VPN establishment capability from a Remote Desktop is disabled. A VPN connection will not be established. This, behaviour is default, and despite me trawling the internet to find a solution (most posts quote changing the local AnyConnectProfile.tmpl file, this file does not exist using Version 3 (I was using v 3.0.4235). Cisco AnyConnect - VPN Establishment Capability from a Remote Desktop is Disabled ryan I ran into this issue this morning when attempting to setup a VPN on a Hyper-V virtual machine.
- VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established. I did a lot of research, and found out that in order to allow this, you need to first setup a Client Profile on the Cisco ASA.
- Hello Pete, I actually tried your suggestion to no avail. I am still looking for a fix. I am using ASA version 8.4(7)26 and Cisco AnyConnect anyconnect-win-3.1.10010-k9.pkg.
- VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established. ただし、ローカルPCでVPNに接続できます。 この状況でVPNに接続するにはどうすればよいですか? VPN所有者が設定する必要がありますか、それともクライアント側の設定に誤りが.
When using Cisco Anyconnect Secure Mobility Client for establishing VPN connections, one might see such frustrating error message:
AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.
Vpn Establishment Capability From A Remote Desktop Is Disabled
or this one:
VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.
Cisco’s documentation mention these limitations are specified in a profile XML file which is downloaded from the VPN server during the connection establishment.
Using SysInternal’s Process Monitor, it is possible to detect that this file is downloaded to the following path:
%programdata%CiscoCisco AnyConnect Secure Mobility ClientProfile[some name].xml
It turns out the file is downloaded by the Anyconnect Secure Mobility Client (vpngui.exe) and then analyzed. In order to bypass the restrictions imposed in the file, it is enough to use a simple application that monitors changes to that specific file and immediately replaces it with another file (where the restrictions are not present).
The two restrictions related to the error messages above are specified in the following nodes of the file:
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
A copy of the current profile XML file could be made where the nodes above are commented out. Then the aforementioned application will overwrite the downloaded XML file with the “custom” version. A sample source code for such application follows (C#):
Note: it might be necessary to run the application with elevated privileges.
I ran into a problem recently while I was using remote desktop on one of my servers hosted up on Azure. While I was on that server, I needed to make a VPN connection back to our corporate network. Unfortunately, after I installed the Cisco AnyConnect client, and I tried to make the connection, I was greeted with the following error:
VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established.
Vpn Establishment Capability From A Remote Desktop Is Disabled Anyconnect 4.5
Vpn Establishment Capability From A Remote Desktop Is Disabled Working
I did a lot of research, and found out that in order to allow this, you need to first setup a Client Profile on the Cisco ASA. Here are the steps I went thru to get this completed.
Vpn Establishment Capability From A Remote Desktop Is Disabled Known
- Launch the Cisco ASDM
- Click on Configuration.
- Expand “Network (Client) Access”
- Click on “AnyConnect Client Profile”
- Since, I did not have any existing profiles, I clicked the Add button.
- Pick a name for the Profile.
- Select the Group Policy that this profile will apply to, and click OK
- Before editing the profile, click on the Apply button to generate the XML file.
- Under “Preferences (Part 1)” go to “Windows VPN Establishment” and select AllowRemoteUsers from the drop down, and then click OK.
- Click on the Apply button to update the XML file.
- You should now be able to test connecting to your network from within a Remote Desktop session.
- Assuming everything works as expected, I recommend hitting the Save button to write your configuration to memory.