[German]The security updates for Windows released on January 11, 2022 have a very unpleasant collateral damage. All users who rely on VPN connections with L2TP over IPSEC will no longer work after installing the updates in question. Here is an overview of what is currently known about this from reader comments from the blog and elsewhere.
Windows 10/11 Updates bricks L2TP VPN
After Microsoft released the security updates for Windows as of January 11, 2022, I noticed various posts and comments as of January 12, 2022 reporting issues with VPN connections using L2TP over IPSEC.
Update KB5009566 for Windows 11
Got the first comment on the topic from German blog reader Julius, who describes the problem in connection with cumulative update KB5009566 for Windows 11 as follows (I've translated the German text):
KB5009566 (Windows 11 22000.434) seems to cause some VPN connections (L2TP/pre-shared key/PAP) to stop working with the VPN client built into Windows 11. The connection fails with the error message
"The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".
In particular, VPN connections to Cisco Meraki MX appliances are affected. For me, the problem occurs on all devices that received KB5009566 and also under different architectures (amd64 and arm64).
Julius writes that after uninstalling the January security update, VPN connection establishment works fine again. Blog reader Julius has also posted links to external sources confirming the issue (see also below).
Update KB5009543 for Windows 10 20H2 – 21H2
Aalso update KB5009543 for Windows 10 20H2 – 21H2 prevents VPN connection establishment with L2TP over IPSEC, as blog reader innocent bystander confirms in this German comment.
Blog reader Joe mentions here that VPN tunnels using IKEv2 are not affected by this problem. But I got also feedback, that IKEv2 also didn't work with this update.
At reddit there ist a thread KB5009543 – January 11, 2022 Breaks L2TP VPN Connections, also confirming the issue. The affected users writes:
As the title says. Just rebooted two Win10 laptops that installed KB5009543 & KB5008876. Now their L2TP VPNs to different sites (All SonicWalls) are not working. "The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer".
There's two other confirmed reports in the Windows 10 subreddit.
I uninstalled KB5009543 and now my L2TP VPNs work again.
From German blog reader Mathias S. I got then to the noon of 12 January 2022 still by mail a similar information. Mathias writes:
first of all many thanks for your blog, it is an irreplaceable source for Windows problem solutions!
I would like to contribute something today, we have VPN problems with our customers who use L2TP/IPsec (among others, this affects VPNs with Meraki MX and SonicWall):
With the January update KB5009543 the L2TP/IPsec VPN functionality is shot, a VPN dial-in is then no longer possible.
It's a L2TP connection error or Error 789 in the event viewer. Resetting the network stack and other things do not fix the problem. Only the command:
wusa /uninstall /kb:5009543 (in elevated command shell).
leads to a working VPN again.
Within the Microsoft Techcommunity there is a post Windows 11 Update (KB5009566) inhibits VPN connection from January 11, which also describes the whole thing. So far, in all cases, only the uninstalling the above-mentioned security updates from January 11, 2022 helps.
Microsoft Office Updates (January 4, 2022)
Microsoft Security Update Summary (January 11, 2022)
Patchday: Windows 8.1/Server 2012 R2 Updates (January 11, 2022), boot loop reported
Patchday: Windows 10 Updates (January 11, 2022)
Patchday: Windows 11 Updates (January 11, 2022)
Patchday: Updates for Windows 7/Server 2008 R2 (January 11, 2022)
Windows Server: January 2022 security updates are causing DC boot loop
Windows VPN connections (L2TP over IPSEC) broken after January 2022 update
Windows Server 2012/R2: January 2022 Update KB5009586 bricks Hyper-V Host
Cookies helps to fund this blog: Cookie settings