Enabling BranchCache in SCCM Quickly and Easily


Enabling BranchCache in SCCM Quickly and Easily

Enabling BranchCache in SCCM Quickly and Easily, A few months ago, I posted on Twitter about my success with deploying BranchCache. That post sort of blew up, and somehow I ended up offering to write a blog post about it… I have seen a lot of blogs about setting up BranchCache, however, most of them end up using something outside of the built-in tools that ConfigMgr provides. This post will focus on setting up BranchCache using only the built-in solutions in ConfigMgr. BranchCache is very powerful and can be configured at a much deeper level than what ConfigMgr provides out of the box, however, I didn’t feel that I needed that level of configuration for my environment. I should also mention that this is literally my first blog post, so please, be gentle!

Enabling BranchCache in SCCM Quickly and Easily

The Post that Brought Me Here


What is BranchCache?

BranchCache is a technology built-in to Windows since Windows 7 and Server 2008, it is a peer-to-peer technology designed to reduce the workload on distribution servers by allowing clients to share content between themselves. BranchCache is a very powerful technology with many options. But what really motivated me to set it up in my environment was how simple it is to turn on in ConfigMgr. Again, BranchCache has many more advanced settings and options than what I mention here. But those are not required to have a BranchCache setup that significantly reduces the load on your distribution points and network infrastructure.



Enabling BranchCache in SCCM Quickly and Easily

Example of BranchCache and PeerCache working together

Before getting into how to configure BranchCache, a few quick words on similar technology, PeerCache. However, PeerCache is an SCCM (not Windows) technology that functions in a similar way to BranchCache. However, there are a few differences:

  • PeerCache uses the SCCM content store for its content on the client machine
  • PeerCache content is free to be shared outside the client’s subnet (but won’t cross to different Boundary Groups)
  • Also, PeerCache requires the client to be reachable by its FQDN
  • PeerCache works in an SCCM distributed WinPE with little to no extra configuration
  • PeerCache SuperPeers should be carefully selected to ensure the best results

I am not going to go over the configuration of PeerCache in this article, the targeting of SuperPeers and other options makes it a bit more cumbersome to set up. However, both BranchCache and PeerCache can be set up at the same time and having both enabled can lead to even fewer downloads coming from your distribution points and less traffic over the WAN.


How to enable BranchCache using SCCM

Also, Enabling BranchCache in an SCCM Environment is easy, and consists of 2 main steps: Enabling it on the Distribution Points, and enabling it for clients.

Enabling BranchCache in SCCM Quickly and Easily

Enabling BranchCache on a Distribution Point

Enabling BranchCache on Distribution Points

First, you will want to enable BranchCache on at least one distribution point. I started with turning it on for just one distribution point in my environment. After seeing good results, I enabled it on the rest of the Distribution Points. To enable the BranchCache setting on a distribution point, you can do the following:

  1. Open up the ConfigMgr Console
  2. Head to the “Administration” tab and click “Distribution Points”
  3. Right-click and select “Properties” on the Distribution Point where you want BranchCache enabled
  4. In the “General” tab, check the box for “Enable and configure BranchCache for this distribution point”. Then click “Apply” and “OK”

Enabling BranchCache on ConfigMgr Clients

Once BranchCache is enabled on at least one Distribution Point, you can turn it on for your ConfigMgr clients.

Enabling BranchCache in Client Settings

The easiest way to configure BranchCache for your clients is through Client Device Settings. Because we are configuring BranchCache through Client Settings. The configuration can be rolled out as quickly or slowly as you want. For my environment, I tested a small subset of systems before rolling it out everywhere. Within a week of rolling out BranchCache everywhere, I was seeing huge amounts of data being shared through BranchCache. If you have concerns about congestion from Wi-Fi devices sharing their content. (I received a few questions on this. But have not seen any issues myself.) You can exclude, for example, all laptops from the collection that BranchCache is enabled on.

