cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

January 2022 Quality Update Breaks VPN Connections

BrianG-PPN
Occasional Contributor

‎Jan 12 2022 08:52 AM

‎Jan 12 2022 08:52 AM

January 2022 Quality Update Breaks VPN Connections

A couple forum posts:

Re: Client VPN Error After January Windows Updates - The Meraki Community

 

KB5009543 - January 11, 2022 Breaks L2TP VPN Connections : sysadmin (reddit.com)

 

These clearly outline the issue with the latest updates breaking VPN connectivity for many Meraki VPN systems (and perhaps others). Rolling back the update resolves the issue.

 

A couple questions for the Windows update team:

1. Any idea when Microsoft will be able to review, confirm and correct this issue?

2. If Microsoft were to release a fix for this part way through the month, how would you typically recommend this get deployed? Windows update for Business doesn't allow us to control/deploy anything other than the Feature and Quality updates. Is the recommendation to just remain unpatched until the February Quality update catches things up and presumably includes a fix for the VPN issue?

51.5K Views
9 Likes
31 Replies
Reply
31 Replies
Theo_Stauffer

‎Jan 13 2022 12:44 AM

‎Jan 13 2022 12:44 AM

Re: January 2022 Quality Update Breaks VPN Connections

Have just discovered this. Please let us know when we can expect a fix.
0 Likes
Reply
Atticraider

‎Jan 13 2022 01:17 AM - edited ‎Jan 13 2022 01:32 AM

‎Jan 13 2022 01:17 AM - edited ‎Jan 13 2022 01:32 AM

Re: January 2022 Quality Update Breaks VPN Connections

@Theo_Stauffer 

 

Morning,

Currently the work around is to uninstall the windows update (KB5009543), once uninstalled you will then need to restart your PC. After you have done this you will then be able to connect to the VPN.

 

Once you have tested the VPN connection and it was successful I would suggest to run "wushowhide" and hide the update so it doesn't reinstall until a fix has been released, however you don't need to do this bit for the VPN to work.

 

This is just a work around until a fix has been released for this issue.

 

Regards

0 Likes
Reply
jungzimm

‎Jan 14 2022 07:11 AM

‎Jan 14 2022 07:11 AM

Re: January 2022 Quality Update Breaks VPN Connections

@Atticraider 
Attempts to uninstall using elevated command prompt and attempts to restore to a restore point both fail on my win10 desktop that I need to access my employer's network over l2tp (ipsec) using windows client. Is there another work around. I need this to continue in my job.

0 Likes
Reply
Reza_Ameri

‎Jan 14 2022 07:42 AM - edited ‎Jan 16 2022 07:17 AM

‎Jan 14 2022 07:42 AM - edited ‎Jan 16 2022 07:17 AM

Re: January 2022 Quality Update Breaks VPN Connections

Thank you for sharing this is a known issue and Microsoft is aware of it and is working on the fix. As a workaround you may disable the "Vendor ID" in the VPN server (note not all VPN servers have this option).
In case it didn't work, you may uninstall the update.
Take a look at:
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009566-os-build-22000-434-eee797fa-5ee3...

0 Likes
Reply
helviojr

‎Jan 15 2022 11:37 AM - edited ‎Jan 15 2022 11:43 AM

‎Jan 15 2022 11:37 AM - edited ‎Jan 15 2022 11:43 AM

Re: January 2022 Quality Update Breaks VPN Connections

The option to be renoved from IPsec server's response is Vendor ID (instead of Vector ID), according to the referred link, but there are dozens of vendor ids, with different purposes each, that are exchanged between the client an the server. For example, to negotiate dead peer detection, tunnel over NAT, Xauth authentication, many really needed to establish a tunnel. I'll try to test some configuration on server side to try to disable some.

2 Likes
Reply
Reza_Ameri

‎Jan 16 2022 07:18 AM

‎Jan 16 2022 07:18 AM

Re: January 2022 Quality Update Breaks VPN Connections

Microsoft is working on it and they will share update soon.
0 Likes
Reply
ShamnadRSA

‎Jan 16 2022 06:11 PM

‎Jan 16 2022 06:11 PM

Re: January 2022 Quality Update Breaks VPN Connections

Can someone detail how we can disable Vendor ID?@BrianG-PPN 

0 Likes
Reply
ShamnadRSA

‎Jan 16 2022 06:13 PM

‎Jan 16 2022 06:13 PM

Re: January 2022 Quality Update Breaks VPN Connections

Now we are uninstalling KB50095643 and pausing the update. on each client devices
0 Likes
Reply
Theo_Stauffer

‎Jan 17 2022 02:01 AM

‎Jan 17 2022 02:01 AM

Re: January 2022 Quality Update Breaks VPN Connections

Microsoft, this is kind of critical and certainly not only for us. Our VPN does not expose any Vendor ID that can be disabled and we have 60% of our company in home office due to the pandemic. Uninstalling the security update and pausing updates for 7 days is not a good solution. Please expedite a fix.
1 Like
Reply
maskay

