Update KB50146678 breaks VPN server

Brass Contributor

After updating our Windows Server 2022 with update KB50146678 it is having a lot of network issues. The server which is running RRAS and designed for Always On VPN, can't access the Internet and clients can't connect to the VPN. I had to do a bare mental restore from backup to get it back up and running. I then made a checkpoint since it is a VM and installed the update again which gave me the same issues. Therefore, I am sure the update is causing the problem. I restored to the checkpoint and paused updates for now but wanted to report this problem and see if there is a possible fix.

6 Replies
Same problem here. RRAS works fine without the latest updates, but breaks when installing the latest updates. To access the server we had to temporarily remove network access from one of the NICs.
Well I am at least glad I am not the only one.
It seems to affect all versions, all the way back to Server 2012 R2. I have a 2012 R2 server and a Server 2016, both with RRAS, that broke when the update was installed. There is a blog post now on Bleepingcomputer about this. But no solution as far as I know, except for uninstalling the update.

Found it, and yes this does explain the same issues I am facing too. https://www.bleepingcomputer.com/news/microsoft/recent-windows-server-updates-break-vpn-rdp-rras-con...

KB5014738 has also broken other services on my W2012 storage essentials.  There are no LAN services such as file shares or printers.  No web site.  No user account authentication.   Basically the machine isn't a NAS server anymore.

I tried to deactivate the patch by creating

   Path : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat

   Value Name: "RequireIntegrityActivationAuthenticationLevel"

   Type: dword

   Value Data: default = 0x00000000 means disabled.

and then a reboot,  but it hasn't cured the problem.

I uninstalled the patch,  and everything worked fine for a few hours until Windows Update re-installed it.


Dear Microsoft,  please fix the security problem which caused this patch to be needed, but leave me with a working server.   Thank you.

I also noticed that setting RequireIntegrityActivationAuthenticationLevel to 0x0 does not solve the issues for me that I have had after the installation of the June update.