July 24, 2013 at 11:32 am
So I stumbled across this while playing with XE, and not sure if it's an issue or not. If I watch the live data for the default system_health Extended Event I see nothing but these:
Event: security_error_ring_buffer_recorded
api_name:ImpersonateSecurityContext
call_stack:0xCE7C8CDEFE070000AC878ADEFE07000005DE8ADEFE07000088468ADEFE0700004D3B8ADEFE070000447D8CDEFE070000803DC8E7FE070000643BC8E7FE0700006739C8E7FE0700000F2FCAE7FE0700005037CAE7FE0700005D2CCAE7FE070000883FCAE7FE0700002D6583770000000021C5967700000000
calling_api_name:NLShimImpersonate
error_code: 5023
id: 0
session_id: 120
timestamp : timestamp595798
There do not appear to be failed logins in the error log.
This is on a failover cluster that is using two linked servers, which is what I sort of suspect but have no hard evidence at this time. For the linked server config, a list of logins is mapped to specific remote login, and for the section below "For a login not defined in the list above, connections will" the radio button Be made using the login's current security context is selected.
Pointers on how to narrow this down to the problem login are appreciated.
EDIT: for the SPID's I have checked, they are all SQL logins. I found some articles that suggest this can be due to orphaned domain users, but that does not appear to be the case for me.
Thanks,
Jared
April 26, 2016 at 4:34 am
Any update on this, please?
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply