Installazione Exchange 2013 SP1

It seems you are trying to install Exchange 2013 but your domain functional level is 2000.  Below is what I suggest:

1.  Upgrade your DC to 2008 or 2012
2.  Decommission older DCs by moving FSMO rights to new DC(s)
3.  Install Exchange

Hi,

Here are the below reasons and solutions for this error

1. Global updates need to be made to Active Directory, and this user account isn't a member of the 'Enterprise Admins' group.

Make Sure that the account through which you are installing exchange is a member of Enterprise Admin, Schema Admin & Domain Admin group

2. Setup encountered a problem while validating the state of Active Directory: Couldn't find the Enterprise Organization container.  See the Exchange setup log for more information on this error.

This error occurs if there are duplicate microsoft exchange system objects. For resolving this error follow the below steps

Log on to the domain controller with administrative credentials.
In Administrative Tools, click Active Directory Users and Computers.
In the Active Directory Users and Computers management console pane, click View from the toolbar menu and then select Advanced Features.
Locate the duplicate Microsoft Exchange System Objects container.
Verify the duplicate Microsoft Exchange System Objects container doesn’t contain valid Active Directory objects.
Right-click the duplicate Microsoft Exchange System Objects container, and then click Delete.
Confirm the deletion by clicking Yes in the Active Directory dialog box.

3. The forest functional level of the current Active Directory forest is not Windows Server 2003 native or later. To install Exchange Server 2013, the forest functional level must be at least Windows Server 2003 native.

Seems your Forest level is set to Mixed Mode. For installing the Exchange the Forest level must be set to 2000 native. Follow the below steps

Go to Active Directory Domains & Trusts right click domain select Raise Forest Funtional Level and set it to 2000 native.

4. Either Active Directory doesn't exist, or it can't be contacted.

Follow the below steps it will resolve the issue

Make sure you Server manager > Add Features >  Select Remote Server Administration tools > And select ADDS & ADLS tools and click install

5.  Setup will prepare the organization for Exchange 2013 by using 'Setup /PrepareAD

To resolve this error do the following run the below command and enter the organization name of your Exchange

Setup.exe /PrepareAD /OrganizationName:"<organization name>" /IAcceptExchangeServerLicenseTerms.

For more information refer the below link

https://technet.microsoft.com/en-us/library/bb125224(v=exchg.150).aspx

Along with this you have to also prepare the schema run the below command for preparing the schema

Setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

Thanks
Manikandan

Hi Mohammed Khawaja,
thanks for your answer, the big problem is my only DC is already Windows 2012 R2 and I already installed and removed Exchange 2013 a first time.

Andrea Grespan

Hi Manikandan,
1. like I said in the previous comment I already installed Exchange 2013 in the same environment with the same user that is a member of Enterprise Admin, Schema Admin & Domain Admin.

2. I will try this one

3. See the previous comment

4. I will try tis one too

5. Already tried with more or less the same errors

Thanks
Andrea

Hi Andrea,

could I suggest to cross-reference you steps with this wonderful guide I've used in the past?

Part1
http://www.petenetlive.com/KB/Article/0000716.htm

Part2
http://www.petenetlive.com/KB/Article/0000717.htm

Part3
http://www.petenetlive.com/KB/Article/0000730.htm

Let me know your thoughts.....

If that is the case then the account you are using is not member of Enterprise Admin.  You also need to prepare AD by running setup /preparead.  As mentioned above, the account also needs schema admin and domain admin privileges.

I did this:
Log on to the domain controller with administrative credentials.
 In Administrative Tools, click Active Directory Users and Computers.
 In the Active Directory Users and Computers management console pane, click View from the toolbar menu and then select Advanced Features.
 Locate the duplicate Microsoft Exchange System Objects container.
 Verify the duplicate Microsoft Exchange System Objects container doesn’t contain valid Active Directory objects.
 Right-click the duplicate Microsoft Exchange System Objects container, and then click Delete.
 Confirm the deletion by clicking Yes in the Active Directory dialog box.

and I could at least start the installation that ended at step 8 Mailbox Role with this error:
Error:
The following error was generated when "$error.Clear();
          if ( ($server -eq $null) -and ($RoleIsDatacenter -ne $true) )
          {
            Update-RmsSharedIdentity -ServerName $RoleNetBIOSName
          }
        " was run: "Database is mandatory on UserMailbox.".