To turn on BranchCache for your clients, do the following:

  1. Head to the “Administration tab in the ConfigMgr Console
  2. Open “Client Settings” and either right-click and select “Properties” for the appropriate Client Settings. You want to modify or create a new set of Client Settings. (I started by creating a new set of settings, and eventually moved the BranchCache configuration to the Default Settings)
  3. Put a check on the “Client Cache Settings”, then navigate to the “Client Cache Settings” page that appears.
  4. Set the following settings on the “Client Cache Settings” page:
    1. Configure BranchCache – Yes
    2. Enable BranchCache – Yes
    3. Maximum BranchCache cache size (percentage of a disk) – 10 is the default, choose whatever amount is good for your environment.
    4. If you want other Client settings to manage the cache size. Make sure to set “Configure Client Cache Size to “No” here
    5. Click OK to accept these settings
  5. Right-click the client settings you just created and select “Deploy”
  6. Choose the device collection to deploy these settings to
  7. You are done! Now it is time to watch the data savings!


How to tell if BranchCache is working?

The easiest way to check that BranchCache is actually working is right in the ConfigMgr Console! Head to “Monitoring” -> “Distribution Status” -> “Client Data Sources”. From there you can see where clients are downloading from based on Boundary Group. After BranchCache was enabled in my environment. I simply checked this page daily to see how well things were working out.

Note: You may have to turn on the “Client Peer Cache” feature in “Administration” -> “Updates and Servicing” -> “Features” in order for the Client Data Sources dashboard to show up (Thanks to Bert in the comments for pointing this out!).

Content Distribution View in the SCCM Console


If you want to ensure the client setting is set on your clients. The following command run in an admin PowerShell session on a client will be able to tell you that:

Get-WmiObject -Namespace root\ccm\policy\machine -class ccm_superpeerclientconfig


Andrew Jimenez

Twitter: @AndrewJimenez_

Add task sequence dependencies to DP group

, , , , , ,

We’re working on adding new distribution point that are used exclusively for imaging.  This motivated me to create a script to make sure all dependent packages are assigned to the proper distribution point group.  (You are using distribution point groups right?)

Change the site code in the script and it will prompt you for the task sequence and then prompt for the distribution point group.  After that, magic!  🙂

I wasn’t planning on posting this one yet as it could use a lot of polish but I’m sure it’ll evolve as time goes on and I’ll do my best to keep this updated.

On to the code…



$siteCode = "CM1"
Import-Module ConfigurationManager
Set-Location "$($siteCode):"
$site = (Get-CMSite -SiteCode $siteCode)
$sequences = Get-CMTaskSequence | Select-Object -Property Name | Out-GridView -Title "Select task sequences for DG" -PassThru
$dg = Get-CMDistributionPointGroup | Out-GridView -Title "Select a distribution point group." -PassThru
if($ConfirmPreference -eq 'Low') {$conf = @{Confirm = $true}}
foreach ($tsname in $sequences)
    $ts = Get-CMTaskSequence -Name $tsname.Name
    Write-Host "References $($ts.References.Count)"
    foreach ($ref in $ts.References)
        $pkgContentServer = $null
        $pkgId = $null
        if ($ref.Type -eq 0)
            $pkgContentServer = Get-WmiObject -ComputerName $site.ServerName -Namespace "rootSMSsite_$($site.SiteCode)" -Class SMS_PackageContentServerInfo -Filter "PackageID = '$($ref.Package)' AND ContentServerID = '$($dg.GroupID)'"
            $pkgId = $ref.Package
        elseif ($ref.Type -eq 1)
            $app = Get-CMApplication -ModelName $ref.Package
            $pkgContentServer = Get-WmiObject -ComputerName $site.ServerName -Namespace "rootSMSsite_$($site.SiteCode)" -Class SMS_PackageContentServerInfo -Filter "PackageID = '$($app.PackageID)' AND ContentServerID = '$($dg.GroupID)'"
            $pkgId = $app.PackageID
        if ($pkgContentServer -eq $null)
            Write-Host "Adding distribution point group $($dg.Name) to package $($ref.Package)."
            if ($PSCmdlet.ShouldProcess("$($ref.Package)", "Distribute package"))
                if ($ref.Type -eq 0)
                    $baseObject = Get-WmiObject -ComputerName $site.ServerName -Namespace "rootSMSsite_$($site.SiteCode)" -Class SMS_PackageBaseClass -Filter "PackageID = '$pkgId'"
                    Start-CMContentDistribution -InputObject ($baseObject | ConvertTo-CMIResultObject) -DistributionPointGroupName $dg.Name #-WhatIf:([bool]$WhatIfPreference.IsPresent) #@conf
                elseif ($ref.Type -eq 1)
                    Start-CMContentDistribution -ApplicationId $app.CI_ID -DistributionPointGroupName $dg.Name
    $bootImage = Get-CMBootImage -Id $ts.BootImageID
    $pkgContentServer = Get-WmiObject -ComputerName $site.ServerName -Namespace "rootSMSsite_$($site.SiteCode)" -Class SMS_PackageContentServerInfo -Filter "PackageID = '$($bootImage.PackageID)' AND ContentServerID = '$($dg.GroupID)'"
    if ($pkgContentServer -eq $null)
        Write-Host "Adding distribution point group $($dg.Name) to package $($bootImage.PackageID)."
        if ($PSCmdlet.ShouldProcess("$($bootImage.PackageID)", "Distribute package"))
            $baseObject = Get-WmiObject -ComputerName $site.ServerName -Namespace "rootSMSsite_$($site.SiteCode)" -Class SMS_PackageBaseClass -Filter "PackageID = '$($bootImage.PackageID)'"
            Start-CMContentDistribution -InputObject ($baseObject | ConvertTo-CMIResultObject) -DistributionPointGroupName $dg.Name

ALSO CHECK : Post OSD Scheduled Task

Rebuild site servers without redistributing content over the WAN

, , , , , , , , , ,

Rebuild site servers without redistributing content over the WAN:

Outlining the Project


                In order to support the Windows 10 Migration project for this customer the hierarchy needed to be upgraded to a level to support deploying/managing of windows 10v1607. The current level of the environment is 2012 R2 SP1 and we will move to CB1606 and upgrade to CB1610. During this time I took the opportunity to simplify the architecture as there were dozens of unnecessary secondary sites. These locations would have the site replaced with a single distribution point. There was no getting around these secondary sites as the pre-req check would fail due to the unsupported version of SQL server express installed on the systems. SCCM does support in place upgrade of SQL on a site server but that is limited to full SQL and not the express version. The best practice would be to spin up the new servers, configure them as Pull Distribution Points, pull the content from the old servers, and then smoothly transition between the two. In this environment, however, we were not provided with new servers to use, and we were faced with the added difficulty of prohibitively slow WAN connections, requiring us to come up with an alternative solution.




Best Practice/Worst Practice


                What we came up with was a series of PowerShell scripts that eventually evolved into the Distribution Content Migration Tool-Kit module.  This module takes queries WMI to pull a list of all content assigned to a Distribution Point and runs on the Distribution Point to create prestage packages for all of that content.  Once the required roles have been removed, reconfigured, and added back to the server, the module then allows all of that content to be reassigned to the Distribution Point and subsequently extracted to complete the migration.



Prerequisite Components


                Because portions of this module had to run locally on our Secondary servers, we needed the Configuration Manager libraries loaded as well as the most recent version of the Windows Management Framework.  While it is possible to just copy over the required DLL files and import them into PowerShell, we did want to stick with something more reliable and consistent, so we installed .NET 4.5, WMF 5, which is required to install the Configuration Manager Console. These updates were all copied to the server and then installed to the clients with a quick PowerShell query to find all servers with the Secondary Site role installed piped into a Copy command.  A few reboots later, and the servers were primed to migrate.



Before Removing Roles


                Modify the site assignment and site server referenced on your boundary groups to talk to another site system server. This is set for your boundary by the boundary group applied to it. I changed the site assignment to my primary site server. I changed my site system servers to the MP on my primary and I left the DP blank as this was only an expected outage of less than 2 hours. Once the conversion is complete I will place my DP here for the boundary group. If you do not want to leave that blank you can use the closest DP that has open ports for communication. Remember do not remove any of the roles until we create the pre-staged content locally on the site server.



Prepare server for role removal


                The tool-kit is made up of four separate scripts written out as the functions Get-DPContent, Prestage-Content, Restage-Content, and Extract-Content.  



Script Step 1: Get-DPContent


                The Get-DPContent function requires you to specify a Distribution Point and will pull a list of every piece of content SCCM has assigned to it.  It returns an unformatted array of WMI SMS_PackageBaseClass objects which can look a little daunting, but can be easily formatted for reporting or further processing.


Title: A single DP Content Info object - Description: This is the raw dump of the information returned when you get the SMS DPContentInfo class


Figure 1 – Raw data produced by the SMS_DPContentInfo Class




Figure 2 – Table-formatted values for just PackageID and Name


                I’ve seen some guides online use Get-CMDeploymentPackage to get package info, but I’ve found that WMI works up to 3x faster when querying large data sets, and it runs without needing a connection to a CMSite drive, so it’s become my preferred method.



Script Step 2: Prestage-Content


                This function does the actual work of creating a prestage PKGX file based on the package ID you provide it, the Distribution Point that holds the content, and the location of the folder that will store the package for later use.  The ConfigurationManager PowerShell module actually comes with a cmdlet called Publish-CMPrestageContent, but because that cmdlet requires you to specify the type of item you’re prestaging, we wrote this function to make the WMI call, examine the package type, and issue the correct command for you.  For one off package prestaging, this is still far and away superior to going through right click menus, but where this function shines is when it’s used in conjunction with the Get-DPContent function. 



Figure 3 – Prestaging a single package





Figure 4 – Prestaging multiple packages via For loop


Remove roles from SCCM console.


After you successfully create the pre-staged content locally on the server we can move forward.   In our case, we needed to remove all roles assigned to the server and only add the DP role back. This action required us to remove the DP, MP, and SUP. After these roles are removed we can go ahead and remove the site server.


Note: when you are decommissioning the secondary site this will also uninstall the DP role naturally. Out of habit I recommend to remove all soles prior to uninstallation of the Site.


  • Validated via the distmgr.log on the primary site server
  • Validated by no longer being seen in distribution point configuration status in the console





Removing the site server


                From the console Administration > Expand Overview > Expand Site Configuratoin > Sites > Select the site and “Delete”. This will create a new dialog box and it is important that you read the differences btwn uninstall and remove. We will choose to uninstall.





From here you can see the state of the secondary site server has moved to “Deleting”



How to monitor and the site server uninstallation process


On your secondary site server you can monitor this from C:ConfigMgrSetup.log. The site server uninstallation process is roughly as follows.


1. ConfigMgr2012 Setup is started by system with command line options /deinstall / msg2parent /nouserinput

2. Information is checked, this will be things such as the following. FQDN, OS is verified, Checks for existing setup information, existing SQL information, existing configmgr installation and version number, etc.



3. removes SQL alias for sccm

4. Starts uninstallation of secondary site by first cleaning up SQl server replication data, start uninstallation of local dp (if applicable) Remove content SCCMContentLib, SMSPKG, SMSPKGF$, SMSSIG$ directories from the server. The process will also move through list of all SCCM Services and stop/uninstall them if present and then stop WMI



After services/connections are removed you will see a number of redlines in the log file. This is only b/c connection can not be established which is expected right after stopping WMI




5. Connect to database, drop schema SMS_SiteSystemToSQLConnection, drop database, and uninstall SQL (if applicable)



NOTE: ONLY If your admin installed SQL instead of letting SCCM perform the uninstall action during site install you will see this message



6. Attempt unregister list of Binaries



7. Attempt delete remaining folders/files from within the configmgr installation directory



8. remove registry keys, restart WMI, and other services then complete uninstallation of Configuration Manager Site.



