The audit file has not been deleted.

  • Hello

    I recently set up an audit on my server to track some connections.

    ,The audit works correctly without any problems.

    The only problem is that I get an error message like SQL Server can no longer delete

    This is how my audit configuration looks.he old audit file.

    Sans titre2Sans titre

    Would anyone of you have an idea on how to handle this error?

    FYI the file is deleted after a few minutes



    You must be logged in to view attached files.
  • CreateFile error 32 is something held a handle on the file and SQL couldn't delete it.

    So something was reading/writing/touching the old audit file in some way.

    Best thing you can do is get a copy of procmon and handle from the sysinternals tool, run this while a file rollover happens (your just going to have to keep it running and find the next occurrence of the error 32), then see what process is using the file preventing SQL from accessing it.

    While your waiting for that ensure all the right exclusions have been put into your AntiVirus/Malware/Security Software, as these will be the general ones which will be preventing deletion.

    Additionally look at the output of "fltmc" in a admin command prompt and tie the altitude numbers to this list

    Anything that isn't a Microsoft filter driver see what it is and if it has exclusions available to it to stop it scanning drives/files etc

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply