Windows OS Hub
  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2012
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Group Policies
  • Windows Clients
    • Windows 10
    • Windows 8
    • Windows 7
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
  • PowerShell
  • Exchange

 Windows OS Hub / Windows 10 / Windows Update: Dual Scan Issues on Windows 10

January 28, 2018 Windows 10

Windows Update: Dual Scan Issues on Windows 10

Personally, I was very surprised that in some cases computers running Windows 10 may not get updates from the local WSUS server trying to access Microsoft update servers instead, despite the fact that the WSUS server on clients is configured through standard WSUS group policy. This problem is related with the term Dual Scan.

Dual Scan is the combination of settings in Windows 10 1607 or higher that makes clients ignore the settings of the local WSUS server also trying to scan external Windows Update servers for new updates. For the first time these issues were reported in May, 2017.

Both WSUS server and WU servers are scanned for updates, but a client accepts updates only from WU servers. Thus, all updates/patches from the local WSUS server that refer to Windows will be ignored by such clients. It means that they get Windows updates from the Web and the updates of drivers and other software— from WSUS.

In my case two standard policies to update the PC from the local WSUS server were enabled on the problem client in Computer Configuration\Administrative Templates\Windows Components\Windows Update section:

  • Configure Automatic Updates
  • Specify intranet Microsoft update service location

At the same time, the Defer Upgrades and Updates option is checked in Update & security -> Windows Update -> Advanced options (the setting is the same to ‘Select when Feature Updates are received’ policy).

Defer Upgrades and Updates : windows 10

With this combination of settings, the clients stop receiving Windows updates from the internal WSUS server.

Thus, Dual Scan occurs with the following combinations of policies (or equivalent registry keys or settings on Windows 10 clients):

  1. The address of the local WSUS server is set in the Specify intranet Microsoft update service location policy
  2. One of the policies that allow to defer updates in Windows Update for Business concept is enabled:
    • Select when Feature Updates are received
    • Select when Quality Updates are received
Tip. These policies are located in Computer Configuration\Administrative Templates\Windows Components\Windows Update\Defer Windows Updates. Due to these policies, a user can defer Windows 10 upgrades, so the OS is switched to Current Branch for Business. Security updates cannot be deferred.

GPO: Select when Feature Updates are received

To eliminate Dual Scan and make clients search for Windows updates only on the local WSUS server, enable the policy Do not allow update deferral policies to cause scans against Windows Update in Computer Configuration\Administrative Templates\Windows Components\Windows Update.

Windows 10 policy: Do not allow update deferral policies to cause scans against Windows Update

This policy is found in Windows 10 1607, however, by default it is not present in Windows 10 1703. To see this GPO setting, install update KB4034658 from August 8, 2017.

0 comment
0
Facebook Twitter Google + Pinterest
previous post
How to Create the DaRT 10 Recovery Image
next post
How to Manually Import Updates into WSUS from Microsoft Update Catalog

Related Reading

USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

January 15, 2021

Windows 10: No Internet Connection After Connecting to...

January 13, 2021

Updating the PowerShell Version on Windows

December 24, 2020

How to Enable and Configure User Disk Quotas...

December 23, 2020

Fix: Search Feature in Outlook is Not Working

December 18, 2020

Leave a Comment Cancel Reply

Categories

  • Active Directory
  • Group Policies
  • Exchange
  • Windows 10
  • Windows 8
  • Windows 7
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2008 R2
  • PowerShell
  • VMWare
  • MS Office

Recent Posts

  • MS SQL Server 2019 Installation Guide: Basic Settings and Recommendations

    January 19, 2021
  • USB Device Passthrough (Redirect) to Hyper-V Virtual Machine

    January 15, 2021
  • Windows 10: No Internet Connection After Connecting to VPN Server

    January 13, 2021
  • Updating the PowerShell Version on Windows

    December 24, 2020
  • How to Enable and Configure User Disk Quotas in Windows?

    December 23, 2020
  • Restoring Deleted Active Directory Objects/Users

    December 21, 2020
  • Fix: Search Feature in Outlook is Not Working

    December 18, 2020
  • Zabbix: Single Sign-On (SSO) Authentication in Active Directory

    December 17, 2020
  • Preparing Windows for Adobe Flash End of Life on December 31, 2020

    December 15, 2020
  • Auditing Weak Passwords in Active Directory

    December 14, 2020

Follow us

woshub.com
  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • How to Run Program without Admin Privileges and to Bypass UAC Prompt?
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to Create a Wi-Fi Hotspot on your Windows 10 PC
  • How to increase KMS current count (count is insufficient)
  • How to Configure Google Chrome Using Group Policy ADMX Templates?
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
Footer Logo

@2014 - 2018 - Windows OS Hub. All about operating systems for sysadmins


Back To Top