Skip to Content

ASE LOGINREC info with traceflag 4001


I'm working on enforcing net password encryption, and want to monitor all connections to the ASE instance. With traceflag 4001 I get all LOGINREC info in the console output, and I know these statuses:

SECURITY: option: 0x00 -- no password encryption

SECURITY: option: 0xa1 -- password encryption

However, I also see plenty of records with: option: 0x21 and option: 0x01

Anyone knows the meaning of those values?

I guess it's a bit map, but not sure which bit actually indicates the pw encryption

0x01 = 0000 0001
0x21 = 0010 0001
0xa1 = 1010 0001

Are there any other statuses I can expect?


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    May 03, 2017 at 02:37 PM

    sorted it out

    option != 0x00 means some kind of encryption is used

    different values for different mechanisms, also depends on the type of pw encryption

    And an alternative to check if password encryption is used: dbcc pss(0,0)

    check the output for this string: ENCRYPT

    Add comment
    10|10000 characters needed characters exceeded