Audit Broker Conversation Event Class
Applies to: 
SQL Server
Azure SQL Database
Azure SQL Managed Instance
SQL Server creates an Audit Broker Conversation event to report audit messages related to Service Broker dialog security.
Audit Broker Conversation Event Class Data Columns
| Data column | Type | Description | Column number | Filterable |
|---|---|---|---|---|
| ApplicationName | nvarchar | The name of the client application that created the connection to an instance of SQL Server. This column is populated with the values passed by the application rather than the displayed name of the program. | 10 | Yes |
| BigintData1 | bigint | The message sequence number of the message. | 52 | No |
| ClientProcessID | int | The ID assigned by the host computer to the process where the client application is running. This data column is populated if the client process ID is provided by the client. | 9 | Yes |
| DatabaseID | int | The ID of the database specified by the USE database statement, or the ID of the default database if no USE database statement has been issued for a given instance. SQL Server Profiler displays the name of the database if the ServerName data column is captured in the trace and the server is available. Determine the value for a database by using the DB_ID function. | 3 | Yes |
| Error | int | The SQL Server error number, if this event reports an error. | 31 | No |
| EventClass | int | The type of event class captured. Always 158 for Audit Broker Conversation. | 27 | No |
| EventSubClass | int | The type of event subclass, providing further information about each event class. The table below lists the event subclass values for this event. | 21 | Yes |
| FileName | nvarchar | The reason for the login failure. If the login succeeded, this column is empty. | 36 | No |
| GUID | uniqueidentifier | The conversation id of the dialog. This identifier is transmitted as part of the message, and is shared between both sides of the conversation. | 54 | No |
| HostName | nvarchar | The name of the computer on which the client is running. This data column is populated if the host name is provided by the client. To determine the host name, use the HOST_NAME function. | 8 | Yes |
| IntegerData | int | The fragment number of the message. | 25 | No |
| NTDomainName | nvarchar | The Windows domain to which the user belongs. | 7 | Yes |
| NTUserName | nvarchar | The name of the user that owns the connection that generated this event. | 6 | Yes |
| ObjectId | int | The user ID of the target service. | 22 | No |
| RoleName | nvarchar | The role of the conversation handle. This is either initiator or target. | 38 | No |
| ServerName | nvarchar | The name of the instance of SQL Server being traced. | 26 | No |
| Severity | int | The SQL Server error severity, if this event reports an error. | 29 | No |
| SPID | int | The server process ID assigned by SQL Server to the process associated with the client. | 12 | Yes |
| StartTime | datetime | The time at which the event started, when available. | 14 | Yes |
| State | int | Indicates the location within the SQL Server source code that produced the event. Each location that may produce this event has a different state code. A Microsoft support engineer can use this state code to find where the event was produced. | 30 | No |
| TextData | ntext | For errors, contains a message that describes the reason for the failure. One of the following values: Cert not found. The user specified for dialog protocol security has no certificate. Not in valid time period. The user specified for dialog protocol security has a certificate, but the certificate has expired. Cert too large for memory allocation. The user specified for dialog protocol security has a certificate, but the certificate is too large. The maximum certificate size that Service Broker supports is 32,768 bytes. Private key not found. The user specified for dialog protocol security has a certificate, but there is no private key associated with that certificate. The cert's private key size is incompatible with the crypto provider. The private key for the certificate has a key size that cannot be successfully processed. The private key size must be a multiple of 64 bytes. The cert's public key size is incompatible with the crypto provider. The public key for the certificate has a key size that cannot be successfully processed. The public key size must be a multiple of 64 bytes. The cert's private key size is incompatible with the encrypted key exchange key. The key size specified in the key exchange key does not match the size of the private key for the certificate. This generally indicates that the certificate on the remote computer does not match the certificate in the database. The cert's public key size is incompatible with the security header's signature. The security header contains a signature that cannot be validated with the certificate's public key. This generally indicates that the certificate on the remote computer does not match the certificate in the database. |
1 | Yes |
The table below lists the subclass values for this event class.
| ID | Subclass | Description |
|---|---|---|
| 1 | No Security Header | During a secure conversation, Service Broker received a message that did not contain a session key. Once a secure conversation is established, the dialog protocol requires that all messages in the conversation contain a session key. |
| 2 | No Certificate | Service Broker could not locate a usable certificate for one of the participants in the conversation. To secure a conversation, the database must contain a certificate for both the sender and the recipient of the conversation. |
| 3 | Invalid Signature | Broker could not verify the message signature supplied by the sender using the public key in the sender's certificate. This may indicate that the message is corrupt, that the message has been tampered with, that the remote service and the local service are not configured with the same user certificate, or that the certificate is out of date. |
| 4 | Run As Target Failure | The destination user does not have receive permissions on the destination queue. To prevent unauthorized users from receiving messages, Service Broker does not enqueue messages with a destination user that cannot receive from the queue, regardless of whether the initiating user has permission to enqueue messages. |