When using Cisco Anyconnect Secure Mobility Client for establishing VPN connections, one might see such frustrating error message:
AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.
or this one:
Choose Configuration Remote Access VPN AAA/Local Users Local Users. Select the user you want to configure and click Edit. In the left-hand pane, click VPN Policy. Specify the number of simultaneous logins by the user as 0 (zero). Feb 02, 2018 Moving forward, this new Cisco AnyConnect version will be the only one to contain all enhancements and bug fixes. It will be the numbered 4.0.07x+. Cisco Legacy AnyConnect. Legacy AnyConnect is the version supporting Apple iOS 6.0 and later that has been available on the app store for some time now.
VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.
Cisco’s documentation mention these limitations are specified in a profile XML file which is downloaded from the VPN server during the connection establishment.
Using SysInternal’s Process Monitor, it is possible to detect that this file is downloaded to the following path:
%programdata%CiscoCisco AnyConnect Secure Mobility ClientProfile[some name].xml
It turns out the file is downloaded by the Anyconnect Secure Mobility Client (vpngui.exe) and then analyzed. In order to bypass the restrictions imposed in the file, it is enough to use a simple application that monitors changes to that specific file and immediately replaces it with another file (where the restrictions are not present). Mario multiverse 5 0 download.
The two restrictions related to the error messages above are specified in the following nodes of the file:
<WindowsLogonEnforcement>SingleLocalLogon</WindowsLogonEnforcement>
<WindowsVPNEstablishment>LocalUsersOnly</WindowsVPNEstablishment>
A copy of the current profile XML file could be made where the nodes above are commented out. Then the aforementioned application will overwrite the downloaded XML file with the “custom” version. A sample source code for such application follows (C#):
Note: it might be necessary to run the application with elevated privileges.
Solved: Cisco AnyConnect 'Session Ended' error
Cisco Anyconnect Remote User Disabled Mode
This was kicking my butt today, but turns out that it had an easy work around.
I learned a long-time ago that if you’re running Hyper-V on your Device, you should not install a VPN client on the host, but rather should be doing this within child VMs. The reason for this is that sometimes the drivers associated with a VPN adapter don’t play nicely with a hypervisor, and can often result in a blue screen error when they attempt to make changes to the virtual adapters displayed to the parent partition.
So, I made a Windows 10 VM to run my VPN client…however, I was getting errors of ‘Session Ended’, along with tons of murky stuff in my Event Viewer, related to missing devices, etc. It looked pretty scary.
As it turns out this is a simple resolution.
Symptom
A VPN connection is immediately dropped when connecting on a Windows 8 or higher VM
Validation
Launch AnyConnect and click the cog icon, then click the Mesage History tab.
Look for an error of “VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established”.
Cause
What Is Cisco Anyconnect
When connecting to Windows 8.1 and newer child OSes in Hyper-V, Virtual Machine Connection will actually attempt to connect via RDP, rather than through the secured backchannel that VMC normally offers. This will appear as an RDP session on the remote machine, and AnyConnect is often configured to prohibit this behavior.
Cisco Anyconnect Remote User Disabled Mac
Resolution
Cisco Anyconnect Remote User Disabled Account
While connecting to the VPN, use basic connection instead of ‘Enhanced Session’ You can use this button here to toggle between the two, and it’s okay to jump back into enhanced session after the VPN connection in completed.