branchcache early adopter's guide
Post on 27-Dec-2015
127 Views
Preview:
TRANSCRIPT
BranchCache Early Adopter’s Guide
Microsoft Windows Family of Operating SystemsMicrosoft Corporation
Published: May 2009
Abstract This document provides an overview of the BranchCache™ feature introduced in Windows® 7
and Windows Server® 2008 R2. After a thorough introduction of BranchCache and its modes of
operation, the document describes BranchCache configuration. It then provides troubleshooting
details and a list of tools to be used by BranchCache administrators.
Copyright information
This document supports a preliminary release of a software product that may be changed
substantially prior to final commercial release. This document is provided for informational
purposes only and Microsoft makes no warranties, either express or implied, in this document.
Information in this document, including URL and other Internet Web site references, is subject to
change without notice. The entire risk of the use or the results from the use of this document
remains with the user. Unless otherwise noted, the companies, organizations, products, domain
names, e-mail addresses, logos, people, places, and events depicted in examples herein are
fictitious. No association with any real company, organization, product, domain name, e-mail
address, logo, person, place, or event is intended or should be inferred. Complying with all
applicable copyright laws is the responsibility of the user. Without limiting the rights under
copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying,
recording, or otherwise), or for any purpose, without the express written permission of Microsoft
Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this document. Except as expressly provided in any
written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
© 2009 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Outlook, Windows, Windows Server, Internet Explorer, and
BranchCache are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners.
Contents
BranchCache Early Adopter’s Guide..............................................................................................7
BranchCache Overview.................................................................................................................. 7
Distributed Cache mode..............................................................................................................8
Hosted Cache mode....................................................................................................................9
Server Configuration..................................................................................................................... 10
Installing the BranchCache feature............................................................................................10
Configuring a Web server or a BITS application server to use BranchCache............................11
Configuring a WSUS server to use BranchCache.....................................................................11
Configuring a file server to use BranchCache...........................................................................12
Using Group Policy to configure BranchCache.........................................................................13
Using the Registry Editor to configure disk use for stored identifiers.........................................14
Setting the BranchCache support tag on a file share................................................................14
Additional steps for server clusters............................................................................................15
Client Configuration...................................................................................................................... 15
Client configuration using Group Policy.....................................................................................15
Configuring the client firewall.................................................................................................18
Client configuration using netsh................................................................................................19
Deploying BranchCache with Remote Access Technologies........................................................20
Hosted Cache mode and host-based VPN software.................................................................20
BranchCache and Microsoft DirectAccess................................................................................20
Non-Microsoft Firewall Settings for BranchCache........................................................................21
Non-Microsoft firewall settings for Distributed Cache clients.....................................................21
[MS-PCCRD]: Peer Content Caching and Retrieval Discovery Protocol................................21
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval Protocol................................22
Non-Microsoft firewall settings for Hosted Cache clients...........................................................22
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval Protocol................................22
[MS-PCHC]: Peer Content Caching and Retrieval: Hosted Cache Protocol..........................22
Non-Microsoft firewall settings for the Hosted Cache server.....................................................22
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval Protocol................................23
[MS-PCHC]: Peer Content Caching and Retrieval: Hosted Cache Protocol..........................23
BranchCache protocols for content servers (such as a Web server or file server)....................23
Hosted Cache Server Setup.........................................................................................................23
Install the BranchCache feature................................................................................................24
Enable the BranchCache feature and enable Hosted Cache mode..........................................25
Deploy a certificate....................................................................................................................25
Import the certificate...............................................................................................................26
Link the certificate to BranchCache........................................................................................27
Resize the cache on the Hosted Cache server.........................................................................28
Modify the Hosted Cache Server Ports.....................................................................................28
Modifying the Retrieval Protocol Port (TCP Port 80)..............................................................28
Modifying the Hosted Cache Protocol Port (TCP Port 443)....................................................29
Verification and Monitoring............................................................................................................30
Verifying client configuration......................................................................................................30
Verifying the Hosted Cache Server configuration......................................................................32
Debugging certificate issues......................................................................................................33
Verifying content server configuration........................................................................................35
Verifying end-to-end deployment with performance counters....................................................35
About server-side identifier generation...................................................................................36
Calculating BranchCache efficiency with performance counters...............................................36
Troubleshooting............................................................................................................................ 38
BranchCache doesn’t function...................................................................................................38
BranchCache and client performance.......................................................................................39
Application failures....................................................................................................................40
Tools Index.................................................................................................................................... 40
Group Policy.............................................................................................................................. 40
Group Policy administrative template.....................................................................................40
Turn on BranchCache setting.................................................................................................41
Turn on BranchCache – Distributed Cache Mode setting......................................................41
Turn on BranchCache – Hosted Cache mode setting............................................................42
Set percentage of disk space used for client computer cache...................................................42
Configure BranchCache for network files..................................................................................42
Disabling BITS use of BranchCache.........................................................................................43
Netsh Commands......................................................................................................................... 43
dump......................................................................................................................................... 43
exportkey................................................................................................................................... 44
flush........................................................................................................................................... 44
importkey................................................................................................................................... 44
reset.......................................................................................................................................... 45
set mode.................................................................................................................................... 45
set cachesize............................................................................................................................. 45
set key....................................................................................................................................... 46
set localcache............................................................................................................................ 46
set service................................................................................................................................. 47
show hostedcache.....................................................................................................................48
show localcache........................................................................................................................ 48
show status............................................................................................................................... 48
Performance Counters.................................................................................................................. 48
Attempted Discoveries...............................................................................................................48
Average Branch Rate................................................................................................................49
Bytes from Cache...................................................................................................................... 49
Bytes from Server...................................................................................................................... 49
Bytes Served............................................................................................................................. 49
Cache Complete File Segments................................................................................................50
Cache Hit Ratio......................................................................................................................... 50
Cache Partial File Segments.....................................................................................................50
Discovery Time.......................................................................................................................... 51
Hosted Cache – Client file segment offers accepted.................................................................51
Hosted Cache – Client file segment offers made.......................................................................51
RequestsFilledByServer............................................................................................................51
Protocol Specific Counters........................................................................................................52
Bytes From Cache................................................................................................................. 52
Bytes From Server.................................................................................................................52
Cache Hit Ratio...................................................................................................................... 52
Web server performance counters............................................................................................53
Client Cache Miss Bytes........................................................................................................53
Hash Bytes............................................................................................................................. 53
Hypothetical Server Bytes Without Caching...........................................................................53
Processed HTTP Requests....................................................................................................53
Server Cache Miss Bytes.......................................................................................................54
Total HTTP Requests.............................................................................................................54
Changing BranchCache Ports......................................................................................................54
Hosted Cache server.................................................................................................................54
Hosted Cache clients................................................................................................................. 55
Event Logs.................................................................................................................................... 55
Upgrade Notes.............................................................................................................................. 60
Upgrading a Hosted Cache server from Windows 7 Beta to a later Windows 7 version............60
Hosted Cache migration............................................................................................................60
BranchCache and System Restore...........................................................................................60
BranchCache Early Adopter’s Guide
BranchCache™ is designed to reduce WAN link utilization and improve application
responsiveness for branch office workers who access content from servers in remote locations.
Branch office client computers use a locally maintained cache of data to reduce traffic over a
WAN link. The cache can be distributed across client computers (distributed cache mode) or can
be housed on a server in the branch (hosted cache mode). BranchCache only optimizes traffic
flows between Windows Server® 2008 R2 servers and Windows® 7 clients.
Server Configuration
Client Configuration
Deploying BranchCache with Remote Access Technologies
Non-Microsoft Firewall Settings for BranchCache
Hosted Cache Server Setup
Verification and Monitoring
Troubleshooting
Tools Index
Netsh Commands
Performance Counters
Changing BranchCache Ports
Event Logs
Upgrade Notes
Note
For a complete view of Windows 7 resources, articles, demos, and guidance, please visit
the Springboard Series for Windows 7 on the Windows Client TechCenter.
For a Web version of this document, see the BranchCache Early Adopter’s Guide in the
Windows 7 Technical Library (http://go.microsoft.com/fwlink/?LinkId=148641).
BranchCache Overview
BranchCache™ is designed to reduce WAN link utilization and improve application
responsiveness for branch office workers who access content from servers in remote locations.
Branch office client computers use a locally maintained cache of data to reduce traffic over a
WAN link. The cache can be distributed across client computers (Distributed Cache mode) or can
be housed on a server in the branch (Hosted Cache mode).
BranchCache is designed to prevent unauthorized access to content. Content is encrypted when
transferred between peers or between clients and the hosted cache server. Content can only be
7
decrypted using the identifiers provided by the content server in the main office. The content
server will only provide identifiers to authorized clients. BranchCache supports the optimization of
downloads over end-to-end secure transports such as HTTPS and IPsec.
BranchCache only optimizes traffic flows between Windows Server 2008 R2 servers and
Windows 7 clients. The BranchCache feature is an optional component on Windows
Server 2008 R2 and must be installed and enabled before BranchCache can be used. To
optimize SMB traffic, the file server role must be enabled. BranchCache is installed on Windows 7
client computers by default, but IT administrators must enable BranchCache and create firewall
rules to enable traffic between client computers.
Distributed Cache modeIf client computers are configured to use Distributed Cache mode, the cached content is
distributed among client computers on the branch office network. No infrastructure or services are
required in the branch office beyond client computers running Windows 7.
Figure 1 Distributed cache mode
1. Client 1 issues a request for a file on a BranchCache-enabled server in headquarters. This
request can be transmitted over any of the BranchCache-enabled protocols (HTTP, SMB, or
BITS). The client indicates to the server that it is BranchCache capable, using fields,
messages, or headers that are already part of the BranchCache-enabled protocol.
The server responds, and transmits a set of identifiers that describe the chunks of content the
client wants to download. These identifiers are transmitted by using the BranchCache-
enabled protocol.
2. Client 1 searches locally for computer that has already downloaded and cached the content.
This search is conducted by using the BranchCache discovery protocol (which, in turn, uses
WS-Discovery), which is a multicast protocol sent over UDP. Client 1 is the first computer in
the branch to download this piece of content, so it does not receive any responses.
8
3. Client 1 issues another request to the server in headquarters by using the BranchCache-
enabled protocol (HTTP, SMB, or BITS). This request is not marked as BranchCache
capable. The server responds with the requested data. The client then adds this data to its
local cache.
4. Client 2 issues a request for the same content that Client 1 downloaded earlier. Client 2
receives identifiers describing the content from the server in headquarters.
5. Client 2 uses the BranchCache discovery protocol to search for the content. Client 1 receives
this request, finds the requested content in its local cache, and sends a response to Client 2.
6. Client 2 requests the content from Client 1 by using the BranchCache retrieval protocol
(which, in turn, uses HTTP). Client 1 transmits the content to Client 2, protecting it with the
BranchCache encryption scheme. Client 2 verifies the data against the identifiers
downloaded from the server in headquarters.
Hosted Cache modeIn hosted cache mode, cached content is maintained on a computer running Windows
Server 2008 R2 on the branch office network.
Figure 2 Hosted cache mode
1. Client 1 issues a request to a BranchCache-enabled server in headquarters. This request can
be transmitted over any of the BranchCache-enabled protocols (HTTP, SMB, BITS). The
client indicates to the server that it is BranchCache capable, using fields, messages, or
headers that are already part of the BranchCache-enabled protocol.
The server responds, and transmits a set of identifiers that describe the chunks of content
that the client wants to download. These identifiers are transmitted by using the
BranchCache-enabled protocol.
2. Client 1 requests the content from the hosted cache in the branch by using the BranchCache
retrieval protocol [MS-PCCRD] (uses HTTP, TCP, source port: ephemeral, destination port: 80
by default). The hosted cache response informs Client 1 that the target data is not available.
9
3. Client 1 issues another request to the server in headquarters by using the BranchCache-
enabled protocol (HTTP, SMB, BITS). This request is not marked BranchCache capable. The
server responds with the requested data.
4. Client 1 advertizes the newly downloaded content to the Hosted Cache server by using the
BranchCache hosted cache protocol [MS-PCHC]. This protocol is carried in HTTPS (TCP,
source port: ephemeral, destination port: 443 by default).
5. The Hosted Cache server connects to the client and downloads the recently advertized
content by using the BranchCache retrieval protocol [MS-PCCRD] (which, in turn, uses HTTP,
TCP, source port: ephemeral, destination port: 80 by default).
6. Client 2 issues a request for the same content that Client 1 downloaded earlier. Client 2
receives identifiers describing the content from the server in headquarters.
7. Client 2 requests the content from the hosted cache in the branch by using the BranchCache
retrieval protocol [MS-PCCRD] (which, in turn, uses HTTP, TCP, source port: ephemeral,
destination port: 80 by default). The hosted cache responds with the data. Client 2 verifies the
data by using the identifiers downloaded from the server in headquarters.
If a client computer cannot locate content on the Hosted Cache server, it returns to the server in
the main office and requests a download.
Hosted Cache mode and Distributed Cache mode are mutually exclusive. A client computer can
be configured to use only a single caching mode at one time.
Server Configuration
BranchCache is not installed by default on Windows Server 2008 R2. To configure a Web server
or an application server that uses the Background Intelligent Transfer Service (BITS) protocol,
you must install the BranchCache feature using server manager. To configure a file server to use
BranchCache, you must install the BranchCache for Network Files feature, and configure the
server using Group Policy. For a Windows Server 2008 R2 computer to act as a BranchCache
client, you must first install the BranchCache feature and then follow the client configuration steps
in this document.
Installing the BranchCache feature Use the Add Features Wizard of Server Manager in Windows Server 2008 R2 to enable
BranchCache on a Web server or BITS application server.
To install the BranchCache feature
1. Click Start, point to Administrative Tools, and then click Server Manager.
2. Right-click Features and then click Add Features.
3. In the Add Features Wizard, select BranchCache, and then click Next.
10
4. In the Confirm Installation Selections dialog box, click Install.
5. In the Installation Results dialog box, confirm that BranchCache installed successfully,
and then click Close.
Configuring a Web server or a BITS application server to use BranchCacheTo enable BranchCache acceleration of content served by a Web server or application server
using the BITS protocol, you must install the BranchCache feature and ensure that the
BranchCache service has started. No other steps are necessary.
Configuring a WSUS server to use BranchCacheIn addition to enabling BranchCache in your environment, the WSUS server must be configured
to store update files locally (both the update metadata and the update files are downloaded and
stored locally on the WSUS server). This ensures that the clients get the update files from the
WSUS server rather than directly from Microsoft Update. To learn more about WSUS server
11
configuration, see Advanced Synchronization Options for WSUS (http://go.microsoft.com/fwlink/?
LinkId=150597) on Microsoft TechNet.
Configuring a file server to use BranchCache The BranchCache for Network Files role service of the File Services server role needs to be
installed before you can enable BranchCache for any file shares. After you install the
BranchCache for Network Files role service, use the Group Policy Management Console to
enable BranchCache on the server. You can enable BranchCache for all shares on a file server or
only on selected shares.
Note
You do not need to install the BranchCache feature using the Add Features Wizard, as
described earlier in the guide, when configuring a file server.
BranchCache for Network Files is a role service of the File Services role. Use the Add Roles
Wizard of Server Manager to install the File Services role and the BranchCache for Network Files
role service.
12
Using Group Policy to configure BranchCache You can use the local Group Policy Editor to configure BranchCache on a single server. If you
have multiple file servers, and they are easily identifiable in your Active Directory®--for example,
they are organized under a common organizational unit (OU)--you may wish to use Group Policy
to configure BranchCache for multiple servers in one step.
To use Group Policy to configure BranchCache
1. Open the Group Policy Management Console. Click Start, point to Administrative
Tools, and then click Group Policy Management Console.
2. Select the domain in which you will apply the Group Policy object, or select Local
Computer Policy.
3. Select New from the Action menu to create a new Group Policy object (GPO).
4. Choose a name for the new GPO and click OK.
5. Right-click the GPO just created and choose Edit.
6. Click Computer Configuration, point to Policies, Administrative Templates, Network,
and then click Lanman Server.
7. Double-click Hash Publication for BranchCache.
8. Click Enabled.
9. Under Options, choose one of the following Hash publication actions:
a. Allow hash publication for all file shares.
b. Allow hash publication for file shares tagged with “BranchCache support.”
c. Disallow hash publication on all file shares.
10. Click OK.
13
Using the Registry Editor to configure disk use for stored identifiers The identifiers used to describe blocks of content are stored on the file server. The registry can be
used to limit the maximum percent or physical disk space used on the server to store these
identifiers.
Caution
Incorrectly editing the registry may severely damage your system. Before making
changes to the registry, you should back up any valued data on the computer.
To configure stored identifiers
1. Open an elevated command prompt (click Start, click All Programs, click Accessories,
right-click Command Prompt, and then click Run as administrator).
2. At the command prompt, type Regedit.exe, and then press Enter.
3. Navigate to HKLM\CurrentControlSet\Service\LanmanServer\Parameters.
4. Right-click the HashStorageLimitPercent value, and then click Modify.
5. In the Value box, type the percentage of disk space that you would like BranchCache to
use. Click OK.
6. Close the Registry Editor.
Setting the BranchCache support tag on a file share By default, only shares with the BranchCache support tag will be optimized. This is also the case
if the Group Policy Hash Publication for BranchCache setting is enabled and the option Allow
hash publication for file shares tagged with BranchCache support is selected. The following
section explains how to set the BranchCache support tag on a file share.
To set the BranchCache support tag on a share
1. Click Start, point to Administrative Tools, and then click Share and Storage
Management.
2. Right-click a share and then click Properties.
3. Click Advanced.
4. On the Caching tab, select Only the files and programs that users specify are
available offline.
