Archives for: "April 2014"
New Permissions in SQL Server 2014: IMPERSONATE ANY LOGIN, SELECT ALL USER SECURABLES, CONNECT ANY DATABASE and the old CONTROL SERVER
Apr 26th
(DE) |
(EN) |
Class Desc. |
Permission Name |
Type |
Parent Covering Permission Name |
DATABASE |
ALTER ANY DATABASE EVENT SESSION |
AADS |
ALTER ANY EVENT SESSION |
DATABASE |
KILL DATABASE CONNECTION |
KIDC |
ALTER ANY CONNECTION |
SERVER |
CONNECT ANY DATABASE |
CADB |
|
SERVER |
IMPERSONATE ANY LOGIN |
IAL |
|
SERVER |
SELECT ALL USER SECURABLES |
SUS |
Und wofür und wie können wir diese neuen Berechtigungen auf Server Ebene verwenden?
IMPERSONATE ANY LOGIN
Erinnert Ihr Euch an das Problem mit CONTROL SERVER? Das größte Problem war, das dieses Recht auch die Impersonifizierung eines jeden Kontos, inklusive der Privilegien Erweiterung zum sysadmin erlaubte. Die Details und auch andere Probleme mit CONTROL SERVER habe ich hier umfassend dokumentiert:
SQL Server 2014 gibt uns mit der Einführung der IMPERSONATE ANY LOGIN-Berechtigung Munition, dieses Problem anzugehen. - Diese Berechtigung erlaubt es, jeden Login und User zum impersonieren(!).
Wenn wir dieses mit einem DENY gegenüber dem Principal mit CONTROL SERVER Recht verwenden, verhindert es diesen, irgendeinen Login direkt zu impersonifizieren. (Warum sage ich “direkt”? – Das sehen wir ein Stück weiter unten.) |
So, what for and how can we use those permissions on Server level?
IMPERSONATE ANY LOGIN
Do you remember the problem with CONTROL SERVER?
Now in SQL Server 2014, by introducing the permission IMPERSONATE ANY LOGIN, gives us ammunition to tackle this problem. - This Permission permits to impersonate any Login and User(!).
If we DENY this to the Principal with CONTROL SERVER permission, it prevents him from impersonating any Login directly. (Why do I say “directly”? – We’ll see a bit further down.) So let’s see how to prevent a Login with CONTROL SERVER from elevating privileges by impersonating another login with help of the new permission: |
USE [master]
GO
CREATE LOGIN DBA_TheDude WITH PASSWORD=N'www', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
CREATE SERVER ROLE [Role_DBA]
ALTER SERVER ROLE [Role_DBA]
ADD MEMBER DBA_TheDude
GRANT CONTROL SERVER TO [Role_DBA]
GO
DENY IMPERSONATE ANY LOGIN TO [Role_DBA]
GO
CREATE DATABASE ControlServer_Schema_Demo
GO
-- ====================
-- === Test
EXECUTE AS LOGIN = 'DBA_TheDude'
-- Attempt impersonation:
EXECUTE AS LOGIN = 'sa';
-->
Msg 15406, Level 16, State 1, Line 9
Cannot execute as the server principal because the principal "sa" does not exist, this type of principal cannot be impersonated, or you do not have permission.
//
Die Ausführung als Serverprinzipal ist nicht möglich, weil der Prinzipal 'sa' nicht vorhanden ist, für diesen Typ von Prinzipal kein Identitätswechsel möglich ist, oder Sie nicht die erforderliche Berechtigung haben.
USE ControlServer_Schema_Demo
EXECUTE AS USER = 'dbo';
-->
Msg 15517, Level 16, State 1, Line 15
Cannot execute as the database principal because the principal "dbo" does not exist, this type of principal cannot be impersonated, or you do not have permission.
//
Die Ausführung als Datenbankprinzipal ist nicht möglich, weil der Prinzipal 'dbo' nicht vorhanden ist, für diesen Typ von Prinzipal kein Identitätswechsel möglich ist, oder Sie nicht die erforderliche Berechtigung haben.
Hurra!(?) Privilege-Escalation-Risiko: Wirklich? Immer noch? |
Hooray!(?) Privilege-Escalation-risc: Really? Still?
Still we are running under the context of DBA_TheDude: |
USE master;
CREATE LOGIN UtilizeMe WITH PASSWORD=N'www', DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
GO
GRANT CONTROL SERVER TO UtilizeMe
GO
Wir können den Login “UtilizeMe” nicht impersonifizieren, aber wir können und einfach mit seinem Passwort anmelden! - Nebenbei ein weiterer Grund, SQL Authentifizierung nicht zu verwenden, da er ansonsten die Credentials eines validen Windows-Login’s finden müsste – viel schwieriger, als einfach seinen eigenen Backdoor-account anzulegen. |
We cannot Impersonate the “UtilizeMe” Login, but we can just Log On using his password! - Another reason to not use SQL authentication by the way, as he would then need to find a valid Windows-Login’s Credentials – much harder to just creating his own backdoor-account.
|
Um also unseren Administrator wirklich daran zu hindern, seine Privilegien zum Sysadmin zu erweitern, müssen wir auch mit DENY ALTER ANY LOGIN und ALTER ANY SERVER ROLE arbeiten. |
So in order to further prevent our Administrator from elevating privileges to sysadmin, we also need to work with DENY ALTER ANY LOGIN and ALTER ANY SERVER ROLE. |
Und kann DANN CONTROL SERVER endlich sicher verwendet werden? NEIN!
