Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Windows Update: Dual Scan Issues on Windows 10

January 28, 2018 Windows 10

Windows Update: Dual Scan Issues on Windows 10

Personally, I was very surprised that in some cases computers running Windows 10 may not get updates from the local WSUS server trying to access Microsoft update servers instead, despite the fact that the WSUS server on clients is configured through standard WSUS group policy. This problem is related with the term Dual Scan.

Dual Scan is the combination of settings in Windows 10 1607 or higher that makes clients ignore the settings of the local WSUS server also trying to scan external Windows Update servers for new updates. For the first time these issues were reported in May, 2017.

Both WSUS server and WU servers are scanned for updates, but a client accepts updates only from WU servers. Thus, all updates/patches from the local WSUS server that refer to Windows will be ignored by such clients. It means that they get Windows updates from the Web and the updates of drivers and other software— from WSUS.

In my case two standard policies to update the PC from the local WSUS server were enabled on the problem client in Computer Configuration\Administrative Templates\Windows Components\Windows Update section:

  • Configure Automatic Updates
  • Specify intranet Microsoft update service location

At the same time, the Defer Upgrades and Updates option is checked in Update & security -> Windows Update -> Advanced options (the setting is the same to ‘Select when Feature Updates are received’ policy).

Defer Upgrades and Updates : windows 10

With this combination of settings, the clients stop receiving Windows updates from the internal WSUS server.

Thus, Dual Scan occurs with the following combinations of policies (or equivalent registry keys or settings on Windows 10 clients):

  1. The address of the local WSUS server is set in the Specify intranet Microsoft update service location policy
  2. One of the policies that allow to defer updates in Windows Update for Business concept is enabled:
    • Select when Feature Updates are received
    • Select when Quality Updates are received
Tip. These policies are located in Computer Configuration\Administrative Templates\Windows Components\Windows Update\Defer Windows Updates. Due to these policies, a user can defer Windows 10 upgrades, so the OS is switched to Current Branch for Business. Security updates cannot be deferred.

GPO: Select when Feature Updates are received

To eliminate Dual Scan and make clients search for Windows updates only on the local WSUS server, enable the policy Do not allow update deferral policies to cause scans against Windows Update in Computer Configuration\Administrative Templates\Windows Components\Windows Update.

Windows 10 policy: Do not allow update deferral policies to cause scans against Windows Update

This policy is found in Windows 10 1607, however, by default it is not present in Windows 10 1703. To see this GPO setting, install update KB4034658 from August 8, 2017.

0 comment
0
Facebook Twitter Google + Pinterest
previous post
How to Create the DaRT 10 Recovery Image
next post
How to Manually Import Updates into WSUS from Microsoft Update Catalog

Related Reading

How to Disable NetBIOS and LLMNR Protocols in...

April 9, 2021

Enable Windows Lock Screen after Inactivity via GPO

April 8, 2021

Can’t Copy and Paste via Remote Desktop (RDP)...

March 31, 2021

UAC: This App Has Been Blocked for Your...

March 30, 2021

How to Unlock a File Locked by Any...

March 29, 2021

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • How to Disable NetBIOS and LLMNR Protocols in Windows Using GPO?

    April 9, 2021
  • Enable Windows Lock Screen after Inactivity via GPO

    April 8, 2021
  • How to Create and Manage Scheduled Tasks with PowerShell?

    April 7, 2021
  • Updating Windows VM Templates on VMWare with PowerShell

    April 5, 2021
  • Running Multiple IIS Websites on the Same Port or IP Address

    April 1, 2021
  • Can’t Copy and Paste via Remote Desktop (RDP) Clipboard

    March 31, 2021
  • UAC: This App Has Been Blocked for Your Protection on Windows 10

    March 30, 2021
  • How to Unlock a File Locked by Any Process or SYSTEM?

    March 29, 2021
  • Configuring a Domain Password Policy in the Active Directory

    March 26, 2021
  • Using Native Package Manager (WinGet) on Windows 10

    March 24, 2021

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • How to Create a Wi-Fi Hotspot on your Windows 10 PC
  • How to increase KMS current count (count is insufficient)
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • How to Download APPX Installation File from Microsoft Store in Windows 10 / 8.1
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top