Forum Discussion
January 2022 Quality Update Breaks VPN Connections
A couple forum posts:
Re: Client VPN Error After January Windows Updates - The Meraki Community
KB5009543 - January 11, 2022 Breaks L2TP VPN Connections : sysadmin (reddit.com)
These clearly outline the issue with the latest updates breaking VPN connectivity for many Meraki VPN systems (and perhaps others). Rolling back the update resolves the issue.
A couple questions for the Windows update team:
1. Any idea when Microsoft will be able to review, confirm and correct this issue?
2. If Microsoft were to release a fix for this part way through the month, how would you typically recommend this get deployed? Windows update for Business doesn't allow us to control/deploy anything other than the Feature and Quality updates. Is the recommendation to just remain unpatched until the February Quality update catches things up and presumably includes a fix for the VPN issue?
- Yes, your argument is valid.
As a workaround you may use "Win32 app management" in Microsoft Intune and download the package from the Microsoft Update Catalogue and then deploy it using the Microsoft Intune, take a look at:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-deploy-update-package
I know it is a bit challenging but it is possible to deploy updates in the Microsoft Intune too.
- Microsoft, this is kind of critical and certainly not only for us. Our VPN does not expose any Vendor ID that can be disabled and we have 60% of our company in home office due to the pandemic. Uninstalling the security update and pausing updates for 7 days is not a good solution. Please expedite a fix.
Theo_Stauffer good news, MS released a patch yesterday and it worked for me. you can let your windows updates go through and KB5010793 will fix the issue that was introduced by KB5009543
- Thank you so much. I really appreciate that Microsoft managed to get a fix out this rapidly.
- Have just discovered this. Please let us know when we can expect a fix.
Morning,
Currently the work around is to uninstall the windows update (KB5009543), once uninstalled you will then need to restart your PC. After you have done this you will then be able to connect to the VPN.
Once you have tested the VPN connection and it was successful I would suggest to run "wushowhide" and hide the update so it doesn't reinstall until a fix has been released, however you don't need to do this bit for the VPN to work.
This is just a work around until a fix has been released for this issue.
Regards
Atticraider
Attempts to uninstall using elevated command prompt and attempts to restore to a restore point both fail on my win10 desktop that I need to access my employer's network over l2tp (ipsec) using windows client. Is there another work around. I need this to continue in my job.
Thank you for sharing this is a known issue and Microsoft is aware of it and is working on the fix. As a workaround you may disable the "Vendor ID" in the VPN server (note not all VPN servers have this option).
In case it didn't work, you may uninstall the update.
Take a look at:
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009566-os-build-22000-434-eee797fa-5ee3-4501-aeec-db3bc73b2c7bThe option to be renoved from IPsec server's response is Vendor ID (instead of Vector ID), according to the referred link, but there are dozens of vendor ids, with different purposes each, that are exchanged between the client an the server. For example, to negotiate dead peer detection, tunnel over NAT, Xauth authentication, many really needed to establish a tunnel. I'll try to test some configuration on server side to try to disable some.
- Microsoft is working on it and they will share update soon.
Thankyou for sharing this file.
I had the same Issue, let me go through the link you have provided.
I hope my VPN issue gets resolved because one of my Android Game Emulator doesn't seem to be working without it.
Thankyou
Can someone detail how we can disable Vendor ID?BrianG-PPN
- Now we are uninstalling KB50095643 and pausing the update. on each client devices
- Like I mentioned earlier Microsoft has been working on this issue and they released an update to fix it and in case you update your Windows , it will fix the issue.
Take a look at:
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-and-19044-1469-out-of-band-f2d4f178-5b36-49cb-a6fd-4bf9857574f9- Microsoft still doesn't release these out of band updates via the Windows Update for Business release channel which is how we distribute all of our updates (using update rings in Intune). Why is this not able to be deployed and managed through Microsoft's native tools that they seem to recommend so strongly for cloud-based update management?
- This is like emergency update and only those affected should download it. It will be available in next cumulative update.
