Exchange SP1 fails during the install of the mailbox role, with the following error:
"Couldn't resolve the user or group "mydomain.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".
Couldn't resolve the user or group "mydomain.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The setup where I experienced this issue, is a new Exchange 2010 install, installed into an existing Exchange 2007 environment. But I have seen that others have similar issues, when upgrading to SP1.
There does not seem to be any official KBs on the issue. Just a lot of people experiencing the same issue. (reference from google). But I found a valid solution to the issue.
The error seen, when the installer fails and stops:
The following error was generated when "$error.Clear();
$name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
$dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
$dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
if( $dismbx -ne $null)
{
$srvname = $dismbx.ServerName;
if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
{
Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( $mountedMdb -eq $null )
{
Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission…";
mount-database $dismbx.Database;
}$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( $mountedMdb -ne $null )
{
$dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagementWkGuid;
$dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
if( $dmRoleGroup -ne $null )
{
Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
}
}
}
}
" was run: "Couldn't resolve the user or group "mydomain.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".Couldn't resolve the user or group "mydomain.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed.
It is also listed in the eventlog at Event id: 1002: Exchange Server component Mailbox Role failed:
The error is related to the existing Discovery Search Mailbox.
The solution seems to be to delete the Discovery Search mailbox, then install SP1 again (the missing Mailbox role) and then recreate the Discovery mailbox again and set the permissions on the mailbox.
Here is how to re-create the Discovery Search Mailbox:
1. re-create the mailbox using:
Enable-Mailbox "DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}" -Arbitration
2. Add permissions to the Discovery Search Mailbox:
Add-MailboxPermission -Identity:”mydomain.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -User:”Discovery Management” -AccessRights:”FullAccess”
Thanks to Mike Pfeiffer on his post about Arbitrary mailboxes (System mailboxes).
where did you get the D919BA05-yadayada from?
This is just the GUID of the arbitration mailbox.