun setup.  That didn't help.  Now this time I have just deleted it, and am rerunning the setup for cu6 to see if it makes it this time.  I have only deleted from AD in both cases.

    Is this a norm for Exchange, these kind of problems?  Kind of though a update should just work out of the box.

    Chris

    úterý 9. září 2014 19:43
  • No it is not normal what I think is permission is not there or messed up on the Discovery Account and that needs more investigation by comparing it in other environment or account but easier way to recreate it that will grant appropriate permission during recreation so that's kind of other way around fix ;)

    In either case if Exchange doesn't have permission then it would fail with this error...

    úterý 9. září 2014 20:02
  • Hi,

    Thanks.  This did work for me.  CU6 applied, Exchange back up.  Go live in 2 weeks.  

    Delete the  Discovery Search mailbox user from Active Directory.  Start your Active Directory Users and Computers mmc and look for your Discovery Search Mailbox user. Default this user will be placed in the Users organizational unit. It will be named something like: DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}. After deletion you can restart the installation of your Exchange Service Pack. It will not show the error anymore.

    To recreate the user use: setup /PrepareAD /IAcceptExchangeServerLicenseTerms

    úterý 9. září 2014 20:15
  • Awesome... Best of luck!
    úterý 9. září 2014 20:18
  • Thank you for that answer. Worked and saved a lot of troubleshooting!
    čtvrtek 5. dubna 2018 14:28
  • thank you, that's worked for me on Exchange 2016 CU12
    čtvrtek 2. července 2020 18:08