May 2025 Discount: Comprehensive Database Performance Health Check | Testimonials

Home

SQL SERVER – Unable to Attach Database Files – The PageAudit Property is Incorrect – Ransomware Attack

Pinal Dave
SQL
2 Comments

Recently one of my clients contacted me after reading my blog above Ransomware on the SQL Server machine. In this blog, we would learn about error The PageAudit property is incorrect.

Here is my earlier blog on the ransomware topic. SQL SERVER – How to Protect Your Database from Ransomware?

Here were the errors in SQL Server ERRORLOG when the database was trying to startup.

Msg 5172, Level 16, State 15, Line 1
The header for file ‘E:\SQLMDF\FINANCE_DB\FINANCE_DB.mdf’ is not a valid database file header. The PageAudit property is incorrect.
Msg 945, Level 14, State 2, Line 1
Database ‘FINANCE_DB’ cannot be opened due to inaccessible files or insufficient memory or disk space. See the SQL Server errorlog for details.
Msg 5069, Level 16, State 1, Line 1
ALTER DATABASE statement failed.
Msg 5172, Level 16, State 15, Line 1
The header for file ‘E:\SQLMDF\FINANCE_DB\FINANCE_DB.mdf’ is not a valid database file header. The PageAudit property is incorrect.
Msg 922, Level 14, State 1, Line 1
Database ‘FINANCE_DB’ is being recovered. Waiting until recovery is finished.

Initially, I was not aware of the ransomware attack on this server. So, I used my usual method to read MDF file header without attaching it.

SQL SERVER – FIX – Error: One or more files do not match the primary file of the database

Here are the commands.

DBCC CHECKPRIMARYFILE(N'E:\SQLMDF\FINANCE_DB\FINANCE_DB.mdf',0); --IsMDF
DBCC CHECKPRIMARYFILE(N'E:\SQLMDF\FINANCE_DB\FINANCE_DB.mdf',2)
DBCC CHECKPRIMARYFILE(N'E:\SQLMDF\FINANCE_DB\FINANCE_DB.mdf',3)

As we can see from the output and the first command said it is not a valid file (output = 0) and the rest two commands failed with error:

SQL SERVER - Unable to Attach Database Files - The PageAudit Property is Incorrect - Ransomware Attack ran-01

Msg 5171, Level 16, State 1, Line 2
E:\SQLMDF\FINANCE_DB\FINANCE_DB.mdf is not a primary database file.

WORKAROUND/SOLUTION

There is nothing technical which a SQLDBA can do in this situation. I was able to find one good link which might help someone.

To find out which ransomware attacked you, please visit this site. Once ransomware name is identified, check if it is possible to decrypt files using known keys.

All the best to try various option to recover your data!

Reference: Pinal Dave (https://blog.SQLAuthority.com)

Ransomware, SQL Audit, SQL Error Messages, SQL Log, SQL Scripts, SQL Server
Previous Post
SQL SERVER – How to DROP or DELETE Suspect Database?
Next Post
SQL SERVER – Rebuild Index Job Failed – Error: 9002 – The Transaction Log for Database ‘PinalDB’ is Full Due to ‘LOG_BACKUP’

Related Posts

2 Comments. Leave new

  • Bert
    August 29, 2018 4:20 pm

    I can’t imagine what a nightmare having ransomware on your SQL Server must be!

    Reply

Leave a Reply

Pinal Dave is an SQL Server Performance Tuning Expert and independent consultant with over 22 years of hands-on experience. He holds a Masters of Science degree and numerous database certifications.

Pinal has authored 14 SQL Server database books and 90 Pluralsight courses. To freely share his knowledge and help others build their expertise, Pinal has also written more than 5,800 database tech articles on his blog at https://blog.sqlauthority.com.

Pinal is an experienced and dedicated professional with a deep commitment to flawless customer service. If you need help with any SQL Server Performance Tuning Issues, please feel free to reach out at pinal@sqlauthority.com.

Pinal is also a CrossFit Level 1 Trainer (CF-L1) and CrossFit Level 2 Trainer (CF-L2).

Nupur Dave is a social media enthusiast and an independent consultant. She primarily focuses on the database domain, helping clients build short and long-term multi-channel campaigns to drive leads for their sales pipeline.

Comprehensive Database Performance Health Check

Is your SQL Server running slow and you want to speed it up without sharing server credentials? In my Comprehensive Database Performance Health Check, we can work together remotely and resolve your biggest performance troublemakers in less than 4 hours.

Once you learn my business secrets, you will fix the majority of problems in the future.

SQL Server Performance Tuning Practical Workshop

Have you ever opened any PowerPoint deck when you face SQL Server Performance Tuning emergencies? SQL Server Performance Tuning Practical Workshop is my MOST popular training with no PowerPoint presentations and 100% practical demonstrations.

Essentially I share my business secrets to optimize SQL Server performance.