- Vpn Establishment Capability From A Remote Desktop Is Disabled Known
- Cisco Anyconnect 4.6 Vpn Establishment Capability From A Remote Desktop Is Disabled
- Cisco Anyconnect Error Vpn Establishment Capability From A Remote Desktop Is Disabled
I ran into a problem recently while I was using remote desktop on one of my servers hosted up on Azure. While I was on that server, I needed to make a VPN connection back to our corporate network. Unfortunately, after I installed the Cisco AnyConnect client, and I tried to make the connection, I was greeted with the following error:
VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established.
I did a lot of research, and found out that in order to allow this, you need to first setup a Client Profile on the Cisco ASA. Here are the steps I went thru to get this completed.
- Launch the Cisco ASDM
- Click on Configuration.
- Expand “Network (Client) Access”
- Click on “AnyConnect Client Profile”
- Since, I did not have any existing profiles, I clicked the Add button.
- Pick a name for the Profile.
- Select the Group Policy that this profile will apply to, and click OK
- Before editing the profile, click on the Apply button to generate the XML file.
- Under “Preferences (Part 1)” go to “Windows VPN Establishment” and select AllowRemoteUsers from the drop down, and then click OK.
- Click on the Apply button to update the XML file.
- You should now be able to test connecting to your network from within a Remote Desktop session.
- Assuming everything works as expected, I recommend hitting the Save button to write your configuration to memory.
Cisco AnyConnect - VPN Establishment Capability from a Remote Desktop is Disabled ryan I ran into this issue this morning when attempting to setup a VPN on a Hyper-V virtual machine. VPN Establishment capability from a Remote Desktop is disabled. A VPN Connection will not be established. Solution: By default, VPN establishment capability is disabled once you remote into a remote desktop session. To enable Cisco Anyconnect VPN through a remote desktop you must first create an Anyconnect Client Profile. VPN establishment capability from a remote desktop is disabled - Hyper-V I have a virtual machine created on Hyper-V in windows 8, I noticed that when I connect to the machine using the remote desktop connection I can't establish a VPN connection using Cisco AnyConnect and I receive this error: 'VPN establishment capability from a remote desktop is disabled'. VPN establishment capability from a remote desktop is disabled - Hyper-V I have a virtual machine created on Hyper-V in windows 8, I noticed that when I connect to the machine using the remote desktop connection I can't establish a VPN connection using Cisco AnyConnect and I receive this error: 'VPN establishment capability from a remote desktop is disabled'. “VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.” The workaround is very simple. If you run the virtual machine in Window mode and not full screen you will see this little icon: This icon is for switching between enhanced session and basic session. If you switch to basic session.
When using Cisco Anyconnect Secure Mobility Client for establishing VPN connections, one might see such frustrating error message:
AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.
or this one:
VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.
Cisco’s documentation mention these limitations are specified in a profile XML file which is downloaded from the VPN server during the connection establishment.
Vpn Establishment Capability From A Remote Desktop Is Disabled Known
Using SysInternal’s Process Monitor, it is possible to detect that this file is downloaded to the following path:
%programdata%CiscoCisco AnyConnect Secure Mobility ClientProfile[some name].xml
It turns out the file is downloaded by the Anyconnect Secure Mobility Client (vpngui.exe) and then analyzed. In order to bypass the restrictions imposed in the file, it is enough to use a simple application that monitors changes to that specific file and immediately replaces it with another file (where the restrictions are not present).
The two restrictions related to the error messages above are specified in the following nodes of the file:
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
Cisco Anyconnect 4.6 Vpn Establishment Capability From A Remote Desktop Is Disabled
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
A copy of the current profile XML file could be made where the nodes above are commented out. Then the aforementioned application will overwrite the downloaded XML file with the “custom” version. A sample source code for such application follows (C#):
Cisco Anyconnect Error Vpn Establishment Capability From A Remote Desktop Is Disabled
Note: it might be necessary to run the application with elevated privileges.