5. Select Enable BranchCache, and then click OK.
6. Click OK, and then close the Share and Storage Management Console.
14
Additional steps for server clusters BranchCache-enabled servers use a piece of cryptographic data when generating identifiers for
data blocks. In a server cluster, this cryptographic data must be replicated across all
BranchCache-enabled servers in the cluster to keep the generation of identifiers consistent
across all computers.
To replicate cryptographic data
1. Open an elevated command prompt (click Start, click All Programs, click Accessories,
right-click Command Prompt, and then click Run as administrator).
2. At the command prompt, type netsh branchcache set key
passphrase=“MY_PASSPHRASE”, and then press Enter. Choose a phrase known only
to you. Repeat this process using the same phrase on all computers that are participating
in the cluster.
Client Configuration
BranchCache is disabled by default on client computers. Take the following steps to enable
BranchCache on client computers:
1. Turn on BranchCache.
2. Enable either Distributed Cache mode or Hosted Cache mode.
3. Configure the client firewall to enable BranchCache protocols.
Enabling Distributed Cache or Hosted Cache mode (step 2) without explicitly enabling the overall
BranchCache feature (step 1) will leave BranchCache disabled on a client computer.
It is possible to enable BranchCache on a client computer (step 1) without enabling Hosted
Cache mode or Distributed Cache mode (step 2). In this configuration, the client computer only
uses the local cache and will not attempt to download from peers or from a Hosted Cache server.
Multiple users of a single computer will benefit from a shared local cache in this local caching
mode.
Configuration can be automated using Group Policy or can be achieved manually by using the
netsh command. This section describes both configuration approaches.
Client configuration using Group PolicyTo enable BranchCache on Windows 7 client computers using Group Policy, you must first create
a Group Policy object (GPO) that will carry the BranchCache configuration. After creating the
GPO, you configure the setting that enables BranchCache and choose whether BranchCache will
operate in Distributed Cache mode or Hosted Cache mode.
15
To create a GPO, enable BranchCache, and select the cache mode
1. Click Start, point to Administrative Tools, and click Group Policy Management
Console.
2. In the console tree, select the domain in which you will apply the GPO.
3. Create a new GPO by selecting New from the Action menu.
4. Choose a name for the new GPO, and then click OK.
5. Right click the GPO you created and choose Edit.
6. Click Computer Configuration, point to Policies, Administrative Templates: Policy
definitions (ADMX files) retrieved from the local machine, Network, and then click
BranchCache.
7. Double-click Turn on BranchCache.
8. Click Enabled, and then click OK.
16
9. To use Distributed Cache mode, double-click Turn on BranchCache – Distributed
Caching mode, click Enabled, and then click OK.
–or–
To use Hosted Cache mode, double-click Turn on BranchCache – Hosted cache
mode, click Enabled, and then click OK.
10. To enable BranchCache for SMB traffic, double-click BranchCache for network files,
click Enabled, select a latency value under Options, and then click OK.
17
Configuring the client firewall To support IKEv2-enabled VPN connections, first install the Active Directory Certificate Services
and Web Server (IIS) server roles to enable Web enrollment of a computer certificate.
In Distributed Cache Mode, BranchCache uses the HTTP protocol for data transfer between
client computers and the WS-Discovery protocol for cached content discovery. The client firewall
must be configured to allow incoming HTTP and WS-Discovery traffic on computers that use
Distributed Cache mode.
The HTTP protocol is also used by clients configured to use the Hosted Cache mode, but the
WS-Discovery protocol is not. Clients operating in Hosted Cache mode must be configured to
allow incoming HTTP traffic from the Hosted Cache server.
This section explains how to configure the host firewall using Group Policy to enable
BranchCache.
To configure firewall rules for BranchCache using Group Policy
1. Click Start, point to Administrative Tools, and click Group Policy Management
Console.
2. Right click the GPO you created for BranchCache and choose Edit.
3. Click Computer Configuration, point to Policies, Windows Settings, Security
18
Settings, Windows Firewall with Advanced Security, and then click Inbound Rules.
4. Create a firewall rule for HTTP (required in both Distributed Cache and Hosted Cache
modes):
a. From the Action menu, select New.
If you are authoring the Group Policy object on a computer that is running Windows
Server 2008 R2 or Windows 7: Click Predefined, select BranchCache – Content
Retrieval (Uses HTTP), and then click Next.
If you are authoring the Group Policy object on a computer that does not include the
predefined BranchCache firewall rules: Click Port, and then click OK. Click TCP,
click Specific local ports, type 80 in the text box, and then click Next.
b. Click Allow the connection, and then click Next.
c. Choose the networks in which the rule will apply. In most cases, it is appropriate to
select the Domain profile, and leave the Private and Public profiles unselected.
d. Type a name for the firewall rule, and then click Finish.
5. Create a firewall rule for WS-Discovery (only required in Distributed Cache mode):
a. From the Action menu, select New.
If you are authoring the Group Policy object on a computer that is running Windows
Server 2008 R2 or Windows 7: Click Predefined, select BranchCache – Peer
Discovery (Uses WSD), and then click Next.
If you are authoring the Group Policy object on a computer that does not include the
predefined BranchCache firewall rules: Click Port, and then click OK. Click UDP,
click Specific local ports, type 3702 in the text box, and then click Next.
b. Click Allow the connection, and then click Next.
c. Choose the networks in which the rule will apply. In most cases, it is appropriate to
select the Domain profile, and leave the Private and Public profiles unselected.
d. Type a name for the firewall rule, and then click Finish.
Client configuration using netshWhen configuring client computers, you can enable BranchCache and choose between
Distributed Cache mode and Hosted Cache mode with a single netsh command.
Note
Group Policy overrides netsh configuration.
To enable BranchCache in Distributed Cache mode
1. Open an elevated Command Prompt window (click the Start button, type command in the
Start Search box, right-click Command Prompt, and then click Run as administrator).
2. Run the following command: netsh branchcache set service mode=DISTRIBUTED
19
Note
Running this command automatically configures the host firewall for Distributed
Cache mode.
To enable BranchCache in Hosted Cache mode
1. Open an elevated Command Prompt window (click the Start button, type command in the
Start Search box, right-click Command Prompt, and then click Run as administrator).
2. Run the following command: netsh branchcache set service mode=HOSTEDCLIENT
LOCATION=<Hosted Cache name>. Where <Hosted Cache name> is the fully qualified
domain name of the computer serving as a Hosted Cache.
Note
Running this command automatically configures the host firewall for Hosted
Cache mode.
Deploying BranchCache with Remote Access Technologies
Hosted Cache mode and host-based VPN software Note that it is not appropriate to enable Hosted Cache on clients in a branch office if these clients
use a host-based VPN that does not support split tunneling. In this scenario, client computers
route traffic through the main office VPN servers when downloading from the local Hosted Cache.
BranchCache is compatible with VPN software that supports split tunneling.
BranchCache and Microsoft DirectAccess If the computers in your branch office connect directly to the internet and access corporate
resources using DirectAccess, you must take some extra steps to enable BranchCache.
To configure clients in Distributed Cache mode, you must configure IPsec/firewall rules that
allow the WS-Discovery (UDP multicast on port 3702) and HTTP (TCP on port 80) protocols
to execute between roaming peers.
To configure clients in Hosted Cache mode, you must configure IPsec/firewall rules that allow
HTTP (TCP on port 80) protocols to execute between the roaming peer and the remote
Hosted Cache server.
20
BranchCache uses a custom encryption scheme based on AES128 for transfers between peers
in Distributed Cache mode and between a roaming client and the Hosted Cache server. There is
minimal value in enabling encryption with IPsec for BranchCache for these transfers.
Non-Microsoft Firewall Settings for BranchCache
If your organization uses a non-Microsoft firewall, configure the firewall to allow the traffic for the
protocols and programs that BranchCache uses. This section provides a reference of protocols
and the settings that you can use to configure firewalls to allow BranchCache traffic.
For more information about the protocols referenced in this section, see the following topics on
the Microsoft Web site:
[MS-PCCRD]: Peer Content Caching and Retrieval Discovery Protocol Specification
(http://go.microsoft.com/fwlink/?LinkId=151305)
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval Protocol Specification
(http://go.microsoft.com/fwlink/?LinkId=151306)
[MS-PCHC]: Peer Content Caching and Retrieval: Hosted Cache Protocol Specification
(http://go.microsoft.com/fwlink/?LinkId=151307)
Non-Microsoft firewall settings for Distributed Cache clients This section describes firewall settings for Distributed Cache clients when Distributed Cache
mode is used.
[MS-PCCRD]: Peer Content Caching and Retrieval Discovery ProtocolDistributed Cache clients must support inbound and outbound MS-PCCRD traffic, which is carried
in the Web Services Dynamic Discovery (WS-Discovery) protocol. Firewall settings must allow
multicast traffic, inbound and outbound traffic, and program traffic as follows:
IPv4 multicast: 239.255.255.250
IPv6 multicast: FF02::C
Inbound traffic: Local port: 3702, Remote port: ephemeral
Outbound traffic: Local port: ephemeral, Remote port: 3702
Program: %systemroot%\system32\svchost.exe (BranchCache Service [PeerDistSvc])
21
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval ProtocolDistributed Cache clients must support inbound and outbound MS-PCCRR traffic, which is carried
in the HTTP 1.1 [RFC 2616] protocol. Firewall settings must allow inbound, outbound, and
program traffic as follows:
Inbound traffic: Local port: 80, Remote port: ephemeral
Outbound traffic: Local port: ephemeral, Remote port: 80
Program: SYSTEM
Non-Microsoft firewall settings for Hosted Cache clientsThis section describes firewall settings for Hosted Cache clients when Hosted Cache mode is
used.
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval ProtocolHosted Cache clients must support inbound and outbound MS-PCCRR traffic, which is carried in
the HTTP 1.1 [RFC 2616] protocol. Firewall settings must allow inbound, outbound, and program
traffic as follows:
Inbound traffic: Local port: 80, Remote port: ephemeral
Outbound traffic: Local port: ephemeral, Remote port: 80
Program: SYSTEM
[MS-PCHC]: Peer Content Caching and Retrieval: Hosted Cache ProtocolHosted Cache clients must support inbound and outbound MS-PCHC traffic, which is carried in
the HTTP 1.1 over TLS (HTTPs) [RFC 2818] protocol. Firewall settings must enable outbound
traffic as follows:
Outbound traffic: Local port: ephemeral, Remote port: 443
Program: SYSTEM
Non-Microsoft firewall settings for the Hosted Cache server This section describes firewall settings for the Hosted Cache server when Hosted Cache mode is
used.
22
[MS-PCCRR]: Peer Content Caching and Retrieval: Retrieval ProtocolThe Hosted Cache server must support inbound and outbound MS-PCCRR traffic, which is
carried in the HTTP 1.1 [RFC 2616] protocol. Firewall settings must allow inbound, outbound, and
program traffic as follows:
Inbound traffic: Local port: 80, Remote port: ephemeral
Outbound traffic: Local port: ephemeral, Remote port: 80
Program: SYSTEM
[MS-PCHC]: Peer Content Caching and Retrieval: Hosted Cache ProtocolThe Hosted Cache server must support inbound MS-PCHC traffic, which is carried in the HTTP
1.1 over TLS (HTTPs) [RFC 2818] protocol. Firewall settings must enable inbound and program
traffic as follows:
Inbound traffic: Local port: 443, Remote port: ephemeral
Program: SYSTEM
BranchCache protocols for content servers (such as a Web server or file server) No additional ports or protocols are required on the content server. All BranchCache
communication with clients occurs in the context of the optimized protocol (HTTP, SMB, and
BITS). Extensions to these protocols enable BranchCache on client computers that are running
Windows 7.
For more information, see the following topics on the Microsoft Web site:
[MS-PCCRTP]: Peer Content Caching and Retrieval: Hypertext Transfer Protocol (HTTP)
Client Extensions (http://go.microsoft.com/fwlink/?LinkId=151309)
[MS-SMB2]: Server Message Block (SMB) Version 2 Protocol Specification
(http://go.microsoft.com/fwlink/?LinkId=151310)
Hosted Cache Server Setup
Only a Windows Server 2008 R2 computer can be configured as a Hosted Cache server. An
existing application server in the branch office can be a Hosted Cache server if it is upgraded to
Windows Server 2008 R2.
The Hosted Cache is trusted by client computers to cache and distribute data that may be under
access control. For this reason, client computers use transport layer security (TLS) when
communicating with the Hosted Cache server. To support authentication, the Hosted Cache
23
server must be provisioned with a certificate that is trusted by clients and is suitable for server
authentication.
Take the following steps to configure a Windows Server 2008 R2 computer to be a Hosted Cache
server:
1. Install the BranchCache feature.
2. Enable the BranchCache feature and enable Hosted Cache server mode.
3. Deploy a certificate to the Hosted Cache that will be trusted by client computers. It may be
necessary to distribute this certificate to client computers if it does not chain to a root
certificate that is already trusted. Link the certificate to BranchCache.
4. Resize the cache on the Hosted Cache server.
5. Configure client computers to use the Hosted Cache.
Install the BranchCache feature
To install the BranchCache feature
1. Click Start, point to Administrative Tools, and then click Server Manager.
2. Right-click Features, and then click Add Features.
3. In the Add Features Wizard, select BranchCache, and then click Next.
24
4. In the Confirm Installation Selections dialog box, click Install.
5. In the Installation Results dialog box, confirm that BranchCache installed successfully,
and then click Close.
Enable the BranchCache feature and enable Hosted Cache mode For detailed instructions, see To enable BranchCache in Hosted Cache mode earlier in this
document.
Deploy a certificate The Hosted Cache server must be equipped with a certificate that is trusted by the client
computers in the branch offices. For information about Windows Server certificate deployment,
see Server Certificate Deployment Overview.
25
Import the certificate The certificate must be added to the certificate store under the local computer account. If the
certificate is added to the certificate store belonging to an administrator, or another user on the
system, you will be unable to link the certificate to BranchCache, and clients will not be able to
connect to the Hosted Cache server.
To import the certificate
1. Open the Microsoft Management Console (click Start, click Run, type mmc, and then
click OK).
2. From the File menu, select Add/remove snap-in.
3. Select the Certificates snap-in, in the Available snap-ins list, and then click Add.
4. Select Computer Account from the list, and then click Next.
5. Select Local Computer from the list, click Finish, and then click OK to complete the
snap-in addition process.
6. Expand the Certificates (Local Computer) > Personal > Certificates tab.
7. From the Action menu, select All Tasks > Import to start the Certificate Import Wizard.
Follow the steps in the wizard to import your certificate according to the file type. The
imported certificate appears in the right pane of the MMC.
8. Double-click the certificate to view its properties.
9. In the Details pane, select the Thumbprint field.
10. Copy the Thumbprint value to the clipboard or write it down. You will use it later when
linking the certificate to BranchCache.
26
Link the certificate to BranchCache After the import process has completed, you must link your new certificate to the BranchCache
service on the Hosted Cache server.
To link the certificate to BranchCache
1. Open an elevated Command Prompt (click Start, click All Programs, click Accessories,
right-click Command Prompt, and then click Run as administrator).
2. Type the command: NETSH HTTP ADD SSLCERT IPPORT=0.0.0.0:443
CERTHASH=<thumbprint> APPID={d673f5ee-a714-454d-8de2-492e4c1bd8f8} where
<thumbprint> is thse value that you copied during the Import the certificate procedure
earlier in this document. Be sure to remove the spaces in the <thumbprint> entry.
27
Resize the cache on the Hosted Cache server By default, BranchCache allocates 5% of the active partition on the Hosted Cache server. Use the
netsh set cachesize command to change this value.
Modify the Hosted Cache Server PortsThe Hosted Cache accepts connections from BranchCache clients on two ports. TCP Port 80 is
used to accept connections from clients that are seeking to download cached data using the
BranchCache retrieval protocol. Port 443 is used to accept connections from clients that are
seeking to upload data to the Hosted Cache using the Hosted Cache protocol. You can change
these ports on the Hosted Cache server by using the registry. If you do so, you must update all
your BranchCache client computers to use the new ports.
Modifying the Retrieval Protocol Port (TCP Port 80)To update the retrieval port, you must modify the registry on the Hosted Cache server, then
modify the registry on each client that is configured to use this Hosted Cache. The following
example demonstrates the use of the reg command to update registry keys. Alternative
mechanisms can be used to update the registry.
To update the Hosted Cache server
1. Open an elevated Command Prompt window (click Start, click All Programs, click
Accessories, right-click Command Prompt, and then click Run as administrator).
2. Type the command: netsh branchcache set service hostedserver.
3. Type the command: net stop peerdistsvc.
28
4. Type the command: net start peerdistsvc.
To update the Hosted Cache client
1. Open an elevated Command Prompt window (click Start, click All Programs, click
Accessories, right-click Command Prompt, and then click Run as administrator).
2. Type the command: REG ADD "HKLM\Software\Microsoft\Windows NT\
CurrentVersion\PeerDist\DownloadManager\Peers\Connection" /v
ConnectPort /t REG_DWORD /d <connectport> /f where <connectport> is the new port
on which the Hosted Cache server is accepting retrieval protocol connections.
3. Type the command: netsh branchcache set service hostedclient
location=<hostedcache> Where <hostedcache> is the fully qualified domain name of
the Hosted Cache server.
4. Type the command: net stop peerdistsvc.
Type the command: net start peerdistsvc.
Modifying the Hosted Cache Protocol Port (TCP Port 443)To update the Hosted Cache protocol port, you must modify the registry on the Hosted Cache
server, then modify the registry on each client that is configured to use this Hosted Cache. The
following example demonstrates the use of the reg command to update registry keys. Alternative
mechanisms can be used to update the registry.
To update the Hosted Cache server
1. Open an elevated Command Prompt window (click Start, click All Programs, click
Accessories, right-click Command Prompt, and then click Run as administrator).
2. Type the command: REG ADD "HKLM\Software\Microsoft\Windows NT\
CurrentVersion\PeerDist\HostedCache\Connection" /v
ListenPort /t REG_DWORD /d <listenport> /f where <listenport> is the new port on
which the Hosted Cache server should accept retrieval protocol connections.
