fbpx

Knowledge Base

Search Knowledge Base

KB #240104: Event IDs in Windows Event Logs

Type:

Information

Summary:

Below are listed some of the Events that Encryptionizer writes to the Windows System and Application Event Logs. Some are informational, others indicate errors.

Additional Information:

Windows System Event Log

Source: nlemsql, nlemsql64
or
Source: nlemsys

Event ID:

  • 1170: nlemsql service loaded and ok.
  • 1177: Opening encrypted database
  • 1178: Closing encrypted database
  • 1179: Creating encrypted database
  • 1180: Insufficient resources while opening/creating an encrypted database
  • 1181: I/O error reading/writing an encrypted database
  • 1183: First read of an encrypted file
  • 1184: First write to an encrypted file
  • 1185: Encrypted file deleted
  • 1190: File was encrypted
  • 1191: File was decrypted
  • 1192: File was re-encrypted
  • 5001: File encryption started
  • 5002: File encryption finished
  • 5003: File encryption unsuccessful
  • 5011: File decryption started
  • 5012: File decryption finished
  • 5013: File decryption unsuccessful
  • 5021: File re-encryption started
  • 5022: File re-encryption finished
  • 5023: File re-encryption unsuccessful
  • 5032: File validation successful
  • 5033: File validation unsuccessful

For 1181: see KB 240067

Windows Application Event Log

Source: Encryptionizer

Event ID:
1101
Details
– parameter is incorrect
Possible Causes: Likely ran launch32 or nlrun1402,exe without specifying .sec file in command line

Event ID:
1102, 1103 – varied messages

Details
secservr.sec Status=1206 :: The network connection profile is corrupted.
Possible Causes:
– UKMK removed or changed after instance/application is secured.
– Hardware fingerprint changed after UKMK set, and the UKMK was locked to the machine. It is not recommended to use the Lock To Machine feature for UKMK on virtual machines.
– Hardware fingerprint changed if “Lock key to machine” option used when securing the instance/application. Could be caused by a machine name change, as well as actual hardware change.

Details
Profile Error. Status=1326:: Logon failure: Unknown User name or bad password
Possible Causes:
A Remote Profile (Key stored in alternate location) was specified when securing the SQL instance but the Netlib Key Management Service does have access to the remote location. see KB240040: http://www.netlib.com/kb/display.php?kbid=240102

Details
Profile Error. Status=2:: The system cannot find the file specified
Possible Causes:
– the Security Profile (secservr.sec) is missing from the BINN directory of the SQL instance that was secured.
– A remote profile was specified when securing the SQL instance but the remote profile file is missing or not accessible see KB240040: http://www.netlib.com/kb/display.php?kbid=240102

Details
Status=32:: The process cannot access the file because it is being used by another process.
Possible Causes:
Occurs when SQL instance attempted to start outside of secservr. Master was encrypted. Since outside of secservr, the master was not opened but was locked by sqlservr. When secservr.exe tried to open the file, it could not access it.

Details
Status=6006:: No keys defined for user.
Possible Causes:
Failure to complete the procedure outlined in KB Article 24008 – Securing Against the Sysadmin. For example, there may be other logins, besides SA, that are still in the SysAdmin Server Role.

Details
Target Error: Status=6007:: The specified file is not encrypted
Possible Causes:
In Encryptionizer for SQL, this may happen because “master must” is on, but Master is not encrypted. Can also happen if SEC profile indicates a particular file is required to be encrypted via the rules string, but was found not encrypted.

1140:  FIPS self test passed

1141: FIPs Software integrity test is failing
Cause: The module is corrupted

1142: AES Known Answer Test failed
Cause: The algorithm test is failing. Error in the utility or registry entry is missing

2001: Instance secured [InstanceName]

2000: Instance unsecured [InstanceName]

2003: UKMK Added

2002: UKMK Removed

Last modified: 1/15/2021

Top