Any one had issues with KB5018410 Win 10 and KB5018427 Win 11 breaks vpn
JimmyM
Newbie ✭
in VPN Client
Hi
The above KB's break the netextender vpn, once those KB's are installed Netextender states "SSL error happened, your OS may not support connecting to the server. Please make sure the server has a valid certificate setup."
Once I remove those KB's the VPN Client works again. Anyone else had this issue?
Category: VPN Client
Tagged:
0
Answers
Not yet, but thank you for bringing this up!
Was this the latest version on NetExtender? Did you try a reinstall or anything?
I've been fighting with this all day.
The patch broke NE for all users and so far the only work around I've been able to determine is to uninstall the patch.
Confirmed impacted versions in my environment:
NetExtender 10.2.309
NetExtender 10.2.331
Hey, we also have big problems with thad update.
i blocked it now.
@TKWITS
I removed the update confimred that the netextender is now wokring, I then uninstalled the netextender updated the computer with MS latests patch, Reinstalled Netextender and got the same error, I also tried manually importing the certificate which also did not fix it,
The only fix I have found is to remove the updates. Also I have had our parent company who use Sophos and Fortinet VPN clients test the VPNS with the new windows udpate and they have no issues at all.
We are having the same issue as the OP on Windows 10 October update using NetExtender 10.2.331
Edit: You can still connect using Sonicwall Mobile Connect via the Windows Store (if your users have access - no login required though). I hope that is helpful to some.
Hi @stevmorr That could be hlepful, the only part that has me confused is the no logn part? As we use 2fa
FWIW Sonicwall Mobile Connect for Windows is no longer supported.
I also cant log this with Sonic wall as my technical support has ran out, However this is clearly a wider issue than just my Sonicwall. I dont see why I should pay for an issue thats wider than my setup.
Sorry, by no logon required I meant for the Microsoft Store - it will harass the user for a microsoft account but it can be bypassed.
To the other response - Yes I am aware that Sonicwall Mobile Connect is no longer supported but it does work if people need it in a pinch like this situation.
Yes. We had issues with one client only so far, but it is everyone.
What is unique to this client from the rest of our clients is they connect with Netextender using Radius authentication.
For those who have this issue, can you confirm you use Radius?
Thank you,
We are also having this issue. We have dozens of different companies using NetExtender and only one company is having this issue. They're running the following:
Windows 10 Clients
NetExtender (different versions tested)
SonicOS Enhanced 6.5.4.10-95n
We do not want to uninstall the Windows Updates
I'm the same problem!
users ad details to sign in. So when creating the VPN account on the sonicwall I have to select the domain, leave the password blank as it uses ad.
Yup got the same problem...
Anyone got a fix other than uninstalling those updates?
Is Sonicwall doing anything about this problem?
@TtBs_Battousai
HI Ive paind for the 24x7 support from sonicwall now. Which so far has been the biggest waste of money ever.
This is there last update:
"Hello , Thank you for contacting SonicWall. We have reported this issue to the backend team and they are working on this issue. As per the recent update from backend, Microsoft have released KB5020435 which solve problem in some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connection. Could you please recreate the issue and then install this patch from windows to check if it helps in resolution and update us If you require more in-depth troubleshooting"
On windows 10 I tested one machine which did seems to work, well it got past the part where it flags fro SSL isse. More testing to be done.
However the issue us Windows 11 machines at 22h2 they still have the issue.
Another update for all. If you are windows 10 the latest patch may fix this. If you are windows 11 you are out of luck. Rang sonicwall andd they told me it an MS issue, not a sonicwall issue,
Looks like the out-of-band Microsoft patches to resolve the NetExtender issues are
Windows 10 - KB5020435
Windows 11 - KB5020387
Have tested and confirmed on Windows 10 - still testing on WIndows 11
Sorry that I'm late to the party about this problem.
My NOC reviews patches for a week after they are released and found these warnings: KB5018410 Breaks SSL VPN
https://learn.microsoft.com/en-us/answers/questions/1046907/kb5018410-breaks-ssl-vpn.html
https://www.reddit.com/r/paloaltonetworks/comments/y21chi/some_of_our_users_are_having_issues_connecting_to/
https://live.paloaltonetworks.com/t5/globalprotect-discussions/problems-connecting-to-globalprotect-after-users-install-latest/td-p/517660
The new windows 10 out of band patch appears to solve it, however they do not have one for windows 11 as of yet, thats what all my remote workers use.
Hi @tsp
The KB for windows 11 does not fix it.
Thats what all my laptops are for remote workers, So I can not confirm if the windows 10 update works.
On Windows 11, uninstalling KB5018418 is a temporary workaround.