- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- Checkpoint endpoint VPN Windows 10 is not booting ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Checkpoint endpoint VPN Windows 10 is not booting up after Monthly patches
Since the past 6 months we have been getting around 50-70 random computers every month not booting up after the pending reboot after installation of monthly patches from Microsoft. The computers get stuck at the HP logo (All of our computers are HP elitebook but different generations) with spinning wheel.
After creating a windows dump file and analysing it with help from Microsoft, they have identified the problem to be the Checkpoint zone alarm firewall driver vsdatant.sys interfering with letting Microsoft drivers loading. As I have noticed the vsdatant.sys driver is loading at high priority at kernel stage and therefore blocking everything else.
The problem started in October 2018, we used Windows 1803. Since then we have upgraded to 1809 and also upgraded the Checkpoint Endpoint VPN client to version E80.90 but the problem still exist.
We are not able to recreate the problem, it affects random computers every month, one month a computer can install the patches and boot up after restart without problem other month same computer is failing. Troubleshooting this has not been easy.
When booting in safe mode or disabling the vsdatant.sys file temporarly the computer boots up and finnishing up the patch installation. And then when we enable it we cant restart the computer without any isse.
Does anyone else has or had the same problem or maybe someone can put us on the right direction to troubleshoot this?
We created a ticket to Checkpoint and awaiting response. April patches just released and when deploying to a pilot group we already got one crashed computer so we are not confident enough to rollout the patches.
Some more details:
We are only using CheckPoint endpoint VPN on the computer and are using Windows defender as main firwall/antivirus. We had a working solution since Windows 7 where we never got any issue, after upgrading to Windows 10 we only upgraded the VPN client on the computers to a supported version for the specific Windows release, no change in config has been done on the server side. From my understanding that should not be necessary since the only policy that is downloaded to the client when using the VPN is just IP rules. However, my knowledge of the network part is limited... but since its working fine for so many computers and random computers are failing i dont think thats an issue. Worth mentioning is that we use UEFI, SecureBoot. Is Secureboot maybe causing this?
Any help is much apreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I think the fix in E80.88.4126 is now included in E80.95.
I also think that it may be worth turning off FastBoot as in my experience it may cause similar issues.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Found this article which verify your solution: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
Since we are only using the VPN client, I belive the latest version is E80.92?
Will try to deploy and see how it goes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We release monthly updates to the Endpoint Security VPN client to add additional functionality and to resolve issues with the latest Microsoft patches.
Aside from working with the TAC on this, I highly recommend making sure you're using our latest release for maximum compatibility.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to add an update:
The latest available Endpoint client at the moment is E80.96.
Standalone VPN clients can be found in section "Standalone Clients Downloads" of SK.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, we have so much problems after Patch since Win10 v1803 with our DELL Notebooks. 25-35% doesn't boot after Win patching.
In the most of the DELL notebooks we use E80.82 or E80.84 VPN Standalone Client. Patching (win) is succesfully, but the reboot can't finish.
Actually we are going to update all our Notebooks to Version E80.92 Build:986100175 - via Matrix42 Empirum. (Only 10% done til now)
The Matrix 42 Admin go's in touch with me today ....to check if the problem reason is to search by Checkpoint. He investigate since a lot of month this issue.
- Can anybody tell me if CP Endpoint Client is the reason about this ?
- And is the problem fixed in E80.92 or do I need a newer version of the Endpoint StandAlone VPN Client ? Means -should I stop rollout ?
INFO:
I found vsdatant.sys in 3 different folders on my DELL Win10 pro 10.0.17134 Build 1734
- C:\Windows\System32\drivers
- C:\Windows\System32\DriverStore\FileRepository\vsdatant.inf_amd64_48af42919990972
- C:\Windows\SysWOW64\Zonelabs
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It states here that the issue was fixed with the E80.92 Client
However, the latest VPN client is now E81.40, so why not roll this version out?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for quick feedback "It states here that the issue was fixed with the E80.92 Client" .
We have more than 5000 Clients and work with a Change Mgmt (ITIL conform) - this takes a very long time period to organizice /test/ create a Empirum-paket/ get approval /rollout in all over the world in my company.
I build E80.92 and do the task's the last 12 weeks..now we start rollout (500 clients finsh ) that's ca. 10% !
It's not so easy to do it ....also in matter of CN plants.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Windows monthly patches do not with a Change Mgmt (ITIL conform) ?