Exchange 2010 SP2 upgrade issue with Discovery Mailbox

I just upgraded my lab servers to Exchange 2010 SP2.  I was somewhat pleased that all I needed to do prior to the upgrade was just run a Microsoft Update and make sure that the recommended and critical updates were applied.  Sometimes, with new Exchange releases, you have to chased down obscure and not-yet-released fixes for things.

I did have one issue as the mailbox role was being upgraded.  Setup crashed repeatedly and included the dump from a script that had failed.

Couldn’t resolve the user or group “volcanosurfboards.com/Microsoft Exchange Security Groups/Discovery Management.”

It is also listed in the eventlog at Event id: 1002: Exchange Server component Mailbox Role failed:

Event ID 1002

Providor Name:MSExchangeSeup

“Couldn’t resolve the user or group /Microsoft Exchange Security Groups/ Discovery Management” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.

The trust relationship between the primary domain and the trusted domain failed”

 I chased my tail on this quite a bit assuming it was an Active Directory problem when in fact it was a problem with the Discovery mailbox.  The only solution is to delete the discovery mailbox and recreate it.  My test domain (volcanosurfboards.com) is in the steps below.  Substitute your own domain.

1)   Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” 

2) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -Arbitration

3) Add-MailboxPermission -Identity:"volcanosurfboards.com/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -User:”Discovery Management” -AccessRights:”FullAccess” 

 Note that the user account that is used for the Discovery Search mailbox must be disabled.