Skip to Content

ASE LOGINREC info with traceflag 4001

Apr 28, 2017 at 12:55 PM


avatar image


I'm working on enforcing net password encryption, and want to monitor all connections to the ASE instance. With traceflag 4001 I get all LOGINREC info in the console output, and I know these statuses:

SECURITY: option: 0x00 -- no password encryption

SECURITY: option: 0xa1 -- password encryption

However, I also see plenty of records with: option: 0x21 and option: 0x01

Anyone knows the meaning of those values?

I guess it's a bit map, but not sure which bit actually indicates the pw encryption

0x01 = 0000 0001
0x21 = 0010 0001
0xa1 = 1010 0001

Are there any other statuses I can expect?


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Best Answer
Jeroen Rijnbergen May 03, 2017 at 02:37 PM

sorted it out

option != 0x00 means some kind of encryption is used

different values for different mechanisms, also depends on the type of pw encryption

And an alternative to check if password encryption is used: dbcc pss(0,0)

check the output for this string: ENCRYPT

10 |10000 characters needed characters left characters exceeded