Exchange 2013 Edge Transport server does not install in (DMZ) Domain

Some customers have an Active Directory domain in their DMZ (for management purposes) and the Exchange 2013 Edge Transport server can be a member of this domain as well.

Unfortunately starting with Exchange 2013 CU5 the Edge Transport server won’t install anymore when the server is a member of such a domain. Setup crashes with the following error message:

“Active Directory failed on localhost. This error is not retriable. Additional information: the parameter is incorrect.” And “Active Directory response: 00000057: LdapErr: DSID-0C090D8A, comment: Error in attribute conversion operation, data 0, v2580 —> System.DirectoryServices.Protocols.DirectoryOperationException: The requested attribute does not exist.”

At this moment (up to Exchange 2013 CU7) there’s no other workaround that to remove the Edge Transport server from the domain, install the Edge Transport server role (make sure you got the FQDN of the server correct!) and after installing rejoin the Active Directory domain. This works fine.

I noticed however that upgrading an Exchange 2013 CU6 Edge Transport server that’s domain joined to CU7 doesn’t hit this issue, there was no need to remove it from the domain before upgrading.