3. Type the command: netsh branchcache set service hostedserver.
4. Type the command: net stop peerdistsvc.
5. Type the command: net start peerdistsvc.
To update the Hosted Cache client
1. Open an elevated Command Prompt window (click Start, click All Programs, click
Accessories, right-click Command Prompt, and then click Run as administrator).
2. Type the command: netsh branchcache set service hostedclient
location=<hostedcache> where <hostedcache> is the fully qualified domain name of
the Hosted Cache server.
3. Type the command: net stop peerdistsvc.
29
4. Type the command: net start peerdistsvc.
Verification and Monitoring
Verifying client configuration Type the netsh branchcache show status all command in a Command Prompt window to
check client settings after configuration by Group Policy, netsh, or direct registry manipulation.
The command displays:
The BranchCache service status
The location of the local cache
The size of the local cache
The status of the firewall rules for the HTTP and WS-Discovery protocols that BranchCache
uses
Note
The command searches the BranchCache firewall rule group. If you did not use the
BranchCache firewall rule group, and you configured firewall exceptions manually,
the command may falsely report misconfiguration.
The following screenshot shows settings on a correctly configured Distributed Cache client:
30
Notes
BranchCache is enabled and the client is correctly set to function in Distributed Cache
mode.
If the computer is configured in Hosted Cache mode, verify that the computer is correctly
provisioned with the fully qualified domain name of the Hosted Cache server. Make sure
that this FQDN does not include a protocol prefix (http://).
The BranchCache service is running.
The Content Retrieval URL Reservation, Peer Content Discovery Firewall Rules, and
Content Retrieval Firewall Rules are properly enabled, allowing this computer to serve
content to other peers on the same subnet.
The following screenshot demonstrates a correctly configured Hosted Cache client:
31
Verifying the Hosted Cache Server configuration Type the netsh branchcache show status all command in a Command Prompt window on the
Hosted Cache server to display the configuration. The command verifies firewall settings and
checks for a valid certificate on the Hosted Cache server.
The following screenshot demonstrates a correctly configured Hosted Cache server:
32
Notes
The server is correctly configured to act in Hosted Cache Mode.
The BranchCache service is running.
The computer is provisioned with a certificate that is bound to the BranchCache Hosted
Cache URL.
The required firewall rules are enabled.
Debugging certificate issuesThe Hosted Cache server must be equipped with a trusted certificate for the Hosted Cache
deployment to function correctly.
To verify that a certificate is bound to the Hosted Cache URL on the Hosted Cache server,
use the netsh http show urlacl command. Verify that a certificate is bound to the following
URL: https://+:443/C574AC30-5794-4AEE-B1BB-6651C5315029/.
The certificate must have an enhanced key usage that is suitable for server authentication.
This property can be inspected by using certificate manager.
The subject field of the certificate must match the fully qualified domain name of the
computer.
33
The certificate must be associated with a root that is trusted by client computers. If the
certificate is not trusted by client computers, an audit failure event on the Hosted Cache client
results when it attempts to advertize content to the Hosted Cache server. Look for this event
in the Windows Event viewer.
Note
Audit failure events may be disabled by policy on some networks.
34
Verifying content server configurationType the netsh branchcache show status all command in a Command Prompt window to
check that the BranchCache feature is installed. If the BranchCache feature is correctly installed,
your Web server will function correctly. If the BranchCache feature is not installed, the command
will indicate this.
For a file server, follow the steps in the Setting the BranchCache support tag on a file share
section previously in this document to ensure that file shares are correctly configured for
BranchCache.
Verifying end-to-end deployment with performance counters After configuring multiple client computers and at least one Web server or file server, test the end-
to-end deployment and verify that clients successfully download content from the local cache,
each other, or the Hosted Cache server when appropriate.
35
About server-side identifier generation A BranchCache-enabled Web server generates identifiers for content dynamically on-demand.
When content is requested for the first time, the server computes identifiers as the data is
transmitted to the client, and stores these identifiers for subsequent client requests. The server
only transmits identifiers describing content the second time content is accessed.
A client computer must receive identifiers from the server computer to cache content. To test a
BranchCache server deployment, you must access content three times: one to generate
identifiers, a second to download and cache content, and a third to test retrieval from the cache.
It is best to test with three separate BranchCache-enabled client computers. If you test with fewer
than three client computers, be sure to clear any application level caches between content
accesses (for example, the Internet Explorer® cache). It is also good practice to clear the cache
on all client computers by using the netsh branchcache flush command before testing.
Note
BranchCache will only exercise for content of greater than 64KB in size. Restarting the
BranchCache service on a Web server results in loss of all identifiers computed to that
point.
Calculating BranchCache efficiency with performance countersWindows performance counters can be used to determine BranchCache efficiency and calculate
bandwidth savings.
To determine the bandwidth savings across all client computers that are accessing a Web server or BITS application server
1. On the Web server or BITS application server, start Windows Performance Monitor (click
Start, click Run, type perfmon.msc, and then click OK).
2. Click Performance, click Monitoring Tools, and then click Performance Monitor to
view the Performance Monitor graph.
3. Right-click the graph display, and choose Add Counters. Expand BranchCache Kernel
Mode in the top left pane. Select the following counters: Client Cache Miss Bytes,
Server Cache Miss Bytes, and Hypothetical Server Bytes Without Caching and
Hash Bytes.
4. Click Add, and then click OK to add the BranchCache performance counters.
5. Note the value of the performance counters.
The total savings across all BranchCache-enabled client computers that are accessing this server
can be calculated with the following formula:
Total Bytes Saved = Hypothetical Server Bytes Without Caching - Client Cache Miss Bytes -
Server Cache Miss Bytes - Hash Bytes
36
Note
This procedure is only valid for a Web server or BITS application server, and it is not
possible for a file server.
To determine the bandwidth savings across all protocols for a client machine in Distributed Cache mode or Hosted Cache mode
1. On the client computer, start Windows Performance Monitor (click Start, click Run, type
perfmon.msc, and then click OK).
2. Click Performance, click Monitoring Tools, and then click Performance Monitor to
view the Performance Monitor graph.
3. Right-click the graph display, and choose Add Counters. Expand BranchCache in the
top left pane. Select the following counters: Retrieval: Bytes from cache and Retrieval:
Bytes from server.
4. Click Add, and then click OK to add the BranchCache performance counters.
5. Note the value of the performance counters.
The total savings across all BranchCache-enabled protocols for this computer is the value of
the Retrieval: Bytes from cache counter. The BranchCache efficiency for all BranchCache-
enabled protocols can be calculated with the following formula:
Savings percentage = Retrieval: Bytes from cache / (Retrieval: Bytes from cache + Retrieval:
Bytes from server)
To determine the bandwidth savings across all protocols and all clients that are configured to use a Hosted Cache server
1. On the Hosted Cache server, start Windows Performance Monitor (click Start, click Run,
type perfmon.msc, and then click OK).
2. Click Performance, click Monitoring Tools, and then click Performance Monitor to
view the Performance Monitor graph.
3. Right-click the graph display, and choose Add Counters. Expand BranchCache in the
top left pane. Select the following counters: Retrieval: Bytes from cache and Retrieval:
Bytes from server.
4. Click Add, and then click OK to add the BranchCache performance counters.
5. Note the value of the performance counters.
The total savings across all BranchCache-enabled protocols and all BranchCache-enabled clients
that are using this computer is the value of the Retrieval: Bytes from cache counter. The
BranchCache efficiency for all BranchCache-enabled protocols and clients can be calculated with
the following formula:
Savings percentage = Retrieval: Bytes from cache / (Retrieval: Bytes from cache + Retrieval:
Bytes from server)
37
Troubleshooting
BranchCache doesn’t function Client performance counters show no bytes coming from the cache when accessing
BranchCache enabled servers. Branch office clients can still download content from the servers.
Follow the steps in Verifying end-to-end deployment with performance counters earlier in this
document. Run the performance monitor on both client computers.
Symptom: BytesAddedToCache does not increase on the first client when accessing the
BranchCache-enabled server.
The client computer may be retrieving content from the Internet Explorer cache. Be sure to
clear the IE cache by selecting Internet Options from the Tools menu, and clicking Delete.
Ensure that BranchCache is enabled on the first client using the netsh branchcache show
status command.
If attempting to access a file share, verify that the latency between the client and server is
higher than the minimum threshold.
Ensure that the BranchCache feature is installed on the server and is enabled for the protocol
under test.
Check that the peerdistsvc server has started on both the client and the server.
An intermediate proxy may alter the HTTP request coming from the client. Verify that the
proxy does not modify the ACCEPT-ENCODING HTTP header.
Note
ISA 2006 may alter this header. To configure ISA 2006 to function correctly with
BranchCache, disable the compression filter.
An intermediate proxy may downgrade the outgoing request from HTTP 1.1 to HTTP 1.0.
If the symptom is specific to file traffic, ensure that the file is not in the transparent cache.
