How It Works: SQL Server 2005 SP2 Security Ring Buffer - RING_BUFFER_SECURITY_ERROR
SQL Server 2005 SP2 added new ring buffer entries (sys.dm_os_ring_buffers) for various security errors. The reason the ring buffer entries are added was to provide the DBA with more details as to why a client is receiving a failed login or other such error.
- The ring buffer entries are protected because they require view system state privileges to enumerate.
- The information contained in the ring buffer can be used to help understand the source of a failure.
- The failure information is not reported in the error message to the client to prevent information disclosure that would allow an attack. For example if you report to the client that the password was incorrect an attacker knows they can start trying a series of passwords.
In following entry the error code is the operating system error (GetLastError value). Using the integer value and net helpmsg you can retrieve the text of the error.
0x89B = 2203 = The password parameter is invalid.
<Record id="197" type="RING_BUFFER_SECURITY_ERROR" time="3552445157">
<Error>
<SPID>158</SPID>
<APIName>NetValidatePwdPolicy</APIName>
<CallingAPIName>CAPIPwdPolicyManager::ValidatePwdForLogin</CallingAPIName>
<ErrorCode>0x89B</ErrorCode>
</Error>
</Record>
Using the ring buffer entry you know the API NetValidatePwdPolicy returned error 0x89B. You can search MSDN for the API or various other support sites for more details to determine the
Bob Dorr
SQL Server Senior Escalation Engineer
Comments
Anonymous
March 24, 2008
Do you have any more details on this? I see the dmv on one of my servers has lots of entries and I have to be honest what I've found is puzzling - I have several errors 0x7A but I can't really tie the entries into anything else - actual time date - any pointers appreciated. [RDORR] This is a very good question. The ring buffer is pretty much standalone. If you are trying to troubleshoot a specific issue you have the user cause the problem and then look at the ring buffer.
There are a couple of reasons for this behavior. I worked with others in CSS and SQL Dev to add the ring buffer to SQL Server 2005 SP2. Prior to that all security related errors are bucketed into about 10 generic errors. The reason for the generic errors is to help avoid attacks. I will spare you the gory details but you can pick up a security book and get scared yourself.
Since it was added in the service pack we did not want to break any existing applicaitons but allow the DBA better troubleshooting control than debugging the process. With that many of the errors occur before you even get a valid sessions so making direct context to connections is often not possible because you fail to the logon and there is not session to map to. The error you show here is 0x7a which maps to "The data area passed to a system call is too small." This is a common condition. Many of the Windows APIs allow the API to be called with a NULL data pointer. The response will be the size required to call the API and the OS error 0x7A. So what you are seeing is the API call returing the size needed. SQL will allocate the appropriate memory for something like a SID or other structure and call the API again, usually with success.Anonymous
March 13, 2009
Sent: Monday, March 09, 2009 6:20 PM Subject: Ring Buffers in SQL2008   Hi, do you have any documentation/whiteAnonymous
February 23, 2014
How to solve my problem of server access failure(1,237),