I have 4 Exchange 2010 multi role servers with SP2, installed on Windows 2008 servers. These servers were working perfectly fine when suddenly the Transport service stopped on all 4 servers. When we try to start the service, it starts and then stops. No errors in the event viewer even after increasing the diagnostics. There were no changes made to the server and no AD Group policies deployed to the OU in which these servers resides. We had 4 transport agents on the server and after disabling all the 4, the transport service was starting. We narrowed down the problematic agent to the Exchange Rule Agent.
Then we involved Microsoft support. They checked the following key in the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Security and said that the local service account 'Nt service\Eventlog' does not have full control. After assigning full control for this account to this registry key, the transport service started and now everything is fine.
Does anyone know what is the relation between permissions on this particular registry key and Exchange transport service ? When i asked the MS Support engineer about this, they are asking me to open another case to answer this question.
Any response on this will be highly appreciated.