Assume that you have configured multiple SQL Server Audit Events to write to the Security log in Microsoft SQL Server 2016 Service Pack 2 (SP2). In this scenario, you may notice that all Server Audits except for the first Server Audit will fail to write. Additionally, when you add the second Server Audit, you may receive an error message that resembles the following in the SQL Server error log:
Error: 33204, Severity: 17, State: 1.
SQL Server Audit could not write to the security log
This issue occurs when the Registry Event Source Flag is set to '0'.
The workaround for this issue is one of the following:
- Make the Server Audit Events to be written to a file instead of to the SQL Server Security log.
- Change the following registry key from 0 to 1, to enable writing to the SQL Server Security log by multiple Server Audit Events:
ALTER SERVER AUDIT [AuditName] WITH (STATE = OFF)
ALTER SERVER AUDIT [AuditName] WITH (STATE = ON)
Incorrectly editing the registry can severely damage your system. Before making changes to the registry, we recommend that you back up any valued data on the computer.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.