Transparent cache is a secondary cache where the file is stored in addition to the
BranchCache. Storing the file in the transparent cache enables subsequent reads of the file
to be satisfied locally improving end-user response times and savings on WAN bandwidth. To
delete transparently cached data, search for Offline Files applet in Control Panel. Click the
Disk Usage tab, and then click Delete Temporary Files. Note that this will not clear the
BranchCache cache.
Symptom: BytesAddedToCache does increase on the first client when accessing the
BranchCache enabled server. BytesFromCache does not increase on the second client
when accessing the BranchCache enabled server. Deployment is Distributed Cache mode.
Ensure that BranchCache is enabled and that both clients are configured to use the same
caching mode using the netsh branchcache show status command.
Ensure that the correct firewall exceptions are set on both clients using the netsh
branchcache show status command.
38
Ensure that both clients are connected to the same subnet using the ipconfig command.
Make sure the client cache is not full using netsh branchcache show status ALL.
Symptom: BytesAddedToCache does increase on the first client when accessing the
BranchCache enabled server. BytesFromCache does not increase on the second client
when accessing the BranchCache enabled server. Deployment is Hosted Cache mode.
Ensure that BranchCache is enabled and that both clients are configured to use the same
caching mode using the netsh branchcache show status command.
Verify basic connectivity from both client computers to the Hosted Cache using the ping
command.
Ensure that the correct firewall exceptions are set on both clients using the netsh
branchcache show status command.
Ensure that the correct firewall exceptions are set on the Hosted Cache server using the
netsh branchcache show status command.
Ensure that the certificate is properly installed and bound to port 443 on the Hosted Cache
computer.
Symptom: Netsh shows BranchCache firewall rules have not been set, even though they
have been configured using Group Policy.
Netsh checks the predefined BranchCache firewall rule group. If you have not enabled the
default exceptions defined for BranchCache on Windows 7, Netsh will not report your
configuration correctly. This is likely to happen if you defined firewall rules for clients using Group
Policy and you defined the Group Policy object on a computer running an operating system older
than Windows 7 or Windows Server 2008 R2 (which would not have the BranchCache firewall
rule group). Note that this does not mean BranchCache will not function.
BranchCache and client performance Symptom: A client computer is running slowly. Is BranchCache at fault?
Many computers drawing large amounts of content from one client in a short time period may
impact desktop performance.
Use performance monitor to check for high service rates to peers. Examine
BytesServedToPeers relative to BytesFromCache and BytesFromServer.
The BranchCache service runs isolated in its own service host. Examine the CPU and
memory consumption of the service host process housing the branch caching service.
Sustained high rates of service to peers may be evidence of a configuration problem in the
branch office. Check to make sure that the other clients in the branch office are capable of
service data.
Clear the cache on the affected client using the netsh branchcache flush command or
reduce the cache size on the affected client.
39
Application failures Symptom: A page fails to load or a share cannot be accessed.
When BranchCache is unable to retrieve data from a peer or from the Hosted Cache, the upper
layer protocol will return to the server for content. If a failure occurs in the Branch Caching
component, the upper layer protocol should seamlessly download content from the server. No
BranchCache misconfiguration or failure should prevent the display of a webpage or connection
to a share. If a failure does occur, use the Network Diagnostic Framework Diagnose button
provided by Windows Explorer or Internet Explorer.
Symptom: The client computer is unable to access the file share even when connected to
the server.
If the client computer is unable to access a file share on the server due to the error Offline
(network disconnected), reboot the client computer and access the share again.
If the client computer is unable to access a file share on the server due to the error Offline
(slow connection), delete the temporarily cached data, reboot the computer and access the
share. To delete temporarily cached data (the same as the transparent cache described
above), search for Offline Files applet in Control Panel. Click the Disk Usage tab, and then
click Delete Temporary Files.
Tools Index
Group PolicyBranchCache behavior can be configured on client and server computers using Group Policy.
Group Policy administrative template Windows 7 includes an administrative template that can be used to edit the BranchCache Group
Policy object. The template can be found under Administrative Templates > Network >
BranchCache using the Windows Group Policy editor (gpedit.msc). This section describes the
fields available in the administrative template.
40
Turn on BranchCache setting BranchCache enables clients to securely retrieve content from within the branch office instead of
having to retrieve it from the server hosting the content. Depending on the deployment mode, the
content can be retrieved from other clients in the branch office or from a Hosted Cache located on
a server in the branch. A client can only retrieve content from within the branch if it is authorized
by the server to do so. The use of BranchCache reduces costs on the wide area network (WAN)
link that connects your branch offices to the data center or headquarters and increases download
speeds for content that has already been downloaded into the branch office.
This policy setting specifies whether BranchCache is enabled. You should apply this policy setting
in branch offices where bandwidth to headquarters is low and latency is high. There is no need to
deploy this policy setting in headquarters with fast connections to the servers hosting the content.
If you enable this policy setting, BranchCache is turned On.
If you disable or do not configure this policy setting, BranchCache is turned Off.
Turn on BranchCache – Distributed Cache Mode setting BranchCache enables clients to securely retrieve content from within the branch office instead of
having to retrieve it from the server hosting the content. With Distributed Cache, the content is
retrieved from other clients in the branch office. A client can only retrieve content from other
clients if it is authorized by the server to do so. This reduces costs on the wide area network
(WAN) link that connects your branch offices to the data center or headquarters. At the same
time, it increases download speeds for content that has already been downloaded into the branch
office.
This policy setting specifies whether BranchCache Distributed Cache mode is enabled. You
should apply this policy setting in branch offices where bandwidth to headquarters is low and
latency is high. There is no need to deploy this policy setting in headquarters with fast
connections to the servers hosting the content.
If you enable this policy setting, BranchCache Distributed Cache mode is turned On.
41
If you disable or do not configure this policy setting, BranchCache Distributed Cache mode is
turned Off.
Turn on BranchCache – Hosted Cache mode settingBranchCache operates by having client computers cache retrieved content. This cached content
can be pushed to a Hosted Cache server on the branch network so that clients can retrieve
content from this server instead of having to retrieve it from other clients in the branch. The
content is made available by the Hosted Cache to other requesting client computers if they are
authorized by the server.
This policy setting is used to specify the location of the Hosted Cache server. This setting must be
specified if a Hosted Cache is deployed in the branch. The location MUST match the name of the
Hosted Cache specified in the certificate (recommended to be the Fully Qualified Domain Name)
for the Hosted Cache. Clients use Secure Sockets Layer (SSL) to communicate with the Hosted
Cache. The certificate root for the Hosted Cache MUST be in the client’s trusted root store.
If you enable this policy setting, you must specify a valid location of the Hosted Cache.
If you disable or do not configure this policy setting, the Hosted Cache is not used in the
branch.
Set percentage of disk space used for client computer cache BranchCache operates by having client computers dedicate disk space to caching retrieved
content. This content is made available to other requesting client computers if they are authorized
by the server.
This policy setting is used to specify the percentage of total disk space to dedicate to
BranchCache.
If you enable this policy setting, you must select the percentage of total disk space to allocate
for the cache.
If you disable or do not configure this policy setting, the cache is set to 5 percent of the total
disk space on the client computer.
Configure BranchCache for network files This policy setting is used to enable BranchCache for network files or caching of SMB traffic.
If you enable this policy setting, you must select the minimum latency between client and
server, below which BranchCache BranchCache will not be used for SMB traffic.
If you disable or do not configure this policy setting, BranchCache will not optimize SMB
traffic.
42
Disabling BITS use of BranchCache By default, the BITS protocol will use BranchCache on a client that is BranchCache enabled. This
can be disabled using the BITS administrative template available under Administrative Templates
> Network > Background Intelligent Transfer Service (BITS). The BranchCache setting is named
“Do not allow the BITS client to use BranchCache.”
This setting affects whether the BITS client is allowed to use BranchCache. If the BranchCache
component is installed and enabled on a computer, then by default BITS jobs on that computer
can use BranchCache.
If you enable this setting, then the BITS client does not use BranchCache.
If you disable or do not configure this setting, then the BITS client uses BranchCache.
Note
This setting does not affect the use of BranchCache by applications other than BITS. This
setting has no effect if the computer's administrative settings for BranchCache disable its
use entirely.
Netsh Commands
dumpSyntax: dump
Remarks: Creates a script that contains the current configuration. If saved to a file, this script can
be used to restore altered configuration settings. The dump function is not implemented for the
43
BranchCache context, and it cannot be used to generate a script to restore BranchCache
configuration settings.
Example: dump
exportkey Syntax: exportkey [outputfile=]<File Path> [passphrase]=<Pass Phrase>
Parameter Description
outputfile The directory path and name of the file to which
the key should be exported
passphrase A passphrase required in order to import the
key
Remarks: Exports the key that BranchCache uses to encrypt content. The key can then be
imported on another computer by using the importkey command.
