Support Center > Search Results > SecureKnowledge Details
How to use the EPPatch.msi and cached password to restore connectivity after January 1st 2021 VPN fails Technical Level
Solution

Background

This solution uses the admin password cache to install the Endpoint Security VPN patch that mitigates this issue.

This article applies to:
  • E81.10, E81, E80.96, E80.94, E80.92, E80.90, E80.81, E80.82, E80.83, E80.84, E80.85, E80.86, E80.87, E80.88, E80.89, E80.95, E80.97
  • Endpoint Security VPN/Endpoint Security Client/SandBlast agent for Windows 7 and Windows 10.
Note - For security reasons that administrator must change his domain password before distributing the file to the end users. The password is embedded obfuscated in the generated installer.

To implement this workaround:

  1. Change the administrator password
  2. Download EPPatchEx.msi and EPPatchExConfig.exe files to the same directory
  3. Open the folder from step #2 and double click EPPatchExConfig.exe
    • The EPPatch admin utility opens (see the below image), Configure:
      • The path to the EPPatchEx.msi file
      • Administrator name
      • Domain name
      • The administrator password (before the change in step #1)
      • For Endpoint Security Client/SandBlast agent add the Uninstall Password
        • Note - this is not needed for the Endpoint VPN Client.
  4. Click save, a new installer (.msi) file is created.
  5. Distribute the newly created file to the affected clients.


The new installer file (.msi) runs on the client's machine and fix the issue.

Instructions for the end user:

  1. Get the file provided by the administrator
  2. Run the file by double clicking it.

Important note:
The current patch can also be distributed to users who already have administrative privileges on their computer.
The purpose in such cases is to obfuscate the uninstall password before distributing it to customers. 

The administrator needs to run the Cached Credentials tool, enter “no_user” in the username field and a random password in the password field.
All other parameters should be provided as listed above.



Note - For more information about the cached password mechanism see https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh994565(v=ws.11)
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment