I use Cisco AnyConnect on my Windows 7 computer to make VPN connections. It also has capability to connect to WiFi. But I always had problems in connecting toWiFi with AnyConnect. Connection drops frequently and it keeps saying ‘Acquiring IP address‘.
- I need to run Cisco AnnyConnect from a VM in a data center. When I run it I get this message: Vpn establishment capability from a remote desktop is disabled Can this be turned off?
- When executing the enable script from a previously disabled state, the username may not be reported by AnyConnect. Restarting the Umbrella Roaming Security Agent (ACUMBRELLAGENT) service or a reboot will remedy this. This issue should be resolved by AnyConnect 4.9. Upgrading or re-installing AnyConnect will re-enable SWG Agent.
- Fix 10 common Cisco VPN problems by Scott Lowe MCSE in Networking on November 7, 2005, 12:00 AM PST If you use Cisco to power your VPN solution, you know it's not without problems.
Apr 29, 2015 If you are trying to to use Cisco AnyConnect through a Windows Virtual PC and receiving the following message. VPN establishment capability from remote desktop is disabled. A VPN connection will not be established. This is what I did to get it functional. Go to your virtual machines and edit the Settings. Solved: Hi, When users are trying to get connected to VPN from Remote machines. They are getting below Err. Some one could help me in fixing this issue by command line. " VPN Establishment capability from a Remote Desktop is disabled.
AnyConnect installs a service called ‘Network Access Manager‘ which seems like takes over the native Windows WiFi connecting client. So when I click on the network icon in the System tray it says ‘No connections are available'(See below snapshot). Without AnyConnect, it always displays the WiFi connections available.
If you are facing the problem then you can try the following solution that worked for me.
Cisco Anyconnect Disabled Download
- Open Services management console by running Services.msc from Run
- Find the service ‘Cisco AnyConnect Network Access Manager‘.
- Right click and stop the service.
- Now Cisco AnyConnect will say ‘NAM service unavailable‘
- Now Windows will use the native WiFi client to connect to the WiFi
- When you reboot your system, the NAM service will start and may cause problem again. You can disable this service in Services management console to prevent that.
AnyConnect has settings to disable the NAM feature. But that did not work for me. Even after disabling NAM service, I could not connect to WiFi. Windows network icon shows the WiFi connection but gives the error ‘Windows was not able to connect to…‘. I followed the below steps to do this.
- Opened Anyconnect window and click on Advanced.
- Clicked on ‘Networks’ tab in the left side pane.
- Clicked on Configuration tab. Changed the NAM to disabled as shown below.
Cisco Anyconnect Disable Auto Update
I typically use VMs when connecting to customer environments. I do this so that the machine has nothing installed, is on a different network from my home network (I have a special network for secure guests), and also so that I can run my VPN client on it without effecting my other operations.
The Problem
I use Hyper-V to host these guests and the other day I was unable to connect to the client’s VPN after the guest had rebooted. I looked at the log and was seeing this
The interesting line there is this: “VPN establishment capability from a remote desktop is disabled. A VPN connection will not be established.”
This is a policy that can be enabled by most VPN providers which blocks VPN connections originating from endpoints who have an RDP session established to them. I thought maybe this customer had all of the sudden changed this policy, but I did think it was weird that it happened immediately after a reboot.
So I tried connecting to another client and got the same message. I started thinking of other potential changes that I made and then I remembered: I recently started using enhanced sessions with Hyper-V .
I reconnected to the VM just by opening the console without it being an enhanced session, and sure enough it worked. So what gives?
The Problem
I use enhanced sessions primarily so that I can control the window size (if I am running Anyconnect, I likely can’t RDP into the guest).
Enhanced sessions give you many features of an RDP session without it actually being an RDP session. You can get more details here.
The problem is that whatever mechanism the Anyconnect client uses to detect whether there is an RDP session connected to the endpoint running Anyconnect, detects enhanced sessions as actual RDP sessions.
The Solution
Fortunately there is a very easy workaround. Open a normal console session to the guest (View and then uncheck “Enhanced session”).
Then start Anyconnect to make the VPN connection. Once the connection established, go to ‘View’ again and check ‘Enhanced session’. This will reconnect to the guest without dropping the VPN connection. This works because the RDP check by the Anyconnect client is only done during the initial connection.
Just a quick disclaimer: since this is somewhat of a workaround to a policy, I would check with the security folks and/or clients to make sure they are OK with you doing this.