Tatsächlich gibt es noch ein paar andere Dinge, die man tun kann, um die Berechtigungen von einem CONTROL SERVER-berechtigten Konto zu erweitern. Etwas trickreicher vielleicht, aber ein Angreifer mit einem guten Wissen über SQL Server (ich spreche also nicht von „Raketenwissenschaft“), wird in der Lage sein soetwas durchzuführen. Mir ist bewusst, dass das “Separation of Duties in SQL Server 2014”-Whitepaper (Enthalten im Microsoft® SQL Server® 2014 Product Guide) die Kombination von GRANT CONTROL SERVER + DENY IMPERSONATE ANY tatschlich als Best Practice listet, aber dennoch…
Also, empfehle ich die Verwendung in irgendeiner Weise? Leider ist es jedoch weit davon entfernt, perfekt zu sein, und in Sicherhit-belangen, alles, was nicht lupenrein ist, ist ein Risiko. Wer das also anstelle von sa/sysadmin verwendet, verdient dennoch Applaus, da es zeigt, dass man sich kümmert und es wagt, Berechtigungen einzuschränken. |
Can we THEN finally use CONTROL SERVER completely safely?
NO!
In fact there are a few other things one can do to elevate permissions from a CONTROL SERVER-permitted account. More tricky in a way, but an attacker with some good knowledge about SQL Server (note, I am not saying “rocket-scientist”) will be able to do that. I am aware that the “Separation of Duties in SQL Server 2014”-Whitepaper (Contained in the Microsoft® SQL Server® 2014 Product Guide) does in fact list the combination of GRANT CONTROL SERVER + DENY IMPERSONATE ANY LOGIN as a best practice, but yet…
So do I recommend using it in any way? That is a hard question for me personally, as I would like to see much less people using/granting sa/sysadmin for daily tasks, and this permission had the potential to make an end to it. Unfortunately it is far from perfect, and in security-terms, anything not flawless, is a risk. But in terms of getting people away from using the highest privileges from the very beginning, I do see it as a step, since many may just not have the time and skills to break out of it. I do recommend using it in combination with some solid Auditing and alerts in place. |
SELECT ALL USER SECURABLES
Was sicherer ist, ist die Verwendung für eine Art Auditor, der ALLE Daten lesen (aber nicht ändern) können soll – ohne den Aufwand, in sämtlichen Nutzerdatenbanken Benutzer und Rechte zu vergeben. |
SELECT ALL USER SECURABLES
What’s more safe, is the use for an Auditor that needs to read ALL data, but not change it - without the effort of creating users and permissions in all user databases. |
CONNECT ANY DATABASE
Diese Berechtigung kann gut für Logins verwendet werden, die sich im Wesentlichen mit jeder Datenbank verbinden können and zum Beispiel Code Reviews durchführen sollen – indem man diese mit der VIEW ANY DEFINITION Berechtigung kombiniert. |
CONNECT ANY DATABASE
This permission can be used quite well for having logins that can basically connect to any database and for example do code reviews - by combining it with the VIEW ANY DEFINITION permission. |
Happy “Server controlling”,
Andreas
New Extended Events for Tracing in SQL Server 2014
Apr 5th
Neue “Erweiterte Ereignisse” (XEvents) für Tracing in SQL Server 2014
(de) Zunächst gibt es 3 neue Pakete („Packages“), die alle zu der neuen Arbeitsspeicher(„In-Memory“) -OLTP Engine: XTP, aufgeteilt auf 3 DLLs: |
(en) To begin with there are 3 new packages, all belonging to the new In-Memory OLTP Engine: XTP, split up into 3 dlls: |
Package |
description |
Module name |
XtpRuntime |
Extended events for the XTP Runtime |
{InstanceDir}\MSSQL\Binn\ |
XtpEngine |
Extended events for the XTP Engine |
{InstanceDir}\MSSQL\Binn\ |
XtpCompile |
Extended events for the XTP Compile |
{InstanceDir}\MSSQL\Binn\ |
Die Anzahl der Extended Events ist von 625 in SQL Server 2012 (SP1) auf 870 in SQL Server 2014 (RTM) angestiegen. Das sind 245 neue Events! – Reichlich Möglichkeiten, in Internas einzutauchen :-) recovery_incremental_checkpoint in recovery_indirect_checkpoint und hekaton_slow_param_passing in natively_compiled_proc_slow_parameter_passing Ja, richtig gelesen. Es gab bereits im SQL Server 2012 eine Anzahl an Events für die XTP Engine. Es kommt recht häufig vor, dass man Bits von zukünftigen Entwicklungen in der aktuellen Release findet. Nebenbei: SQL Trace wurde nicht im geringsten angefasst. Die Anzahl von SQL Trace Events bleibt mit 180 seit SQL Server 2008 stabil. – Here ist ein Überblick von Extended Events gegen SQL Trace Events in den verschiedenen SQL Server Versionen: Extended Events vs SQL Trace im Vergleich – oder warum SQL Trace & Profiler einfach von gestern sind :-) Weiter zu XEvents: es gibt keine neuen Prädikate, aber eine Anzahl neuer Maps, was natürlich nicht überrascht bei der Menge neuer Events. Und hier ist die Liste der neuen Extended Events: |
The number of Extended Events increased from 625 in SQL Server 2012 (SP1) to 870 in SQL Server 2014 (RTM). That makes 245 new events! – Plenty of opportunities to look into internals :-) recovery_incremental_checkpoint into recovery_indirect_checkpoint and hekaton_slow_param_passing into natively_compiled_proc_slow_parameter_passing Yes, you read correctly. There have already been a couple of events for the new XTP engine within SQL Server 2012. It’s quite common that you can find bits of future developments within the current release. By the way: SQL Trace has not been touched by the slightest bit. The number of SQL Trace events stays at 180 since SQL Server 2008. – here you find an overview of the number of Extended Events vs SQL Trace events in the various SQL Server versions: Comparing Extended Events vs SQL Trace – or why SQL Trace & Profiler are just a thing of the past :-) Continuing with XEvents: There are no new predicates, but a couple more maps, which is of course not surprisingly considering the amount of new events. And here is the list of all new extended events: |
Package name |
Event name | Description |
qds | query_store_async_shutdown_failed | Fired when query store encounters an error during async query store shutdown |
qds | query_store_background_cleanup_task_failed | Fired if the background task for cleanup of QDS stale data is not completed successfully |
qds | query_store_background_task_creation_failed | Fired if the background task for QDS data persistence could not be created |
qds | query_store_background_task_initialization_failed | Fired if the background task for QDS data persistence could not be initialized |
qds | query_store_background_task_persist_failed | Fired if the background task for QDS data persistence is not completed successfully |
qds | query_store_begin_persist_runtime_stat | Fired immediately before current runtime statistics for a query plan is persisted to the database. |
qds | query_store_bloom_filter_false_positive | Fired if the Bloom filter for QDS statement texts gives a false positive result |
qds | query_store_check_consistency_init_failed | Fired when check consistency task fails during initialization |
qds | query_store_database_initialization_failed | Fired if initialization of the Query Store for database has failed. The Query Store will be disabled for this database |
qds | query_store_db_cleanup__finished | Fired if cleanup of QDS stale data finished for particular database. |
qds | query_store_db_cleanup__started | Fired if cleanup of QDS stale data started for particular database. |
qds | query_store_disk_size_check_failed | Fired when a check against Query Store on-disk size limit fails |
qds | query_store_disk_size_info | Fired when a check against QDS on-disk size is performed |
qds | query_store_execution_runtime_info | Fired when runtime information is sent to the query store. |
qds | query_store_execution_runtime_info_discarded | Fired when runtime information sent to the query store is discarded. |
qds | query_store_execution_runtime_info_evicted | Fired when runtime information sent to the query store is evicted. |
qds | query_store_flush_failed | Fired when query store failed to flush dirty data |
qds | query_store_loaded | Fired when query store is loaded |
qds | query_store_notify_dirty_shutdown_on_partition_startup | Fired when previous instance of query store for the partition is shutdown by force in order to allow creation of a new instance |
qds | query_store_notify_force_failure_failed | Fired when query store failed to notify force failure |
qds | query_store_persist_task_init_failed | Fired when persist task fails during initialization |
qds | query_store_plan_forcing_failed | Occurs when forcing of plan from qds fail |
qds | query_store_plan_persistence_failure | Fired if there's a failure to persist plan |
qds | query_store_plan_removal | Fired when plan is removed |
qds | query_store_query_persistence_failure | Fired if there's a failure to persist query |
qds | query_store_read_write_failed | Fired if the read/write to Query Store internal tables failed |
qds | query_store_statement_not_found | Fired in case when statement couldn't be found due to race condition or ambiguous user request. |
qds | query_store_unloaded | Fired when query store is unloaded from memory |
sqlos | nonpreemptive_long_syncio | record long sync io operation in nonpreemptive worker |
sqlos | stuck_dispatcher_callback_executed | Stuck dispatcher callback executed |
sqlos | wait_completed | Occurs when there is a wait completed on a SQLOS controlled resource. Use this event to track wait completion. |
sqlserver | after_natively_compiled_proc_entry_removal_on_drop | Fired after the procedure cache entry is flushed when dropping a natively compiled procedure. |
sqlserver | availability_replica_state | Occurs when the Availability Replica is starting or shutting down. |
sqlserver | before_natively_compiled_proc_entry_removal_on_drop | Fired before the procedure cache entry is flushed when dropping a natively compiled procedure. |
sqlserver | before_redo_lsn_update | Occurs just prior to the update of the EOL LSN |
sqlserver | buffer_pool_eviction_thresholds_recalculated | Lazywriter and/or worker clock has wrapped the BUF array and thresholds are re-calculated. |
sqlserver | buffer_pool_extension_pages_evicted | Page is evicted from the buffer pool extension cache. |
sqlserver | buffer_pool_extension_pages_read | Page is read from the buffer pool extension cache. |
sqlserver | buffer_pool_extension_pages_written | Page or contiguous set of pages evicted into the buffer pool extension cache. |
sqlserver | check_phase_tracing | Occurs when DBCC CHECK enters a new phase of the checking. Use this event to trace the phases of DBCC CHECK process. |
sqlserver | check_thread_message_statistics | Occurs when a phase of DBCC CHECK is finished. Use this event to collect the number of messages a DBCC CHECK thread has sent or received. |
sqlserver | check_thread_page_io_statistics | Occurs when a phase of DBCC CHECK is finished. Use this event to collect the number of logical, physical, and read-ahead IOs a DBCC CHECK thread has performed. |
sqlserver | check_thread_page_latch_statistics | Occurs when a phase of DBCC CHECK is finished. Use This event to collect the number and time of page latch and IO latch waits. |
sqlserver | clustered_columnstore_index_rebuild | Occurs when clustered index on the table was rebuilt. This event is raised three times for ALTER index rebuild operation on CCSI. The event is raised when the operation takes lock on index rebuild resource, when lock is taken on the table and when S lock on the table is upgraded to SCH_M lock to switch indexes in metadata. |
sqlserver | column_store_code_coverage | Code coverage Xevent for columnstore code. |
sqlserver | column_store_index_build_low_memory | Occurs when Storage Engine detects low memory condition and the rowgroup size is reduced. |
sqlserver | column_store_index_build_process_segment | Occurs when a segment is processed |
sqlserver | column_store_index_build_throttle | Shows the statistics of columnstore index build parallelism throttling |
sqlserver | columnstore_tuple_mover_begin_compress | Occurs when column store tuple mover starts compressing a deltastore. |
sqlserver | columnstore_tuple_mover_end_compress | Occurs when column store tuple mover is done compressing a deltastore. |
sqlserver | database_xml_deadlock_report | Produces a deadlock report for a victim, with information scoped to the victim's database. |
sqlserver | db_lock_acquired_from_cache | Occurs when a DB lock is acquired from the XactWorkspace DB lock cache. |
sqlserver | db_lock_released_from_cache | Occurs when a DB lock is released from the XactWorkspace DB lock cache. |
sqlserver | ddl_with_wait_at_low_priority | A DDL statement was executed using the WAIT_AT_LOW_PRIORITY options |
sqlserver | diag_quantum_end | Occurs when the diag is notified of quantum end. |
sqlserver | dyn_throttle_checkpoint | Occurs when checkpointing has been dynamically throttled with a new Checkpoint rate. |
sqlserver | feature_extension | Occurs when received and parses data for a feature in feature extension. |
sqlserver | file_handle_in_use | Fired when a file handle we're trying to delete is in use and we don't expect it to be. The typical response is dumping all the handles in the system via SysInternals HANDLE.EXE |
sqlserver | file_read_enqueued | File read enqueued |
sqlserver | file_read_throttled | File read throttled |
sqlserver | file_write_enqueued | File write enqueued |
sqlserver | file_write_throttled | File write throttled |
sqlserver | ghost_cleanup_task_packet_enqueue | A task packet is enqueued |
sqlserver | ghost_cleanup_task_process_packet | A task packet is dequeued and processed |
sqlserver | ghost_cleanup_task_process_pages_for_db_packet | Purge the pages that contain ghost records found in a database |
sqlserver | ghost_cleanup_task_start | Ghost cleanup task start |
sqlserver | ghost_cleanup_task_suspend | Ghost cleanup task suspend |
sqlserver | hadr_tds_synchronizer_payload_skip | Hadron Tds Listener Synchronizer skipped a listener payload because there were no changes since the previous payload. |
sqlserver | lock_request_priority_state | The priority state of a lock request |
sqlserver | log_cache_write_block | Writing a log block to the log cache |
sqlserver | metadata_ddl_add_column | Occurs when an ALTER TABLE ADD column operation is updating base index. |
sqlserver | metadata_ddl_alter_column | Occurs when an ALTER TABLE ALTER column operation is updating base index. |
sqlserver | metadata_ddl_drop_column | Occurs when an ALTER TABLE DROP column operation is updating base index. |
sqlserver | mixed_extent_activation | Track mixed extent activation and deactivation operations. |
sqlserver | mixed_extent_allocation | Track mixed extent allocation operations |
sqlserver | mixed_extent_deallocation | Track mixed extent deallocation operations. |
sqlserver | mixed_page_allocation | Track mixed page allocation operations |
sqlserver | mixed_page_deallocation | Track mixed page allocation operations |
sqlserver | mixed_page_scan_file | Track the activity of SGAM scans for mixed page allocation |
sqlserver | mixed_page_scan_page | Track the activity of SGAM scans for mixed page allocation |
sqlserver | mixed_page_skipextent | Track the activity of SGAM scans for mixed page allocation |
sqlserver | natively_compiled_proc_execution_started | Fired before a natively compiled procedure is executed. |
sqlserver | natively_compiled_proc_slow_parameter_passing | Occurs when a Hekaton procedure call dispatch goes to slow parameter passing code path |
sqlserver | process_killed_by_abort_blockers | A process is killed by an ABORT = BLOCKERS DDL statement |
sqlserver | query_execution_batch_hash_aggregation_finished | Occurs at the end of batch hash aggregation. |
sqlserver | query_execution_batch_hash_children_reversed | Occurs each time when hash join reverses build and probe side while processing data spilled to disk. |
sqlserver | query_execution_batch_hash_join_spilled | Occurs each time when hash join spills some data to disk in batch processing. |
sqlserver | query_optimizer_estimate_cardinality | Occurs when the query optimizer estimates cardinality on a relational expression. |
sqlserver | query_optimizer_force_both_cardinality_estimation_behaviors | Both traceflags 2312 and 9481 were enabled, attempting to force both old and new cardinality estimation behaviors at the same time. The traceflags were ignored. Disable one or both of the traceflags. |
sqlserver | query_store_failed_to_capture_query | Fired if the Query Store failed to capture query. The Query Store will not track statistics for this query |
sqlserver | query_store_failed_to_load_forced_plan | Fired if the query failed to load forced plan from QDS. Forcing policy will not be applied |
sqlserver | query_store_persist_on_shutdown_failed | Occurs when SQL Server fails to store dirty entries in Query Store on database shutdown. |
sqlserver | recovery_indirect_checkpoint | Chose to enqueue an indirect checkpoint as we are near our recovery target |
sqlserver | remove_database_cache | Remove database cache |
sqlserver | server_max_workers | Occurs when a request enqueue fails because a worker was not guaranteed. |
sqlserver | session_recoverable_state_change | Occurs when the server determines a state change in term of session recovery on a connectionresilency-enabled connection. |
sqlserver | sql_transaction_commit_single_phase | Occurs when a sql transaction is committed with single phase commit. |
sqlserver | xfcb_blob_properties_obtained | Windows Azure Storage blob property is obtained from response header. |
sqlserver | xfcb_failed_request | Failed to complete a request to Windows Azure Storage. |
sqlserver | xfcb_header_obtained | Response header is obtained from request to Windows Azure Storage. |
sqlserver | xfcb_read_complete | Read complete from Windows Azure Storage response. |
sqlserver | xfcb_request_opened | A request is opened to Windows Azure Storage. |
sqlserver | xfcb_send_complete | Request send to Windows Azure Storage is complete. |
sqlserver | xfcb_write_complete | Request send to Windows Azure Storage is complete. |
sqlserver | xtp_create_procedure | Occurs at start of XTP procedure creation. |
sqlserver | xtp_create_table | Occurs at start of XTP table creation. |
sqlserver | xtp_db_page_allocation_allowed | Indicates that page allocations for the database are allowed. |
sqlserver | xtp_db_page_allocation_disallowed | Indicates that page allocations for the database are disallowed due to memory pressure. |
sqlserver | xtp_deploy_done | Occurs at completion of XTP object deployment. |
sqlserver | xtp_matgen | Occurs at start of MAT generation. |
sqlserver | xtp_offline_checkpoint_scan_start | Fired by XTP offline checkpoint when the checkpoint thread begins. |
sqlserver | xtp_offline_checkpoint_scan_stop | Fired by XTP offline checkpoint when the checkpoint thread stops. |
sqlserver | xtp_recover_done | Occurs at completion of log recovery of XTP table. |
sqlserver | xtp_recover_table | Occurs at start of log recovery of XTP table. |
sqlserver | xtp_storage_table_create | Occurs at just before the XTP storage table is created. |
ucs | ucs_connection_rejected_by_proxy_whitelist | After a connection attempt to the UCS proxy endpoint is rejected by whitelist check |
ucs | ucs_proxy_connect_next_hop | UCS proxy next hop connection |
ucs | ucs_proxy_receive_proxy_connect_message | UCS proxy receive proxy connect message |
ucs | ucs_proxy_route_add | UCS proxy route added |
ucs | ucs_proxy_route_disable | UCS proxy route disabled |
ucs | ucs_proxy_route_refresh | UCS proxy route refreshed |
ucs | ucs_proxy_send_proxy_connect_message | UCS proxy send proxy connect message |
XtpCompile | cgen | Occurs at start of C code generation. |
XtpCompile | invoke_cl | Occurs prior to the invocation of the C compiler. |
XtpCompile | mat_export | Occurs at start of MAT export. |
XtpCompile | pitgen_procs | Occurs at start of PIT generation for procedures. |
XtpCompile | pitgen_tables | Occurs at start of PIT generation for tables. |
XtpEngine | after_changestatetx_event | Fires after transaction changes state. |
XtpEngine | alloctx_event | |
XtpEngine | attempt_committx_event | Is raised when a transaction is asked to commit. |
XtpEngine | before_changestatetx_event | Fires before transaction changes state. |
XtpEngine | dependency_acquiredtx_event | Raised after transaction takes a dependency on another transaction. |
XtpEngine | endts_acquiredtx_event | Fires after transaction acquires an end timestamp. |
XtpEngine | gc_base_generation_evaluation | Indicates that an evaluation of updating the GC base generation has been made. |
XtpEngine | gc_base_generation_updated | Indicates that the oldest active transaction hint used for calculating the GC base generation has been updated. |
XtpEngine | gc_cycle_completed | Indicates that a GC notification has been enqueued. |
XtpEngine | gc_notification | Indicates that GC is processing a notification. |
XtpEngine | redo_single_hk_record | Redo on a HK log record |
XtpEngine | trace_add_delta_filter_begin | Adding delta filter. |
XtpEngine | trace_add_duplicate_delta_filter | Adding duplicate delta filte. |
XtpEngine | trace_adding_tx_filter | Adding tx filter. |
XtpEngine | trace_begin_close_ckpt_processing | Beginning close checkpoint processing: checkpoint flush fence = $2 ($3 state). |
XtpEngine | trace_cfd_entry_deleted | Cleaned up data CFD entry for file $2 $3. |
XtpEngine | trace_cfd_rows_created | Successfully created CFD rows. |
XtpEngine | trace_cfdtable_dump | CfdTable dump |
XtpEngine | trace_cfp_handles_opened | Opened CFP handles for {data: $2 delta: $3} in section $4. |
XtpEngine | trace_cfp_removed_from_freelist | Removed CFP from freelist for destination file. |
XtpEngine | trace_checkpoint_file_flush | Indicating that a file has started a flush operation. |
XtpEngine | trace_checkpoint_load_begin | Starting Checkpoint load with checkpoint timestamp=$2. |
XtpEngine | trace_checkpoint_write_io | Logs an event indicating that an IO has started (when event_type == IoStarted) or that an IO has completed (when event_type == IoComplete). |
XtpEngine | trace_checksum_validation_succeeded | Checksum validation for Hekaton checkpoint file during backup succeeded. |
XtpEngine | trace_ckpt_close_begin | Closing checkpoint in active/passive state. |
XtpEngine | trace_ckpt_close_signaled | Signaling checkpoint close. The checkpoint policy object is flagged to close the current checkpoint |
XtpEngine | trace_ckpt_closed | Checkpoint closed |
XtpEngine | trace_ckpt_load_thread_stats | Statistics of the checkpoint load thread. |
XtpEngine | trace_ckpt_mrt_dump | Mrt dump |
XtpEngine | trace_ckpt_serialization_state_dump | Checkpoint serialization state dump. |
XtpEngine | trace_ckpt_stream_io_stats | Io statistics for this particular stream. |
XtpEngine | trace_close_file_log_rec_created | Successfully created close file log record. |
XtpEngine | trace_data_file_pages_txs | This event gives the number of pages and the transaction range for a data file. |
XtpEngine | trace_data_from_page_deserialized | Deserialized data from page $2 in file $4. |
XtpEngine | trace_data_row_modified | Data row modified/deleted. |
XtpEngine | trace_delete_cfd_rows_begin | Matching MRT not found for the Data CFD. Deleting corresponding CFD Rows. |
XtpEngine | trace_delete_DeletedObjectTable_row_begin | Deleting row from DeletedObjectTable in the context of transaction: $5. |
XtpEngine | trace_delete_merged_source_file | Deleting merged source $7 file $5:$6. DeleteLSN = $2:$3:$4. |
XtpEngine | trace_delete_mrtrow_for_target_begin | Deleting mrt row for target. |
XtpEngine | trace_delta_entry_skipped | Skipping delta {$3, $4, $5} because it is beyond the snapshot checkpoint: $6. |
XtpEngine | trace_delta_file_future_count_rows_pages_update | Updating future count pages and count rows for delta file. |
XtpEngine | trace_delta_file_lastgood_count_rows_pages_update | Updating lastgood count pages and count rows for delta file. |
XtpEngine | trace_delta_file_pages_txs | This event gives the number of pages and the transaction range while reading a delta file for a particular operations. |
XtpEngine | trace_delta_file_processed | Completed processing of Delta file. |
XtpEngine | trace_delta_file_set_clean_or_dirty | Delta file set clean or dirty. |
XtpEngine | trace_delta_filter_removed | Removing delta filter from DeltaFilterMap due to transaction filter. |
XtpEngine | trace_delta_watermark_removed | Removed delta watermark. |
XtpEngine | trace_delta_watermark_updated | Updated delta watermark row for FileId: $4. |
XtpEngine | trace_deserialize_chained_records | Info pertaining to the deserialized content of the mrtRecords chain. |
XtpEngine | trace_deserialize_data_from_page_begin | Deserializing data from page $2 in file $4. |
XtpEngine | trace_deserialize_source_delta_file_begin | Deserializing source delta file $4: page range [$2, $3). |
XtpEngine | trace_dump_cfd_row | Dump cfd row |
XtpEngine | trace_dump_mrt_row | Merge Request |
XtpEngine | trace_file_close_skipped | Skipping file close for $2 as the cfp had been merged, It could not be found in the Storage array. |
XtpEngine | trace_file_skipped | Skipping file $4 due to reason $5. |
XtpEngine | trace_file_skipped_with_tx_range | Skipping file $5 with TX range { $3 -> $4 } due to MaxTxId == InvalidTxId. |
XtpEngine | trace_first_page_header_flushed | Flushed first page header for file. |
XtpEngine | trace_flush_io_operation_for_delta_file | This trace is trying to catch pages issued for flush that didn't make it to the file, or were lacking the correct DeltaWatermark Timestamp. |
