Saturday, December 17, 2011

Exchange 2010 SP2 upgrade issue with Discovery Mailbox

I just upgraded my lab servers to Exchange 2010 SP2.  I was somewhat pleased that all I needed to do prior to the upgrade was just run a Microsoft Update and make sure that the recommended and critical updates were applied.  Sometimes, with new Exchange releases, you have to chased down obscure and not-yet-released fixes for things.

I did have one issue as the mailbox role was being upgraded.  Setup crashed repeatedly and included the dump from a script that had failed.

Couldn’t resolve the user or group “ Exchange Security Groups/Discovery Management.”
It is also listed in the eventlog at Event id: 1002: Exchange Server component Mailbox Role failed:
Event ID 1002
Providor Name:MSExchangeSeup

“Couldn’t resolve the user or group /Microsoft Exchange Security Groups/ Discovery Management” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed”

 I chased my tail on this quite a bit assuming it was an Active Directory problem when in fact it was a problem with the Discovery mailbox.  The only solution is to delete the discovery mailbox and recreate it.  My test domain ( is in the steps below.  Substitute your own domain.

1)   Disable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” 
2) Enable-Mailbox “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -Arbitration
3) Add-MailboxPermission -Identity:" {D919BA05-46A6-415f-80AD-7E09334BB852}” -User:”Discovery Management” -AccessRights:”FullAccess” 

 Note that the user account that is used for the Discovery Search mailbox must be disabled.


Saturday, December 10, 2011

Bureaucracy and bureaucrats

"The most annoying thing about bureaucrats is that they expect everyone to understand their little piece of the bureaucracy."- Jim McBee