Microsoft confirms KB5036893 and KB5036892 patches break VPNs

Microsoft’s recent patches, KB5036893 and KB5036892, released April 9th, 2024, has been impacting VPNs for both Windows 10 and Windows 11 machines.

This issue affects all currently supported versions of Windows: Windows 10 21H2 and 22H2; Windows 11 versions 21H2, 22H2, and 23H2; and Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019, and 2022.

Microsoft is working on a fix, but it seems to be impacting VPN connections backed by TPM certificates.

To uninstall the update, press the Start button and search for ‘Settings’. On the screen that appears, click on ‘Windows Update’ and find and tap on the ‘Update history’ option. Here, you will see a list of installed updates. If you are on Windows 11, find the KB5036893 update and uninstall it. However, those on Windows 10 will have to find and uninstall the KB5036892 update.

Alternatively, Use the command DISM /online /get-packages to find the name of the April update package (specifically the LCU “cumulative” package) and use the DISM/Remove-Package command line option to begin the uninstall process. Detailed instructions are listed at the bottom of Microsoft’s KB5036893 support page.