locked
WSUS + Branchcache + QoS (Windows 2012 R2) not working because of QoS RRS feed

  • Question

  • Hi everyone,

    is the policy based QoS working after all? I have a domain joined Windows 2012 R2 (WSUS) and about 8 branch offices (subnets) that can access this WSUS Server.

    Every subnet has a different limited bandwidth (so i cannot use the BITS throttling feature).

    I want to achieve that 

    Berlin has 5 Mbit/s
    Munich (Branchcache) has 20 Mbit/s 
    Dusseldorf (Branchcache) has 5 Mbit/s
    Remote Workers have 20 Mbits (or even better get it directly from MS Update)

    I can set up QoS rules but they are not working (Port based and subnet based)

    Has anyone achieved this with the QoS Settings or do i have to put another device in front of this WSUS?


    Regards Stephan

    OneDrive / Sharepoint Blog


    • Edited by Stephan G Monday, May 22, 2017 5:39 AM
    Monday, May 22, 2017 5:38 AM

Answers

  • Hi everyone,

    somehow i managed the BranchCache to work.

    I added a certificate to the BranchCache (is not mentioned anywhere in the WSUS & Branchcache tutorials) and set other GPOs. The settings are for Server 2012 R2 holding Branchcache and mostly Win7 Clients

    Certificate:

    https://technet.microsoft.com/en-us/library/ff710438%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    GPO:

    https://1drv.ms/i/s!AtZRdlL3IWFKgVVF5HWXWZk3o-mh

    (Firewall Inbound for the Clients and not just the Hosted Branch Server? Maybe this rule fired it off)



    Regards Stephan

    OneDrive / Sharepoint Blog

    • Proposed as answer by Mary Dong Wednesday, June 7, 2017 1:57 AM
    • Marked as answer by Stephan G Wednesday, June 7, 2017 7:01 AM
    Tuesday, June 6, 2017 6:37 AM

All replies

  • And i just got another show stopper.

    Why for god's sake is a branchcache not allowed on a writeable domain controller?

    Each office has about 50-100 users. I don't deploy more than one server there.


    Regards Stephan

    OneDrive / Sharepoint Blog

    Monday, May 22, 2017 5:46 AM
  • Hi Stephan G,

    It seems that we cannot explicitly control  when updates are downloaded because you've opted to download all content, thus it gets queued at synchronization, and downloads will occur until the download queue is emptied.

    Maybe you could check the thread discussed before.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/1f5f12b3-fba2-4678-be72-f7466e59279b/wsus-3-sp2-eating-up-all-available-link?forum=winserverwsus

    And for deploy branchcache with RODC, that seems to be by design. The purpose of BranchCache is, (as the name implies) to cache files in branch sites, without the need for a local file server. https://technet.microsoft.com/en-us/library/hh750393.aspx

    http://www.petenetlive.com/KB/Article/0001212

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 23, 2017 8:43 AM
  • Hi Mary,

    thanks for your response. Yes it's by design but i don't understand why :)

    I now set up the Branchcache without the RegisterSCP like it is not joined a domain and added a GPO to the "Site" that points to this server. We will see if that works.

    The QoS will take place on our firewall. 

    Maybe that would be a thing to make some money. WSUS as a service ;) for companies with many remote workers. WSUS placed in cloud and a branchcache at the HQ/branch offices for the service staff.


    Regards Stephan

    OneDrive / Sharepoint Blog

    Tuesday, May 23, 2017 6:18 PM
  • Hi Stephan G,

    Maybe as I post before since the purpose of BranchCache is, (as the name implies) to cache files in branch sites, without the need for a local file.

    If you want to set the domain controller at the branch office instead of RODC. I suggest you could also refer to the article below.

    http://www.techveze.com/understanding-branch-office-infrastructure-design-considerations/

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, May 25, 2017 9:41 AM
  • Hi Mary,

    i installed the branchcache on the DC. 

    Server:

    https://1drv.ms/i/s!AtZRdlL3IWFKgVNMgmzPK8vw9kwN

    WSUS:

    https://1drv.ms/i/s!AtZRdlL3IWFKgVKgIpq_1_V9Lt8F

    GPO on Site:

    https://1drv.ms/i/s!AtZRdlL3IWFKgVQmsWfCx1QNMohY

    So where is the false config?

    WSUS is no inbound - so i do not need the Firewall rules or?


    Regards Stephan

    OneDrive / Sharepoint Blog

    Tuesday, May 30, 2017 8:54 AM
  • Hi Stephan G,

    Maybe could consult in Our WSUS forum, what ports required to be opened for WSUS server in branchoffice.

    Best Regards,

    Mary


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, May 31, 2017 1:56 AM
  • Hi everyone,

    somehow i managed the BranchCache to work.

    I added a certificate to the BranchCache (is not mentioned anywhere in the WSUS & Branchcache tutorials) and set other GPOs. The settings are for Server 2012 R2 holding Branchcache and mostly Win7 Clients

    Certificate:

    https://technet.microsoft.com/en-us/library/ff710438%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

    GPO:

    https://1drv.ms/i/s!AtZRdlL3IWFKgVVF5HWXWZk3o-mh

    (Firewall Inbound for the Clients and not just the Hosted Branch Server? Maybe this rule fired it off)



    Regards Stephan

    OneDrive / Sharepoint Blog

    • Proposed as answer by Mary Dong Wednesday, June 7, 2017 1:57 AM
    • Marked as answer by Stephan G Wednesday, June 7, 2017 7:01 AM
    Tuesday, June 6, 2017 6:37 AM