New Version #Microsoft Message Analyzer #skype4b #lync #azure #MMA #cloud #storage #SQOS #RNAS


Microsoft Message Analyzer (v1.3) is the current versioned tool for capturing, displaying, and analyzing protocol messaging traffic and other system messages. Message Analyzer also enables you to import, aggregate, and analyze data from log and trace files. It is the successor to Microsoft Network Monitor 3.4 and Message Analyzer v1.2. Message Analyzer is a key component in the Protocol Engineering Framework (PEF) that was created by Microsoft for the improvement of protocol design, development, documentation, testing, and support. With Message Analyzer, you can choose to capture data live or load archived message collections from multiple data sources simultaneously.
Message Analyzer enables you to display trace, log, and other message data in numerous data viewer formats, including a default tree grid view and other selectable graphical views that employ grids, charts, and timeline visualizer components which provide high-level data summaries and other statistics. It also enables you to configure your own custom data viewers. In addition, Message Analyzer is not only an effective tool for troubleshooting network issues, but for testing and verifying protocol implementations as well.


Microsoft Message Analyzer Operating Guide

  • New Windows 10 Protocols: SQOS, RNAS
  • Other New Protocols: CSSP, NetFlow, IPFIX, RDPEFS, RDPERP, RDPESC, SCMR

Fiddler .SAZ – Now you can open .SAZ files from Fiddler directly. Now correlate fiddler traffic with network traces, ETL’s and log files.

Viewpoint Improvements – Viewpoint has been separated as a separate tool, to centralize it’s functionality in one place, including the hiding of Operations. Now a View Filter before Viewpoints, so that you can drill down with a filter, change your Viewpoint, and still see all the data based on the high-level View Filter.  You can also apply a new Viewpoint Filter that is relative to the currently applied Viewpoint, which works like the previous view filter behavior.

GZIP decompression – Message Analyzer can now automatically decompress HTTP payloads that have been compressed using GZIP.

Decryption Improvements – Support for TLS decrypted protocols like RDP, TDS and LDAP. Also we’ve improved some of the error messages reported by the Decryption tool window.

Parser and Text Log Updates – New protocol parsers like SRVS, RDWR, WSH, EVEN, and many more. Updates to the Netlogon parser and the addition log file parsers for Lync, SCCM (System Center Configuration Manager), ULS (SharePoint), and VMM (Virtual Machine Manager) logs.


Message Analyzer can now retrieve data in new ways. Analyze them individually or combine them with other data as well:

  • SQL/Azure – Open SQL and Azure Tables and import that data to correlate against other information. Import Azure Blob data as well.
  • PowerShell – Execute a PowerShell command and retrieve the resulting data. For instance enter “dir” as a script, which maps to the Get-ChildItem cmdlet. This will show you the results in the Analysis Grid.
  • Event Logs – Directly open local or remote event logs in to a static session.


Go To Message (Ctrl+G) – Allows you to go to a message by entering a message number in the Go To Message dialog.   If you have a single data source loaded, the first message in that source that matches your entry will be found.  When there is more than one data source loaded you can select a specific data source in which to search for a message, or you can search across all sources.


Microsoft Message Analyzer Operating Guide

Author: Robert Smit [MVP]

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog Linkedin Profile Http:// Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: