I need to run Cisco AnnyConnect from a VM in a data center. When I run it I get this message:
Vpn establishment capability from a remote desktop is disabled
Can this be turned off? I saw some posts about it, but required downloading Cisco software with an account, which I do not have. The VPN software is from a client I work for.
Daniel WilliamsDaniel Williams
5 Answers
It really depends on the version you are using, but nowadays this is done by creating an
AnyConnect Client Profile
on the ASA itself.Nov 20, 2015 - Look for an error of “VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established”. Preferred way to reach the VM is RDP but Anyconnect won't permit the.
By default the policy will be set to
LocalUsersOnly
and you need to change it to AllowRemoteUsers
.You'll need access to the ASA though (ASDM) in order to do this.
The steps would be:
- Log into the ASDM
- Go to Configuration, Remote Access VPN, Anyconnect Client Profile
- Click Add and create a new profile and choose the Group Policy it should apply to
- Click OK, and then at the Profile screen click 'Apply' at the bottom (important)
- Now edit the profile, and you should see under the Preferences, Windows VPN Establishment you can select 'AllowRemoteUsers' and hit OK
- Apply once more and then save/writemem
- That's it, RDP and try again
If you don't have access to the ASA, the best I can suggest is to use a different type of remote connection like VNC or Teamviewer as they will allow you to use the VPN.
TheCleanerTheCleaner28.4k23 gold badges111 silver badges183 bronze badges
I've found a workaround for this problem when there is no access to VPN server settings:
- set up Teamviewer
- disconnect RDP
- connect via Teamviewer
- connect to VPN in remote session
- disconnect Teamviewer
- connect via RDP
- continue working as used to
VadzimVadzim
I found a solution to make it work. My work laptop need to be connected to a vpn with cisco any connect . And I wanted to connect to my work laptop using remote desktop to have a better experience with my home PC mouse and keyboard and a bigger screen.
I had this error after the VPN was connecting: Vpn establishment capability from a remote desktop is disabled.
Start the VPN on the laptop first then use RDP
I could solve this issue by starting the VPN connection on my laptop first. Once the connection is established, I logged on with remote desktop on my laptod and its working!
Hope this helps
codeacodea
Connect to your computer via RDP.Create connect.dat file as following, finishing it with extra empty line (must-have requirement, sic!):
Then create connect.cmd file as following
Correct the path to vpncli.exe if necessary. Then terminate VPN UI process (it shouldn't be loaded into memory) and start our CMD file as a local admin.
If you don't mind, full note is here http://windowsasusual.blogspot.ru/2016/10/cisco-anyconnect-vpn-and-remote-desktop.html
Yury SchkatulaYury Schkatula
The fix for this issue is start the VPN session using the 'Basic mode' (disabling the 'Enhanced session' option). It worked for me. Look this post:
Esteban ViverosEsteban Viveros
Not the answer you're looking for? Browse other questions tagged windows-7ciscoremote-desktoprdpanyconnect or ask your own question.
Nov 14, 2012I have Any Connect (ver 3.1.01065) configured on Cisco router 891. VPN is working fine from the desktop, but I also need the ability to establish a VPN connection through a RDP connection (i.e. I'm using RDP to connect to a PC which has AnyConnect installed on, then trying to establish a VPN connection). OS Windows 7 SP1 x86.I've read about changing some settings in profile file (changed the <WindowsVPNEstablishment> option to 'AllowRemoteUsers'. Then applied the profile to the relevant Group Policy. Connected VPN from the PC (not through RDP), so that it downloads the new profile, and then disconnected again.): url...
But this make sense to the cisco asa... I have a cisco router on the ios 15.1. I've checked the XML file on the local PC to confirm the profile has been downloaded and is has, and I can't see the AllowRemoteUsers option.So I still can't start VPN through an RDP connection. (Error is 'VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established'.)This also happened with the previous version of AnyConnect (2.5.xxxx).The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.In the main window of Cisco anyconnect secure mobility client Ive noticed label: Web Authentication required.
But this make sense to the cisco asa... I have a cisco router on the ios 15.1. I've checked the XML file on the local PC to confirm the profile has been downloaded and is has, and I can't see the AllowRemoteUsers option.So I still can't start VPN through an RDP connection. (Error is 'VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established'.)This also happened with the previous version of AnyConnect (2.5.xxxx).The PC's local routing tables look fine, and I can't see any conflicts that would cause the RDP session to drop.In the main window of Cisco anyconnect secure mobility client Ive noticed label: Web Authentication required.