Dear all,

I saw in the server logs as below  (this is a sql server 2000 sp4 clustered environment on windows 2003 with sp2)

DBCC TRACEON (3604)

DBCC TRACEOFF (3604)

I know no one is accessing our server, how this happend? i saw this just before my maintance plan started. Is there any way system using this? can any one tell me how this get trigged other than manually starting it.The time between trace on and off is only millisec.

Thanks

John

I don't think MP executes it but some diagnostic tools may use it because to sent the info to screen or file...

Dear Mohammed,

Thanks for the reply, but am worried bought how it got trigged. no one has access to the server and i nerver did this.. but how this happened?? is some one tried to hack or something?? please let me know ur findings on this.

Thanks

John

 John,

Are you 100% sure that nobody else except you has access to your server?

Did this happened only once?

Which is the authentication you are using?

I'll suggest to change the p/w for all the sql users having administrative rights on server level i.e. members of sysadmin, securityadmin etc.

As I'm 100% sure that MP will not fire any query like this.

 Thanks Rohit,

I am 100% sure no one can access our server, it behind firewall and has other securities as authentication etc. i agree that MP has nothing to do with this, but how this got fired. ya this happened twice in the difference of 2 mins same day and the time difference between each trace on and off is only 10 millisec. (so how can some one ON and OFF with millisec) my doubt is whether system will fire anything like this? when i discussed with another friend of mine he said he heard onces the same thing happened but don't remember why it happened, also i got a link some one asking the same question in sqlservercentral but no body replied with a proper answer. i have done so much googling but no result. please guide me with your findings.

Thanks

John

 Then the only thing which is coming into my mind is you need to check your application code.....

 Thanks Rohit,

I wonder that we havn't did any change in the application code.. till now no idea how this got trigged ?? let me know if u get any idea on this

Thanks

John

I just had a similar query where I couldn't figure out why these were appearing in the event log. It turned out for us that it was because we use RedGate SQLSnapper which must set this flag.

To figure this out leave a trace running capturing login and logout events and application name and spid columns then cross reference against the spid in the event logs for the pertinent times.