Microsoft Provides Workaround for L2TP VPN Connections Issues on Windows

If you’ve been having issues with VPN connections after installing the January 2022 Patch Tuesday updates on your Windows PCs, you’re not alone. Microsoft has acknowledged a new bug that is preventing its built-in Windows client from connecting to a Virtual Private Network (VPN) and it has provided a workaround while it investigates the problem further.

The Redmond giant confirmed on its Windows Health Dashboard yesterday that its recent cumulative updates for Windows 10 (KB5009543) and Windows 11 (KB5009566) are causing problems with select IPSEC connections. “After installing KB5009543, IP Security (IPSEC) connections which contain a Vendor ID might fail.

VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected,” the company explained.

The problem has been reported by several IT administrators in a Reddit thread, which explains that users encountered a VPN connection error 789 when trying to use the Windows VPN client. “Can’t connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.”

The reports suggest that users have also noticed this bug with some third-party VPN providers, including Cisco Meraki, SonicWall, Ubiquiti, WatchGuard Firewalls, as well as the WatchGuard client.

Microsoft provides a workaround for the L2TP VPN connections issue

Microsoft has said that it’s actively investigating the VPN connection issues and plans to deliver a fix in an upcoming update. In the meantime, the company has asked users to mitigate the bug by disabling the Vendor ID on the VPN server-side settings.

From the Windows Health Dashboard: Certain IPSEC connections might fail

After installing KB5009543, IP Security (IPSEC) connections which contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.

Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.

Next steps: We are presently investigating and will provide an update in an upcoming release.

In case you missed it, Microsoft has also acknowledged a new bug that prevents recent emails from showing up in Outlook searches. The Redmond giant has provided a temporary workaround to resolve the issue on Windows 10 machines. You can find more details about the problem in our separate post.