Audit Broker Conversation Event Class

 

Applies To: SQL Server 2016

SQL Server creates an Audit Broker Conversation event to report audit messages related to Service Broker dialog security.

Data columnTypeDescriptionColumn numberFilterable
ApplicationNamenvarcharThe name of the client application that created the connection to an instance of SQL Server. This column is populated with the values passed by the application rather than the displayed name of the program.10Yes
BigintData1bigintThe message sequence number of the message.52No
ClientProcessIDintThe ID assigned by the host computer to the process where the client application is running. This data column is populated if the client process ID is provided by the client.9Yes
DatabaseIDintThe ID of the database specified by the USE database statement, or the ID of the default database if no USE database statement has been issued for a given instance. SQL Server Profiler displays the name of the database if the ServerName data column is captured in the trace and the server is available. Determine the value for a database by using the DB_ID function.3Yes
ErrorintThe SQL Server error number, if this event reports an error.31No
EventClassintThe type of event class captured. Always 158 for Audit Broker Conversation.27No
EventSubClassintThe type of event subclass, providing further information about each event class. The table below lists the event subclass values for this event.21Yes
FileNamenvarcharThe reason for the login failure. If the login succeeded, this column is empty.36No
GUIDuniqueidentifierThe conversation id of the dialog. This identifier is transmitted as part of the message, and is shared between both sides of the conversation.54No
HostNamenvarcharThe name of the computer on which the client is running. This data column is populated if the host name is provided by the client. To determine the host name, use the HOST_NAME function.8Yes
IntegerDataintThe fragment number of the message.25No
NTDomainNamenvarcharThe Windows domain to which the user belongs.7Yes
NTUserNamenvarcharThe name of the user that owns the connection that generated this event.6Yes
ObjectIdintThe user ID of the target service.22No
RoleNamenvarcharThe role of the conversation handle. This is either initiator or target.38No
ServerNamenvarcharThe name of the instance of SQL Server being traced.26No
SeverityintThe SQL Server error severity, if this event reports an error.29No
SPIDintThe server process ID assigned by SQL Server to the process associated with the client.12Yes
StartTimedatetimeThe time at which the event started, when available.14Yes
StateintIndicates the location within the SQL Server source code that produced the event. Each location that may produce this event has a different state code. A Microsoft support engineer can use this state code to find where the event was produced.30No
TextDatantextFor errors, contains a message that describes the reason for the failure. One of the following values:

 

 Cert not found. The user specified for dialog protocol security has no certificate.

 Not in valid time period. The user specified for dialog protocol security has a certificate, but the certificate has expired.

 Cert too large for memory allocation. The user specified for dialog protocol security has a certificate, but the certificate is too large. The maximum certificate size that Service Broker supports is 32,768 bytes.

 Private key not found. The user specified for dialog protocol security has a certificate, but there is no private key associated with that certificate.

 The cert's private key size is incompatible with the crypto provider. The private key for the certificate has a key size that cannot be successfully processed. The private key size must be a multiple of 64 bytes.

 The cert's public key size is incompatible with the crypto provider. The public key for the certificate has a key size that cannot be successfully processed. The public key size must be a multiple of 64 bytes.

 The cert's private key size is incompatible with the encrypted key exchange key. The key size specified in the key exchange key does not match the size of the private key for the certificate. This generally indicates that the certificate on the remote computer does not match the certificate in the database.

 The cert's public key size is incompatible with the security header's signature. The security header contains a signature that cannot be validated with the certificate's public key. This generally indicates that the certificate on the remote computer does not match the certificate in the database.
1Yes

The table below lists the subclass values for this event class.

IDSubclassDescription
1No Security HeaderDuring a secure conversation, Service Broker received a message that did not contain a session key. Once a secure conversation is established, the dialog protocol requires that all messages in the conversation contain a session key.
2No CertificateService Broker could not locate a usable certificate for one of the participants in the conversation. To secure a conversation, the database must contain a certificate for both the sender and the recipient of the conversation.
3Invalid SignatureBroker could not verify the message signature supplied by the sender using the public key in the sender's certificate. This may indicate that the message is corrupt, that the message has been tampered with, that the remote service and the local service are not configured with the same user certificate, or that the certificate is out of date.
4Run As Target FailureThe destination user does not have receive permissions on the destination queue. To prevent unauthorized users from receiving messages, Service Broker does not enqueue messages with a destination user that cannot receive from the queue, regardless of whether the initiating user has permission to enqueue messages.

SQL Server Service Broker

Community Additions

ADD
Show: