Import BranchCache Secret Key

When moving from ConfigMgr, or working along side, there is a benefit of having the DeployR server share the same Branch Cache Secret Key in both environments.

To allow DeployR to leverage the branch cache content already distributed in your environment via ConfigMgr, the branch cache server secret can be exported from your ConfigMgr DP server, and imported into DeployR.

A couple of PowerShell functions have been created for this process

Export: Export-BCSecretKey
Import: Import-BCSecretKey

Export & Import Key

On the ConfigMgr DP, Export the Key

Export-BCSecretKey -Filename c:\BCSuperSecret.key -FilePassphrase SUPERSECRETPHRASE

On the DeployR Server, copy the file over then Import

Import-BCSecretKey -Filename D:\BCSuperSecret.key -FilePassphrase SUPERSECRETPHRASE

To Confirm, you can look at the Registry. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PeerDist\SecurityManager\Restricted

Below is a capture of the Registry Value after the import of the secret key on the DeployR server, the values match so we know the import worked.

Reset DeployR BC Hash CIs

Once the import is done, DeployR will now use the new secret to create hashes, but any content already used in DeployR will already have hashes generated with the old secret. Those all need to be deleted so they will be regenerated the next time their associated content items are called by DeployR.

On the DeployR Server, go to the DeployR Content area, you'll see several precreated items, once there, do a search for *.genci

Confirm all of the items it finds are .genci files, then select all and delete

The files will regenerate the next time the content is used by DeployR.

Now DeployR & ConfigMgr content will be shared back and forth using Branch Cache, improving your P2P efficiencies.

Last updated 3 months ago

hashtagExport & Import Key

hashtagReset DeployR BC Hash CIs

Export & Import Key

Reset DeployR BC Hash CIs