1

I'm attempting to use Microsoft Message Analyzer version 1.3 to perform a live trace on an IIS 8.5 server. I'm an admin on my Windows 7 workstation and the target server.

Each remote provider I want to attach to must also be installed on my machine. Is there a way to download, or copy the Microsoft-Windows-IIS-Logging Provider to my Windows 7 workstation? I'd like to be able to do this without installing IIS on my workstation. I'd also like to avoid running Message Analyzer on a server.

Eric H
  • 748
  • 4
  • 10

1 Answers1

0

It is possible to install the Microsoft-Windows-IIS-Logging ETW provider on a Windows 7 workstation.

This is done by identifying the components of the ETW provider and importing those to the Windows workstation.

  1. On the target server that has the ETW provider installed, run the following command to query installed ETW providers: logman query providers
  2. Search the output for Microsoft-Windows-IIS-Logging and copy the GUID for that provider. Currently it is {7E8AD27F-B271-4EA2-A783-A47BDE29143B}.
  3. Search the registry on the target server for the GUID above. You will find registry keys in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-IIS-Logging/Logs and: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers{7e8ad27f-b271-4ea2-a783-a47bde29143b}
  4. Verify that the MessageFileName and ResourceFileName file of iisres.dll is already on your Windows workstation.
  5. Export both of these registry keys to .reg files and import them to your Windows workstation.
  6. Launch Message Analyzer as a local admin on your Windows workstation, and verify that Microsoft-Windows-IIS-Logging is available as a Provider.
Eric H
  • 748
  • 4
  • 10