whoa! Recent security updates = BROKEN VPN!?

[neuralfraud]

My wonderful, kind and gentle boss decided it would be a great idea to reboot our win2k3 server and apply updates.. What could possibly go wrong?

This server just runs VPN and exchange. For a long time it has been PPTP only. We recently added LT2P ports and enabled IPsec with a pre-shared key. Everything worked great until the reboot.

Now whenever a windows client connects, its either error 789 or 792.

The event log says Event Id 20171: The specified quick mode policy already exists

I'm beating my head to try and figure out why this suddenly stopped working. We never set up a formal IPSEC policy (ie, one that requires specific right and left hosts) - we just enabled the lt2p ports and the PSK and everything ran happy.

I am a primarily unix oriented person so for me it's been a heck of a lot of searching and grabbing at straws to figure out how to fix yet alone even figure out why it no longer works with LT2P/ipsec.

Can anyone tell me whether this had something to do with recent security updates, or some temporary runtime setting that got lost when the server rebooted?

We use L2TP with IPsec for our mac clients because the PPTP has been notoriously unreliable for whatever reason.

thanks.

[neuralfraud]

Removing the latest two windows 2003 security updates *GASP* fixed the vpn server. So why did they break it?