FIX: Error 17310 when you perform an operation that triggers an audit event that is defined in an audit specification in SQL Server 2012

Consider the following scenario:
  • You create a server audit in Microsoft SQL Server 2012. The server audit uses a filter predicate, and the ON_FAILURE property is set to "FAIL_OPERATION."
  • You create a server audit specification or a database audit specification for the server audit.
  • You perform an operation against the database server.
  • The operation triggers an audit event that is defined in the audit specification.
In this scenario, the connection of the operation is disconnected. Additionally, the following error messages are logged in the SQL Server error log:

spid ## Using 'dbghelp.dll' version '4.0.5'

spid ## ***Stack Dump being sent to C:\Program Files\Microsoft SQL Server\MSSQL11.<InstanceName>\MSSQL\LOG\SQLDump0050.txt

SqlDumpExceptionHandler: Process 51 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.



spid ## * 01/13/12 13:48:18 spid 51

spid ## * Exception Address = 0000000072B8D826 Module(UNKNOWN+0000000000000000)

spid ## * Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION

spid ## * Access Violation occurred reading address 0000000000000000

Server Error: 17310, Severity: 20, State: 1.

Server A user request from the session with SPID 51 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.

Note You can use the following query to determine whether the issue occurred:


If the error messages are logged in the SQL Server error log, the issue occurred.

Cumulative update information

SQL Server 2012

The fix for this issue was first released in Cumulative Update 1. For more information about how to obtain this cumulative update package for SQL Server 2012, click the following article number to view the article in the Microsoft Knowledge Base:
2679368 Cumulative Update package 1 for SQL Server 2012
Note Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2012 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
2692828 The SQL Server 2012 builds that were released after SQL Server 2012 was released

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
To work around this issue, take one of the following actions:
  • Do not use filter predicates.
  • Set the ON_FAILURE property of the audit to "CONTINUE."
More information
For more information about SQL Server audit, visit the following Microsoft Developer Network (MSDN) website:

If you try to disable the audit, the disable operation may fail. This behavior may occur because the audit depends on the Audit Action groups that are specified in the server audit specification, such as SUCCESSFUL_LOGIN_GROUP, AUDIT _CHANGE_GROUP. These audits can be disabled or removed only when SQL Server is started under minimal configuration (that is, with the -f startup parameter). You can use the following query to identify the audits that can cause the problem that is described in the "Symptoms" section:

SELECT name as AuditName FROM sys.server_auditsWHERE on_failure = 2 AND predicate IS NOT NULL


Article ID: 2678370 - Last Review: 11/22/2012 13:55:00 - Revision: 3.2

  • kbtshoot kbqfe kbfix kbexpertiseadvanced kbsurveynew KB2678370