I will uninstall Exchange, try to delete all references to Exchange in AD and reinstall.

Hi,

Don't delete wait before uninstallation please refer the below links the exact solution is given on the links mentioned below

https://exchangeshare.wordpress.com/2014/05/16/exchange-2013-sp1-install-error-database-is-mandatory-on-arbitration-mailboxes/
http://danblee.com/exchange-2013-error-during-install-database-is-mandatory-on-usermailbox-property-name-database/

Thanks
Manikandan

Hi,

The issue may occur due to one or more of the following reasons:

1. There are one or multiple System mailboxes in an inconsistent state because the HomeMDB attribute is missing.
2. The Federated mailbox is in an inconsistent state because the HomeMDB attribute is missing.
3. The Discovery Search mailboxes is in an inconsistent state because the HomeMDB attribute is missing.

In order to check to see if one of the above reasons applies, follow the steps below:

1. Run the following command in the Exchange Command Shell:

Get-Mailbox -Arbitration |fl name, alias

2. You may receive an error or errors from running the command above that one or two of the System Mailboxes and the Federated Mailbox are in an inconsistent state – see the following example results:

WARNING: The object xxxxx/xxxxx/SystemMailbox{1f05a927-9daf-4003-9bf7-036822f96290} has been corrupted, and it's
in an inconsistent state. The following validation errors happened:
WARNING: Database is mandatory on UserMailbox.
WARNING: Database is mandatory on UserMailbox.

3. Run the following command in the Exchange Command Shell Get-Mailbox |fl name, alias on the Discovery Search Mailbox and look for the same error.

4. The error “Database is mandatory on UserMailbox” means that there is no value for the HomeMDB attribute for the mailbox in question – either one or two System Mailboxes, or the Federated Mailbox, or possibly the Discovery Search Mailbox.


RESOLUTION
1. Open ADSIEdit – go to the properties of a regular user with a mailbox on the same database as the particular System Mailbox, Federated Mailbox, or Discovery Search Mailbox and copy the correct HomeMDB attribute to the correct System Mailbox, Federated Mailbox, or Discovery Search Mailbox.

2. On the Domain Controller which you made the changes to the HomeMDB attribute for the 4 mailboxes, go to an elevated command prompt and Replicate the entire Forest using the following command:

repadmin /syncall /e - to replicate the entire forest

3. You should now successfully be able to search using the Discovery Search Mailbox using ECP.

Thanks
Manikandan

have you checked the health of your AD environment?
i'm seeing things like "Active Directory doesn't exist or cannot be contacted" and the forest functional level not at 2003 or higher which tells me there is something not right.  Are the DNS servers correct?  That forest functional message is not accurate else you wouldn't have been able to put in a 2012 R2 domain controller.

also, SP1 is the same as CU4 which is long out of support; CU8 is the latest you should be using

Cumulative Update 8 for Exchange Server 2013 (KB3030080)
http://www.microsoft.com/en-us/download/details.aspx?id=46373

Uninstalled everything with:
Setup /Mode:Uninstall /IAcceptExchangeServerLicenseTerms

Deleted the users:
Federatedemail, DiscoverySearchMailbox, HealthMailbox, Migration, SystemMailbox

Deleted OU "Microsoft Exchange Security Groups" e "Microsoft Exchange System Objects"

With ADSIedit configuration under Services deleted "Microsoft Exchange" and "Microsoft Exchange Autodiscover"

Setup /PrepareAD /OrganizationName: "My Organization" /IAcceptExchangeServerLicenseTerms
All ok until now

Run setup and at Step 10 Mailbox role Mailbox service

The following error was generated when "$error.Clear();
          $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
          $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
          $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
          if( $dismbx -ne $null)
          {
          $srvname = $dismbx.ServerName;
          if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
          {
          Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -eq $null )
          {
          Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
          mount-database $dismbx.Database;
          }

          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -ne $null )
          {
          $dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagement_InitInfo.WellKnownGuid;
          $dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
          if( $dmRoleGroup -ne $null )
          {
            trap [Exception]
            {
              Add-MailboxPermission $dismbx -User $dmRoleGroup.Name -AccessRights FullAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
              continue;
            }
           
            Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
          }
          }
          }
          }
        " was run: "Couldn't resolve the user or group "myorg.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust.".

Now fingers crossed I'll download CU8....