XtpEngine | trace_flush_skipped_for_closed_data_file | Skipping flush for data file ('$2') as it is closed. |
XtpEngine | trace_future_count_pages_update | Updating future count pages. |
XtpEngine | trace_initial_merge | Doing initial merge for destination $3 at CheckpointTs: $2. |
XtpEngine | trace_insert_DeletedObjectTable_row_begin | Inserting row to DeletedObjectTable in the context of transaction: $5. |
XtpEngine | trace_intialize_worker_file_begin | Processing file close. |
XtpEngine | trace_mark_data_file_closed | Marking the active data file as closed to prevent the offline worker fom flushing them. |
XtpEngine | trace_merge_cancelled | Merge was cancelled for destination $2. |
XtpEngine | trace_merge_complete_log_rec_ignored | MergeCompleteLogRecord ignored for destination file $3. |
XtpEngine | trace_merge_complete_log_rec_processed | Successfully processed MergeCompleteLogRecord. |
XtpEngine | trace_mrt_dump | Mrt dump. |
XtpEngine | trace_mrt_row_inplace_update | Mrt row updated in place. |
XtpEngine | trace_mrtrow_not_found | Could not find row with Destination ID: $2 in MRT table. |
XtpEngine | trace_new_delta_watermark_inserted | Inserted new delta watermark row for FileId $3. |
XtpEngine | trace_offline_process_stale_merge_item | Offline processing of stale merge item {$2, $3} Destination $4. |
XtpEngine | trace_pending_tx | Pending Transaction |
XtpEngine | trace_populate_storage_array | Populating the storage array. |
XtpEngine | trace_post_writefile | This event is fired after issuing IO on the proxy. |
XtpEngine | trace_process_file_close_begin | Processing file close. |
XtpEngine | trace_process_merge_complete_log_record | Process merge complete log record. |
XtpEngine | trace_process_merge_request | Process Merge Request |
XtpEngine | trace_process_source_file | Processing source $4 file $2. |
XtpEngine | trace_process_target_file | Processing target $4 file $2. |
XtpEngine | trace_queue_merge_work_item | Queue work item: {$2, $3} $5 - $6 with CheckpointTs as $4. |
XtpEngine | trace_recovered_existing_file | Recovered exising files files allocated during forward processing that are not already part of the CCB. |
XtpEngine | trace_resyncing_state_of_file | Resyncing state of file $4 ('$5') post recovery: $2 pages, $3 rows. |
XtpEngine | trace_serialization_object_cleaned | Cleaned serialization object. |
XtpEngine | trace_serialize_abort_transaction_begin | Serializing the abort transaction filter to the delta cache corresponding to its own transaction range. |
XtpEngine | trace_serialize_tx_begin | Serialize TS begin for completing the checkpoint in active state. |
XtpEngine | trace_serialize_tx_end | Serialize TS end for completing the checkpoint. |
XtpEngine | trace_serialized_delta_rows_to_file | Serialized delta rows to file. |
XtpEngine | trace_source_file_load_stats | Load stats for source files in merge. |
XtpEngine | trace_storage_refreshed_for_file | Storage refreshed for file. |
XtpEngine | trace_uninitialize_file | uninitializing_file |
XtpEngine | trace_wrote_delta_watermark | Wrote delta watermark for file: $3, checkpointTs: $2. |
XtpEngine | waiting_for_dependenciestx_event | Raised when we have explicitly waited for dependencies to clear. |
XtpEngine | xtp_before_create_log_record | Fired before submitting a request to the host to serialize a non-transactional log record. |
XtpEngine | xtp_checkpoint_file_flush | Indicates the point at which a given file has been flushed to disk. |
XtpEngine | xtp_checkpoint_file_flush_complete | Indicates the point at which all in-flight buffers have been flushed to disk. |
XtpEngine | xtp_checkpoint_file_read | Indicates reading of a file in XTP checkpoint recovery. |
XtpEngine | xtp_checkpoint_worker_active_log | Indicates that the checkpoint worker has started processing the log records in the active portion of the log. |
XtpEngine | xtp_checkpoint_worker_started | Indicates that the checkpoint worker has started processing the log records. |
XtpEngine | xtp_checkpoint_worker_stopped | Indicates that the checkpoint worker has started processing the log records. |
XtpEngine | xtp_checkpoint_write_io | Indicates that the checkpointing subsystem has issued or completed a write IO. |
XtpEngine | xtp_complete_checkpoint | Indicates the begin and end of complete checkpoint processing. |
XtpEngine | xtp_create_log_record | Fires when the XTP engine creates a log record. |
XtpEngine | xtp_delta_marked_dirty | Indicates that a delete/update was serialized and marked a delta file dirty |
XtpEngine | xtp_merge_complete_log_record | Indicates merge complete log record is posted to the log. |
XtpEngine | xtp_merge_log_complete_log_record | Indicates merge log record was interpreted by the offline worker. |
XtpEngine | xtp_merge_process_log_record | Indicates merge log record was interpreted by the offline worker. |
XtpEngine | xtp_merge_request_log_record | Indicates merge request log record is posted to the log. |
XtpEngine | xtp_merge_request_started | Indicates merge request has been picked up by the merge worker thread. |
