VPN not connecting in Windows 11 on VM Pro 16

JoeMcBurnie · ‎01-15-2022

Hi, just carried out a test upgrade on my VMWare Pro 16 virtual machine from Windows 10 to 11. All seems to be working OK but I cannot connect to my office VPN. I get the following message.

The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer.

Note: I had the same issue recently with Windows 10 after an upadte and removing kb:5009543 using wusa /uninstall /kb:5009543 from a CMD as admin solved the problem. Not ideal as I understand this to be a security patch.

Thanks in advance, Joe

CarltonR · ‎01-16-2022

Just to clarify and understand what you have in place, when you say "test upgrade on my VMware Pro 16 virtual machine from Windows 10 to 11" I assuming this to mean that the VMware Pro is a virtualised instance i.e. 'embedded' within another Hypervisor from within which you run a VPN and connecting to your office . . . rather then the VPN running on the Host computer OS itself.

Assuming that the 'Win 10 [VMware Pro 16] VM' instance VPN still works, then a number of things to consider (in no particular order):

- Is the VPN software you use compatible with Win 11 ?

- Which ports does the VPN use ?

- how many firewalls are enabled on the 'Win 11 [VMware Pro 16] VM' ?

- Have you checked the firewall logs on the 'Win 11 [VMware Pro 16] VM' ?

Note: not withstanding, it's clear that this is a Windows related issue rather than VMware, and therefore perhaps it would be better directed towards a more appropriate forum.

JoeMcBurnie · ‎01-17-2022

Hi, thanks for the response. The short term solution is to remove a recent update as follows. I have paused my Windows updates for 7 days to give MS chance to resolve the issue.

Windows 11:

wusa /uninstall /kb:5009566

Clearly there are risks with this option so you at your own risk!

Thanks again, Joe

CarltonR · ‎01-17-2022

As you say, there does appear to be a known Issue with KB5009566 [22000.434] (2022-01-11), with a suggested workaround, all but on the server-side.

Known issues in this update [excerpt]

Symptom

After installing this update, IP Security (IPSEC) connections that contain a Vendor ID might fail. VPN connections using Layer 2 Tunneling Protocol (L2TP) or IP security Internet Key Exchange (IPSEC IKE) might also be affected.

Workaround

To mitigate the issue for some VPNs, you can disable Vendor ID within the server-side settings.

Note Not all VPN servers have the option to disable Vendor ID from being used.

We are presently investigating and will provide an update in an upcoming release.

JoeMcBurnie · ‎01-17-2022

Hi, thanks for the input, looking forward to future updates, Joe

CarltonR · ‎01-18-2022

Look forward no more . . . updates available:

Microsoft patches the patch that broke VPNs, Hyper-V, and left servers in boot loops
https://www.theregister.com/2022/01/18/patching_patch_tuesday/

JoeMcBurnie · ‎01-18-2022

That's excellent, appreciate the support! Joe

CarltonR · ‎01-18-2022

-

alex17pat · ‎11-10-2023

I can tell you what worked for me, what i did was this uninstalled latest security updates.