SP1 Upgrade failed in our environment in Install-MailboxRole with this error:
[08/25/2010 20:41:47.0638] [2] Processing object "example.com/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}".
[08/25/2010 20:41:47.0638] [2] Checking if the specified user or group "example.com/Microsoft Exchange Security Groups/Discovery Management" is a Security Identifier.
[08/25/2010 20:41:47.0638] [2] Checking if the specified user or group "example.com/Microsoft Exchange Security Groups/Discovery Management" is a SAM account or a foreign forest account.
[08/25/2010 20:41:47.0653] [2] [ERROR] Unexpected Error
[08/25/2010 20:41:47.0653] [2] [ERROR] Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
[08/25/2010 20:41:47.0653] [2] [ERROR] The trust relationship between the primary domain and the trusted domain failed.
[08/25/2010 20:41:47.0653] [2] Ending processing Add-MailboxPermission
[08/25/2010 20:41:47.0684] [1] The following 1 error(s) occurred during task execution:
[08/25/2010 20:41:47.0684] [1] 0. ErrorRecord: Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing
trust.
[08/25/2010 20:41:47.0684] [1] 0. ErrorRecord: Microsoft.Exchange.Data.Common.LocalizedException: Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal,
you must have either a two-way trust or an outgoing trust. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.
at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
at System.Security.Principal.NTAccount.Translate(Type targetType)
at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
--- End of inner exception stack trace ---
[08/25/2010 20:41:47.0684] [1] [ERROR] The following error was generated when "$error.Clear();
$name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
$dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
$dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
if( $dismbx -ne $null)
{
$srvname = $dismbx.ServerName;
if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
{
Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( $mountedMdb -eq $null )
{
Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
mount-database $dismbx.Database;
}
$mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
if( $mountedMdb -ne $null )
{
$dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagementWkGuid;
$dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
if( $dmRoleGroup -ne $null )
{
Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
}
}
}
}
" was run: "Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing
trust.".
[08/25/2010 20:41:47.0684] [1] [ERROR] Couldn't resolve the user or group "example.com/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
[08/25/2010 20:41:47.0684] [1] [ERROR] The trust relationship between the primary domain and the trusted domain failed.
[08/25/2010 20:41:47.0684] [1] [ERROR-REFERENCE] Id=MailboxServiceControlLast___05b3bbd421504e0c93fefa6d5d1ae590 Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[08/25/2010 20:41:47.0684] [1] Setup is stopping now because of one or more critical errors.
[08/25/2010 20:41:47.0684] [1] Finished executing component tasks.
[08/25/2010 20:41:47.0716] [1] Ending processing Install-MailboxRole
I replaced our domain with example.com, but the Discovery Management group does exist. I tried setup twice, and the error happened on both occasions. After this I started all the services that weren't already running, and everything seems to running fine, but I would like to know how to recover from this and correctly finish the installation.
Gerard