Message Analyzer 1.3.1 Update Released


A major feature, released with little fanfare, was telemetry for Message Analyzer. Key to understanding user behavior and exceptions, this telemetry has provided us with a wealth of data. So we decided to act as fast as possible and release a new version, Message Analyzer 1.3.1, to address some of the most important issues. Most of the update addresses exceptions, while there are a few important changes and even a few new features.

New Features and Updates

  • Export Analysis Grid – Previously, the only way to export data as text from the Analysis Grid viewer was to copy and paste the current selection. Now you can export a Selection of messages or All grid messages in the comma- or tab-separated format, based on the displayed columns.

clip_image001

  • Button Labels – All the buttons on the global toolbar now have text labels. After talking to some users, it became apparent that text labels are more useful for understanding the functionality of each button. You can change this behavior by right-clicking the toolbar and choosing an alternate view. We also limited the drop downs to expose the most important option and modified some spacing issues.

clip_image003

  • Updated NetLogon Parser – The NetLogon parser, which lets you load and troubleshoot user logon issues, has been refactored to load more quickly.
  • Telemetry Update – The telemetry data has provided lots of great information, but the most important thing we learned was that we need to gather some more data J.
  • SQL Session –The SQL session experience was updated to enable you to import data from SQL tables, as shown below:

clip_image005

  • Auto Update – Now you’ll be notified when a Message Analyzer update is available and you can manually Check for Updates as well.

clip_image006

  • Various Bug Fixes – for instance, the Start Local Trace button now works better, saving data is faster, asset management is improved, and parsing issues such as ETW parsing of task names, CSV parsing issues, and improved Windows 10 ETW message parsing are all fixed.

As always, please continue to send us feedback good or bad. We’ve been reading all of it and we use your feedback to prioritize our work. Remember, the Start Page has links to the blog as well as the forums for more in depth discussion.

Comments (17)

  1. Anon says:

    Glad to see that you're listening!

  2. kjpark says:

    In Windows 10, I couldn't start live trace.

    Error Message:
    Unable to start ETW session MMA-ETW-Livecapture-c2a3900f-b10b-40e5-af18-9a872e011401
    Host Name: Localhost

    Message Analyzer version: 1.3.1 (Build 4.0.7551.0)

  3. Paul E Long says:

    @jkpark, are you running as administrator? If you type Get-NetEventSession from a powershell prompt, does it return anything? Can you tell me if running "netsh trace start capture=yes" from an admin prompt lets you capture anything?

    Thanks,

    Paul

  4. Graeme Bray says:

    Paul - I realize that I ask for every update....but is there any word on the WSUS Integration for updates of Message Analyzer? It works well when you perform the update manually, but I need the automation without SCCM.

    The new version is much, much easier to use than 1.0-1.2...so great improvements in functionality, but how do I easily update my install base from those to 1.3.x?

  5. Paul E Long says:

    We were going to try to tackle the WSUS question in the update, but it's going to take more research on our end. Another change is NuGet is a related newer technology, so we are trying to understand the right direction at this point and how these work
    together. We certainly understand that you need a controlled way to update clients in your environment and we'll continue to move forward, and sooner or later you'll see an announcement in one of our future builds.

  6. Speidy says:

    I must say that you are doing great work! Thanks for listening for our feedbacks 😉

  7. I also get an error in Windows 10 (build 10240 & 10532) when running a live trace (running message analyzer with "Run as administrator"):

    Failed to start session due to the following error(s):
    Unable to start ETW session MMA-ETW-Livecapture-d3d1889b-d7f9-4bd6-8012-88ba8b654f12
    Host Name: Localhost
    Error in the application.

    This only seems to happen with the "Microsoft-Windows-NDIS-PacketCapture" provider. When pressing "configure" on this provider and selecting the "Provider" tab, I get the following error:

    Network adapters could not be enumerated.
    Local WMI provider for packet capture failed. Please check if WMI is supported and configured properly.

