BUG ALERT: FortiClient VPN and Windows Update KB5018410

A recent Windows Update broke my FortiClient VPN. Learn which update was responsible, how to uninstall it, *and* how to keep it from coming back.

BUG ALERT: FortiClient VPN and Windows Update KB5018410

Patch Tuesday strikes again!

I got the following warning message when trying to connect to one of my clients via the FortiClient VPN:

Warning
The server you want to connect to requests identification, please choose a certificate and try again. (-5)

Checking FortiClient VPN for Updates

Before uninstalling Windows security updates, I checked to make sure I had the latest version of the FortiClient VPN client utility.

Version 5.6.6.1167 of FortiClient VPN

It said "latest version", but for all I know it's been saying that for months.  It doesn't even say when it performed its last update check.  So, I went to the FortiClient VPN download page and downloaded their automatic updater.

I ran the Online Updater utility, but all it did was confirm that, yes, I did have the latest version of FortiClient VPN:

Satisfied there was nothing more I could do with my VPN client utility, I moved on to the next troubleshooting step.

Confirm No Changes Made to the VPN Server

I reached out to our client to see if they had made any recent changes to their VPN server.  They had not.

I then checked with a colleague to see if he could connect to their VPN.  He was still able to.  At least until his FortiClient VPN required a reboot (probably because it detected a pending Windows Update)...at which point Windows installed updates...and following said reboot...he was also unable to connect.

This was all the confirmation I needed that the Windows Update was the source of this newfound error.

Uninstalling the Update

I checked my recent updates and found what turned out to be the culprit: KB5018410.

To uninstall the update, I went to Control Panel > Programs > Programs and Features > Installed Updates

Following the restart, I was able to successfully connect once again:

Deja Vu All Over Again

When I came in the next morning, my computer had rebooted again overnight. KB5018410 was back!  And, once again, it broke my FortiClient VPN.

I uninstalled the Windows Update (again), rebooted my computer (again), and then confirmed that FortiClient VPN was working (again).

Blocking the Windows Update from Reinstalling

This was not a sustainable situation, so I set about preventing the KB5018410 update from installing again.

I followed the instructions here: How to Hide or Show Windows Updates in Windows 10.

The link above includes a downloadable copy of the Windows Update Show/Hide utility from Microsoft.  The utility is apparently no longer available from its original home at Microsoft.  To ensure it remains available on the web somewhere into the future, I'll also make it available here:

Shown below are screenshots that capture the steps I followed to prevent the update from being reinstalled:

My Environment

I have no idea how widespread this problem is.  Please let me know in the comments below if this affected you.

I am running Windows 10 (64-bit) version 21H1 (Build 19043.2130):

All original code samples by Mike Wolfe are licensed under CC BY 4.0