As per Microsoft: "This event may be logged when a domain controller that was running Exchange Server 2003 is demoted to a member server. During this demotion, the ASPNET security account is removed. This prevents the Metabase Update process from initializing. This event message may also be logged if there are permissions problems in the Exchange Server environment". See MSEX2K3DB for a detailed description about this event.
I saw this event on a node of a clustered Exchange 2003 server. I believe that it came about due to the recent installation of .Net Runtime v2.0 through WSUS. MS ME906154 was very helpful in resolving this issue, although I did not follow it exactly. MS asks you to find the "RootVer" value under the "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET" key. They supply a new Value Data for RootVer if you are using .Net Framework 1.1. Since this machine had just been moved to 2.0, I used the appropriate version number for 2.0, that is 2.0.50727.0. After making the change, the SA started properly and I was able to bring up the Exchange virtual server. Oddly, I just checked the registry, and the key seems to have changed itself back to the number MS suggests (1.1.4322.0). I have no idea why this is, but the box is working again.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.