Knowledge Base

Search Knowledge Base

KB #240104: Event IDs in Windows Event Logs

Type:

Information

Summary:

Below are listed some of the Events that Encryptionizer writes to the Windows System and Application Event Logs. Some are informational, others indicate errors.

Additional Information:

Windows System Event Log

Source: nlemsql, nlemsql64
or
Source: nlemsys

Event ID:

  • 1170: nlemsql service loaded and ok.
  • 1177: Opening encrypted database
  • 1178: Closing encrypted database
  • 1179: Creating encrypted database
  • 1180: Insufficient resources while opening/creating an encrypted database
  • 1181: I/O error reading/writing an encrypted database
  • 1183: First read of an encrypted file
  • 1184: First write to an encrypted file
  • 1185: Encrypted file deleted
  • 1190: File was encrypted
  • 1191: File was decrypted
  • 1192: File was re-encrypted

For 1181: see KB 240067

Windows Application Event Log

Source: Encryptionizer

Event ID:
1101
Details
– parameter is incorrect
Possible Causes: Likely ran launch32 or nlrun1402,exe without specifying .sec file in command line

Event ID:
1102, 1103 – varied messages

Details
secservr.sec Status=1206 :: The network connection profile is corrupted.
Possible Causes:
– hardware fingerprint changed after UKMK set.
– UKMK removed or changed after instance/application is secured.
– Hardware fingerprint changed if “lock key to machine” option used when securing the instance/application. Could be caused by a machine name change, as well as actual hardware change.

Details
Target Error: Status=6007:: The specified file is not encrypted
Possible Causes:
In Encryptionizer for SQL, this may happen because “master must” is on, but Master is not encrypted. Can also happen if SEC profile indicates a particular file is required to be encrypted via the rules string, but was found not encrypted.

Details
Profile Error. Status=2:: The system cannot find the file specified
Possible Causes:
– the secservr.sec file is missing from the BINN directory of the SQL instance that was secured.
– A remote profile was specified when securing the SQL instance but the remote profile file is missing or not accessible see KB240040: http://www.netlib.com/kb/display.php?kbid=240102

Details
Profile Error. Status=1326:: Logon failure: Unknown User name or bad password
Possible Causes:
A remote profile was specified when securing the SQL instance but the Netlib Key Management Service does have access to the remote location. see KB240040: http://www.netlib.com/kb/display.php?kbid=240102

Details
Profile Error. Status=1326:: Logon failure: Unknown User name or bad password
Possible Causes:
A remote profile was specified when securing the SQL instance but the Netlib Key Management Service does have access to the remote location. see KB240040: http://www.netlib.com/kb/display.php?kbid=240102

Details
Status=32:: The process cannot access the file because it is being used by another process.
Possible Causes:
occurs when SQL instance attempted to start outside of secservr. Master was encrypted. Since outside of secservr, the master was not opened but was locked by sqlservr. When secservr.exe tried to open the file, it could not access it.

Details
Status=6006:: No keys defined for user.
Possible Causes:
Failure to complete the procedure outlined in KB Article 24008 – Securing Against the Sysadmin. For example, there may be other logins, besides SA, that are still in the SysAdmin Server Role.

1140:
FIPS self test passed

1141:
FIPs Software integrity test is failing
Cause: The module is corrupted

1142:
AES Known Answer Test failed
Cause: The algorithm test is failing. Error in the utility or registry entry is missing

2001:
Instance secured [InstanceName]
– not an error but a valid event

2000:
Details: Instance unsecured [InstanceName]
– not an error but a valid event

2003
Details: UKMK Added
– not an error but a valid event

2002
Details: UKMK Removed
– not an error but a valid event

 

Top