Windows KB5009543 and KB5009566 updates break L2TP VPN connections

Hello everyone,

January Patch Tuesday updates are out and Windows administrators have been seeing issues with the Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. These updates seemingly break L2TP VPN connections.

The issue:

Users who have installed the above mentioned updates, find their L2TP VPN connections, broken when attempting to connect using the Windows VPN client. When attempting to connect to a VPN device, they are shown an error stating, "Can't connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

The Event Log will also log entries with error code 789, stating that the connection to the VPN failed.

Affected versions:

The bug is not affecting all VPN devices and seems only to be affecting users using the built-in Windows VPN client to make the connection.

Many Reddit reports also mention connection failures to SonicWall, Cisco Meraki, and WatchGuard Firewalls.

With many users working remotely and using VPN, this breakage has cost a lot and Windows admins have had to remove it.

Affected patches:

Below we have mentioned the list of affected patches. You can search for the Patch IDs or Bulletin IDs in Desktop Central and decline them, until Microsoft rolls out an official fix for the same.

Bulletin ID	Patch ID	Patch Description
MS22-JAN3	32770	2022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5009543)
MS22-JAN3	32772	2022-01 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5009543)
MS22-JAN3	32775	2022-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5009543)
MS22-JAN3	32769	2022-01 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5009543)
MS22-JAN3	32773	2022-01 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5009543)
MS22-JAN3	32774	2022-01 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5009543)
MS22-JAN3	32787	2022-01 Cumulative Update for Windows 11 for x64-based Systems (KB5009566)

As Microsoft bundles all security updates in a single Windows cumulative update, removing the update will remove all fixes for vulnerabilities patched during the January Patch Tuesday.

Unfortunately, there is no known fix or workaround for the L2TP VPN connection issues at this time.

[UPDATE]

Microsoft has released out-of-band fixes for this issue and the issue with the Windows server updates, over the course of 2 days (Jan 18 and Jan 19). These fixes are supported by ManageEngine and available in Desktop Central.

Initiate a sync between the Desktop Central server and the Central Patch Repository and search for the following Bulletin IDs or Patch IDs, then deploy them to your target systems. For the OOB updates of Hyper-v breakage and Boot loops, refer to this link

Out-of-band update for L2TP VPN connection issues

Bulletin ID	Patch ID	Patch Description
MSWU-3482	109202	2022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5010793)
MSWU-3482	109201	2022-01 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5010793)
MSWU-3482	109204	2022-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5010793)
MSWU-3482	109200	2022-01 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5010793)
MSWU-3482	109203	2022-01 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5010793)
MSWU-3482	109205	2022-01 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5010793)
MSWU-3482	109206	2022-01 Cumulative Update for Windows 11 for x64-based Systems (KB5010795)