Examples:
exportkey %TMP%\secret.key "Key file password"
exportkey outputfile=C:\KeyDirectory\secret.key "Key file password"
flushSyntax: flush
Remarks: Flushes the contents of the local cache.
importkeySyntax: importkey [inputfile=]<File Path> [passphrase]=<Pass Phrase>
Parameter Description
inputfile The location of the file from which the key
should be imported
passphrase The passphrase used when exporting the key
using the exportkey command
Remarks: Imports a new key for the BranchCache service to use to protect content information.
The key must have been previously exported by means of the exportkey command. If the service
is currently running, this command will stop and restart it in order to begin using the new key.
Examples:
44
importkey %TMP%\secret.key "Key file password"
importkey inputfile=C:\KeyDirectory\secret.key "Key file password"
resetSyntax: reset
Remarks: Resets the BranchCache service. Flushes the local cache. Every configuration
parameter of BranchCache will be reset to its default value.
set modeSyntax: set mode [ mode= ] { online | offline }
Parameter Description
mode One of the following values:
online: Commit changes immediately
offline: Delay commit until explicitly requested
Remarks: Sets the current mode to online or offline.
set cachesizeSyntax: set cachesize [size=]{DEFAULT|<number>} [[percent=]{TRUE|FALSE}]
Parameter Description
size The size of the cache. Set to DEFAULT to
restore the default configuration.
percent Determines if the size tag is treated as a
percentage of the size of the hard disk or as an
exact number of bytes. Ignored if the size tag is
set to DEFAULT.
TRUE: size is a percentage of the size of the
hard disk
FALSE: size is an exact number of bytes
(Default)
Remarks: Sets the size of the BranchCache service's local cache. The size can be entered as
either an exact number of bytes, or as a percentage of the size of the disk partition. Note that this
refers to the size of the disk on which the cache is located, not the total size of all disks present
on this computer.
45
Examples:
set cachesize DEFAULT
set cachesize 20971520
set cachesize size=20 percent=TRUE
set keySyntax: set key [[passphrase=]<Pass Phrase>]
Parameter Description
passphrase A passphrase to use to generate the key. If a
passphrase is not provided, a random key will
be generated. Two keys generated using the
same passphrase will always be identical.
Using a passphrase is a convenient way to
duplicate the same key on another computer.
(Optional)
Remarks: Generates a new key for the BranchCache service to use to protect content
information. If the service is currently running, this command will stop and restart it in order to
begin using the new key.
Examples:
set key
set key passphrase="I want my content to be secure"
set localcacheSyntax: set localcache [directory=]{DEFAULT|<File Path>}
Parameter Description
directory The fully qualified path to the directory in which
the local cache should be stored. Set to
DEFAULT to restore the default cache location.
Remarks: Sets the location of the BranchCache service's local cache. Note that the service will
be stopped and restarted if necessary to complete the change. Existing cache files will be moved
to the new location. That location must reside on the local computer. If the new location is on a
different volume, the new volume must have enough free space to accommodate the entire
current cache file. Check the size of the current cache file before moving it to a new volume.
46
The cache file can be moved to a temporary device. If that device is removed, BranchCache will
no longer cache and serve the data.
Examples:
set localcache DEFAULT
set localcache directory=C:\Branchcache\Localcache
set serviceSyntax: set service
Parameter Description
mode Set the status of the BranchCache Service
DISABLED - Disable the service
LOCAL - Uses Local Caching Only
DISTRIBUTED - Distributed Cache Enabled
HOSTEDSERVER - Set as a Hosted Cache
Server
HOSTEDCLIENT- Set as a Hosted Cache
Client
location Set the location of the Hosted Cache Server.
This tag is only necessary if the mode tag is set
to HOSTEDCLIENT and is invalid otherwise.
clientauthentication Set the mechanism used by a Hosted Cache
Server to authenticate clients. This tag is only
used if the mode tag is set to
HOSTEDSERVER and is invalid otherwise.
Remarks: Sets the status of the BranchCache service. This command will also ensure that the
necessary firewall configuration for the chosen modeis in place. It is strongly recommended that
you provide a fully qualified domain name as the location of the Hosted Cache when setting
Hosted Cache Client mode.
Examples:
set service DISABLED
set service mode=DISTRIBUTED
set service mode=HOSTEDCLIENT location=SERVER123
set service mode=HOSTEDSERVER clientauthentication=DOMAIN
47
show hostedcache Syntax: show hostedcache
Remarks: Displays the location of the Hosted Cache
show localcache Syntax: show localcache
Remarks: Displays the status of the local cache.
show statusSyntax: show status [[detail=]{BASIC|ALL}]
Parameter Description
detail The level of detail to display (Optional)
BASIC: Display only basic information (Default)
ALL: Display all available information
Remarks: Displays the current status of the BranchCache Service.
Examples:
show status
show status ALL
show status detail=ALL
Performance Counters
The BranchCache performance counters exist under the heading BranchCache. They are useful
debugging tools and can be used to monitor BranchCache effectiveness and health. Some
performance counters are overloaded and report different measurements on BranchCache
clients, content servers and Hosted Cache servers.
Attempted Discoveries
Client Reports the total number of content discovery
attempts sent to peers or the Hosted Cache.
Server N/A
Hosted cache Reports the total number of content discovery
48
attempts received from clients.
Average Branch Rate
Client Reports the average download speed from
peers observed by the current node.
Server N/A
Hosted cache Reports the average upload speed to clients.
Bytes from Cache
Client Reports the total number of bytes retrieved
from the local cache, peers on the same subnet
or from a Hosted Cache.
Server N/A
Hosted cache Reports the total number bytes served to client
computers.
Bytes from Server
Client Reports the total number of bytes retrieved
from the server (content that could not be found
in a cache).
Server N/A
Hosted cache Reports the total number bytes downloaded
from clients.
Bytes Served
Client Reports the total number of bytes served by
this peer to other peers or to the Hosted Cache
server.
49
Server N/A
Hosted cache Reports the total number bytes served to
clients.
Cache Complete File Segments
Client Count of complete, content validated, file
segments.
Server N/A
Hosted cache Count of complete, content validated, file
segments.
Cache Hit Ratio
Client Percentage of files retrieved successfully from
the Distributed Cache relative original content
size.
Server N/A
Hosted cache Percentage of files retrieved successfully from
the Distributed Cache relative original content
size.
Cache Partial File Segments
Client Count of incomplete file segments that need
additional data and/or validation.
Server N/A
Hosted cache Count of incomplete file segments that need
additional data and/or validation.
Discovery Time
50
Client Weighted average of time between when a
peer discovery query was sent and when the
first response arrived.
Server N/A
Hosted cache N/A
Hosted Cache – Client file segment offers accepted
Client N/A
Server N/A
Hosted cache Count of file segment offers made by peers and
accepted by the Hosted Cache. A file segment
offer is made by a client computer to the
Hosted Cache server after a download from a
BranchCache enabled content server.
Hosted Cache – Client file segment offers made
Client N/A
Server N/A
Hosted cache Count of file segment offers made by peers to
the Hosted Cache. A file segment offer is made
by a client computer to the Hosted Cache
server after a download from a BranchCache
enabled content server.
RequestsFilledByServer
Client Reports the total numbers of requests for that
were retrieved from the original BranchCache
enabled content source.
Server N/A
51
Hosted cache N/A
Protocol Specific Counters The following counters are available for each of the following BranchCache providers: BITS,
SMB, WININET, WINHTTP, and All Others
Bytes From Cache
Client Reports the total number of bytes obtained from
the local cache, from peers or from the Hosted
Cache server.
Server N/A
Hosted cache N/A
Bytes From Server
Client Reports the total number of bytes obtained from
the original content server.
Server N/A
Hosted cache N/A
Cache Hit Ratio
Client Percentage of bytes retrieved successfully from
the Distributed Cache relative original content
size.
Server N/A
Hosted cache N/A
Web server performance counters Some Web Server specific BranchCache performance counters exist under the heading
BranchCache Kernel Mode.
52
Client Cache Miss Bytes
Client N/A
Server Total number of bytes served because content
was not found within the branch.
Hosted cache N/A
Hash Bytes
Client N/A
Server Total number of bytes of identifiers transferred.
Hosted cache N/A
Hypothetical Server Bytes Without Caching
Client N/A
Server Total number of bytes that would have been
transferred if the BranchCache kernel mode
component was not present.
Hosted cache N/A
Processed HTTP Requests
Client N/A
Server Total number of BranchCache aware HTTP
requests received by the server.
Hosted cache N/A
Server Cache Miss Bytes
Client N/A
Server Total number of bytes served because hashes
53
for the content were not currently on the server.
Hosted cache N/A
Total HTTP Requests
Client N/A
Server Total number of HTTP requests received by the
server.
Hosted cache N/A
Changing BranchCache Ports
This section explains how to modify the port on the Hosted Cache server that is used by clients.
To change the port
1. Open an elevated Command Prompt window (click Start, click All Programs, click
Accessories, right-click Command Prompt, and then click Run as administrator).
