Windows 10 VPN Client broken via KB5009543
January 12, 2022 off to a busy start! Calls and emails have been pouring in today from Windows 10 and 11 users reporting issues with their Windows Built in VPN Client not allowing them to connect to VPN resources. We have seen this a few times now and it appears a new Microsoft update is at the root of the issue again.
(PLEASE REVIEW THE UPDATE SECTION OF THIS ARTICLE FOUND NEAR THE BOTTOM – “Update: As of January 26, 2022” – There is no need to remove this update KB5009543)
We found uninstalling KB5009543 following a reboot on Windows 10 machines allows the VPN Client to work again without making any other changes.
Removing KB5009566 resolves the issue for Windows 11 machines following a reboot once the uninstall completes.
We believe both updates were released on yesterday’s “Patch Tuesday”
When attempting to connect to a VPN device, users report an error stating,
“Can’t connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer”
We noticed the Event Log will also display Event ID 20227 Source = RasClient error code 789, stating that the connection to the VPN failed.
L2TP VPN Connections are very popular because of it’s light weight, fast speed and encryption strength. This problem will likely effect most all of todays most popular VPN appliances made by Cisco, Palo Alto, ZyXel, Ubiquiti, WatchGuard, pfSense, Sophos and SonicWall.
We have reached out to Microsoft about this issue but so far no response. If you would like to remove either of these updates you can follow these steps, please note a reboot will be required after uninstalling to resolve this issue.
It appears restoring the C:\Windows\System32\IKEEXT.DLL to the previous one before the update with the Oct 2021 date allows the VPN client to function again and we have tested a successful connection to L2TP connections on a few test machines we have setup in our lab.
– Open Control Panel
– Open Programs and Features or choose uninstall a program
– Choose “View installed updates” in the top left corner.
– find the selected update and double-click it and confirm you want to remove it.
If you need assistance with a script and you are a client please reach out to us directly.
(PLEASE REVIEW THE UPDATE SECTION OF THIS ARTICLE FOUND NEAR THE BOTTOM – “Update: As of January 18, 2022” – There is no need to remove this update KB5009543)
.
.
.
.
.
.
.
(PLEASE REVIEW THE UPDATE SECTION OF THIS ARTICLE FOUND NEAR THE BOTTOM – “Update: As of January 18, 2022” – There is no need to remove this update KB5009543)
Update: As of January 18, 2022 at 11:21AM EST The kb5009543 update is still available via Windows Update, but we suggest allowing it to install if not already installed and then make sure your computer installs the next patch that seems to address the VPN client issues for IKE and L2TP connections named KB5010793 it will be listed as
“2022-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems” – (KB5010793) – and be patient it took about 20 to 30 minutes to install on all of our test machines.
So far we have been able to verify this morning 1-18-2022 The KB5010793 patch does resolve the VPN client issue for L2TP VPN connections on all of our test computers so you will want to make sure none of your computers are currently pausing updates any longer to address this VPN client issue.
UPDATE: 2-10-2022 KB5009596 and KB5010793 no longer seem to be available via Windows Updates, follow this new post instead.
Windows 10 VPN Client February – Steps to fix – Atlanta IT Service
We have confirmed via several test machines running various versions of Windows 10 that the new update KB5009596 does correct the current VPN client issue.