XtpEngine | xtp_root_deserialized | Indicates that the load of a checkpoint root is complete. |
XtpEngine | xtp_root_serialized | Indicates that the write of the checkpoint root is complete. |
XtpRuntime | bind_md | Occurs prior to binding metadata for a memory optimized table. |
XtpRuntime | bind_tables | Occurs prior to binding tables for a natively compiled procedure. |
XtpRuntime | create_table | Occurs prior to creating memory optimized table. |
XtpRuntime | deserialize_md | Occurs prior to deserializing metadata. |
XtpRuntime | load_dll | Occurs prior to loading the generated DLL. |
XtpRuntime | recover_done | Occurs at completion of checkpoint recovery of a memory optimized table. |
XtpRuntime | recover_table | Occurs at start of checkpoint recovery of a memory optimized table. |
XtpRuntime | serialize_md | Occurs prior to serializing metadata. |
XtpRuntime | unload_dll | Occurs prior to unloading the generated DLL. |
Happy tracing,
Andreas
Received MVP Award for SQL Server // Ausgezeichnet mit dem MVP-Award
Apr 2nd
Ausgezeichnet mit dem MVP-Award für SQL Server
(de) |
(en) |
Ich freue mich riesig über diese Anerkennung meiner zahlreichen Konferenz-Beiträge, Usergroup-Meetings und anderen Aktivitäten! So bin ich seit 2009 bis Stand heute auf 27 Konferenzen als Redner zu verschiedenen SQL Server Themen, von Sicherheit über Performance & Indexdesign bis hin zu Reporting Services aufgetreten und habe auf weiteren 34 Usergroup-Meetings Vorträge gehalten. 2013 hat sich meine Aktivität noch einmal gesteigert, so dass ich allein in diesem Jahr auf 11 Konferenzen, von Istanbul/Türkei bis Charlotte/USA, und 14 PASS Regionalgruppentreffen (Liste) als Sprecher angetreten bin. Damit bin ich fast so viel auf Konferenzen unterwegs wie drei weitere deutsche MVP-Kollegen, die diese Auszeichnung bereits hochverdient für ihren Einsatz für die deutsche SQL Server Community PASS Deutschland e.V. erhalten haben: Tillmann Eitelberg, Oliver Engels – beide im Vorstand der PASS – und Constantin Klein, der unter anderem den Just Community e.V. und die .NET User Group Frankfurt leitet. – Ich freue mich, zu dieser illustren Runde dazustoßen zu können! Dieser Award ist für mich daher eine tolle Anerkennung und ein Ansporn weiterzumachen – was natürlich nicht heißt, dass ich es nicht auch ohne diesen tun würde, denn die Interaktion mit der Community ist für sich gesehen schon eine echte Bereicherung, von der alle profitieren. An dieser Stelle möchte ich einigen Personen persönlich meinen Dank aussprechen, die meine Nominierung zum MVP auf verschiedene Weise unterstützt haben: |
I am very excited about this recognition of my many contributions to conferences, usergroup meetings, and other activities! In fact, since 2009 till today, I have appeared as a speaker in 27 conferences, speaking on different SQL Server topics from security to performance & index design to reporting services, and have given presentations in 34 usergroup meetings. 2013 saw yet another boost in my activities: That year alone I was speaker at 11 conferences, from Istanbul/Turkey to Charlotte/USA, and at 14 PASS regional group meetings (list). Thus, I am participating in conferences to an almost similar extent as three other German MVP colleagues who have already been awarded, quite deservedly, the very award for their commitment to the German SQL Server Community PASS Deutschland e.V.: Tillmann Eitelberg, Oliver Engels – both of them in the chair of the PASS – and Constantin Klein who heads the Just Community e.V. and the .NET User Group Frankfurt, among others. – I am honored to be joining this illustrious circle! This award is indeed a fantastic acknowledgement and incentive to continue – of course, this doesn’t mean I wouldn’t do so without this award, because the interaction with the community is in itself already an enrichment from which everyone is benefiting. I would like to express my personal thanks to the following people who have supported my nomination to MVP in various ways: |
Anna Feth (Microsoft MVP Programmkoordinator Region DACH), @AnnaFeth), Constantin Klein (MVP, Blog, @KostjaKlein), Daniel Weinmann (Product Marketing Manager - SQL Server/ BI Microsoft GmbH), Florian Endres (Community Program Manager, @senorf), Heike Ritter (Technical Evangelist Microsoft Deutschland GmbH, @HeikeRitter), Jack Richins (Principal Development Lead Microsoft SQL Server Security), Katrin Letzel (Microsoft MVP Community Program Manager, @katko), Niko Neugebauer (MVP, Blog, @NikoNeugebauer), Oliver Engels (MVP, @oengels), Scott Klein (SQL Server Evangelist, Microsoft, @SQLScott), Tillmann Eitelberg (MVP, Blog, @_Tillmann) and the Team of the datafino GmbH, to which I have a strong partnership as well as all anonymous supporters and technical sparring partners.
So bin ich mindestens genauso dankbar für all die wertvollen Kontakte, die Gesprächsmöglichkeiten und den Austausch untereinander wie für den Award selber. |
Thus, I am at least equally grateful for all the valuable contacts, opportunities for dialogue and mutual exchange as for the award itself. |
Andreas
MCSM, MCM and MVP :-)