Assume that you have configured multiple SQL Server Audit Events to write to the Security log in Microsoft SQL Server 2016 Service Pack 2 (SP2). In this scenario, you may notice that all Server Audits except for the first Server Audit will fail to write. Additionally, when you add the second Server Audit, you may receive an error message that resembles the following in the SQL Server error log:
Error: 33204, Severity: 17, State: 1.
SQL Server Audit could not write to the security log
This issue occurs when the Registry Event Source Flag is set to '0'.
The workaround for this issue is one of the following:
Make the Server Audit Events to be written to a file instead of to the SQL Server Security log.
Change the following registry key from 0 to 1, to enable writing to the SQL Server Security log by multiple Server Audit Events:
Note: Server Audits need to be restarted for the new registry setting to take effect.
ALTER SERVER AUDIT [AuditName] WITH (STATE = OFF)
ALTER SERVER AUDIT [AuditName] WITH (STATE = ON)
Important: Incorrectly editing the registry can severely damage your system. Before making changes to the registry, we recommend that you back up any valued data on the computer.
Service pack information for SQL Server 2016
This issue is fixed in the following service pack for SQL Server:
Service packs are cumulative. Each new service pack contains all the fixes that are in previous service packs, together with any new fixes. Our recommendation is to apply the latest service pack and the latest cumulative update for that service pack. You do not have to install a previous service pack before you install the latest service pack. Use Table 1 in the following article for finding more information about the latest service pack and latest cumulative update.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Learn about the terminologythat Microsoft uses to describe software updates.