Dr. Erdal Ozkaya
Search
  • Home
  • About Me
  • Home
  • About Me
  • Home
  • How to ...?
  • 5 errors upgrading to Exchange 2010 SP3 and how to fix them

5 errors upgrading to Exchange 2010 SP3 and how to fix them

Erdal2021-10-01T00:49:22-04:00

5 errors upgrading to Exchange 2010 SP3 and how to fix them

Recently, I was upgrading an Exchange 2010 environment to Service Pack 3. I ran into a slew of different errors.

Five in fact.

Every time I fixed one, another pesky one cropped up.

Very frustrating!

Lots of research and troubleshooting later I was able to get it going. With Service Pack 2 going end of life back on April 8th I wanted to pass that knowledge on.

This article offers a comprehensive guide to the errors I received and how to fix them.

Tip: For a step-by-step guide on how a service pack should behave check out this article.

Readiness Check Fails – IIS 6 WMI Compatibility

Table of Contents

  • Readiness Check Fails – IIS 6 WMI Compatibility
  • The following roles aren’t current: AdminToolsRole
  • Mailbox Role Failed: Cannot bind argument to parameter ‘Identity’ because it is null.
  • Virtual Directory ‘PowerShell’ Already Exists
  • Couldn’t resolve the user or group Discovery Management

This is the first error I received. It was during the readiness check. Thankfully it is very easy to fix.

Exchange 2010 SP3 Readiness Check Failed - IIS 6 WMI Compatibility

To fix:

  1. Open Server Manager.
  2. Select Roles.
  3. Scroll down to the Web Services (IIS) section and click the Add Roles Services link.
    Exchange 2010 SP3 Readiness Check Failed - Install IIS 6 WMI Compatibility
  4. Click Next.
    Exchange 2010 SP3 Readiness Check Failed - Install IIS 6 WMI Compatibility A
  5. Scroll down to Management Tools >> IIS 6 Management Compatibility section.
  6. Select IIS 6 WMI Compatibility.
  7. Click Next.
    Exchange 2010 SP3 Readiness Check Failed - Install IIS 6 WMI Compatibility B
  8. Click Install.
    Exchange 2010 SP3 Readiness Check Failed - Install IIS 6 WMI Compatibility C
  9. Click Close.

At this point, I was able to proceed past the readiness checks. Unfortunately, that was not the end of the problems for me.

The following roles aren’t current: AdminToolsRole

Strangely, all of these remaining errors revolved around the Mailbox role. My CAS and HUB transport roles installed without a hitch. The next error is below.

This server role can't be installed because the following roles aren't current: AdminToolsRole

This server role can't be installed because the following roles aren't current: MailboxRole 

It seems strange to get this error about not being current. Especially when that is the very thing we are trying to do.

It is also possible to get this error on the ClientAccessRole and HubTransportRole as well. The fix is the same.

Thankfully, this fix was easy and I have to give kudos to Erdal Ozkaya for writing about this on his blog.

To fix we need to go into the registry.

  1. Open the Registry Editor.
  2. Navigate to HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\AdminTools
  3. Make sure the ConfiguredVersion matches the UnpackedVersion.
    ( In my case the unpacked version number was correct for SP3. My configured version reported SP1. )

    The following roles aren't current AdminToolsRole A
  4. If you have String Keys for Action and Watermark, right click on these and select Delete.
    The following roles aren't current AdminToolsRole B
  5. Click Yes to confirm.
  6. Repeat steps 3 and 4 for these registry keys:
    HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\ClientAccessRole
    HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\HubTransportRole
    HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MailboxRole
  7. Reboot your server.
  8. Rerun SETUP.

All clear?

Sadly, I wasn’t.

Mailbox Role Failed: Cannot bind argument to parameter ‘Identity’ because it is null.

If you had the last error then chances are you have this one too.

Mailbox Role 
Failed
Error: 
The following error was generated when "$error.Clear(); 
if ($RoleCreatePublicFolderDatabase) 
{ 
$publicDB = get-PublicFolderDatabase -Server:$RoleFqdnOrName -ErrorAction SilentlyContinue; 
$DB = get-MailboxDatabase -Server:$RoleFqdnOrName -ErrorAction SilentlyContinue; 
...edited for length...
} 
" was run: "Cannot bind argument to parameter 'Identity' because it is null.".
Cannot bind argument to parameter 'Identity' because it is null.

The fix is a continuation of what we did in the Registry for the last error.

You may notice from my last screenshot, my MailboxRole was missing a ConfiguredVersion key. That’s our problem.

