Problems with updates on Windows 10

Question

1/11/22 I got 2 updates and after the updates were done I tried to log on my VPN to work and it came back with an error saying that L2TP negotiation failed.

we tried many things to fix it including re installing the VPN. replacing the NIC Drivers. finally we uninstalled the update and it started working. We use a windows built in connection with L2TP and a pre-shared key. Seem pretty standard, we are going to a Meraki router.

Seems like Cisco runs the world of business communications.

4 other people in the office had the same problem and after the second one it was just uninstall the updates.

I have updates on a 2 week hold. I need info on whether they are going to fix it or what to do to have updates and keep the VPN working.

Answer 1

FYI

Microsoft released out of band updates.

> https://support.microsoft.com/en-us/topic/january-17-2022-kb5010789-os-build-10240-19179-out-of-band-e99c8948-dadf-49e2-8ba3-479b80064c5f

"

Certain IPSEC connections might fail
Status	Originating update	History
ResolvedKB5010793	OS Build 19041.1466 <br>KB5009543 <br>2022-01-11	Resolved: 2022-01-17, 14:00 PT <br>Opened: 2022-01-13, 11:05 PT
After installing KB5009543, IP Security (IPSEC) connections which contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.Resolution: This issue was resolved in the out-of-band update KB5010793. It is a cumulative update, so you do not need to apply any previous update before installing it. If you would like to install the update before it is installed automatically, you will need to Check for updates and select "Optional updates" and then select KB5010793. To get the standalone package for KB5010793, search for it in the Microsoft Update Catalog. You can import this update into Windows Server Update Services (WSUS) manually. See the Microsoft Update Catalog for instructions. Note KB5010793 will not install automatically.Affected platforms:<ul><li><p data-prewrap="true">Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB</p></li><li><p data-prewrap="true">Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016</p></li></ul>

"

>https://support.microsoft.com/en-us/topic/january-17-2022-kb5010792-os-build-18363-2039-out-of-band-631ef9bc-7b22-4932-aa7a-a0c2499bbf9a

>https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/

Answer 2

> https://www.bleepingcomputer.com/news/microsoft/new-windows-kb5009543-kb5009566-updates-break-l2tp-vpn-connections/

> https://docs.microsoft.com/en-us/windows/release-health/status-windows-10-21h2#2773msgdesc 

"

Certain IPSEC connections might fail
Status	Originating update	History
Confirmed	OS Build 19041.1466 <br>KB5009543 <br>2022-01-11	Last updated: 2022-01-13, 12:11 PT <br>Opened: 2022-01-13, 11:05 PT
After installing KB5009543, IP Security (IPSEC) connections which contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.Next steps: We are presently investigating and will provide an update in an upcoming release.Affected platforms:<ul><li><p data-prewrap="true">Client: Windows 11, version 21H2; Windows 10, version 21H2; Windows 10, version 21H1; Windows 10, version 20H2; Windows 10, version 1909; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise 2015 LTSB</p></li><li><p data-prewrap="true">Server: Windows Server 2022; Windows Server, version 20H2; Windows Server 2019; Windows Server 2016</p></li></ul>

"

Answer 3

**NOTE**

Standard Disclaimer: There are links to non-Microsoft websites. The pages appear to be providing accurate, safe information. Watch out for ads on the sites that may advertise products frequently classified as a PUP (Potentially Unwanted Products). Thoroughly research any product advertised on the sites before you decide to download and install it.

Answer 4

Hi Dennis, my name is Neil, and I'm a Windows 10 user like you.

Sorry you're having this issue.

Microsoft is aware that the recent KB5009543 & KB5009566 updates can break L2TP VPN connections.

Please see the following link for more information: https://www.bleepingcomputer.com/news/microsoft...

As you are already aware, removing the update/s, immediately fixes the L2TP VPN connections on reboot. However, this is not ideal as it also removes other fixes the update/s addressed.

Microsoft is working on a fix, but in the meantime Microsoft states that it may be possible to mitigate the bug by disabling the 'Vendor ID,' if possible, on the VPN server.

" "To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used," Microsoft explains in a new known update issue." "

So if you disable the Vendor ID within the server side settings you can have these updates installed.

I hope this explains what is going on and the provided workaround works for you until Microsoft can release a fix for this issue.

Kindest regards,

Neil