MSSQL 2016: A security (SSPI) error occurred when connecting to another Service Broker or Database Mirroring host

Microsoft.SQLServer.2016.A_security__SSPI__error_occurred_when_connecting_to_another_Service_Broker_or_Database_Mirroring_host_5_Rule (Rule)

When Service Broker transport security uses SSPI, the service account for the remote database must have CONNECT permission in master database. Remote SQL Server instance should allow Windows Authentication for the account being used by remote host. There are no requirements for the login to have other permissions or to own objects in any database.

Knowledge Base article:

Element properties:

Member Modules:

Source Code:

<Rule ID="Microsoft.SQLServer.2016.A_security__SSPI__error_occurred_when_connecting_to_another_Service_Broker_or_Database_Mirroring_host_5_Rule" Target="SQL2016Core!Microsoft.SQLServer.2016.DBEngine" Enabled="true" ConfirmDelivery="true" Remotable="true" Comment="Mom2016ID='{C0356031-F1FD-4825-B76A-4C4AC05D3E17}';MOM2016GroupID={467ECC75-C5DA-42BD-955C-A73BBB51AF74}">

  <Category>EventCollection</Category>

  <DataSources>

    <DataSource ID="_F6DA1507_12AF_11D3_AB21_00A0C98620CE_" Comment="{F6DA1507-12AF-11D3-AB21-00A0C98620CE}" TypeID="Windows!Microsoft.Windows.EventProvider">

      <ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>

      <LogName>Application</LogName>

      <Expression>

        <And>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>EventDisplayNumber</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>9649</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

          <Expression>

            <SimpleExpression>

              <ValueExpression>

                <XPathQuery>PublisherName</XPathQuery>

              </ValueExpression>

              <Operator>Equal</Operator>

              <ValueExpression>

                <Value>$Target/Property[Type="SQL2016Core!Microsoft.SQLServer.2016.DBEngine"]/ServiceName$</Value>

              </ValueExpression>

            </SimpleExpression>

          </Expression>

        </And>

      </Expression>

    </DataSource>

  </DataSources>

  <WriteActions>

    <WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">

      <Priority>1</Priority>

      <Severity>2</Severity>

      <AlertMessageId>$MPElement[Name="Microsoft.SQLServer.2016.A_security__SSPI__error_occurred_when_connecting_to_another_Service_Broker_or_Database_Mirroring_host_5_Rule.AlertMessage"]$</AlertMessageId>

      <AlertParameters>

        <AlertParameter1>Event ID: $Data/EventDisplayNumber$. $Data/EventDescription$</AlertParameter1>

      </AlertParameters>

      <Suppression>

        <SuppressionValue/>

      </Suppression>

    </WriteAction>

  </WriteActions>

</Rule>