It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda RMM
formerly Managed Workplace

Handling Dual Scan issue with Patch Management

  • Last updated on

With devices increasingly being moved over to the Windows 10 Kernel (Windows 10, Windows Server 2016, and Windows Server 2019), we have been noticing environments exhibiting patching issues. Devices are not checking in for patch status and are merely not patching overall. We can attribute it to Dual Scan within these operating systems.

Barracuda RMM Supports Windows 10 Pro, Education, and Enterprise editions.  

To understand Dual Scan, please read the "Demystifying Dual Scan" Microsoft article found here:

Within Barracuda RMM, if you are using Patch Management, you will need to ensure that Dual Scan is disabled. But how?

First option

Run the WSUS Client Diagnostic tool located on our Knowledge Base

Second option

Check devices for Dual Scan by doing the following.

  1. Open PowerShell as Administrator
  2. Paste in this two-line script
$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
$MUSM.Services | select Name, IsDefaultAUService


Dual Scan.png

If Windows Server Update Service (WSUS) shows True and other options are false, then Dual Scan is not being utilized? If Windows Update is set as true, Dual Scan is likely enabled.

The Fix

Start by checking the latest version of the Domain Configuration Guide to ensure that you are compliant with those settings. If you are, then deploy the Disable Dual Scan for Windows Update script via Barracuda RMM.

You can now do the following to acquire the script:

  1. In your Service Center UI go to Update Center.
  2. Click Components.
  3. Click Get More.
  4. In the Search Box search for Dual Scan.
  5. Select the Disable Dual Scan for Windows Update script and Install.
  6. Run the script from the Automation Calendar against targeted Windows 10 Kernel devices.

If you are on-premise and want a copy of the script, you can contact the support desk or you can set up a custom script with the following Registry Key entry to disable the Dual Scan behaviour: 

reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /v DisableDualScan /t REG_DWORD /d 1 /f