Event ID 16609 — QoS Policy Update
Applies To: Windows Server 2008
Quality of Service (QoS) policies are applied to a user or computer account by using Group Policy. The QoS policies are applied to a Group Policy object (GPO), which is then linked to an Active Directory container, such as a domain, site, or organizational unit (OU), that contains the user or computer account.
|Product:||Windows Operating System|
|Message:||A user QoS policy "%2" potentially conflicts with other QoS policies. See documentation for rules about which policy will be applied at packet send time.|
Design QoS policy to avoid conflict and overlap
The QoS policies in your organization might have been designed to overlap. Only one QoS policy can apply to outbound traffic. At network traffic send time, the QoS policy with the most specific match is applied. To ensure the QoS policies you want are applied in your network, you might consider designing your QoS policies with this policy matching in mind.
Like GPOs, QoS policies have precedence rules to resolve conflicts when multiple QoS policies apply to a set of traffic. For outbound TCP or UDP traffic, only one QoS policy can be applied at a time, which means that QoS policies do not have a cumulative effect. For example, throttle rates specified by multiple QoS policies are not summed.
In general, the QoS policy with the most matching conditions wins. When multiple QoS policies apply, the rules fall into three categories:
- User-level vs. computer-level
- Application name versus the network quintuple
- Among the network quintuple
In this case, network quintuple means the source IP address, destination IP address, source port, destination port, and protocol (TCP or UDP).
User-level taking precedence over computer-level
User-level QoS policy takes precedence over computer-level QoS policy. This rule greatly facilitates management of QoS GPOs, particularly for user group–based policies. For example, if the network administrator wants to define a QoS policy for a user group, he can just create and distribute a GPO to that group. The administrator does not have to worry about which computers those users are logged on to and whether those computers will have conflicting QoS policies defined, because if a conflict exists, the user-level policy always takes precedence.
Note: A user-level QoS policy is only applicable to traffic generated by that user. Other users of a specific computer, and the computer itself, are not subject to any QoS policies defined for that user.
Application specificity and taking precedence over network quintuple
When multiple QoS policies match the specific traffic, the more specific QoS policy is applied. Among policies that identify application name, a policy that includes the file path of the sending application is considered more specific than another policy that only identifies the application name without a file path. If multiple QoS policies with applications still apply, the precedence rules use the network quintuple to find the best match.
Alternatively, multiple QoS policies might apply to the same traffic by specifying non-overlapping conditions. Between the conditions of application name and the network quintuple, the policy that specifies the application is considered more specific and is applied. For example, policy_A only specifies an application name (app.exe), and policy_B specifies the destination IP address 192.168.1.0/24. When these QoS policies conflict (app.exe sends traffic to an IP address within the range of 192.168.4.0/24), policy_A gets applied. More specificity takes precedence within the network quintuple.
For policy conflicts within the network quintuple, the policy with the most matching conditions takes precedence. For example, assume policy_C specifies source IP address "any," destination IP address 10.0.0.1, source port "any," destination port "any," and protocol "TCP." Next, assume policy_D specifies source IP address "any," destination IP address 10.0.0.1, source port "any," destination port 80, and protocol "TCP." Then policy_C and policy_D both match connections to destination 10.0.0.1:80. Because policy-based QoS applies the policy with the most specific matching conditions, policy_D takes precedence in this example. However, QoS policies might have an equal number of conditions. For example, several policies might each specify only one (but not the same) piece of the network quintuple. Among the network quintuple, the following order is from higher to lower precedence:
- Source IP address
- Destination IP address
- Source port
- Destination port
- Protocol (TCP or UDP)
Within a specific condition, such as IP address, a more specific IP address is treated with higher precedence; for example, an IP address 192.168.4.1 is more specific than 192.168.4.0/24.
Note: Make sure that your QoS policies are designed as specifically as possible to simplify the understanding of your organization about which QoS policies are in effect.
To verify that the advanced QoS settings are being applied:
- Update Group Policy on your computer
- Ensure that the event in question is not in the event log
To verify the resolution of events related to QoS policies:
- Click Start, point to All Programs, click Accessories, right-click Command Prompt, click Run as administrator, and then click Continue.
- Type gpupdate /force, and then press** **ENTER to confirm that the event is no longer generated.
To view QoS events:
- Click Start, click Control Panel, click Administrative Tools, and then click Event Viewer.
- In the console tree, expand Windows Logs, and then click System.