Query Error - The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
I am going to use Microsoft Message Analyzer, which is the successor to NetMon but contains much more functionality than just doing network captures. It is also an Event Tracing for Windows (ETW) consumer, which is the functionality that we're going to use here. LogMan and Tracelog are options as well but I prefer Message Analyzer since it can view the events as it collects them and it has an amazing filtering capability to help limit the results to just what you need to see. Message Analyzer can be downloaded from the following location: https://www.microsoft.com/en-us/download/details.aspx?id=44226 Let's fire up Message Analyzer and check out the logs.
!Windows_Kernel_Trace and (*Summary contains("QUERY_RECEIVED") or (*Summary contains("RESPONSE_")))
The filtered events should now show only query and response events from the DNS Server Analytical event log.
If you've never worked with Message Analyzer, there are controls at the top of the screen to control the capture. You can let it run and accumulate, pause, or stop the capture. Pausing the capture will allow it to be restarted without losing the contents. Stopping the capture and restarting it will erase the existing contents of the capture. From here, you can either save the results as they were captured or discard them. All without stopping the ongoing collection of Analytical event logs for DNS.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.