KB2585542 Security Update causing SSL VPN Issues
You are right it definetly breaks the browser and client connection.
Neither one would work after the update kb2585542 is applied.
January 12th, 2012 1:40am
You are right it definetly breaks the browser and client connection.
Neither one would work after the update kb2585542 is applied.
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2012 1:40am
Hello all,
I discovered last night if
security update KB2585542 is installed on our Windows XP/7 machines, it won’t display our SSL VPN Login webpage.
We use Fortinet Firewalls.
After manually unistalling
KB2585542 I was sucesfully able to view our SSL VPN Login Webpage.
I have declined
security update KB2585542 on all of our WSUS servers to decline this update getting pushed out to all of our machines.
Is anyone else experiening this same type of SSL VPN issue?
Cheers
Tony
January 12th, 2012 5:13am
Same here.
I have around 50 clients today that can't connect to our Checkpoint today.
I asked to remove all updates that a client did yesterday, but was not enough. A system restore of 2 days before solved the issue.
Now I'm scared of what will happens in next few days.
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2012 7:56am
Same here.
I have around 50 clients today that can't connect to our Checkpoint today.
I asked to remove all updates that a client did yesterday, but was not enough. A system restore of 2 days before solved the issue.
Now I'm scared of what will happens in next few days.
January 12th, 2012 7:56am
hello,
maybe you can use Froti SSL VPN client to connect your Server,
download here
http://dekiwiki.ties2.net/Fortinet/Fortinet_SSL_VPN_Client_Installers
BTW, my co-worker is try to connect to other VPN device(JXX) with KB2585542 update, will be ok to connect it!!
cheers
Ting
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2012 8:31am
You are right it definetly breaks the browser and client connection.
Neither one would work after the update kb2585542 is applied.
January 12th, 2012 9:40am
Ting-wu says other VPN device that is Juniper FW.
After the update KB2585542, I use IE to try to connect my company's SSL VPN service and device(use port 443), only Forti SSL VPN can't open the login page, others are OK.
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2012 10:14am
Hello.
Does anybody face these issues with Bitdefender Business Client installed? After installing
security update KB2585542, log on to OS takes up to 15 minutes unless I set the firewall off in my Bitdefender.
Thanks.
Defender_13
January 12th, 2012 10:26am
Hello.
Does anybody face these issues with Bitdefender Business Client installed? After installing
security update KB2585542, log on to OS takes up to 15 minutes unless I set the firewall off in my Bitdefender.
Thanks.
Defender_13
Free Windows Admin Tool Kit Click here and download it now
January 12th, 2012 10:26am
We have the same issue on checkpoint SSL VPN.
January 12th, 2012 1:46pm
Same here.
I have around 50 clients today that can't connect to our Checkpoint today.
I asked to remove all updates that a client did yesterday, but was not enough. A system restore of 2 days before solved the issue.
Now I'm scared of what will happens in next few days.
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2012 7:45am
Hello.
Does anybody face these issues with Bitdefender Business Client installed? After installing
security update KB2585542, log on to OS takes up to 15 minutes unless I set the firewall off in my Bitdefender.
Thanks.
Defender_13
January 13th, 2012 10:15am
Hi,
I just received an information of
support@companycrypt.com that a registry hack could help:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
add new DWORD (32-bit) SendExtraRecord Value 2
Susanne
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2012 2:39pm
I forgot the ms article:
see: http://support.microsoft.com/kb/2643584
Susanne
January 13th, 2012 2:42pm
Running Checkpoint as well and running into the same issue. R70.40 SNX. XP and Windows7 have the same issue after installing.
Free Windows Admin Tool Kit Click here and download it now
January 13th, 2012 3:13pm
Hi,
I just received an information of
support@companycrypt.com that a registry hack could help:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
add new DWORD (32-bit) SendExtraRecord Value 2
Susanne
January 14th, 2012 6:28am
I forgot the ms article:
see: http://support.microsoft.com/kb/2643584
Susanne
Free Windows Admin Tool Kit Click here and download it now
January 14th, 2012 6:31am
We also use a FortiNet firewall (110C), and believe that this Microsoft update broke VPN for one user.
We tried uninstalling the update, doing a system restore, and no luck.
Any ideas on how to fix this?
January 17th, 2012 11:43am
We also use a FortiNet firewall (110C), and believe that this Microsoft update broke VPN for one user.
We tried uninstalling the update, doing a system restore, and no luck.
Any ideas on how to fix this?
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2012 11:43am
We also use a FortiNet firewall (110C), and believe that this Microsoft update broke VPN for one user.
We tried uninstalling the update, doing a system restore, and no luck.
