Say goodbye to your legacy VPNMake the switch to Tailscale
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Blog|September 29, 2021

Action required: Upgrade Tailscale to 1.14.4+ prior to updating Windows

alt

Due to recent changes in Windows Update, upgrading the operating system on a Windows 10 or Windows 11 machine running Tailscale may break Tailscale connectivity. If this happens, your machine will no longer be able to connect to your tailnet. To avoid this issue, upgrade Tailscale on your Windows machines to Tailscale 1.14.4 or later before running Windows Update.

What happened?

Previously, the Tailscale service stored its state in the SYSTEM user’s %LocalAppData% directory, usually C:\WINDOWS\system32\config\systemprofile\AppData\Local. This state includes:

  • Incoming Taildrop files (%LocalAppData%\Tailscale\Files)
  • Logs (%LocalAppData%\Tailscale\Logs)
  • server-state.conf (%LocalAppData%\Tailscale\server-state.conf), which is a JSON file containing:
    • the machine key
    • whether Tailscale should run in unattended mode on this machine

However, this app data directory is wiped as part of some Windows updates, including Windows 10 major updates, and when upgrading to Windows 11.

If this directory is wiped, essential Tailscale files are removed from your system, including Tailscale machine keys. This means that your machine will no longer be recognized as an authorized member of your tailnet. Your machine will need to re-register to join your network, including re-authenticate with a user login. This also applies to machines running with key expiration disabled, such as servers.

The directory could be wiped by operating system updates, system restores and system cleaner utilities on newer versions of Windows.

As of Tailscale 1.14.4, Tailscale no longer relies on storing state in that location, and instead stores state in %ProgramData%.

Who is affected?

Only users with Windows 10 or Windows 11 machines running Tailscale 1.14.3 or earlier are affected. Admins of a tailnet can view affected machines in the admin console.

What do I need to do?

If you haven’t yet updated Windows, and are running Tailscale 1.14.3 or earlier, please upgrade to 1.14.4 or later now.

If you have already upgraded Windows, and your machine’s connectivity to Tailscale is broken, you need to reset Tailscale on the machine, and re-authenticate. See instructions for several options to resolve this.

If you have any issues, please contact support@tailscale.com.

Share

Author

David Crawshaw headshotDavid Crawshaw
Loading...

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
mercury
instacrt
Retool
duolingo
Hugging Face