IKEv2 VPN failure following patch update KB5009566 & KB5009543 - Official Workaround
Quote from Microsoft "...you can disable Vendor ID within the server-side settings."
Is this possible on a Firebox?
MS have rescinded the JAN 22 server patches but not the Win 10/11 yet.
source: https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2773msgdesc
3
Sign In to comment.
Comments
I have the same issue can this be done?
This is a massive issue for us as well. Any assistance would be appreciated!
Hi @Bob
Changing the Vendor_ID on the VPN server isn't possible on the firebox.
Please see:
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA16S000000SO0eSAG&lang=en_US
If you're looking for a workaround while Microsoft patches this issue and can't rollback, consider using the SSLVPN which uses its own client.
-James Carson
WatchGuard Customer Support
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fixes-for-windows-server-vpn-bugs/
Microsoft have now released an OOB update to fix this. KB5010793
It shows up as an optional update (Only seemed to appear for 21H2) and has to be manually added to WSUS https://support.microsoft.com/en-us/topic/january-17-2022-kb5010793-os-builds-19042-1469-19043-1469-and-19044-1469-out-of-band-f2d4f178-5b36-49cb-a6fd-4bf9857574f9
On Win10Pro version 21H1, KB5010793 is never offered as optional or automatic update. I have to manually get it from https://www.catalog.update.microsoft.com/Home.aspx
and install it. The OOB patch does fix WG IKEv2 VPN.