Vpn Establishment Capability From A Remote Desktop Is Disabled

VPN Establishment capability from a Remote Desktop is disabled To get this to work you'll probably want the latest Any Connect client, and you'll need to modify the Any Connect Profile.tmpl file. The file can be found on your machine (once the client is installed). Cisco AnyConnect - VPN Establishment Capability from a Remote Desktop is Disabled ryan I ran into this issue this morning when attempting to setup a VPN on a Hyper-V virtual machine.

When using Cisco Anyconnect Secure Mobility Client for establishing VPN connections, one might see such frustrating error message:

AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.

  • “VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.” The workaround is very simple. If you run the virtual machine in Window mode and not full screen you will see this little icon: This icon is for switching between enhanced session and basic session. If you switch to basic session.
  • You must allow remote desktop on where your pc you need to remote it and add user too. Method: Right click on my computer choose tab remote check allow to remote and add user for remote too.

or this one:

VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.

Cisco’s documentation mention these limitations are specified in a profile XML file which is downloaded from the VPN server during the connection establishment.

Using SysInternal’s Process Monitor, it is possible to detect that this file is downloaded to the following path:

%programdata%CiscoCisco AnyConnect Secure Mobility ClientProfile[some name].xml

Capability

It turns out the file is downloaded by the Anyconnect Secure Mobility Client (vpngui.exe) and then analyzed. In order to bypass the restrictions imposed in the file, it is enough to use a simple application that monitors changes to that specific file and immediately replaces it with another file (where the restrictions are not present).

The two restrictions related to the error messages above are specified in the following nodes of the file:

<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>

<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>

A copy of the current profile XML file could be made where the nodes above are commented out. Then the aforementioned application will overwrite the downloaded XML file with the “custom” version. A sample source code for such application follows (C#):

Note: it might be necessary to run the application with elevated privileges.

If you are trying to to use Cisco AnyConnect through a Windows Virtual PC and receiving the following message

DisabledVpn establishment capability from a remote desktop is disabled accessibleAnyconnect

VPN establishment capability from remote desktop is disabled. A VPN connection will not be established.

Vpn Establishment Capability From A Remote Desktop Is Disabled Windows 10

This is what I did to get it functional.

Go to your virtual machines and edit the Settings.

Remote
  • Under Networking, ensure that you are using Share Networking (NAT)
  • Under Integration Features, ensure that Enable at startup is NOT checked

Now, if you launch your virtual machine Cisco AnyConnect should connect (at least it did for me).

Vpn Establishment Capability From A Remote Desktop Is Disabled

That said, having to disable the Integration Features in this manner, to me, is a serious PITA! You can’t even copy/pastes or utilize your main PC’s hard drive to access files… I don’t know the underlying issues, but this to me is a MAJOR problem.