    Doing a "netsh trace start capture=yes" from an Administrator shell works fine and the captured file can be opened in Message Analyzer just fine.

  8. Paul E Long says:

    There is a known issue with Windows 10 that we are investigating. To verify it's the same issue, can you tell me if running the following PowerShell commands from and Admin Prompt result in an ETL that has no network traffic?

    New-NetEventSession xxx
    Add-NetEventPacketCaptureProvider –SessionName xxx
    Start-NetEventSession xxx
    ... generate some traffic with a Ping or something...
    Stop-NetEventSession xxx

  9. @Paul E Long when I tried the "New-NetEventSession xxx" I got a "New-NetEventSession: A general error occurred that is not covered by a more specific error code.".

    In the mean time I've been trying out Message Analyzer without Hyper-V on another machine as I thought that Hyper-V could be a problem. There do indeed seem to be some relation between the problems I have with Message Analyzer and Hyper-V.

    After the "New-NetEventSession" error I tried to remove the External Hyper-V Virtual Switch I have for my Wireless network. After doing this the New-NetEventSession ran without problems (and I could display the collected events in Message Analyzer - no problem!).
    Capturing events from Message Analyzer using the Microsoft-Windows-NDIS-PacketCapture now also works.

    The computer I'm using is a Surface Pro 3 and right now it's in a docking station. I have both Wired and Wireless network adapters in it and it seems that it's only a problem when I have the Wireless adapter (Marvell AVASTAR Wireless-AC Network Controller)
    added to an External Hyper-V switch. No problem with the wired adapter.

  10. Paul E Long says:

    @Brian, I think the Marvell is probably a USB wireless adapter? Does it work with the Surface Pro 3 built-in wireless adapter added to the External Hyper-V switch?

    Thanks,

    Paul

  11. @Paul E Long, the Marvell IS the built-in wireless adapter in Surface Pro 3 - I do not know if it is a USB adapter behind the scene, but I think not; The "Location" in Device Manager shows "PCI Slot 2 (PCI bus 1, device 0, function 0).

  12. @Paul E Long, actually I think, that the Wired adapter (which is part of the dock) might be a USB device. If I undock the Surface, only the Marvell Wireless is available and the problem is still the same. Just for information: everything worked fine in
    windows 8 and 8.1 on the same surface pro 3 and with the same network adapters 🙂

  13. Paul E Long says:

    @Brian, we do have a known two know issues with Windows 10. In one case running New-NetEventSession returns with a "A general error occurred that is not covered by a more specific error code." error. I will try to do some more research and once we have
    things fixed for Win10 I will post a blog.

    In your case I'm not sure how the Hyper-v Virtual switch is involved, but I will see if that is related to the problem that has been reported.

  14. @Paul E Long, today I updated to build 10547 and it seems that the problem using a Hyper-V External with the Wireless adapter on the Surface Pro 3 is gone. There were a firmware upgrade package a few days ago too and I'm not sure I tried Message Analyzer
    in between then and now, so it might have been the other update.
    But everything seems to work fine now 🙂

  15. Paul E Long says:

    @Brian, that's good to hear. Glad everything is working.

  16. @Paul, do you have the problem pinned down? I have a plain HP Elitebook 840 where I get the error message "Local WMI provider for packet capture failed. Please check if WMI is supported and configured properly." when attempting to select network interface.
    It doesnt' list any nic's.

    I have Hyper-V installed with a virtual switch configured. Running Windows 10 "plain" (no insider).

  17. Paul E Long says:

    There are two known issues with the OS NDIS capture provider, and we believe we have a handle on them. However, I'm not certain if your issue is related.

    Perhaps it's best if you open up an issue on our forum where it will be easier to communicate. Can you tell me the exact repro steps? Where are you checking to see no interfaces exists? Is this after pressing config from the New Session->Live Trace dialog?

    Thanks

    Paul

Skip to main content