none
"SQL Server Audit could not write to the security log" error for the second server audit object. RRS feed

  • Question

  • I was able to setup one SQL Server Audit object on SQL Server 2012. It works well. But when I enable the second Server Audit object,  getting error 33204 in event log: SQL Server Audit could not write to the security log.

    For both audits log destination is Security log. What can it be?

    Thanks in advance.


    Любовь долготерпит, ...

    Friday, January 24, 2014 8:34 AM

All replies

  • Check below article:

    SQL Server needs to Read/Write permission to the HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security registry key

    http://www.sqlskills.com/blogs/jonathan/resolving-error-33204-sql-server-audit-could-not-write-to-the-security-log/


    Please click the Mark as answer button and vote as helpful if this reply solves your problem

    • Proposed as answer by SM_122 Wednesday, February 5, 2014 9:00 AM
    Monday, January 27, 2014 1:28 AM
  • Hello,

    Which account that the SQL Server service is running under? Did you connect to the SQL Server instance with same account when create these two SQL Server Audit events?

    When write SQL Server audit event to the Windows Security log, the SQL Server service account must have the generate security audits permission. The LOCAL SERVICE and the NETWORK SERVICE accounts have this permission by default.

    Reference:Write SQL Server Audit Events to the Security Log

    Regards,
    Fanny Liu

    If you have any feedback on our support, please click here.


    Fanny Liu
    TechNet Community Support

    Monday, January 27, 2014 7:53 AM
    Moderator
  • Yes, same account. SQL Server service is running under domain account which already has generate security audits and registry permissions. Both audits work fine if enabled one at a time. If both enabled works only the first started.

    Любовь долготерпит, ...


    • Edited by Aleksey.T Tuesday, January 28, 2014 8:39 AM
    Tuesday, January 28, 2014 8:33 AM
  • Hi,

    I am having the same Issue...
    Permissions are right, the first Audit Server works fine but when i create the second i have the 33204 error. (SQL Server Audit could not write to the security log.) its strange...

    Aleskey, did you find a solution for that?

    Regards!,

    Fabrizio.F

    Monday, August 11, 2014 2:51 AM
  • Hi,

    I am having the same Issue...
    Permissions are right, the first Audit Server works fine but when i create the second i have the 33204 error. (SQL Server Audit could not write to the security log.) its strange...

    Aleskey, did you find a solution for that?

    Regards!,

    Fabrizio.F

    No, I did not.

    Любовь долготерпит, ...

    Tuesday, August 12, 2014 2:13 PM
  • Hi,

    I am having the same Issue...
    Permissions are right, the first Audit Server works fine but when i create the second i have the 33204 error. (SQL Server Audit could not write to the security log.) its strange...

    Aleskey, did you find a solution for that?

    Regards!,

    Fabrizio.F

    No, I did not.

    Любовь долготерпит, ...

    So, it is a Bug in SQL Server 2012? Because same configuration in 2008 version works well...

    Can anyone confirm that?

    Tuesday, August 19, 2014 5:05 PM
  • Hello Guys

    i don't know if you have found the solution, if not then you have to grant Generate security audits in Local or Group policy to the user SQL server service is running under

    Computer Config. -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User rights  Assignment

    Peter

    Thursday, May 21, 2015 1:49 PM
  • I was having the same issue with SQL Server 2012 although 2008 R2 was working just fine.  I called MS Support and during the trouble shooting, the support tech noticed that when the process creates the registry entry, the value for  computer\HKey_local_machine\system\currentcontrolset\services\eventlog\security\MSSQL$<instancename>$audit\eventsourceflags was 0 when 2008 R2 had a value of 1.

    Changed that key to 1 and all the audits can now write to the security log.


    CorkChop

    • Proposed as answer by CorkChop Wednesday, April 20, 2016 9:32 PM
    Wednesday, April 20, 2016 9:32 PM
  • Having the same problem and this worked for me. Thank you.
    Friday, November 10, 2017 9:35 PM