‎Jan 17 2022 09:30 PM

‎Jan 17 2022 09:30 PM

Re: January 2022 Quality Update Breaks VPN Connections

@Theo_Stauffer good news, MS released a patch yesterday and it worked for me. you can let your windows updates go through and KB5010793 will fix the issue that was introduced by KB5009543

1 Like
Reply
Theo_Stauffer

‎Jan 18 2022 01:51 AM

‎Jan 18 2022 01:51 AM

Re: January 2022 Quality Update Breaks VPN Connections

Thank you so much. I really appreciate that Microsoft managed to get a fix out this rapidly.
0 Likes
Reply
Reza_Ameri

‎Jan 18 2022 07:27 AM

‎Jan 18 2022 07:27 AM

Re: January 2022 Quality Update Breaks VPN Connections

Like I mentioned earlier Microsoft has been working on this issue and they released an update to fix it and in case you update your Windows , it will fix the issue.
Take a look at:
https://support.microsoft.com/en-us/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-...
0 Likes
Reply
BrianG-PPN

‎Jan 18 2022 07:51 AM

‎Jan 18 2022 07:51 AM

Re: January 2022 Quality Update Breaks VPN Connections

Microsoft still doesn't release these out of band updates via the Windows Update for Business release channel which is how we distribute all of our updates (using update rings in Intune). Why is this not able to be deployed and managed through Microsoft's native tools that they seem to recommend so strongly for cloud-based update management?
1 Like
Reply
Reza_Ameri

‎Jan 19 2022 08:30 AM

‎Jan 19 2022 08:30 AM

Re: January 2022 Quality Update Breaks VPN Connections

This is like emergency update and only those affected should download it. It will be available in next cumulative update.
0 Likes
Reply
BrianG-PPN

‎Jan 19 2022 08:36 AM

‎Jan 19 2022 08:36 AM

Re: January 2022 Quality Update Breaks VPN Connections

I understand that it's an emergency update but we *are* affected and we manage our updates exclusively through Intune update rings in the cloud (we don't have on-prem infrastructure to assist with this).

In these emergency update cases we're now stuck either remaining unpatched for the rest of the month (not ideal from a security perspective) or we would resume our updates and then manually connect to each computer and install the update we manually download from the Windows Update catalogue. You can see how that's not really ideal, right? Now that the patch is out and fixed it would be ideal if we could push that out via Intune update rings to get users fully patched and fully functional.
1 Like
Reply
helviopichamone

‎Jan 19 2022 10:06 AM

‎Jan 19 2022 10:06 AM

Re: January 2022 Quality Update Breaks VPN Connections

@BrianG-PPN I can confirm the update works, but I got really surprised it is not released as critical update, as it does not seems reasonable Microsoft stop half the companies in the world and does not releases it to automatic applying. Testing, I installed all updates (as I asked all my customers to do) and the bug was there. So I could see one must choose the "Optional Updates", click on the bug correction and apply it manually. It will keep a lot of enterprises, where a technician cannot come computer by computer, in the Cave Era for some time yet.

0 Likes
Reply
BrianG-PPN

‎Jan 19 2022 10:59 AM

‎Jan 19 2022 10:59 AM

Re: January 2022 Quality Update Breaks VPN Connections

The update works however when using Windows Update for Business the "Optional Updates" section within the Windows Update tool is not available so this isn't an option for distributing the updates. If you navigate to the page describing the out of band update here: https://support.microsoft.com/en-us/topic/january-17-2022-kb5010795-os-build-22000-438-out-of-band-2... you can see (in the How to Get This Update section under Windows Update for Business) that it's not available through that release channel. So the behaviour is apparently "as designed" or "expected" but frustrating when we have an OOB update that we'd like to distribute efficiently.
1 Like
Reply
best response confirmed by BrianG-PPN (Occasional Contributor)
Reza_Ameri

‎Jan 20 2022 06:22 AM

‎Jan 20 2022 06:22 AM

Solution

Re: January 2022 Quality Update Breaks VPN Connections

Yes, your argument is valid.
As a workaround you may use "Win32 app management" in Microsoft Intune and download the package from the Microsoft Update Catalogue and then deploy it using the Microsoft Intune, take a look at:
https://docs.microsoft.com/en-us/mem/intune/apps/apps-win32-deploy-update-package
I know it is a bit challenging but it is possible to deploy updates in the Microsoft Intune too.
0 Likes
Reply
jakeward

‎Jan 21 2022 01:56 AM

‎Jan 21 2022 01:56 AM

Re: January 2022 Quality Update Breaks VPN Connections

@BrianG-PPN I've got the exact same issue. It's frustrating as using WU4B is what MS recommend for a company like ours and now we are getting the worst experience when it comes to resolving an issue they have introduced.

I've also found pausing the update rings has not stopped this update from going out to some users.

0 Likes
Reply