Microsoft added a new Event Log called State to Windows Server 2019, and for some reason this got backported in the Registry to Windows 10 1809 even though nothing uses this log and it does not show in Event Viewer. However, Exchange Agent when starting attempts to access the Registry entry for it and fails with this error.
To solve this, we need to take ownership of the State registry key and all subkeys, the steps to do so are as follows.
First, run the Restricted Users Setup Tool (this will add other permissions, but doesn't include the STATE log)
- Start RegEdit as an administrator.
- Some customers have their systems locked down so you need to go to the EXE and do this instead of using the Start Menu.
- Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
- Right click on State and select Permissions.
- Select Advanced.
- Select to Change the owner, and set it as the Administrators group and select to Replace on all subcontainers.
- If on a domain, you will need to change the Location to the local machine when entering Administrators.
- Under Permissions Add the Everyone group with Full Control.
- Again, if on a domain, you will need to change the Location to the local machine.
- Apply the changes and Exchange Agent should now start.
We have made a request to have this added in to the Restricted User Setup Tool, so hopefully this will only be a stopgap process.