locked
Delivery Optimization - DHCP Option ID doesn't set Group ID on clients RRS feed

  • Question

  • Clients: Windows 10 Enterprise 1809, Active Directory: Windows Server 2016.

    Using GPO, values set on clients:

    PS C:\WINDOWS\system32> Get-Item "HKLM:\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization"
    
        Hive: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
    
    Name                           Property
    ----                           --------
    DeliveryOptimization           DODownloadMode                        : 2
                                   DOMinBatteryPercentageAllowedToUpload : 40
                                   DOMinFileSizeToCache                  : 1
                                   DOGroupIdSource                       : 3

    Scoop on DHCP Server configured with option 234

    PS C:\Users\Administrator> Get-DhcpServerv4OptionValue | Select-Object OptionId, Name, Value
    
    OptionId Name            Value
    -------- ----            -----
          15 DNS Domain Name {jjolab.local}
           6 DNS Servers     {10.50.2.10}
          81                 {23}
         234 DOGroupID       {9a5089c6-3799-428b-af54-5fcdfe24ee34}

    DHCP option value is presented to client.

    PS C:\WINDOWS\system32> C:\Users\blahblah\Downloads\ReadDhcpOptions\ReadDhcpOptions.ps1
    Reading DHCP options
    
      IP address : 10.50.2.26
      DHCP server: 10.50.2.10
      Options    :
      - 1: FF FF FF 00
    ...
      - 234: 39 61 35 30 38 39 63 36 2D 33 37 39 39 2D 34 32 38 62 2D 61 66 35 34 2D 35 66 63 64 66 65 32 34 65 65 33 34 00 00 00 00
    

    But the clients doesn't seem to use the Group ID when talking to peers.

    FileId                                                         BytesFromGroupPeers BytesFromLanPeers BytesFromHttp
    ------                                                         ------------------- ----------------- -------------
    089f0fc109be0b9dedf23b578520b491ac5ab24f                                         0            262537       1048576
    2c27f6f5d292cf5a364fb2349f942eda0fee1771                                         0           2097152        311658
    468526a655aa5878b950812a739d97a7c68a95ce                                         0           2097152       1213718
    5b43c8a79c29bff819246b08874b9278ae7bbcef                                         0                 0       1942924
    935c1534d66ee6d0730ab9a15e8ce2a07eee90f7                                         0           2097152       2190829
    95D2EE60-C9D3-45E4-876D-BAE16D758A87_16_0_11231_20080_I640_CAB                   0                 0      24117248
    cfcbe7755275f6e40bcd37114fa443c3d6ed582e                                         0           3306147             0
    dfd60b881c38a97511c838636b80878f85e8de25                                         0           1048576       1503881

    PS C:\WINDOWS\system32> (Get-DeliveryOptimizationLog | Select-String -SimpleMatch "using GroupId").count
    0

    The DOGroupId property is apparantly missing from registry, if that is required for DO to work with Group ID, I don't know.

    The same issue is present in test and production environment.

    Clients can reach DO cloud services.

    I really dont know what to look for so if any of you have something to share that may help, please do. :^)

    Thursday, January 24, 2019 1:36 PM

Answers

All replies

  • Hi,

    Thanks for your question.

    Do you mind to tell me what do you want to realize?

    Do you want to find a script to set Group ID on clients?

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, January 25, 2019 8:21 AM
  • It's possible to set the value using script, but with Windows 10 1803 and newer that should not be necessary.

    Oliver Kieselbach says: (Source: https://oliverkieselbach.com/2018/01/27/configure-delivery-optimization-with-intune-for-windows-update-for-business/)

    "The custom group id delivered by DHCP for scoped devices will let us take control over the grouping. We can assign multiple DHCP scopes the same Group ID or different Group IDs. That’s how we build our device collections and control the peer 2 peer traffic even across NATs."

    This is exactly what we want to realize.

    We can set the Group ID manually by publishing a dozen or so GPOs but its much better to use the DHCP option. When it works that is.

    Friday, January 25, 2019 9:21 AM
  • Hi,

    Thanks for your update.

    I am researching on this. However, I am afraid that it may can not be realized by DHCP option.

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, January 28, 2019 9:12 AM
  • Hi,

    Thanks for your post in our forum.

    As your description, your requirements are about how to deploy an large environment.

