Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 123»»»

How to fix Logon trigger issue Expand / Collapse
Author
Message
Posted Thursday, September 5, 2013 2:32 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 8:07 AM
Points: 56, Visits: 168
hi,

I have this trigger (see below) and I get the login failure due to trigger execution (SQL error 17892) every time I try to login. If I drop the trigger (drop trigger <trigger name> on all server) the error is gone but I need to have that trigger and also need the user's to log in.

Can anyone look at the code and help me to fix the trigger so that I can use that trigger to capture login information into that table.

create trigger [Tr_ServerLoginAudit]
on all server for logon
as
begin
INSERT INTO PG_LoginAudit
select @@SPID, SYSTEM_USER, HOST_NAME(), HOST_ID(), CURRENT_TIMESTAMP, APP_NAME (), DB_NAME()
END
GO

thanks
Post #1491946
Posted Thursday, September 5, 2013 2:47 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 8:36 AM
Points: 40,615, Visits: 37,080
Look in the SQL error log. iirc, errors that occur in a login trigger's execution are logged to the error log. Check what's there.

What's the schema of that table?
What database is it in?
Does everyone have insert permissions on it?



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1491951
Posted Thursday, September 5, 2013 3:09 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 8:07 AM
Points: 56, Visits: 168
this is the schema and this table is created I the user database


[SPID] [int] NULL,
[LoginName] [varchar](512) NULL,
[HostName] [varchar](512) NULL,
[HostID] [int] NULL,
[LoginTime] [datetime] NULL,
[ApplicationName] [varchar](512) NULL,
[DatabaseName] [varchar] (10)


which login should I give insert permission to this table and why it is blocking all user's to log into the database
Post #1491964
Posted Thursday, September 5, 2013 3:14 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 8:36 AM
Points: 40,615, Visits: 37,080
Still need...
GilaMonster (9/5/2013)
Look in the SQL error log. iirc, errors that occur in a login trigger's execution are logged to the error log. Check what's there.


As for permissions, unless you use impersonation on the procedure, every single person who can log into that server needs insert rights on that table or the trigger will fail.



Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1491965
Posted Thursday, September 5, 2013 3:17 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 8:07 AM
Points: 56, Visits: 168
you mean use impersonation on that trigger?
Post #1491967
Posted Thursday, September 5, 2013 3:21 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 8:36 AM
Points: 40,615, Visits: 37,080
Please look in the SQL error log and see what error messages were logged there from that login trigger.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1491969
Posted Thursday, September 5, 2013 3:29 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 8:07 AM
Points: 56, Visits: 168
the error message:

"login failed for login <login name> due to trigger execution."

if I change the trigger (see below) then also I get the login failed error.

create trigger [LoginAudit]
on all server with execute as 'sa'
for logon
as
begin
INSERT INTO Audit_Log
select @@SPID, SYSTEM_USER, HOST_NAME(), HOST_ID(), CURRENT_TIMESTAMP, APP_NAME (), DB_NAME()
END
GO
Post #1491971
Posted Thursday, September 5, 2013 3:39 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 8:36 AM
Points: 40,615, Visits: 37,080
Not the error message that you get. Open up the SQL Server error log and see if there are any errors in there that may suggest why the trigger failed. If not, change your trigger as follows and then see what's in the error log after another login attempt

CREATE TRIGGER [LoginAudit] ON ALL SERVER
WITH EXECUTE AS 'sa'
FOR LOGON
AS
BEGIN
BEGIN TRY
INSERT INTO Audit_Log
SELECT @@SPID ,
SYSTEM_USER ,
HOST_NAME() ,
HOST_ID() ,
CURRENT_TIMESTAMP ,
APP_NAME() ,
DB_NAME()
END TRY
BEGIN CATCH
PRINT CAST(ERROR_NUMBER() AS VARCHAR(5)) + ' ' + ERROR_MESSAGE();
END CATCH
END
GO




Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1491975
Posted Thursday, September 5, 2013 3:45 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Tuesday, March 18, 2014 8:07 AM
Points: 56, Visits: 168
sorry for not making myself clear but that is what I saw in the SQL Server error log.

Logon failed for login <login name> due to trigger execution. [CLIENT: <local machine>]
Error: 17892, Severity: 20, State:1.
Post #1491977
Posted Thursday, September 5, 2013 3:47 PM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 8:36 AM
Points: 40,615, Visits: 37,080
and what messages (in the error log) does the revised trigger above produce?


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #1491978
« Prev Topic | Next Topic »

Add to briefcase 123»»»

Permissions Expand / Collapse