NOTE: After site is uninstalled you might run into issues where the secondary server is still showing “Deleting” this can be resolved by my other blogpost HERE where I had to use the hierarchy maintenance tool.



Remove unnecessary items


Start by uninstalling SQL (if applicable) the only time you will have to uninstall this is if the admin installed / configured SQL on the secondary site instead of letting SCCM do this action. Remove any other roles/features that are no longer needed. For this environment I also removed WSUS as it is no longer needed nor will be able to patch win 10 when the server is on server 2008R2 w/ WSUS 3.0
since we uninstalled SQL this freed up two extra drives on the machine that stored the database and the log files. These were then reclaimed by the storage team. For the entire project this allowed 1200 GB to be reclaimed. Uninstall the sccm console as it is no longer needed.



Before reinstalling DP


I have performed a number of conversions in the past where there were problems reinstalling the DP role. Typically this process goes just fine but in rare instances I ran into issues and have to completely remove the client / delete from database / rediscover / reinstall client / reinstall role, so I recommend doing the following.  


  1. Completely uninstall SCCM Client
  2. Remove the following registry HIVE “HKEY_Local_MachineSoftwareMicrosoftSMS”
  3. Reinstall SCCM client



Reinstall DP Role


                There should not be any additional configuration needed as this server previously had the DP role. Make sure this is not configured for pull dp and you enable this for pre-staged content. You can track the installation process in 2 logs: DISTMGR.LOG on the primary site server installation path and and SMSDPPROV.LOG located SMS_DP$smslogs. You can also Track through monitoring on the console


Track though the distmgr.log on your primary server and smsdpprov.log on the DP.





Script Step 3: Restage-Content


                The Restage-Content function crawls through the list of packages we saved and tells SCCM to re-assign the content.  While the Prestage-Content and Extract-Content functions need to be run on the DP you’re migrating, this command, along with Get-DPContent, can be run from any computer as it is only interacting with meta-data on the SCCM server. All you need to specify here is the location of the prestage files and the name of the distribution point they’ll be assigned to.  



Figure 5 – Content restaging in progress



Figure 6 – Existing content will not waste time trying to reassign



Script Step 4: Extract-Content


This function takes input in the form of the prestaged content location and uses Microsoft’s ExtractContent.exe program to manually add them to the content library.  While we messed with the idea of having it prompt you for the location of the ExtractContent.exe utility, we eventually decided that it was simpler to just require the exe file to be in the same directory as the prestage packages.  This takes a while to run depending on the quantity and size of your PKGX files, and in the event that some do not sync properly when you check your Distribution Point Configuration Status messages, you can run this function again, and it will only try to extract content that isn’t flagged as State=0 (successful).



Figure 7 – Content extracting one package at a time




Final Product


In conclusion, while there are some tools and packages out there that are more “double click and go” automation, we’ve found that every environment is too different for one solution to work for everybody. With that in mind, we focused on developing a toolkit that could be adjusted and tweaked for any environment and then used that to simplify our infrastructure to make life easier for the local admins.  Our next step in this project is to begin the upgrade from SCCM 2012 R2 SP1 to Current Branch 1606, and eventually to Current Branch 1610.    When all is said and done, we’ll have converted nearly three dozen secondary sites, all with their own Distribution Point, Software Update Point, and Management Point roles over to just Distribution Points.  In addition to saving several hundred GB of content distribution traffic this conversion will have eliminated much of the unnecessary SQL and WSUS traffic we saw. The storage team was also thrilled to realize 1.2TB of storage can now be reclaimed.
ALSO SEE : Lockstate Object