Mailbox Role Failed Cannot bind argument to parameter Identity because it is null. A

To fix:

  1. Open Registry Editor.
  2. Navigate to HKLM\SOFTWARE\Microsoft\ExchangeServer\v14\MailboxRole.
  3. Right-click in the right pane and select New >> String Value from the context menu.
    Mailbox Role Failed Cannot bind argument to parameter Identity because it is null. B
  4. Type ConfiguredVersion for the name.
  5. Double-click ConfiguredVersion and set the value to match the UnpackedVersion.
    ( In my case this is 14.3.123.4. )

    Mailbox Role Failed Cannot bind argument to parameter Identity because it is null. C
  6. If you have String Keys for Action and Watermark, right-click on these and select Delete.
    Mailbox Role Failed Cannot bind argument to parameter Identity because it is null. D
  7. Reboot your server.
  8. Rerun SETUP.

Just when I thought I might be out of the woods -ERRR! New error.

Virtual Directory ‘PowerShell’ Already Exists

Error:
 The following error was generated when "$error.Clear();
 $vdirName = "PowerShell (Default Web Site)";
 $proxyVdirName = "PowerShell-Proxy (Default Web Site)";
 $InternalPowerShellUrl="http://" + $RoleFqdnOrName + "/powershell";
 $vdir = get-PowerShellVirtualDirectory -server $RoleFqdnOrName -DomainController $RoleDomainController | where { $_.Name -eq $vdirName };
 $proxyVdir = get-PowerShellVirtualDirectory -server $RoleFqdnOrName -DomainController $RoleDomainController | where { $_.Name -eq $proxyVdirName };
...edited for length...
The virtual directory 'PowerShell' already exists under 'EXCHANGE.SKARO.LOCAL/Default Web Site'.
 Parameter name: VirtualDirectoryName

For some reason, it didn’t like the existence of the PowerShell and PowerShell-Proxy Virtual Directories in IIS. The fix was simple. Delete those virtual directories. It’s ok. Setup will recreate them for us.

Here is how:

  1. Open IIS Manager.
  2. Expand your server name.
  3. Expand Sites.
  4. Expand the Default Web Site.
  5. Right-click the PowerShell virtual directory and select Remove from the context menu.
    Exchange 2010 SP3 PowerShell & PowerShell-Proxy Error - How To Fix A
  6. Click Yes to confirm
    Exchange 2010 SP3 PowerShell & PowerShell-Proxy Error - How To Fix B
  7. Repeat steps 5 and 6 for the PowerShell-Proxy virtual directory.
  8. Next open ADSI Edit.
  9. Right-click on the top-level node, ADSI Edit, and select Connect To...
    Using ADSI Edit to confirm Exchange Schema Version A
  10. From the Select a well-known naming context drop-down select Configuration.

    Exchange 2010 SP3 PowerShell & PowerShell-Proxy Error - How To Fix E
  11. Expand Configuration <server name>
  12. Expand CN=Configuration <domain suffix>
  13. Expand CN=Services
  14. Expand CN=Microsoft Exchange
  15. Expand CN=<domain name>
  16. Expand CN=Administrative Groups
  17. Expand CN=Exchange Administrative Group (FYDIBOHF23SPDLT)
  18. Expand CN=Servers
  19. Expand CN=<server name>
  20. Expand CN=Protocols
  21. Select CN=HTTP
  22. In the right pane select CN=PowerShell-Proxy (Default Web Site) and select Delete from the context menu.
    Exchange 2010 SP3 PowerShell & PowerShell-Proxy Error - How To Fix C
  23. Click Yes to confirm.
    Exchange 2010 SP3 PowerShell & PowerShell-Proxy Error - How To Fix D
  24. Repeat steps 22 and 23 for CN=PowerShell (Default Web Site).
  25. Reboot your server.
  26. Rerun SETUP.

That’s got to be the end of it right?

Sadly, no.

Couldn’t resolve the user or group Discovery Management

This is a problem with the Discovery Search Mailbox. For whatever reason the error below reports that it can not find it.

The following error was generated when "$error.Clear(); 
           $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::
DiscoveryMailboxUniqueName;
           $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::
DiscoveryMailboxDisplayName;
           $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
           if( $dismbx -ne $null)
           {
           ...edited for length...
           }
         " was run: "Couldn't resolve the user or group "SKARO.LOCAL/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".
Couldn't resolve the user or group "SKARO.LOCAL/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.
The trust relationship between the primary domain and the trusted domain failed.

Now, some blogs say to simply disable this Discovery Search Mailbox.

Here is the command. Run from EMS.

 C:\> Disable-Mailbox -Identity "DiscoverySearchMailbox{D919BA05-46A6-415f-80AD-7E09334BB852}"

Unfortunately, I had to take it one step further. Disabling the mailbox alone was not enough. I then had to go into Active Directory Users and Computers and delete the user account as well.

