Sign in with Microsoft
Sign in or create an account.
Select a different account.
You have multiple accounts
Choose the account you want to sign in with.


Assume that you configured multiple SQL Server Audit Events to write to the Security log in Microsoft SQL Server 2022, Microsoft SQL Server 2019, or Microsoft SQL Server 2016 Service Pack 2 (SP2). In this scenario, you notice that all Server Audits except the first Server Audit don't write. Additionally, when you add the second Server Audit, you might receive an error message that resembles the following message in the SQL Server error log:

Error: 33204, Severity: 17, State: 1.

SQL Server Audit could not write to the security log.


This problem occurs if the Registry Event Source Flag is set to 0.


To work around this problem, use one of the following methods:

  • Set the Server Audit Events to be written to a file instead of to the SQL Server Security log.

  • To enable multiple Server Audit Events to write to the SQL Server Security log, change the value of following registry subkey from 0 to 1:


Note: Server Audits have to be restarted for the new registry setting to take effect.


Important: Editing the registry incorrectly can severely damage your system. Before you make changes to the registry, we recommend that you back up any valued data on the computer.


This problem is fixed in the following cumulative updates for SQL Server:

Note: Even after installing SQL Server 2022 Cumulative Update 6 (CU6) or later versions for existing instances, a workaround is still required because the fix doesn't change the existing registry value. For new instances, the correct registry value will be used after applying the fix.

Each new cumulative update for SQL Server contains all the hotfixes and security fixes that were in the previous build. We recommend that you install the latest build for your version of SQL Server:

Service pack information for SQL Server 2016

This problem is fixed in the following service pack for SQL Server:

Service Pack 2 for SQL Server 2016

Service packs are cumulative. Each new service pack contains all the fixes that are in previous service packs, together with any new fixes. Our recommendation is to apply the latest service pack and the latest cumulative update for that service pack. You do not have to install a previous service pack before you install the latest service pack. Use Table 1 in the following article for finding more information about the latest service pack and latest cumulative update.

How to determine the version, edition, and update level of SQL Server and its components


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.


Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Was this information helpful?

What affected your experience?
By pressing submit, your feedback will be used to improve Microsoft products and services. Your IT admin will be able to collect this data. Privacy Statement.

Thank you for your feedback!