Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Windows Update: Dual Scan Issues on Windows 10

January 28, 2018 Windows 10

Windows Update: Dual Scan Issues on Windows 10

Personally, I was very surprised that in some cases computers running Windows 10 may not get updates from the local WSUS server trying to access Microsoft update servers instead, despite the fact that the WSUS server on clients is configured through standard WSUS group policy. This problem is related with the term Dual Scan.

Dual Scan is the combination of settings in Windows 10 1607 or higher that makes clients ignore the settings of the local WSUS server also trying to scan external Windows Update servers for new updates. For the first time these issues were reported in May, 2017.

Both WSUS server and WU servers are scanned for updates, but a client accepts updates only from WU servers. Thus, all updates/patches from the local WSUS server that refer to Windows will be ignored by such clients. It means that they get Windows updates from the Web and the updates of drivers and other software— from WSUS.

In my case two standard policies to update the PC from the local WSUS server were enabled on the problem client in Computer Configuration\Administrative Templates\Windows Components\Windows Update section:

  • Configure Automatic Updates
  • Specify intranet Microsoft update service location

At the same time, the Defer Upgrades and Updates option is checked in Update & security -> Windows Update -> Advanced options (the setting is the same to ‘Select when Feature Updates are received’ policy).

Defer Upgrades and Updates : windows 10

With this combination of settings, the clients stop receiving Windows updates from the internal WSUS server.

Thus, Dual Scan occurs with the following combinations of policies (or equivalent registry keys or settings on Windows 10 clients):

  1. The address of the local WSUS server is set in the Specify intranet Microsoft update service location policy
  2. One of the policies that allow to defer updates in Windows Update for Business concept is enabled:
    • Select when Feature Updates are received
    • Select when Quality Updates are received
Tip. These policies are located in Computer Configuration\Administrative Templates\Windows Components\Windows Update\Defer Windows Updates. Due to these policies, a user can defer Windows 10 upgrades, so the OS is switched to Current Branch for Business. Security updates cannot be deferred.

GPO: Select when Feature Updates are received

To eliminate Dual Scan and make clients search for Windows updates only on the local WSUS server, enable the policy Do not allow update deferral policies to cause scans against Windows Update in Computer Configuration\Administrative Templates\Windows Components\Windows Update.

Windows 10 policy: Do not allow update deferral policies to cause scans against Windows Update

This policy is found in Windows 10 1607, however, by default it is not present in Windows 10 1703. To see this GPO setting, install update KB4034658 from August 8, 2017.

0 comment
0
Facebook Twitter Google + Pinterest
previous post
Fix: Outlook 2016 Search is Not Working
next post
How to Manually Import Updates into WSUS from Microsoft Update Catalog

Related Reading

The Disk is Offline Because of Policy Set...

December 12, 2019

How to Change a Network Location from Public...

December 9, 2019

Windows 10 Install Error 0x80300024

December 2, 2019

Creating Multiple Partitions on a USB Drive in...

November 26, 2019

How to Recover Deleted Files from a TRIM-Enabled...

November 14, 2019

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Follow us

woshub.com

Recent Posts

  • The Disk is Offline Because of Policy Set by an Administrator

    December 12, 2019
  • How to Backup Hyper-V Virtual Machines?

    December 10, 2019
  • How to Change a Network Location from Public to Private on Windows 10/Windows Server 2016?

    December 9, 2019
  • Configuring Storage Replica on Windows Server 2016

    December 4, 2019
  • Windows 10 Install Error 0x80300024

    December 2, 2019
  • Running PowerShell Script (*.PS1) as a Windows Service

    November 27, 2019
  • Creating Multiple Partitions on a USB Drive in Windows 10

    November 26, 2019
  • VMWare vSphere: Failed to Upload Files to Datastore

    November 21, 2019
  • How to Delete Old User Profiles Using GPO and PowerShell?

    November 19, 2019
  • Get-ADUser: Getting Active Directory Users Info via Powershell

    November 18, 2019
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • How to Repair Broken EFI Bootloader in Windows 10, 8.1
  • How to Allow Multiple RDP Sessions in Windows 10
  • How to Restore Deleted EFI Boot Partition in Windows 10/7
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • How to increase KMS current count (count is insufficient)
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top