Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1002 Source: MSExchangeMU

Metabase Update agent failed to start. Error code is <error code>.
- Error code: 80070570 - We fixed this problem by running "chkdsk c: /f" on the drive to correct a corrupted "metabase.bin" file.
- Error code: 80040a01 - This issue occurs if the Kerberos Key Distribution Center service is not running on the Exchange server and the Exchange server is acting as a domain controller. To resolve this problem start the Kerberos Key Distribution Center service on the Exchange server. See ME327401 for additional information on this event.
- Error code: 80040a01 - As per Microsoft: "This issue may occur if the Exchange server is not listed as a member of the Exchange Domain Servers group". See ME327844 for information on how to add the Exchange server to the Exchange Domain Servers group. Also check ME312859, ME314294, and ME896703 to see other situations in witch this event can occur.

- Error code: 80090006 - As per ME831393: "This issue may occur if there is corruption of the Microsoft Internet Information Services (IIS) metabase on the Exchange 2000 Server computer. Corruption of the IIS metabase may occur for a variety of reasons". See ME831393 to fix this problem.

From a newsgroup post: "My SBS was running W2K SP2. After I installed Exchange SP2, three Exchange services failed to start on boot up. It was basically the Exchange System Attendant which was the problem and when that fails to start 2 other dependant services fail. If I started the services manually then it all seems to work fine, but that was not really encouraging if I had to do this every time the server was rebooted. I recently had the occasion to talk at length with an SBS support rep from MS PSS. He told me that he completely uninstalls his anti-virus program before installing service packs, hotfixes, etc. This seems a little extreme to me, but they apparently have a huge database of problems that are caused by anti-virus programs interfering with other processes. Following his advise I uninstalled my antivirus namely NAV and reapplied SP2. After this everything was back on the right track".

ME328841 gives information about what folders should be excluded form beeing scanned by your antivirus in order for your Exchange server to function properly. Have a look at it.

See MSEX2K3DB for additional information on this event.
- Error code: 80070002 - This error will occur if you followed the instructions of Exchange Best Practices Analyzer and disabled IFS drive mapping (M: by default) by deleting the “HKLM\System\CurrentControlSet\Services\EXIFS\Parameters\DriveLetter” subkey. The instructions are wrong; you need to delete the value of the key, not the key itself. See the links to “ InstantDoc #22391” and “ message 406173” for further details on this issue.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.