MCC Deployment Large Enterprises

Hello everyone,

As dedicated fans of MCC, I’d like to share some challenges you might encounter when deploying MCC in conjunction with DHCP option 235. Below are key troubleshooting points and network considerations to help guide you through the process.

Preliminary Troubleshooting Steps

Before diving deeper, ensure you verify the following:

• Network Proxy: Confirm if your network uses a proxy, adjust the rules.
• TLS Inspection: Review and adjust TLS inspection rules by creating necessary exclusions.
• Firewall Policies: If Firewall Local Policy Merge is disabled for all clients, Create appropriate inbound rules for Delivery Optimization (DO) and inspect the firewall’s inbound logs on the client.
• Connectivity Test: Verify access to the MCC using a command, that is mentioned in the docs, from the client. For guidance, refer to Microsoft Documentation.
• PowerShell Check: Run Get-DeliveryOptimizationStatus to confirm that P2P is operational and that the MCC is properly recognized.
• Intune Policies: Double-check that your DO Intune policies are configured correctly.
  Network Deep Dive: DHCP Communication

If the MCC server remains unreachable via DHCP Option 235 after the initial checks, it’s time to investigate further into your network setup.

Standard DHCP Process

Typically, DHCP communication occurs in four steps:

• DHCP Discover
• DHCP Offer
• DHCP Request
• DHCP ACK

The DHCP ACK packet is where the client normally receives DHCP Option 235.

Role of VLANs and DHCP Relay

In large networks with multiple VLANs, an IP helper-address is used to set up a DHCP relay. Since DHCP broadcasts are limited to the local LAN, a DHCP relay intercepts the broadcast, converts it into a unicast request to the DHCP server on a different LAN, and then relays the unicast response (including the necessary DHCP options) back to the client.

Introduction of DHCPINFORM

In these scenarios, a fifth packet—DHCPINFORM—comes into play. This packet is sent by clients to obtain additional network configuration details (like DHCP Option 235) without needing to lease a new IP address.

Identifying and Resolving Communication Breaks

A potential issue arises when the DHCPINFORM request is either not forwarded by the firewall or core switch (which handles the IP helper function) or when the corresponding DHCP ACK response is blocked. In such cases, the client successfully obtains its IP address and basic DHCP options, but fails to receive Option 235, which is crucial for starting content downloads.

So we where able to see the DHCPINFORM request but there was any response.

The resolution involved investigating the firewall responsible for handling the IP helper function. Although the DHCP server correctly sent a DHCP ACK in response to the DHCPINFORM request, the firewall treated this as a new session and blocked it. Adjusting the firewall rules allowed the DHCP ACK to reach the client successfully.

I hope these insights help you troubleshoot and achieve a seamless deployment of MCC with DHCP Option 235. If you have any questions or need further clarification, please feel free to reach out.