Recent Windows Updates Lead to Failed L2TP VPN Connections

After applying the latest KB5009543 and KB5009566 cumulative updates, several Windows users discovered they could no longer establish L2TP VPN connections.

As part of Patch Tuesday, Microsoft this week rolled out a series of Windows updates to address various bugs and security flaws. The list of updates includes KB5009543 for Windows 10 2004, 20H1 and 21H1, and the KB5009566 update for Windows 11.

After deploying the updates, many users were unable to establish L2TP VPN connections with Windows’ built-in VPN client. Attempting to connect to a VPN server elicited the following error message:

"Can't connect to VPN. The L2TP connection attempt failed because the security layer encountered a processing error during initial negotiations with the remote computer."

Upon further inspection, users discovered that the Event Log recorded entries about this incident under the 789 error code, which stated that the dialed VPN connection had failed. Reportedly, the bug only affects only VPN connections attempted through Windows’ built-in VPN client.

However, the fact that many Windows users still work remotely forced system administrators to remove faulty updates from afflicted systems manually. Doing so seems to fix the broken L2TP VPN connections instantly after rebooting the systems.

If you applied the updates and your L2TP VPN connection no longer works, you can remove them by running the following commands in an Elevated Command Prompt (with Administrator rights):

• Windows 10: wusa /uninstall /kb:5009543
• Windows 11: wusa /uninstall /kb:5009566

Uninstalling the updates, though, will also roll back any patches and fixes for other vulnerabilities and bugs they address.

For instance, this month’s Patch Tuesday saw Microsoft fixing a new, wormable HTTP vulnerability that lets attackers send specially crafted malicious packets to susceptible Windows Servers. Rolling back the patches could expose you to such attacks in exchange for functional L2TP VPN connections.

Therefore, in this situation, system administrators should decide carefully if the risks outweigh the benefits before removing the faulty updates from impacted systems.