Windows KB5009543 and KB5009566 updates break L2TP VPN connections

Windows KB5009543 and KB5009566 updates break L2TP VPN connections

Hello everyone,

January Patch Tuesday updates are out and Windows administrators have been seeing issues with the Windows 10 KB5009543 and Windows 11 KB5009566 cumulative updates. These updates seemingly break L2TP VPN connections.

The issue:

Users who have installed the above mentioned updates, find their L2TP VPN connections, broken when attempting to connect using the Windows VPN client. When attempting to connect to a VPN device, they are shown an error stating, "Can't connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

The Event Log will also log entries with error code 789, stating that the connection to the VPN failed.

Affected versions:

The bug is not affecting all VPN devices and seems only to be affecting users using the built-in Windows VPN client to make the connection.


Many Reddit reports also mention connection failures to SonicWall, Cisco Meraki, and WatchGuard Firewalls.

With many users working remotely and using VPN, this breakage has cost a lot and Windows admins have had to remove it.

Affected patches:

Below we have mentioned the list of affected patches. You can search for the Patch IDs or Bulletin IDs in Patch Manager Plus and decline them, until Microsoft rolls out an official fix for the same.

 Bulletin ID Patch ID Patch Description
 MS22-JAN3 327702022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5009543)
 MS22-JAN3 327722022-01 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5009543)
 MS22-JAN3 327752022-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5009543)
 MS22-JAN3 327692022-01 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5009543)
 MS22-JAN3 327732022-01 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5009543)
 MS22-JAN3 327742022-01 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5009543)
 MS22-JAN3 327872022-01 Cumulative Update for Windows 11 for x64-based Systems (KB5009566)

As Microsoft bundles all security updates in a single Windows cumulative update, removing the update will remove all fixes for vulnerabilities patched during the January Patch Tuesday.

Unfortunately, there is no known fix or workaround for the L2TP VPN connection issues at this time.

[UPDATE]

Microsoft has released out-of-band fixes for this issue and the issue with the Windows server updates, over the course of 2 days (Jan 18 and Jan 19). These fixes are supported by ManageEngine and available in Patch Manager Plus.

Initiate a sync between the 
Patch Manager Plus server and the Central Patch Repository and search for the following Bulletin IDs or Patch IDs, then deploy them to your target systems. For the OOB updates of Hyper-v breakage and Boot loops, refer to this link

Out-of-band update for L2TP VPN connection issues 

 Bulletin ID Patch ID Patch Description
 MSWU-3482 1092022022-01 Cumulative Update for Windows 10 Version 20H2 for x64-based Systems (KB5010793)
 MSWU-3482 1092012022-01 Cumulative Update for Windows 10 Version 21H1 for x64-based Systems (KB5010793)
 MSWU-3482 1092042022-01 Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5010793)
 MSWU-3482 1092002022-01 Cumulative Update for Windows 10 Version 20H2 for x86-based Systems (KB5010793)
 MSWU-3482 1092032022-01 Cumulative Update for Windows 10 Version 21H1 for x86-based Systems (KB5010793)
 MSWU-3482 1092052022-01 Cumulative Update for Windows 10 Version 21H2 for x86-based Systems (KB5010793)
 MSWU-3482 1092062022-01 Cumulative Update for Windows 11 for x64-based Systems (KB5010795)


Regards,

The ManageEngine Team