Hi,

The solution is to remove the Discovery Mailbox user account created as part of the PrepareAD and to run the Exchange setup again.

The Discovery mailbox user has to be re-created and a mailbox needs to be provisioned after Exchange installs successfully. I will explain the steps for that in my next post.

Here is how to re-create the Discovery Search Mailbox:
1. re-create the mailbox using:
Enable-Mailbox "DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}" -Arbitration

2. Add permissions to the Discovery Search Mailbox:
Add-MailboxPermission -Identity:”mydomain.local/Users/DiscoverySearchMailbox {D919BA05-46A6-415f-80AD-7E09334BB852}” -User:”Discovery Management” -AccessRights:”FullAccess”

Thanks
Manikandan

Hi,
I removed all the users created by Exchange and the only outcome I got a was a different error.
I updated the DC and downloaded Exchange CU8, today I will try a new installation in a new installed Windows 2012 machine.

Now I get this error during mailbox role installation:

Error:
The following error was generated when "$error.Clear();
          $name = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxUniqueName;
          $dispname = [Microsoft.Exchange.Management.RecipientTasks.EnableMailbox]::DiscoveryMailboxDisplayName;
          $dismbx = get-mailbox -Filter {name -eq $name} -IgnoreDefaultScope -resultSize 1;
          if( $dismbx -ne $null)
          {
          $srvname = $dismbx.ServerName;
          if( $dismbx.Database -ne $null -and $RoleFqdnOrName -like "$srvname.*" )
          {
          Write-ExchangeSetupLog -info "Setup DiscoverySearchMailbox Permission.";
          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -eq $null )
          {
          Write-ExchangeSetupLog -info "Mounting database before stamp DiscoverySearchMailbox Permission...";
          mount-database $dismbx.Database;
          }

          $mountedMdb = get-mailboxdatabase $dismbx.Database -status | where { $_.Mounted -eq $true };
          if( $mountedMdb -ne $null )
          {
          $dmRoleGroupGuid = [Microsoft.Exchange.Data.Directory.Management.RoleGroup]::DiscoveryManagement_InitInfo.WellKnownGuid;
          $dmRoleGroup = Get-RoleGroup -Identity $dmRoleGroupGuid -DomainController $RoleDomainController -ErrorAction:SilentlyContinue;
          if( $dmRoleGroup -ne $null )
          {
            trap [Exception]
            {
              Add-MailboxPermission $dismbx -User $dmRoleGroup.Name -AccessRights FullAccess -DomainController $RoleDomainController -ErrorAction SilentlyContinue;
              continue;
            }
           
            Add-MailboxPermission $dismbx -User $dmRoleGroup.Identity -AccessRights FullAccess -DomainController $RoleDomainController -WarningAction SilentlyContinue;
          }
          }
          }
          }
        " was run: "Microsoft.Exchange.Data.Common.LocalizedException: Couldn't resolve the user or group "donelligroup.local/Microsoft Exchange Security Groups/Discovery Management." If the user or group is a foreign forest principal, you must have either a two-way trust or an outgoing trust. ---> System.SystemException: The trust relationship between the primary domain and the trusted domain failed.

   at System.Security.Principal.NTAccount.TranslateToSids(IdentityReferenceCollection sourceAccounts, Boolean& someFailed)
   at System.Security.Principal.NTAccount.Translate(IdentityReferenceCollection sourceAccounts, Type targetType, Boolean forceSuccess)
   at System.Security.Principal.NTAccount.Translate(Type targetType)
   at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
   --- End of inner exception stack trace ---
   at Microsoft.Exchange.Configuration.Tasks.Task.ThrowError(Exception exception, ErrorCategory errorCategory, Object target, String helpUrl)
   at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
   at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetUserSidAsSAMAccount(SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
   at Microsoft.Exchange.Configuration.Tasks.SecurityPrincipalIdParameter.GetSecurityPrincipal(IRecipientSession session, SecurityPrincipalIdParameter user, TaskErrorLoggingDelegate logError, TaskVerboseLoggingDelegate logVerbose)
   at Microsoft.Exchange.Management.RecipientTasks.SetMailboxPermissionTaskBase.InternalValidate()
   at Microsoft.Exchange.Management.RecipientTasks.AddMailboxPermission.InternalValidate()
   at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
   at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".

The AD was so compromised I had to reinstall all the system