Trouble Enabling SQL Audits
I am running SQL Server 2014 SP2 CU8 on Windows Server2012
I am trying to enable an SQL Audit that writes to theWindows Security Log and shuts down the instances upon failure.
I am using the Virtual Service accounts NTAUTHORITY\MSSQL@instanceName to run the SQL Server Service
I have added the virtual service accounts to the LocalSecurity Policy Generate security audits and I have given the account fullpermission to the “Security†folder in the registry
| HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security |
|
The problem I am having is when I try to enable the auditthe service stops which is often normal, but when I start the service againaudit is disabled – It will not stay enabled. The only errors in the SQL Error Logs are
Source spid55
Message
Audit: Server Audit: 65537, Initialized and AssignedState: START_FAILED
-------------
Source spid55
Message
Audit: Server Audit: 65537, State changed from:START_FAILED to: TARGET_CREATION_FAILED
In some cases I have 3 instances on a box and two willenable just fine and one does not. Onone server with multiple instances none of them will enable.
Any ideas of where to look for the errors or what to dois appreciated.