maleitzel 96965 (3/21/2013)
I thought maybe somebody had a magic bullet for this!
The magic bullet for me was putting the SET options within the trigger to bypass any inconsistencies in 3rd party connection drivers.
Try the below and see if it works.
CREATE TRIGGER [DenyUnencryptedConnection]
ON ALL SERVER WITH EXECUTE AS 'DatabaseLogonAuditUser'
FOR LOGON
AS
SET CONCAT_NULL_YIELDS_NULL, ANSI_WARNINGS, ANSI_PADDING ON
BEGIN
DECLARE @LoginNameVARCHAR(128),
@DBNameVARCHAR(128)
SELECT @LoginName = EVENTDATA().value('(/EVENT_INSTANCE/LoginName)[1]', 'nvarchar(128)'),
@DBName = ORIGINAL_DB_NAME ()
IF (SELECT COUNT(ad.DatabaseName)
FROM DatabaseLogonAudit.dbo.AuditDatabase ad
INNER JOIN master.sys.sysprocesses sp on sp.dbid = ad.DatabaseId
INNER JOIN master.sys.dm_exec_connections ec ON ec.session_id= sp.spid
WHERE sp.loginame = @LoginName
AND ad.DatabaseName = @DBName
AND ad.DBLogonAuditRequired = 1
AND ec.Encrypt_option <> 'TRUE') > 0
ROLLBACK;
END;
GO
Regards
Chirag