Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, October 9, 2019 11:14 PM
Microsoft Message Analyzer (MMA) will be retired and its download packages removed from microsoft.com sites on November 25 2019. There is currently no Microsoft replacement for Microsoft Message Analyzer in development at this time. For similar functionality, please consider using a 3rd party network protocol analyzer tool such as WireShark.
Versions Affected
Versions 1.4 and earlier.
Reason for Deprecation
Microsoft Message Analyzer was last released in October 2016 and has not been under active development since that date. There are no plans for further public releases of Microsoft Message Analyzer.
Impact
If you already have Microsoft Message Analyzer installed, you may continue to use it, along with the OPN parsers you have already downloaded. However, after November 25 2019, no versions of Microsoft Message Analyzer will be made available for public download on Microsoft.com sites and you will no longer be able to download OPN parsers.
Recommendations
If you don’t already have Microsoft Message Analyzer installed, install it now before November 25 2019 from https://www.microsoft.com/en-us/download/details.aspx?id=44226.
If you already have Microsoft Message Analyzer installed, download the latest OPN parser packages before November 25 2019 by following the steps at https://docs.microsoft.com/en-us/message-analyzer/managing-microsoft-opn-parser-packages.
Forum Moderator
All replies (12)
Friday, October 18, 2019 3:25 AM | 4 votes
Hello Althea!
Is there any chance that the software could be open sourced? I tend to rely on wireshark for quick and dirty tasks, but there are some things it simply can't do that MMA can. I have not found it's equal yet, and it would be a pretty great tool to lose.
--James
Tuesday, October 22, 2019 3:27 AM
Hi James,
At this time there are no plans to open source MMA.
// I tend to rely on wireshark for quick and dirty tasks, but there are some things it simply can't do that MMA can.//
What are your top 2-3 things?
Thanks for the feedback!
Best,
Althea
Forum Moderator
Tuesday, December 10, 2019 7:30 PM
So I just found out about the deprecation today, when I launched MMA.
I only learned about MMA about 6 months ago.
I don't use it often, but it's quite valuable when you need it - especially as it supports so many different file types, and lets you try and correlate events in time.
Please re-consider, at least put the installers back up, and I agree, why not open source it if at all possible. (I mean, freaking Powershell is now open sourced...)
If anyone knows of a comparable product/software, please post here!
--Seek Truth, and you will find Joy!
Friday, January 31, 2020 9:07 PM | 3 votes
Microsoft Message Analyzer is an invaluable tool and it's very difficult to replace all of its functionality! Please re-consider open-sourcing MMA if at all possible, or at least allowing installer download.
Thursday, March 12, 2020 8:20 PM
So here I am trying to diagnose why USB drives keep dropping off my Win 2016 server. Looks like this tool would be the best way to find the problem, which doesn't appear to be a hardware issue (drives work fine on other systems). Of course it isn't available anymore. So much for diagnostics in the OS.
Thursday, April 9, 2020 9:45 PM
What are we supposed to use to analyze ETL files from `netsh trace`?
Friday, April 10, 2020 7:35 AM | 1 vote
Hi,
You can use this tool to convert ETL format files to pcapng format files that Wireshark can analyze:
https://github.com/microsoft/etl2pcapng
Best,
Althea
Forum Moderator
Friday, April 10, 2020 4:35 PM
Thank you.
Monday, May 25, 2020 2:06 PM
"What are your top 2-3 things? "
Same what Network monitor is able to do, filter by process id.
Also as the name says: "message analyzer", it is able to analyze other logs as well e.g. IIS logs. Why you need to have ten different software's?
So I really feel that decision to not continue developing it was not the perfect idea.
Try to make Fenix to fly again :)
Petri
Thursday, May 28, 2020 2:06 PM | 1 vote
<sigh> This is terrible news.
I just found this thread while validating the download link for a class I was going to teach to internal company IT engineers. I've used Message Analyzer for years and found it to be an invaluable tool for investigating and analyzing much more than network layer traffic.
Although using an .etl to pcap conversion to look at netsh captured network traffic is helpful - I often use the output from ETW Providers to troubleshoot HTTPS communication between two web services. Since our servers are using Elliptic Curve Ciphers - the data cannot be decrypted using the certificate. I rely on the higher level ETW provider data to view the HTTP data pre & post encrypted.
I've worked with many MS higher level tools, such as windbg, message analyzer, etc & find it hard to believe L3 engineers & Field Engineers are being left without such a tool at their disposal.
I certainly hope this is either open sourced, replaced, or revived - this is truly disappointing.
Karl
Friday, July 10, 2020 8:30 PM
I find it incredible that Microsoft abandons good tools like this.
What is your suggestion for reading netsh trace ETL files? I use the built-in Windows network trace function quite often. Wireshark does not read them and netsh cannot dump to a standard capture file format. Wireshark also does not read the CAB file information that is collected.
Monday, July 27, 2020 10:20 AM
Hi mctstone,
Check this for opening ETL files on WireShark:
Converting ETL Files to PCAP Files
Petri