Any ideas on how to fix this?
January 17th, 2012 11:58am
Hello , All
After checking the problem with checkpoint team we have found a solution to this problem
to solve this problem go to Policy > global properties > ssl network extender >
(under supported encryption methods ) change the method from AES , 3DES to AES , 3DES , RC4 .
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2012 3:37am
Changing Encryption will not help on a Fortigate. This problem is related to the self-signed certificate. IE 7 - 9 and Chrome are both broke.
Firefox is not affected by this issue and still works. Fortinet recommends Generating a certificate and using that, but they said they are working on a solution.
January 18th, 2012 10:26pm
Changing Encryption will not help on a Fortigate. This problem is related to the self-signed certificate. IE 7 - 9 and Chrome are both broke.
Firefox is not affected by this issue and still works. Fortinet recommends Generating a certificate and using that, but they said they are working on a solution.
Free Windows Admin Tool Kit Click here and download it now
January 18th, 2012 10:26pm
Changing Encryption will not help on a Fortigate. This problem is related to the self-signed certificate. IE 7 - 9 and Chrome are both broke.
Firefox is not affected by this issue and still works. Fortinet recommends Generating a certificate and using that, but they said they are working on a solution.
January 19th, 2012 10:18pm
Hi,
if it can help.
In the IE option, advanced, uncheck TLS 1.0 , for us it solve the issue.
Checkpoint FW 1.
Have a good day.
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 2:08am
Hi,
if it can help.
In the IE option, advanced, uncheck TLS 1.0 , for us it solve the issue.
Checkpoint FW 1.
Have a good day.
January 20th, 2012 2:08am
Hi DrjonesUSA,
We too have a 110C..
For the few users that had this update installed I simply went into:
Control Panel > All Control Panel Items > Programs and Features > View installed updates > Right clicked security update KB2585542 > Uninstall > Rebooted the machine
If that didnt work I'd maybe suggest, uninstalling the FortiClient, Reset IE settings and re-install the FortiClient again.
Hopefully Fortinet get a fix out soon!
Cheers
Tony
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2012 5:55am
Hi DrjonesUSA,
We too have a 110C..
For the few users that had this update installed I simply went into:
Control Panel > All Control Panel Items > Programs and Features > View installed updates > Right clicked security update KB2585542 > Uninstall > Rebooted the machine
If that didnt work I'd maybe suggest, uninstalling the FortiClient, Reset IE settings and re-install the FortiClient again.
Hopefully Fortinet get a fix out soon!
Cheers
Tony
January 20th, 2012 9:42pm
Hi,
if it can help.
In the IE option, advanced, uncheck TLS 1.0 , for us it solve the issue.
Checkpoint FW 1.
Have a good day.
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2012 1:55am
Quick update to this; upgrading our checkpoint firewalls to R71 HFA 40 resolved it for us.
January 21st, 2012 2:40pm
We are already using a generated commercial certificate. It doesn't help on an FG1000A with version 4, latest patch release.
Using Firefox fixes the problem though.
Based on that experience, the self signed certificate isn't the problem with IE and won't help fix this problem on IE 7-9.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2012 1:06pm
We are already using a generated commercial certificate. It doesn't help on an FG1000A with version 4, latest patch release.
Using Firefox fixes the problem though.
Based on that experience, the self signed certificate isn't the problem with IE and won't help fix this problem on IE 7-9.
January 25th, 2012 1:06pm
We are already using a generated commercial certificate. It doesn't help on an FG1000A with version 4, latest patch release.
Using Firefox fixes the problem though.
Based on that experience, the self signed certificate isn't the problem with IE and won't help fix this problem on IE 7-9.
Free Windows Admin Tool Kit Click here and download it now
January 26th, 2012 12:54pm
Fortinet released a customer support bulletin CSB-120117-1 that addresses this issue. They have special builds of their firmware available for the fix or they recommend rolling back the security update. I was able to work around this by disabling
TLS 1.0 and enabling TLS 1.1 and TLS 1.2 on the Advanced tab of Internet Options in IE.
January 31st, 2012 2:18pm
Fortinet released a customer support bulletin CSB-120117-1 that addresses this issue. They have special builds of their firmware available for the fix or they recommend rolling back the security update. I was able to work around this by disabling
TLS 1.0 and enabling TLS 1.1 and TLS 1.2 on the Advanced tab of Internet Options in IE.
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 2:18pm
Fortinet released a customer support bulletin CSB-120117-1 that addresses this issue. They have special builds of their firmware available for the fix or they recommend rolling back the security update. I was able to work around this by disabling
TLS 1.0 and enabling TLS 1.1 and TLS 1.2 on the Advanced tab of Internet Options in IE.
January 31st, 2012 2:27pm
The update KB2585542 has to be hidden in the windows update or it will re-install the next time you reboot.
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 10:40pm
The update KB2585542 has to be hidden in the windows update or it will re-install the next time you reboot.
January 31st, 2012 10:40pm
The update KB2585542 has to be hidden in the windows update or it will re-install the next time you reboot.
Free Windows Admin Tool Kit Click here and download it now
January 31st, 2012 10:50pm
Hi,
It's confirmed that kb2585542 will break the SSL VPN connection using IE,
currently firefox 9.01 will still be able to use SSL VPN but the recent version 10, will too break SSL VPN.
Your best bet will be using the Forticlient SSL VPN client which you might be able to download over the internet.
Insert your server address : address:port, e.g. remote.mydns.com.sg:443. port number is very important here. you don't have to include https:// infront
password : yourpassword
and you will be able to connect.
Hope this is able to give an alternative solution to your problem.
Cheers,
Lucas
February 6th, 2012 12:05am
Hi,
It's confirmed that kb2585542 will break the SSL VPN connection using IE,
currently firefox 9.01 will still be able to use SSL VPN but the recent version 10, will too break SSL VPN.
Your best bet will be using the Forticlient SSL VPN client which you might be able to download over the internet.
Insert your server address : address:port, e.g. remote.mydns.com.sg:443. port number is very important here. you don't have to include https:// infront
password : yourpassword
and you will be able to connect.
Hope this is able to give an alternative solution to your problem.
Cheers,
Lucas
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2012 12:05am
Hi,
It's confirmed that kb2585542 will break the SSL VPN connection using IE,
currently firefox 9.01 will still be able to use SSL VPN but the recent version 10, will too break SSL VPN.
Your best bet will be using the Forticlient SSL VPN client which you might be able to download over the internet.
Insert your server address : address:port, e.g. remote.mydns.com.sg:443. port number is very important here. you don't have to include https:// infront
password : yourpassword
and you will be able to connect.
Hope this is able to give an alternative solution to your problem.
Cheers,
Lucas
February 6th, 2012 12:09am
Hi,
We also have this problem with the last version of firefox. Uninstalling the update kb2585542 doesnt resolve the problem for firefox, but it should work for IE 7-9.
We need to solve the problem with firefox.
any ideas?
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2012 9:32am
Hi,
We also have this problem with the last version of firefox. Uninstalling the update kb2585542 doesnt resolve the problem for firefox, but it should work for IE 7-9.
We need to solve the problem with firefox.
any ideas?
February 6th, 2012 9:32am
Hi,
We also have this problem with the last version of firefox. Uninstalling the update kb2585542 doesnt resolve the problem for firefox, but it should work for IE 7-9.
We need to solve the problem with firefox.
any ideas?
How about uncheck TLS 1.0 in the options?
Free Windows Admin Tool Kit Click here and download it now
February 6th, 2012 10:18am
Hi,
We also have this problem with the last version of firefox. Uninstalling the update kb2585542 doesnt resolve the problem for firefox, but it should work for IE 7-9.
We need to solve the problem with firefox.
any ideas?
How about uncheck TLS 1.0 in the options?
February 6th, 2012 10:18am
Hi,
We also have this problem with the last version of firefox. Uninstalling the update kb2585542 doesnt resolve the problem for firefox, but it should work for IE 7-9.
We need to solve the problem with firefox.
any ideas?
Free Windows Admin Tool Kit Click here and download it now
February 7th, 2012 9:26am
Hi,
We also have this problem with the last version of firefox. Uninstalling the update kb2585542 doesnt resolve the problem for firefox, but it should work for IE 7-9.
We need to solve the problem with firefox.
any ideas?
How about uncheck TLS 1.0 in the options?
February 7th, 2012 10:13am
For me unchecking TLS 1.0 didn't help
Pavel
Free Windows Admin Tool Kit Click here and download it now
February 8th, 2012 2:13am
For me unchecking TLS 1.0 didn't help
Pavel
February 8th, 2012 2:13am
For me unchecking TLS 1.0 didn't help
Pavel
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 2:16am
Hello all,
After logging a ticket with Fortinet, this is the response I got back..
Hope this helps all Fortinet users...
Dear Customer,
This email is to inform you that your ticket xxxxxx has been updated.
Ticket Title: SSL login page error
Ticket Status: Registered
Updated by xxxxxxxx at 2/5/2012 8:05:59 PM
This is a known issue, I have attached customer support bulletin to the ticket, please have a read and let me know if you have any questions.
We have released FOS 4.3.5 public firmware on Jan 31st which contains this fix.
If you require fix in 4.2 code or 4.1 code, please let me know.
Thank you.
Fortinet Customer SupportBulletin
Subject: SSLVPN Connectivity Issue
Product: All FortiGate models running
Description of Issue:
After installing a Microsoft security update users may no longer be able to connect to the SSLVPN
portal on a FortiGate.This issue has been reported by users running Internet Explorer and Chrome
browsers.
Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is
referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker
to intercept encrypted traffic.
The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with
FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN
portal.
Affected Products:
All FortiGate models and software versions using the SSLVPN portal feature in combination with
client workstations that are using Internet Explorer or Chrome browsers.
Resolution:
The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-
006.
Details of the Microsoft security bulletin can be found on the following web page:
http://technet.microsoft.com/en-us/security/bulletin/ms12-006
Fortinet will produce an update to FortiOS to restore the compatibility with systems that have
been updated with the Microsoft patch. A special build of software will be available on demand
from a Fortinet support center from Friday 20th January, the enhancement will also be included in
all future patch releases for GA release.
Technical Support Contact Information:
Fortinet technical support home page: https://support.fortinet.com
February 9th, 2012 2:42am
Hi All,
I'm having the same problem after we are updated the patch
KB2585542. we cannot access SSL VPN through I.E. it dosn't diplay webpay for login. I'm using Fortigate Firewall 300A.
Do you have solution with remove patch
KB2585542?
Khemarin333@hotmail.com
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 2:54am
Try the KB http://support.microsoft.com/kb/2643584
February 9th, 2012 3:33am
Try the KB http://support.microsoft.com/kb/2643584
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 3:33am
Try the KB http://support.microsoft.com/kb/2643584
February 9th, 2012 3:36am
Hi Tony, I was facing same problem. I've manually removed Window update KB2585542 & resolved the same.
Thanks,
Jatin Purohit Ahmedabad-India
Free Windows Admin Tool Kit Click here and download it now
February 9th, 2012 6:05am
Hello all,
After logging a ticket with Fortinet, this is the response I got back..
Hope this helps all Fortinet users...
Dear Customer,
This email is to inform you that your ticket xxxxxx has been updated.
Ticket Title: SSL login page error
Ticket Status: Registered
Updated by xxxxxxxx at 2/5/2012 8:05:59 PM
This is a known issue, I have attached customer support bulletin to the ticket, please have a read and let me know if you have any questions.
We have released FOS 4.3.5 public firmware on Jan 31st which contains this fix.
If you require fix in 4.2 code or 4.1 code, please let me know.
Thank you.
Fortinet Customer SupportBulletin
Subject: SSLVPN Connectivity Issue
Product: All FortiGate models running
Description of Issue:
After installing a Microsoft security update users may no longer be able to connect to the SSLVPN
portal on a FortiGate.This issue has been reported by users running Internet Explorer and Chrome
browsers.
Microsoft released an update to resolve a vulnerability found in SSL 3.0 and TLS 1.0, this is
referenced in the Microsoft Security Bulletin MS12-006. This vulnerability could allow an attacker
to intercept encrypted traffic.
The change of behavior introduced with the Microsoft patch has resulted in an incompatibility with
FortiOS SSLVPN implementation resulting in the failure for some clients to connect to the SSLVPN
portal.
Affected Products:
All FortiGate models and software versions using the SSLVPN portal feature in combination with
client workstations that are using Internet Explorer or Chrome browsers.
Resolution:
The immediate resolution for this issue is to roll back the Microsoft update as referenced in MS12-
006.
Details of the Microsoft security bulletin can be found on the following web page:
http://technet.microsoft.com/en-us/security/bulletin/ms12-006
Fortinet will produce an update to FortiOS to restore the compatibility with systems that have
been updated with the Microsoft patch. A special build of software will be available on demand
from a Fortinet support center from Friday 20th January, the enhancement will also be included in
all future patch releases for GA release.
Technical Support Contact Information:
Fortinet technical support home page: https://support.fortinet.com
February 9th, 2012 10:39am
Hi,
I just received an information of
support@companycrypt.com that a registry hack could help:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
add new DWORD (32-bit) SendExtraRecord Value 2
Susanne
We had the same issues in our environment with certain certificate authenticated websites over SSL. Winxp 32-64 WIN7 32-64. Uninstalling the patch fixed the issue however, we are required to have this patch on our machines. After reinstalling it
broke the sites again but pushing this registry change through group policy solved our problems and allowed the patch to remain on our machines.
Free Windows Admin Tool Kit Click here and download it now
February 17th, 2012 4:21pm
Hi,
I just received an information of
support@companycrypt.com that a registry hack could help:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
add new DWORD (32-bit) SendExtraRecord Value 2
Susanne
We had the same issues in our environment with certain certificate authenticated websites over SSL. Winxp 32-64 WIN7 32-64. Uninstalling the patch fixed the issue however, we are required to have this patch on our machines. After reinstalling it
broke the sites again but pushing this registry change through group policy solved our problems and allowed the patch to remain on our machines.
February 17th, 2012 4:21pm
Hi,
I just received an information of
support@companycrypt.com that a registry hack could help:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\SecurityProviders\SCHANNEL
add new DWORD (32-bit) SendExtraRecord Value 2
Susanne
We had the same issues in our environment with certain certificate authenticated websites over SSL. Winxp 32-64 WIN7 32-64. Uninstalling the patch fixed the issue however, we are required to have this patch on our machines. After reinstalling it
broke the sites again but pushing this registry change through group policy solved our problems and allowed the patch to remain on our machines.
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2012 4:14pm
This solved our issue with Checkpoint SSL VPN, on all Windows versions
Thanks
February 29th, 2012 6:28am
This solved our issue with Checkpoint SSL VPN, on all Windows versions
Thanks
Free Windows Admin Tool Kit Click here and download it now
February 29th, 2012 6:28am
This solved our issue with Checkpoint SSL VPN, on all Windows versions
Thanks
February 29th, 2012 6:37am
Disabling TLS 1.0 and enabling TLS 1.1 and TLS 1.2 works well. Thanks
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2012 11:10am
Disabling TLS 1.0 and enabling TLS 1.1 and TLS 1.2 works well. Thanks
March 2nd, 2012 11:10am
Disabling TLS 1.0 and enabling TLS 1.1 and TLS 1.2 works well. Thanks
Free Windows Admin Tool Kit Click here and download it now
March 2nd, 2012 11:21am
Hello all,
We've been monitoring several of the compatibility issues related to MS12-006 and have worked with the Microsoft Security Research and Defense team to update a blog post consolidating content about what the vulnerability is, how the update mitigates
the vulnerability, and links to several FixIt's designed to help quickly automate workarounds. If you are running into an issue after applying this update, please review the blog and use the FixIt's to help quickly diagnose a compatibility problem.
http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx
March 19th, 2012 3:21pm
Thank you very much. That works.
Free Windows Admin Tool Kit Click here and download it now
March 21st, 2012 12:13pm
Thank you very much. That works.
March 21st, 2012 12:13pm
Thank you very much. That works.
Free Windows Admin Tool Kit Click here and download it now
March 22nd, 2012 12:03pm
It will work with uncheking TLS 1.0 In the IE option, advanced, But better to do the Fortinet firmware update to version 4.3.5
Microsoft TechNet Forum Bandara
May 8th, 2012 11:07pm
I am having the same issue with Cisco SSL VPN since the latest update as well.
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2012 9:27am
I am having the same issue with Cisco SSL VPN since the latest update as well.
May 18th, 2012 9:27am
I am having the same issue with Cisco SSL VPN since the latest update as well.
Free Windows Admin Tool Kit Click here and download it now
May 18th, 2012 9:28am
Hello all,
I discovered last night if
security update KB2585542 is installed on our Windows XP/7 machines, it wont display our SSL VPN Login webpage.
We use Fortinet Firewalls.
After manually unistalling
KB2585542 I was sucesfully able to view our SSL VPN Login Webpage.
I have declined
security update KB2585542 on all of our WSUS servers to decline this update getting pushed out to all of our machines.
Is anyone else experiening this same type of SSL VPN issue?
Cheers
Tony
i logged in just to thank you for this post. it too caused problems for us.
May 31st, 2012 12:49pm
Thanks a Lot Susanne-I managed to login to to my SSl VPN.
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2012 11:28pm
I have been having issues where I cannot open my Sharepoint 2007 documents in Word or Excel when I work from home using FortiClient VPN SSL. Tried several things I read but nothing worked. Finally I installed firefox on my laptop and it works!
October 17th, 2012 12:23pm
Hi,
Thanks for your information ..
Similar issue I am facing in windows 8 and win7 home edition ,
Does anybody face these issues
any idea abut this ..
We use Fortinet Firewalls
Windows enterprise systems after manually uninstalling
KB2585542 I was successfully able to use our SSL VPN with forti client but not able to connect through web portal .
Rgds, Jaice
Free Windows Admin Tool Kit Click here and download it now
November 15th, 2012 5:42am