How It Works: SQL Server 2005 SP2 Security Ring Buffer - RING_BUFFER_SECURITY_ERROR

SQL Server 2005 SP2 added new ring buffer entries (sys.dm_os_ring_buffers) for various security errors.   The reason the ring buffer entries are added was to provide the DBA with more details as to why a client is receiving a failed login or other such error.

  • The ring buffer entries are protected because they require view system state privileges to enumerate. 
  • The information contained in the ring buffer can be used to help understand the source of a failure.   
  • The failure information is not reported in the error message to the client to prevent information disclosure that would allow an attack.  For example if you report to the client that the password was incorrect an attacker knows they can start trying a series of passwords.

In following entry the error code is the operating system error (GetLastError value).  Using the integer value and net helpmsg you can retrieve the text of the error.

0x89B = 2203 = The password parameter is invalid.

<Record id="197" type="RING_BUFFER_SECURITY_ERROR" time="3552445157">

  <Error>

    <SPID>158</SPID>

    <APIName>NetValidatePwdPolicy</APIName>

    <CallingAPIName>CAPIPwdPolicyManager::ValidatePwdForLogin</CallingAPIName>

    <ErrorCode>0x89B</ErrorCode>

  </Error>

</Record>

Using the ring buffer entry you know the API NetValidatePwdPolicy returned error 0x89B.   You can search MSDN for the API or various other support sites for more details to determine the

Bob Dorr
SQL Server Senior Escalation Engineer