Hello all,
I am seeing the subject issue for “SqlThreatDetection_Audit” SQL Server audit on SQL Server instances running SQL Server 2016 and older (2014,2012 etc) in my client environment. They didn’t use to have these issues before until servers rebooted a few days ago and I have tried all the steps found online including this fix from Microsoft support article: https://support.microsoft.com/en-us/topic/kb4052136-fix-sql-server-audit-events-don-t-write-to-the-security-log-d9708450-6981-2fab-4e58-5f09d561110e
but it didn’t resolve the issue. We keep getting this error 33208 & 33204 in the SQL and windows event logs:
Error: 33208, Severity: 17, State: 1. SQL Server Audit failed to access the security log. Make sure that the SQL service account has the required permissions to access the security log.
Error: 33204, Severity: 17, State: 1. SQL Server Audit could not write to the security log
I confirm that:
The service account is an AD account and I have confirmed it’s an admin on the server with perms (has necessary privileges to write to security log) on the security fold in windows registry, the key flag changed to 1, Local security policy changed to grant audit access to the service account and allowing success/failure auditing. I have also granted sysadmin to the service account as a server principal on SQL server with the required server level and database level perms.
Not sure what else is required here. Please help urgently.