Delete the Discovery Search Mailbox

Once removed I was then able to get through the entire SETUP.

No more errors! Woot!

However, we do need to recreate the Discovery Search Mailbox. This is actually a simple process.

Open a command prompt. Change to the folder where you unpacked SETUP and run the following command.

C:\> SETUP /PrepareAD

Successful output will look like this.

Exchange 2010 PrepareAD

We still need to enable the Discovery mailbox. Issue the following command from EMS.

 C:\> Enable-Mailbox -Identity "DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}" -Discovery

To make sure this worked run this command.

 C:\> Get-Mailbox -Filter { RecipientTypeDetails -eq "DiscoveryMailbox" }

You should get an output similar to the following.

Exchange 2010
Exchange 2010

We are done!

Scooby Mystery: One thing I noticed on the original Discovery account was the lack of a space between Mailbox and the opening curly bracket. PrepareAD recreated the account with a space. Have you guys seen this?

More How to Articles

https://www.erdalozkaya.com/category/how-to/

Comment (1)

  • Shane Reply

    I got this website from my pal who shared with me and now this time I am reading very informative articles or reviews at this time.

    01/04/2020 at 22:54

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Related Posts

API

WHAT IS AN ENDPOINT API? Free and Easy Gu1de

WHAT IS AN ENDPOINT API? Programs that need to interact with each other communicate through an Application Program Interface (API). The... read more

6 Strategies that security leaders must take to safeguard data

Six Strategies that security leaders must take to safeguard data in storage and backup systems The what, why, and how of... read more
Kaseya VSA Breach

Kaseya VSA Breach Consequences of Security Failures

Kaseya VSA Breach Consequences of Security Failures The world has witnessed another large-scale cyber-attack. On July 2, 2021, Kaseya, an IT... read more
Windows PowerShell

Windows PowerShell Scripting Crash Course – 4 Free

Windows PowerShell Scripting Crash Course More of you are getting used to Windows PowerShell and realizing its advantages. With that in... read more

Local DNS Hacking ( 0nly for fun – Free Guide)

Local DNS Hacking Fun: Force your End Users to use “your site” (local DNS “hacking”) OK OK, this is not real hacking... read more
MMS Erdal Ozkaya

Start your Cybersecurity career for Free – Highly Effective 2016

Start your Cybersecurity career for Free I keep getting e-mails every day, if not hundreds definitely tens of them. Here is... read more
Free Cybersecurity Training

6 free online cybersecurity courses hosted by universities

6 free online cybersecurity courses hosted by universities Originally posted at Fortune The cybersecurity skills and talent gap are a worsening problem... read more
COVID19 and Cyber Risk

COVID19 and Cyber Risk – Fight against cybercrime

COVID19 and Cyber Risk The current circumstance of COVID-19 can increase organizations vulnerability to cyber-attacks, phishing attempts and fraud. All organizations... read more

A CISOs role in Security Leadership – 6 Critical Tips ( Free PDF)

A CISOs role in Security Leadership A short summary of a CISO's role definition, and the six critical responsibilities  underpin Chief... read more
trusted operating system

E-Mail Crimes and Violations – 1

E-Mail Crimes and Violations This post is written to give you a brief intro about E-Mail Crimes and Violations and how the leakage could... read more

Categories

  • About Dr Erdal Ozkaya (298)
    • Awards (96)
    • Erdal in the news (118)
    • Feedback (90)
    • My Books (54)
    • Who is Dr Erdal Ozkaya ? (2)
  • Announcemets (302)
  • Artificial Intelligence AI (11)
  • Certification (52)
  • Cloud Computing (72)
  • Cybersecurity (322)
  • Cybersecurity Leadership (52)
  • Financial Sector (31)
  • Forensics (17)
  • Free Events (156)
  • General (133)
  • How to …? (63)
  • ISO 2700x (12)
  • News (38)
  • Reviews (77)
    • Book Reviews (33)
    • Free E-Books (13)
    • Hardware Review (9)
    • Security Review / Reports (10)
    • Software Review (8)
  • Video Tutorials (101)
  • What is new? (27)
  • Windows (30)

Recent Comments

  • Erdal on Free EDR Certification Training
  • SANDEEP SHRIVASTAV on Free EDR Certification Training
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Alicia Harlow on Core isolation Memory Integrity not available – (Get it fixed)
  • Erdal on Siber Güvenlik Saldiri ve Savunma Stratejileri – NEW B00K

Archives

Dr. Erdal Ozkaya © Copyright 2023. All Rights Reserved.