Click here to monitor SSC
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


How to fix Logon trigger issue


How to fix Logon trigger issue

Author
Message
bbsr
bbsr
Valued Member
Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)

Group: General Forum Members
Points: 57 Visits: 172
hi,

I have this trigger (see below) and I get the login failure due to trigger execution (SQL error 17892) every time I try to login. If I drop the trigger (drop trigger <trigger name> on all server) the error is gone but I need to have that trigger and also need the user's to log in.

Can anyone look at the code and help me to fix the trigger so that I can use that trigger to capture login information into that table.

create trigger [Tr_ServerLoginAudit]
on all server for logon
as
begin
INSERT INTO PG_LoginAudit
select @@SPID, SYSTEM_USER, HOST_NAME(), HOST_ID(), CURRENT_TIMESTAMP, APP_NAME (), DB_NAME()
END
GO

thanks
GilaMonster
GilaMonster
SSC-Forever
SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)

Group: General Forum Members
Points: 47175 Visits: 44355
Look in the SQL error log. iirc, errors that occur in a login trigger's execution are logged to the error log. Check what's there.

What's the schema of that table?
What database is it in?
Does everyone have insert permissions on it?


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


bbsr
bbsr
Valued Member
Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)

Group: General Forum Members
Points: 57 Visits: 172
this is the schema and this table is created I the user database


   [SPID] [int] NULL,
   [LoginName] [varchar](512) NULL,
   [HostName] [varchar](512) NULL,
   [HostID] [int] NULL,
   [LoginTime] [datetime] NULL,
   [ApplicationName] [varchar](512) NULL,
   [DatabaseName] [varchar] (10)


which login should I give insert permission to this table and why it is blocking all user's to log into the database
GilaMonster
GilaMonster
SSC-Forever
SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)

Group: General Forum Members
Points: 47175 Visits: 44355
Still need...
GilaMonster (9/5/2013)
Look in the SQL error log. iirc, errors that occur in a login trigger's execution are logged to the error log. Check what's there.


As for permissions, unless you use impersonation on the procedure, every single person who can log into that server needs insert rights on that table or the trigger will fail.


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


bbsr
bbsr
Valued Member
Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)

Group: General Forum Members
Points: 57 Visits: 172
you mean use impersonation on that trigger?
GilaMonster
GilaMonster
SSC-Forever
SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)

Group: General Forum Members
Points: 47175 Visits: 44355
Please look in the SQL error log and see what error messages were logged there from that login trigger.


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


bbsr
bbsr
Valued Member
Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)

Group: General Forum Members
Points: 57 Visits: 172
the error message:

"login failed for login <login name> due to trigger execution."

if I change the trigger (see below) then also I get the login failed error.

create trigger [LoginAudit]
on all server with execute as 'sa'
for logon
as
begin
INSERT INTO Audit_Log
select @@SPID, SYSTEM_USER, HOST_NAME(), HOST_ID(), CURRENT_TIMESTAMP, APP_NAME (), DB_NAME()
END
GO
GilaMonster
GilaMonster
SSC-Forever
SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)

Group: General Forum Members
Points: 47175 Visits: 44355
Not the error message that you get. Open up the SQL Server error log and see if there are any errors in there that may suggest why the trigger failed. If not, change your trigger as follows and then see what's in the error log after another login attempt

CREATE TRIGGER [LoginAudit] ON ALL SERVER
WITH EXECUTE AS 'sa'
FOR LOGON
AS
BEGIN
BEGIN TRY
INSERT INTO Audit_Log
SELECT @@SPID ,
SYSTEM_USER ,
HOST_NAME() ,
HOST_ID() ,
CURRENT_TIMESTAMP ,
APP_NAME() ,
DB_NAME()
END TRY
BEGIN CATCH
PRINT CAST(ERROR_NUMBER() AS VARCHAR(5)) + ' ' + ERROR_MESSAGE();
END CATCH
END
GO




Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


bbsr
bbsr
Valued Member
Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)Valued Member (57 reputation)

Group: General Forum Members
Points: 57 Visits: 172
sorry for not making myself clear but that is what I saw in the SQL Server error log.

Logon failed for login <login name> due to trigger execution. [CLIENT: <local machine>]
Error: 17892, Severity: 20, State:1.
GilaMonster
GilaMonster
SSC-Forever
SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)SSC-Forever (47K reputation)

Group: General Forum Members
Points: 47175 Visits: 44355
and what messages (in the error log) does the revised trigger above produce?


Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass


Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search