FIX: VPN establishment from a remote desktop is disabled

Elena Constantinescu
by Elena Constantinescu
VPN Expert & Privacy Advocate
Affiliate Disclosure
Share this article:

  • The "VPN establishment capability from a remote desktop is disabled" error message prevents you from remotely connecting to the workplace using Cisco VPN.
  • Use AnyConnect Profile Editor to fix this error, which is built into the ASDM. Discover the exact steps to enable VPN establishment capability on Remote Desktop.
  • Head over to our Cisco section to check out more awesome how-to guides.
  • Visit our VPN Troubleshooting Hub to fix other VPN errors easily.
fix VPN establishment capability from a remote desktop is disabled

If you try to create a VPN connection using Cisco VPN, you might get the VPN establishment from a remote desktop is disabled error message on your screen. However, you can quickly and easily fix it by following our set of instructions below.

Those who use early versions of AnyConnect 4 might not see this error. Instead, Cisco connects and then immediately disconnects, which should be a sign that something’s wrong.

testing VPN
How we choose a VPN for you

Our team tests various VPN brands and we recommend them to our users by:

  1. Server park: over 20 000 servers around the world, high speeds and key-locations
  2. Privacy care: a lot of VPNs keep many user logs, so we scan for those that do not
  3. Fair prices: we choose the best affordable offers and always hunt for the best deals.

TOP RECOMMENDED VPN


BEST BANG FOR THE BUCK


Disclosure: WindowsReport.com is reader supported.
Read our affiliate disclosure.

Plus, if you have debugging mode activated, you might receive the Profile settings do not allow VPN initiation from a remote desktop message.

That’s why it’s important to update Cisco AnyConnect Secure Mobility Client to the latest version before proceeding with the following steps.

How do I enable VPN establishment capability on Remote Desktop?

5 Best VPNs we recommend

PIA VPN 79% Off
+ 2 free Months
sale-coupon Check offer!
CyberGhost VPN 83% Off (2.25$/Month)
+ 3 free Months
Check offer!
NordVPN 68% Off + 1, 12 or 24 free Months (random prize) Check offer!
SurfShark VPN 83% Off (2.21$/Month)
+ 3 free Months
Check offer!
BullGuard VPN 76% (2.83$)
on 2 Years plan
Check offer!

enable Cisco Windows VPN Establishment

  1. Connect to the ADSM (Cisco Adaptive Security Device Manager).
  2. Go to Configuration > Remote Access VPN > Network Client remote Access > AnyConnect Client Profile.
  3. Set a Profile Name and pick a Group Policy to apply it to.
  4. Click OK.
  5. Set Windows Logon Enforcement to SingleLocalLogon.
  6. Set Windows VPN Establishment to LocalUsersOnly*.
  7. Save the profile as an XML.
  8. Connect to the firewall’s ASDM.
  9. Go to Tools > File Management > File Transfer > Between Local PC and Flash.
  10. Select and upload the XML you previously created.
  11. Once the file is uploaded, click Close.
  12. Go to Configuration > Remote Access VPN > Network (Client) Access > Group Policies.
  13. Select your Group Policy for your AnyConnect clients.
  14. Head over to Edit > Advanced > SSL VPN Client.
  15. Find the Client Profile to Download section and uncheck the Inherit button.
  16. Click New > Browser Flash and locate the XML file.
  17. Save all settings and try to reconnect using AnyConnect Mobility Client.

*You can also use AllowRemoteUsers if the solution doesn’t work for LocalUsersOnly.

If you can’t access the VPN server settings, use a remote desktop solution like TeamViewer instead of RDP. Disconnect from the RDP, connect with TeamViewer and then to the VPN in remote session mode, disconnect from TeamViewer, and connect using RDP.

In conclusion, if you receive the VPN establishment capability from a remote desktop is disabled error message when trying to remotely connect to your office using Cisco VPN in RDP mode, just follow the steps above.