    And our forum focus on break/fix issue, for this kind of large deployment, in order to have more targeted support, I suggest you contact the advisory support. They will see your deployment requirements to provide you more professional suggestions. Click on the link, and Click My support, then Submit Advisory Service request.

    https://partner.microsoft.com/en-us/support

    Kindly hope it can be helpful.

    Best Regards,

    Eric


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 29, 2019 8:13 AM
  • Oliver got in touch with me and explained how to check the (encrypted) GroupID in the logs correctly. When using the DHCP option the GroupID isn't set in the registry, but it's still being used.

    We tested this in production environment and all computers within the same scope got the same encrypted GroupId and we can see that the DO traffic is contained within the scopes. Apparently, all is working as it should.

    To get the encrypted GroupId string on a computer.

    (Get-DeliveryOptimizationLog | Select-String -SimpleMatch "GroupId" | Select-Object -Last 4) -split ',' | Select-String -SimpleMatch "GroupId"

    groupId = PwpF1iCRpFBzTikt7WhagT1BpM9bGqmfYEaCaTPVyAg=
    groupId = PwpF1iCRpFBzTikt7WhagT1BpM9bGqmfYEaCaTPVyAg=
    groupId = PwpF1iCRpFBzTikt7WhagT1BpM9bGqmfYEaCaTPVyAg=
    groupId = PwpF1iCRpFBzTikt7WhagT1BpM9bGqmfYEaCaTPVyAg=

    Friday, February 8, 2019 7:02 AM
  • How is the DHCP option working for you?  We are currently piloting this option and I wondered if you had any experience that you would be willing to share?

    Thanks in advance!

    Angela Lacy

    Thursday, October 24, 2019 1:59 PM
  • We ended up using only three GUIDs: One for school, one for the administrative network and the last one for the IT-department. The networks are separated with a firewall that before the Delivery Optimization settings was hit quite severly whenever new updates was released.

    I spent like four hours figuring out how to generate a GUID, so if anyone is wondering, here you are:

    In powershell
    ([guid]::NewGuid()).guid

    Somewhat oldish but yet very good
    Delivery Optimization - a deep dive
    https://channel9.msdn.com/Events/Ignite/Microsoft-Ignite-Orlando-2017/BRK2048



    Friday, October 25, 2019 5:35 AM
  • Thanks for your response. 

    One more question - is there a way to decrypt the GroupID that is contained in the Delivery Optimization Log to confirm that it has been correctly applied?

    Friday, October 25, 2019 1:57 PM
    • Edited by Julien SIMON Wednesday, October 30, 2019 4:22 PM
    Wednesday, October 30, 2019 4:22 PM
  • Angela, I dont know if there is a way. I'm just happy with the fact that we see the same encrypted value at the different scopes. If we move a computer to a new scope, it get the samt encrypted value as other computers at the same scope.

    Julien, Olivers program just extract the GroupID from the DHCP server. The Windows client encrypts the value and pass it on to Microsoft Delivrey Optimization service.

    • Edited by Jesper Johag Thursday, October 31, 2019 5:52 AM misspelling
    Thursday, October 31, 2019 5:50 AM
  • I don't see anything in Oliver's code that is decrypt or de-encoding the groupid...

    From the example above getting groupid, the below was returned.

    groupId = PwpF1iCRpFBzTikt7WhagT1BpM9bGqmfYEaCaTPVyAg=

    That string is some kinda encoding or encrypted string representing the groupid...any idea how to decode it?

    Thursday, October 31, 2019 7:59 PM
  • Anybody interested in DO absolutely need to know about Conneccted Cache coming soon.
    https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Introducing-Microsoft-Connected-Cache-Microsoft-s-cloud-managed/ba-p/963898

    Wednesday, November 6, 2019 7:06 AM
  • I'm really glad to read that I could help in some ways :-). I actually wrote another article about some great enhancements in the DO space. Especially in regards to encrypted DHCP Group ID and also the Microsoft Connected Cache (MCC).

    have a look here:

    Delivery Optimization with Intune and Microsoft Connected Cache (MCC)
    https://oliverkieselbach.com/2020/03/07/delivery-optimization-with-intune-and-microsoft-connected-cache-mcc/

    best,
    Oliver

    • Marked as answer by Jesper Johag Monday, March 9, 2020 6:31 AM
    Sunday, March 8, 2020 5:25 PM