2. Type NetSH BranchCache set service mode=local, and then press ENTER.
3. Close the elevated Command Prompt window.
Hosted Cache serverThe Hosted Cache server downloads and caches content from clients by using TCP over port 80
by default:
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\
Peers\Connection" /v ConnectPort /t REG_DWORD /d <NEWPORT> /f
netsh br set ser hostedclient location=xxxx
Hosted Cache clientsHosted Cache clients download content from Hosted Cache server by using TCP over port 80 by
default:
REG ADD "HKLM\Software\Microsoft\Windows NT\CurrentVersion\PeerDist\DownloadManager\
Peers\Connection" /v ListenPort /t REG_DWORD /d <NEWPORT> /f
netsh br set ser hostedserver
restart peerdistsvc
54
Event Logs
BranchCache has an operational log and a security log. The operational log is the main Event
Log for the BranchCache service. It is separate from the Windows Application Log. The
operational log appears in the Event Viewer UI at “Applications and Services Logs\Microsoft\
Windows\PeerDist\Operational.” The following table shows the main events for deployment and
diagnostic purposes.
Event Name Event Description
ServiceStartupEvent The BranchCache service started successfully.
ServiceShutdownEvent The BranchCache service stopped
successfully.
ServiceStartupFailedEvent The BranchCache service failed to start.
ConfigChangeEvent A configuration change was detected (registry
keys).
HCDetectedBothServerAndClientSettingsEvent This computer is configured as a Hosted Cache
computer and it is also configured to use
Hosted Cache. Only one of these options can
be used on a given computer. Please fix the
configuration by using the netsh commands.
DiscoveryBlockedByFirewallEvent The port used for discovering the availability of
cached content on this client is blocked by the
firewall. As a result, other clients on the
network cannot discover this client. Run the
command netsh branchcache set service
distributed from an elevated command
prompt. This opens the needed firewall port
(3702 inbound UDP) for enabling discovery.
Alternatively, you can manually open this port
in the firewall. Refer to the deployment guide
for more details.
DownloadBlockedByFirewallEvent The port used for serving content to requesting
clients is blocked by the firewall. As a result,
other clients on the network (including the
Hosted Cache) will not be able to retrieve
content from this client. Please run the
command netsh branchcache set service
from an elevated command prompt to set the
service mode. This opens the needed firewall
55
Event Name Event Description
port (80 inbound TCP). Alternatively, you can
manually open this port in the firewall. Refer to
the deployment guide for more details.
HCProtocolBlockedByFirewallEvent The port used by the Hosted Cache for
accepting incoming client offers for content is
blocked by the firewall. As a result, clients will
not be able to add content to the Hosted
Cache. Run the command netsh branchcache
set service hostedserver from an elevated
command prompt. This opens the needed
firewall port (by default port 443 inbound TCP).
Alternatively, you can manually open this port
in the firewall. Refer to the deployment guide
for more details.
UrlReservationRequiredEvent The HTTP namespace used for serving content
to requesting clients is not reserved. Run the
command netsh http add urlacl
url=https://+:80/116B50EB-ECE2-41ac-8429-
9F9E963361B7 sddl=D:(A;;GX;;;NS) from an
elevated command prompt to reserve the
namespace. Refer to the deployment guide for
more details.
RepublishFailedToAllocateEvent BranchCache could not free enough space in
the local cache to accommodate the content
being added. Run the command netsh
branchcache set cachesize from an elevated
command prompt to increase the cache size.
Refer to the deployment guide for more details.
PublishFailedToInitializeEvent BranchCache could not publish the content.
Possible reasons are:
The publication directory location is not on
an NTFS partition.
The path is too long (typically, greater than
190 characters).
The path does not exist.
BranchCache service does not have the
permissions to write to the directory
location.
56
Event Name Event Description
Run the command netsh branchcache set
publicationcache from an elevated command
prompt. Refer to the deployment guide for more
details.
PublishFailedEvent BranchCache could not publish the content
with content-id: %2 because the publication
cache size was exceeded or the hard disk drive
did not have enough space. Run the command
netsh branchcache set
publicationcachesize from an elevated
command prompt to increase the cache size.
Refer to the deployment guide for more details.
DownloadFromPeerFailedEvent A request message sent to another
BranchCache client failed with error %6.
DownloadFromHCFailedEvent A request message sent to the BranchCache
Hosted Cache failed with error %6.
PeerQuarantinedEvent Another BranchCache client has been
quarantined by this client for approximately %2
seconds. Possible reasons are that the client
served invalid data or that it repeatedly failed to
serve data in a timely fashion.
InvalidMessageEvent An invalid request message has been received
from another BranchCache client. The request
has been dropped.
PeerRequestDeniedEvent A content retrieval request from another
BranchCache client has been denied with error
%2.
UnableToConnectToHCEvent BranchCache tried to offer content to the
Hosted Cache on %1, but there was an error
connecting to it (error code: %2). Possible
reasons are the Hosted Cache location is
incorrect, the port number used is not
configured correctly on the client, or the port to
connect to is not enabled in the firewall on the
Hosted Cache.
Run the command netsh branchcache set
service hostedclient on the client from an
elevated command prompt. Also run the
57
Event Name Event Description
command netsh branchcache set service
hostedserver on the Hosted Cache from an
elevated command prompt. Refer to the
deployment guide for more details.
HCOfferTimedOutEvent BranchCache tried to offer content to the
Hosted Cache, but the request to the Hosted
Cache timed out. Possible reasons are:
The Hosted Cache may be under heavy
load.
The Hosted Cache is not reachable due to
the port not being open in the firewall on
the Hosted Cache. Run the command
netsh branchcache set service
hostedserver on the Hosted Cache from
an elevated command prompt.
The Hosted Cache enabled client
authentication and the client was not joined
to the domain. Join your client to the
domain. Alternatively, run the command
netsh branchcache set service
hostedserver clientauthentication=none
from an elevated command prompt.
The Hosted Cache location configured on
the client is invalid. Run the command
netsh branchcache set service
hostedclient on the client from an
elevated command prompt.
Refer to the deployment guide for more details.
AccumulatedEvent %2 instance(s) of event id %1 occurred.
FirewallRulesInconsistencyEvent The firewall rules for the BranchCache service
are configured incorrectly. Run the command
netsh branchcache set service with the
appropriate service mode to set the firewall
configuration correctly. Refer to the deployment
guide for more details.
ClientDllServiceDisabledEvent The BranchCache service could not be started
because it is disabled in the Service Control
Manager. In the Service Control Manager on a
58
Event Name Event Description
client computer, change the service startup
type to Manual. In the Service Control
Manager on a server, change the service
startup type to Automatic.
LoadPersistedCacheFailedEvent BranchCache was unable to load the cache
(error code: %1, sub code: %2). Possible
reasons are that the cache file was corrupted
or it had a different version.
LoadPersistedCacheSucceededEvent The BranchCache service started and loaded a
cache file from a disk that was saved on the
hard disk drive.
SavePersistedCacheSucceededEvent BranchCache saved a cache file to the hard
disk drive.
SavePersistedCacheFailedEvent The BranchCache service stopped and was
unable to save the cache file to the hard disk
drive.
ServiceShutdownStartEvent The BranchCache service shutdown is
commencing.
SSLCertNotConfiguredEvent An SSL certificate is not bound to the
BranchCache port on the Hosted Cache server.
As a result, clients cannot add content to the
Hosted Cache. Run the command netsh http
add sslcert from an elevated command prompt
to bind a certificate.
RepublishFailedToInitializeEvent BranchCache cannot initialize the local cache
at the location [Path]. Possible reasons are that
the local cache directory location is not on an
NTFS partition, the path is too long (typically,
greater than 190 characters) or does not exist,
or the BranchCache service does not have the
permissions to write to the directory
location. Run the command netsh
branchcache set localcache from an elevated
command prompt.
59
Upgrade Notes
This section identifies known issues surfaced by Windows upgrades.
Upgrading a Hosted Cache server from Windows 7 Beta to a later Windows 7 version A cache constructed on a Hosted Cache server running the Windows 7 Beta build will be lost in
an upgrade to a later version of the operating system. This is the result of a change to the cache
file format.
Hosted Cache migration The data cache accumulated by a Hosted Cache server can be backed up, restored, and
migrated. The Hosted Cache data files can be found under the subheading Local Cache
Location in the output of the netsh branchcache show status ALL command.
If the cache location is changed prior to an operating system upgrade, the cache data is
preserved. This technique can be used instead of duplicating the cache files. Change the cache
location by using the netsh branchcache set localcache directory=<directory> command.
Choose a directory that will not be affected by the upgrade.
BranchCache uses the file modification time to ensure the correctness of the cache data files.
The file modification time of all BranchCache cache data files must not be changed during Hosted
Cache data file backup, restore, or migration. If the file modification time is changed during one of
these activities, the Hosted Cache data file will become invalid.
BranchCache and System Restore BranchCache settings are saved by System Restore, but the BranchCache data cache is not.
After using System Restore, the BranchCache settings take the values from the last restore point,
but the contents of the cache will not change.
If you change the location of the cache file on a BranchCache client or on a Hosted Cache server
after setting a System Restore point, you must manually move the BranchCache cache file to the
location set by System Restore.
Note
If you change the cache location after restoring the system, the cache file may be
overwritten.
60
top related