Fixing Jan-2022 Windows VPN problems

Chances are, if you are using a non-pure-Windows VPN on Windows, you’ve had an interesting few days. In our case, we’re using a Meraki VPN server with the standard Windows VPN client, and after the recent KB5009543 update (fixing the “Windows IKE Extension Denial of Service Vulnerability” ), any attempt to connect to our VPN was met with the following error: Cannot connect to [VPN name]. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer .

The Company VPN has kind of become indispensable in these everyone-works-from-home days, so when everybody’s connection to the office stops working, it is a big thing. We’re a couple of days further down the road and a solution has been put forward. (via community.meraki.com )

1) Quick and dirty: uninstall the patch

You can uninstall the KB5009543 patch that caused it, by typing the following in a command box:

wusa /uninstall /kb:5009543

It takes about 10 minutes and a reboot, and that indeed fixed the VPN error (with our Meraki VPN server). Unfortunately, it is temporary. The next time Windows Update runs, the patch will probably be installed again and the problems resurface. One could disable Windows Updates but that’s a whole other box of Pandora one would be opening.

2) Microsoft fix KB5010793

Microsoft was quickly made aware of the problem with their KB5009543 patch (thousands of users without VPN connection to the office will do that) and has released a patch for the patch, called KB5010793. However, this is still an optional patch with Windows Update, it will not install automatically (yet).

How does it work? (via docs.microsoft.com)

The VPN should work again!

💬 windows 🏷 vpn 🏷 security 🏷 meraki 🏷 microsoft