Exchange Service Pack 3 Upgrade Installation Failed at Mailbox Server

Error while installing Exchange Server 2010 SP3                

[ERROR]

"Couldn't resolve the user or group "xyz.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".

[ERROR]

Couldn't resolve the user or group "xyz.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

[ERROR]

The trust relationship between the primary domain and the trusted domain failed.

Solutions:

There are 2 way to fix this issue.

·         Disable the discovery Mailbox and try install Service Pack

·         Delete the discovery search mailbox and try install

Follow the below mentioned steps to resolve the issue using 1st solution.

1.       Disable the Discovery Search mailbox and re-enable it after installation.

Command:

·         Disable-Mailbox  –identity  “UPN of Discovery mailbox”

·         Install the Exchange server sp3

2.       Enable Mailbox

·         Enable-Mailbox  –identity  “UPN of Discovery mailbox”

3.       Fix Permission

·         Add-MailboxPermission –Identity  “UPN of Discovery mailbox” –User ”Discovery Management” –AccessRights FullAccess

 

Note: The above fix did not work for us so we followed the 2nd solutions

 

Follow the below mentioned steps to fix the issue using 2nd options.

·         Delete the Discovery Search mailbox user account from Active Directory

·         Prepare Active Directory by running Microsoft Exchange 2010 Setup with the /PrepareAD switch in the root domain of your Active Directory forest.

·         Use the Shell to enable the Discovery system mailbox.

·         Enable-Mailbox -Arbitration -DomainController <FQDN of root global catalog server> -Identity "SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}"

 

Note: By default, Exchange Server 2010/13 Setup creates the mailbox in the Users container in Active Directory.

You can't use the EAC to enable the Discovery system mailbox.

You must specify the fully qualified domain name (FQDN) of a global catalog server in the root domain of the Active Directory forest.

Source : http://technet.microsoft.com/en-us/library/gg588318(v=exchg.150).aspx

 

 

Comments

Post a Comment