Microsoft has recently released a Windows update that blocks VPN connections that use the L2TP protocol widely used for remote work. With remote working still being the norm all over the world, this update has already crippled both big, and small businesses.

It is believed that the Windows updates that came out on 11th January 2021 were the cause of the current problem. Those were:

• Windows 10 – KB5009543.
• Windows 11 – KB5009566.

It has to be said, that the update itself isn’t always the root of the problem. The issue also has a lot to do with the end-point the user is trying to connect to. The problem does, however, affect both new connections, and those that have already existed by the time the update came out.

However, some specialists say that it’s not the L2TP protocol that has been broken by the update, but the MS-Chap and EAP authorization protocols. So it’s possible that the update has also negatively affected other connections that use them.

Others have also found that the KB5009624 update for Windows Server 2012 R2 creates issues for virtual machines Hyper-V. But we don’t have any specifics on the matter just yet.

Right now, there doesn’t seem to be a clear or easy fix for the problem. The Habr community suggests rolling back the update with custom-made PowerShell scripts. However, this fix isn’t readily available for thousands of non-technical remote workers and requires admin access to set up. But we thought we’d share the solution anyway:

if (get-hotfix -id KB5009543) {

wusa /uninstall /kb:5009543

}

 

if (get-hotfix -id KB5009566) {

wusa /uninstall /kb:5009566

}

Other users are also suggesting turning off or weakening IPSec. This, however, is none-advisable since it can significantly lower the security of a connection and put it at risk. This might also not work if the server setting requires strict encryption.

Until Windows releases a fix for the bug, the rollback solution seems to be the best option for those affected by the update.