- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi guys,
I tried to installed latest version of checkpoint Remote Access Clients for Windows E86.60 and 86.70 (MSI files).
Installation finished but get immediately popup notfication of "connectivity with the VPN service is lost"
I see these error events...
If I try an older version like E86.50 on the same device it works!
Please tell me what I am doing wrong?
Tanks & Regards,
Eric
Hi,
Here is the update from VPN RnD team. It is also documented in sk180845.
The issue happened due to expiration of certificate which was used for signing firewall driver vsdatant.sys. Validity period of this certificate ended on April 8, 2023, VPN client became unable to initiate firewall module and failed with error “Connectivity with VPN Service is lost”. In addition, following lines can be found in trac.log:
[ 47972 44400][9 Apr 10:16:03][TR_FIREWALL] CFirewallWrapper::InitFirewallMonitor: ERROR - lpFwMonitor_Start failed, try to wait for the service initialization
[ 47972 44400][9 Apr 10:16:03][TR_UTILS] WaitForServiceStart("vsmon")
[ 47972 44400][9 Apr 10:16:03][TR_UTILS] WaitForServiceStart: OpenService("vsmon") failed: The specified service does not exist as an installed service.
[ 47972 44400][9 Apr 10:16:03][TR_FIREWALL] CFirewallWrapper::InitFirewallMonitor: waiting for vsmon initialization failed
Endpoint Security VPN, versions E86.60 and E86.70
The issue impacts only “Endpoint Security VPN” flavor of standalone VPN clients which contains firewall module. Other flavors of standalone VPN client as well as Harmony Endpoint Protection (full suite) are not affected.
The only solution is to upgrade VPN client to newer version.
We are in RnD will improve our internal processes and enforce strict control over certificates we use inside our products.
Hi,
issue seems to be resolved now!
I used a "trac.config" and "trac.defaults" from a previous checkpoint installation. This is not supported!
I did a new clean installation with the latest checkpoint vpn client and configured all the settings in UI. After that I exported from their both config files (trac.config" and "trac.defaults) and used these ones with the vpn-config tool to create a custom MSI.
I want to say thanks to checkpoint support!
Regards,
Eric
Recommend opening a TAC case to assist with debugging this.
OK, I will do.
Hello,
Did you ever get this resolved? If so, how?
We've had several reports of this over the last weekend.
Specifically, it appears to be related to the standalone VPN editions of E86.60 and E86.70 and the reported timing was just before/after Patch Tuesday for April.
Full Harmony Endpoint installations appear to be unaffected.
We are still investigating what exactly has triggered the issue and its potential scope.
Some customers reported the issue was fixed by installing either E86.61 or E86.71, both of which replaced their respective versions in October 2022.
Recommend applying these versions and contacting the TAC if this doesn't resolve the issue: https://help.checkpoint.com
Hello,
I am getting the same message "connectivity with the vpn service is lost".
I tried versions:
86.50
87.20
87.10
Please give me solution.
PS Fresh installation of Windows 11.
To investigate this issue, you will need to open a TAC case: https://help.checkpoint.com
Hi,
yes, I opened a case. Support was able to reproduce the issue when the checkpoint vpn will be installed while client has no internet connectivity. This is often a case in our environment because our clients are not allow to brows internet without user authentication.
This issue doesn't happened with older checkpoint client releases.
It don't know if they have fix the issue already!?
Until we know the exact root cause, it's difficult to say the issue is "fixed."
The fact this issue is easy reproducible will certainly help in that.
Hi,
Here is the update from VPN RnD team. It is also documented in sk180845.
The issue happened due to expiration of certificate which was used for signing firewall driver vsdatant.sys. Validity period of this certificate ended on April 8, 2023, VPN client became unable to initiate firewall module and failed with error “Connectivity with VPN Service is lost”. In addition, following lines can be found in trac.log:
[ 47972 44400][9 Apr 10:16:03][TR_FIREWALL] CFirewallWrapper::InitFirewallMonitor: ERROR - lpFwMonitor_Start failed, try to wait for the service initialization
[ 47972 44400][9 Apr 10:16:03][TR_UTILS] WaitForServiceStart("vsmon")
[ 47972 44400][9 Apr 10:16:03][TR_UTILS] WaitForServiceStart: OpenService("vsmon") failed: The specified service does not exist as an installed service.
[ 47972 44400][9 Apr 10:16:03][TR_FIREWALL] CFirewallWrapper::InitFirewallMonitor: waiting for vsmon initialization failed
Endpoint Security VPN, versions E86.60 and E86.70
The issue impacts only “Endpoint Security VPN” flavor of standalone VPN clients which contains firewall module. Other flavors of standalone VPN client as well as Harmony Endpoint Protection (full suite) are not affected.
The only solution is to upgrade VPN client to newer version.
We are in RnD will improve our internal processes and enforce strict control over certificates we use inside our products.
Thank you!
Please open a TAC case: https://help.checkpoint.com
Hi, Have you found a solution?
Hi,
support ticket is still open --> SR#6-0003654968
I sent them my custom MSI files to reproduce the issue. I think the issue is because we configured a preconfigured VPN site which can't be reach from our deployment network. So this issue doesn't not exist when installing checkpoint vpn without a preconfigured or you have to take care that after installing your vpn site is reachable.
This wasn't an requirement in the past and I hope checkpoint will fix it.
Hi all,
I got a response from the support engineer. They were able to reproduce the issue on a lab and will working on investigating.
I hope they will fix it asap.
Hi,
issue seems to be resolved now!
I used a "trac.config" and "trac.defaults" from a previous checkpoint installation. This is not supported!
I did a new clean installation with the latest checkpoint vpn client and configured all the settings in UI. After that I exported from their both config files (trac.config" and "trac.defaults) and used these ones with the vpn-config tool to create a custom MSI.
I want to say thanks to checkpoint support!
Regards,
Eric
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
2 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY