Community discussions

MikroTik App
 
User avatar
siscom
Member Candidate
Member Candidate
Topic Author
Posts: 192
Joined: Tue May 26, 2009 6:37 pm
Location: Malta, EU.

L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 12, 2022 12:34 pm

Hi,

We had some issues with remote users logging on the VPN L2TP/IPsec service. These were getting 'The L2TP connection attempt failed because a processing error occurred during the initial security negotiation with the remote computer'.

Seems that a Windows 11 update has caused this and the solution is to remove the update - https://techcommunity.microsoft.com/t5/ ... -p/3057844

Rgds,
Mark.
 
marisv
just joined
Posts: 2
Joined: Sun Jun 30, 2019 10:15 am

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 12, 2022 1:03 pm

Confirmed.
Same with Win 10 update KB5009543.
 
User avatar
inteq
Member
Member
Posts: 406
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 12, 2022 1:52 pm

Windows 10:
wusa /uninstall /kb:5009543
Last edited by inteq on Thu Jan 13, 2022 2:11 pm, edited 1 time in total.
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 12, 2022 3:53 pm

A few days ago I contact MS live support and ask them if they have any plan to add SHA2 for PH2 negotiation. and they told me that they will release an update this month.
 
kivimart
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Thu Oct 10, 2013 3:06 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 12, 2022 6:18 pm

wusa /uninstall /kb:5009543

Work perfect thanks
 
acron
just joined
Posts: 8
Joined: Thu Jan 12, 2017 1:10 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Thu Jan 13, 2022 12:47 pm

KB5009566 on Windows 11
 
mmtik
just joined
Posts: 13
Joined: Tue Jun 07, 2016 3:28 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Thu Jan 13, 2022 2:05 pm

wusa /uninstall /kb:5009543
I really appreciate it!
 
huntah
Member Candidate
Member Candidate
Posts: 287
Joined: Tue Sep 09, 2008 3:24 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Fri Jan 14, 2022 10:32 am

MS posted a workaround:
Workaround: To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings. Note: Not all VPN servers have the option to disable Vendor ID from being used.
But I don't think we can do that in RouterOS..
 
MultiTricker
just joined
Posts: 10
Joined: Fri Mar 09, 2012 10:17 am
Location: Czech republic
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Fri Jan 14, 2022 11:11 am

So far my colleague tried:
6.40.9 - VPN OK
6.47 - not working, win update issue
6.49 - not working, win update issue
 
User avatar
emils
Forum Veteran
Forum Veteran
Posts: 906
Joined: Thu Dec 11, 2014 8:53 am

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Fri Jan 14, 2022 1:55 pm

Disabling Vendor ID sending on responder side is not a viable option in my opinion as NAT-T detection depends on Vendor ID's. So disabling Vendor ID option on server side would not allow clients behind NAT to connect, which are most of Windows users anyway.

https://datatracker.ietf.org/doc/html/r ... ection-3.1
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Fri Jan 14, 2022 3:30 pm

lol, So it's a two-edged sword for Microsoft.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Fri Jan 14, 2022 4:46 pm

Interesting they say "Workaround: To mitigate the issue for some VPNs" - do they mean only some VPNs are broken, or all VPNs are broken and some may be fixed?

I am still able to connect successfully to Mikrotiks running 6.47.9 and 6.47.10 from Windows 10 with KB5009543 installed...
 
User avatar
CZFan
Forum Guru
Forum Guru
Posts: 2098
Joined: Sun Oct 09, 2016 8:25 pm
Location: South Africa, Krugersdorp (Home town of Brad Binder)
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Sat Jan 15, 2022 10:14 pm

....
I am still able to connect successfully to Mikrotiks running 6.47.9 and 6.47.10 from Windows 10 with KB5009543 installed...

I was unable to connect with L2TP/IPSec VPN to any of my clients, ROS ranging from 6.45.9 LT to 6.47.10 LT
 
User avatar
kiler129
Member
Member
Posts: 352
Joined: Tue Mar 31, 2015 4:32 pm
Location: IL, USA
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Sun Jan 16, 2022 7:14 am

Disabling Vendor ID sending on responder side is not a viable option in my opinion as NAT-T detection depends on Vendor ID's. So disabling Vendor ID option on server side would not allow clients behind NAT to connect, which are most of Windows users anyway.

https://datatracker.ietf.org/doc/html/r ... ection-3.1
Wait... so disabling Vendor ID as which a Microsoft-recommended workaround for their broken update will essentially break the VPN for all users behind NAT? It's like 99% users now with mobile networks using CGNAT...
 
msisupport
just joined
Posts: 1
Joined: Mon Jan 17, 2022 12:46 am

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Mon Jan 17, 2022 12:54 am

Hi All,

Is there a way to disable vendor ID on Mikrotik's? We are using mostly GR3 and RB1100 with 6.47.10 OS. I can see a Vendor ID option for DCHP but not for VPN's.

Thanks.
 
vasa85
just joined
Posts: 11
Joined: Mon Mar 03, 2014 8:10 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Mon Jan 17, 2022 10:54 am

I have experienced this problem aswell, both last week and now today for two different clients.
 
