Consider the following scenario:
- You create a server audit in Microsoft SQL Server 2012. The server audit uses a filter predicate, and the ON_FAILURE property is set to "FAIL_OPERATION."
- You create a server audit specification or a database audit specification for the server audit.
- You perform an operation against the database server.
- The operation triggers an audit event that is defined in the audit specification.
In this scenario, the connection of the operation is disconnected. Additionally, the following error messages are logged in the SQL Server error log:
spid ## Using 'dbghelp.dll' version '4.0.5'Note
spid ## ***Stack Dump being sent to C:\Program Files\Microsoft SQL Server\MSSQL11.<InstanceName>\MSSQL\LOG\SQLDump0050.txt
SqlDumpExceptionHandler: Process 51 generated fatal exception c0000005 EXCEPTION_ACCESS_VIOLATION. SQL Server is terminating this process.
spid ## * BEGIN STACK DUMP:
spid ## * 01/13/12 13:48:18 spid 51
spid ## * Exception Address = 0000000072B8D826 Module(UNKNOWN+0000000000000000)
spid ## * Exception Code = c0000005 EXCEPTION_ACCESS_VIOLATION
spid ## * Access Violation occurred reading address 0000000000000000
Server Error: 17310, Severity: 20, State: 1.
Server A user request from the session with SPID 51 generated a fatal exception. SQL Server is terminating this session. Contact Product Support Services with the dump produced in the log directory.
You can use the following query to determine whether the issue occurred:
SELECT NAME AS AUDITNAME FROM SYS.SERVER_AUDITS WHERE ON_FAILURE = 2 AND PREDICATE IS NOT NULL
If the error messages are logged in the SQL Server error log, the issue occurred.
Cumulative update information
SQL Server 2012
The fix for this issue was first released in Cumulative Update 1. For more information about how to obtain this cumulative update package for SQL Server 2012, click the following article number to view the article in the Microsoft Knowledge Base:
Cumulative Update package 1 for SQL Server 2012
Because the builds are cumulative, each new fix release contains all the hotfixes and all the security fixes that were included with the previous SQL Server 2012 fix release. We recommend that you consider applying the most recent fix release that contains this hotfix. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
The SQL Server 2012 builds that were released after SQL Server 2012 was released
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
To work around this issue, take one of the following actions:
- Do not use filter predicates.
- Set the ON_FAILURE property of the audit to "CONTINUE."
For more information about SQL Server audit, visit the following Microsoft Developer Network (MSDN) website:
If you try to disable the audit, the disable operation may fail. This behavior may occur because the audit depends on the Audit Action groups that are specified in the server audit specification, such as SUCCESSFUL_LOGIN_GROUP, AUDIT _CHANGE_GROUP. These audits can be disabled or removed only when SQL Server is started under minimal configuration (that is, with the -f
startup parameter). You can use the following query to identify the audits that can cause the problem that is described in the "Symptoms" section:
SELECT name as AuditName FROM sys.server_auditsWHERE on_failure = 2 AND predicate IS NOT NULL