Exchange 2010 SP2 error during installation…”Couldn’t resolve the user or group “domain.lan/Microsoft Exchange Security Groups/Discovery Management.”

Today I had to install a new Exchange 2010 environment. After checking the Active Directory health, I’ve started the Exchange 2010 setup with Service Pack 2 included. The installation fails on the Mailbox Server Role with the following error “Couldn’t resolve the user or group “domain.lan/Microsoft Exchange Security Groups/Discovery Management.” If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust. The trust relationship between the primary domain and the trusted domain failed. Strange behaviour, because the Active Directory is healthy and there are no errors in the Event Viewers. I’ve performed the following steps.

 

1.) Open the Active Directory Users and Computers snapin
2.) Navigate to the Users organizational unit
3.) Delete the DiscoverySearchMailbox account
4.) Rerun the Exchange 2010 setup. The setup will install Exchange 2010 fine now…
5.) Open the Exchange Management Shell (EMC)
6.) Run the command: setup.com /prepareAD The DiscoverySearchMailbox account will be created again.
7.) Mail-enable the new DiscoverySearchMailbox with the following command:
Enable-Mailbox -Discovery -Identity “DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}”
8.) Force the Active Directory Replication
9.) Your Exchange 2010 environment is ready for production now