User avatar
craigmitchell
just joined
Posts: 14
Joined: Sat Aug 18, 2012 6:30 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Mon Jan 17, 2022 7:22 pm

Windows 10:
wusa /uninstall /kb:5009543
yeah this works, and you will have reenter the L2TP username/password in windows, the IPsec PSK remained.
 
dadaniel
Member Candidate
Member Candidate
Posts: 220
Joined: Fri May 14, 2010 11:51 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 7:25 am

KB5010793 has been released to fix the problems caused by the January Update
 
User avatar
inteq
Member
Member
Posts: 406
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 7:30 am

Windows 10:
wusa /uninstall /kb:5009543
yeah this works, and you will have reenter the L2TP username/password in windows, the IPsec PSK remained.
Just use https://www.draytek.com/products/smart-vpn-client/
Works just fine with Mikrotik.
You can export your profiles and import them back when needed.
Haven't used the Windows client directly in a long time.
 
User avatar
andkar
newbie
Posts: 47
Joined: Tue Aug 11, 2020 9:20 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 11:33 am

MS has released a out-of-band fix for this VPN issue.

Windows 10: https://support.microsoft.com/en-gb/top ... f9857574f9
Windows update catalog (Win 10): https://www.catalog.update.microsoft.co ... =KB5010793

I've verified that VPN is working again after this fix.

Probably Win 11 is covered as well (I just dont have the links).
 
User avatar
inteq
Member
Member
Posts: 406
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 11:39 am

MS has released a out-of-band fix for this VPN issue.

Windows 10: https://support.microsoft.com/en-gb/top ... f9857574f9
Windows update catalog (Win 10): https://www.catalog.update.microsoft.co ... =KB5010793

I've verified that VPN is working again after this fix.

Probably Win 11 is covered as well (I just dont have the links).
2 slow :p
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 2:59 pm

@inteq
Thank you for sharing I liked the Client "Draytek" it's very useful.
Did you test all the protocols working with MT?
 
User avatar
inteq
Member
Member
Posts: 406
Joined: Wed Feb 25, 2015 8:15 pm
Location: Romania

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 3:03 pm

@inteq
Thank you for sharing I liked the Client "Draytek" it's very useful.
Did you test all the protocols working with MT?
Just L2TP with IPSEC
 
User avatar
own3r1138
Long time Member
Long time Member
Posts: 681
Joined: Sun Feb 14, 2021 12:33 am
Location: Pleiades
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Jan 18, 2022 3:15 pm

I will test them all today.
It would be nice if MT would also provide something like this.
 
User avatar
rushlife
Member Candidate
Member Candidate
Posts: 244
Joined: Thu Nov 05, 2015 12:30 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 19, 2022 10:35 am

M$

Omg
 
servaris
Frequent Visitor
Frequent Visitor
Posts: 67
Joined: Tue May 20, 2014 4:30 pm
Location: Planet Earth
Contact:

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 19, 2022 10:47 am

You will need to tell windows to NOT run updates or that bug laden update will be reinstalled and you'll have the same problem. On windows10 settings => windows update settings => pause it for as long as possible.
 
eles
just joined
Posts: 14
Joined: Tue Jun 18, 2013 6:20 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Wed Jan 19, 2022 4:53 pm

Trying out the patch https://support.microsoft.com/en-gb/help/5010793 that is supposed to fix it (it's in optional updates as of writing this)

EDIT: Looks like it helped (standard Win10 Home 10.1.19044 built in L2TP/IPSec shared secret client + Mikrotik L2TP server)

Press Sauce: https://petri.com/microsoft-releases-ou ... ows-server
 
tomswenson
Member Candidate
Member Candidate
Posts: 115
Joined: Wed Apr 13, 2005 11:17 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Sat Jan 22, 2022 6:58 am

Thought I'd try the Draytek Smart VPN client as I hate all the windows updates breaking things.

I can't seem to get it to work to what was a perfectly fine Microtik using l2tp/ipsec.

I just get "unknown error"

Log on Mikrotik says: "phase1 negotiation failed due to time up:

Seems like a nice solution if I can get it to work. I think I have tried all the options in the client

Tom
 
tomswenson
Member Candidate
Member Candidate
Posts: 115
Joined: Wed Apr 13, 2005 11:17 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Sat Jan 22, 2022 7:42 am

Followup in case anyone is interested.

I had to install KB5010793 to fix the VPN before the Draytek client would work,

Thanks for all the info in all the posts here. Now to fix a bunch of clients.

Tom
 
UpRunTech
Member Candidate
Member Candidate
Posts: 209
Joined: Fri Jul 27, 2012 12:11 pm

Re: L2TP/IPsec Issues with Windows 11 update - kb5009566

Tue Feb 01, 2022 6:02 am

My Win10 laptop hadn't been updated since late last year. Today tested L2TP/IPSec and it works - I am mystfied why a client's Win11 machine doesn't (with the error above) when connecting to an RB3011. I see this thread. ^&*#%@!
Ran recommended Win10 updates and the VPN stopped with the same new error. Curses.
Refreshed the updates again and it's just finished installing 2022-01 Preview Cumulative Update 21H2 (KB5009596) and now the VPN is working again.
I'll get the client to try updating his Win11 machine to see if it's fixed for him too. <edit> He updated Win11 just now and the VPN is working again.

Who is online

Users browsing this forum: intania, sirbryan and 88 guests