SQL server Audit Failure to Security log

Prati 21 Reputation points

2021-02-19 12:01:54.750 spid137 Audit: Server Audit: 65542, Initialized and Assigned State: START_FAILED
2021-02-19 12:01:54.750 spid137 Audit: Server Audit: 65542, State changed from: START_FAILED to: RUNTIME_FAILED

2021-02-19 12:01:54.750 spid137 Error: 33204, Severity: 17, State: 1.
2021-02-19 12:01:54.750 spid137 SQL Server Audit could not write to the security log.
2021-02-19 12:01:54.750 spid137 Audit: Server Audit: 65542, Initialized and Assigned State: RUNTIME_FAILED

I am getting above error when setting up a database audit on a Always on database on SQL server 2017 ( CU 17) .
All the permissions as mentioned in the article exist .

Also , another server level audit is able to write to the security log . But this one is generating a RUNTIME_FAILED message.

Is there anything else that is missing ?

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,067 questions
{count} votes

Accepted answer
  1. Cris Zhan-MSFT 6,611 Reputation points


    can you try the Workaround in this kb article. Change the following registry key from 0 to 1, to enable writing to the SQL Server Security log by multiple Server Audit Events:

    Also have a look on this blog.

    Important: Incorrectly editing the registry can severely damage your system. Before making changes to the registry, we recommend that you back up any valued data on the computer.

0 additional answers

Sort by: Most helpful