Over the last several years, Microsoft has been putting less and less effort into Cumulative Update documentation. We used to get full-blown knowledge base articles about fixes, but these days, we get a collection of footnotes with deceiving hyperlinks that look like they’re going to lead to more information – but they simply lead back to themselves.

So whenever a new Cumulative Update drops at SQLServerUpdates.com, before I install it, I like to:

1. Log my dev server’s list of current sys.all_objects, all_columns, messages, configurations, etc to tables
2. Apply the update
3. Query the new contents of sys.all_objects, all_columns, etc to see what new ones were added

Here’s how it works. First, log the contents of the current tables into user tables. You can do this in any database, and I personally prefer to use a DBA tools database where I keep stuff like utility scripts. I’m filtering for language 1033 here (English), and feel free to use a different language if you like.

Then, apply your update. Then, run these queries one at a time to see what changed:

Then, after your update, you get nice detailed lists of what changed. It’s fairly rare to see new objects or parameters, but it’s really common to see dozens of new messages in every CU:

The messages query also generates an HTML list, making it easy for me to send a list of stuff to clients. For example, here are the new messages in SQL Server 2022 CU16, and I’ve taken the liberty of bolding a few of the more interesting ones (for me at least):

• 7455: Service Master Key is not generated or access is lost so encryption/decryption of linked server passwords cannot be done. (Brent says: there are a lot of key messages in this particular CU, indicating that there must have been support issues caused by key problems. I don’t necessarily take that to mean that there are reliability issues here – I just take it to mean that when those particular problems strike, they’re so hard to troubleshoot that Microsoft had to add additional debug messages in the log, and that’s really helpful for those of us outside of support who have to troubleshoot too.)
• 9055: Start of the log needed to be backed up on Managed Instance link database ‘%.*ls’ can not be found.
• 14079: Object ‘%ls’ cannot be published because it was created by an internal SQL Server component.
• 14130: WARNING: The database ‘%s’ does not contain database master key. Create a database master key and then update all replication secrets in this database.
• 14131: The database ‘%s’ does not contain database master key. Create database master key and repeat the procedure.
• 19533: Cannot create distributed availability group ‘%.*ls’ as it requires two Availaiblity Group Replicas, however %d were specified. (Brent says: I love typos like “Availaiblity” that get permanently enshrined in messages like this.)
• 19536: The default startup routine of database ‘%.*ls’ that belongs to an availability group (Group ID: %d) cannot be skipped because SQL Server did not initialize the Availability Replica Manager. This is an informational message only. No user action is required.
• 23622: Change Streams requires Change feed to be enabled. (Brent says: messages like this are really useful when new versions/features come out because they help you catch limitations you weren’t aware of yet, and that may not have been present when the version/feature was initially announced.)
• 23623: The feature switch enabling support for using Event Hub with change streams is disabled. // ErrorCause: Change Streams has not enabled support for Event Hub.
• 23624: The caller does not have permission to use ‘%s’.
• 23625: The argument ‘%s’ failed validation.
• 23626: An error occured. The error/state returned was %d/%d: ‘%s’.
• 23627: An error occured when configuring change feed.
• 23628: The argument ‘%s’ failed validation. Expects: ‘schemaName.objectName’
• 23629: The configuration already exists in ‘%s’.
• 23630: Change Streams could not create the object configuration.
• 23631: The configuration does not exists in ‘%s’.
• 23632: Change Streams could not remove the object configuration.
• 23633: Change Streams could not drop the object configuration from the group.
• 23701: Database ‘%ls’ went to suspect state. Backup cannot be performed on a database that is in suspect state.
• 37549: Cannot open session for %S_MSG ‘%.*ls’. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37550: Cannot initialize cryptographic provider. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37551: Cannot create key ‘%.*ls’ in the provider. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37552: Cannot export %S_MSG from the provider. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37553: Invalid algorithm ‘%.*ls’. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37554: Key with %S_MSG ‘%.*ls’ does not exist in the provider or access is denied. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37555: Invalid algorithm id: %d. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37556: Key validation failed since an attempt to get algorithm info for that key failed. Provider error code: %d. (%.*ls). For more information, see https://aka.ms/sql-ekm-connector-troubleshooting
• 37563: The primary managed identity is not selected for this server. Enable the primary managed identity for Microsoft Entra authentication for this server. For more information see (https://aka.ms/sql-server-managed-identity-doc).
• 37564: The managed identity with Client_ID/Application_ID ‘%ls’, is the primary identity assigned for this server.
• 37566: Operations on customer managed key ‘%s’ are not allowed because the key has been disabled in Azure Key Vault ‘%s’. Please enable the key. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37567: Operations on customer managed key ‘%s’ are not allowed in Azure Key Vault ‘%s’. Please allow the following operations on the key: “get”, “wrapKey”, “unwrapKey”. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37568: One of required operations on customer managed key ‘%s’ is not allowed for currently chosen RBAC role of the managed instance ‘%s’ identity on Azure Key Vault ‘%s’. Please change to a RBAC role permitting the following permissions on the key vault: “get”, “wrapKey”, “unwrapKey”. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting
• 37569: Connection to Azure Key Vault ‘%s’ was forbidden by Azure Key Vault firewall policy. Please review the Azure Key Vault firewall policy to enable connections from Managed Instance ‘%s’. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37570: One of required operations on customer managed key ‘%s’ on Azure Key Vault ‘%s’ is not allowed for currently set key vault policy used by managed instance ‘%s’ identity. Please use a policy permitting the following permissions on the key vault: “get”, “wrapKey”, “unwrapKey”. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37571: Azure Key Vault ‘%s’ operation requested by Managed Instance ‘%s’ failed due to insufficient permissions (inner error code: ‘%s’). For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37572: Customer managed key ‘%s’ was not found in Azure Key Vault ‘%s’. If it was recently deleted, recovery could be possible if ‘soft-delete’ protection is enabled on the key vault. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37573: Connection to Azure Key Vault ‘%s’ could not be established. Please review network settings for Managed Instance ‘%s’. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37574: Azure Key Vault URI ‘%s’ could not be resolved. Please ensure the key vault URI is valid and that your network settings for Managed Instance ‘%s’ are not blocking access to Azure Public DNS. For help resolving this issue, please see https://aka.ms/sqlmi-tde-troubleshooting.
• 37576: The current SQL Server Connector version for Microsoft Azure Key Vault does not support the managed identity (see https://aka.ms/sql-server-managed-identity-doc). Upgrade the SQL Server Connector to its latest version (see https://www.microsoft.com/en-us/download/details.aspx?id=45344&msockid=2aa7acc4c900647e098ebfb5c8ba6506).
• 41988: The link supporting bi-directional failover requires matching database formats on source and target server. (Brent says: I’m guessing that it has to do with customers who failed over from SQL Server 2022 to Managed Instances, then changed their Managed Instance’s update policy to be always-up-to-date, and then tried to fail back to SQL Server 2022, which wouldn’t work.)
• 41989: The parameters (%ls) can only be set/updated on SQL Database Managed Instance. Review the documentation for supported parameters. (Brent says: ah yes, “the documentation”)
• 41990: %s cannot be null or empty when %s is set to 0 (SQL Server Authentication).

I like perusing these lists because they give me insight into support problems that are popping up – and they’re popping up often enough that Microsoft has to add new diagnostic messages into SQL Server itself. I actually love this, and I think new messages are a great thing. They’re a sign of investment into diagnostic tooling. (Although I gotta admit that I’m a little jealous – Microsoft seems to be investing more in diagnostic tooling for Azure support folks than they are for us database administrators, who don’t even get a check engine light.)