Cisco Support Community
Community Member

VPN Establishement Capability from a Remote Desktop is disabled

Hi All,

I am using VPN secure mobile connect (anyconnect-win-3.0.5080-web-deploy-k9 ) to access the SQL server DB of the client machine.

While  I connect the VPN from my local system, VPN connection is established  successfully. thereby I am able to access the Client machine SQL server  DB as well.

While I connect the VPN using RDC machine, VPN connection is not established successfully. I am getting the following error,

"VPN Capability form a Remote Desktop is disabled. VPN connection will not be established".

If anyone came across the above error and found the solution.Please help me to establish the VPN connection from RDC machine.

Please find the attached screen shots for the errors and let me know if any additional details needed.



VIP Purple

Re: VPN Establishement Capability from a Remote Desktop is disab

The admin ot the ASA to which you connect has to deploy an AnyConnect-Profile with the proper settings to allow sessions from Remote-Desktop-sessions. That is disabled by default.

Sent from Cisco Technical Support iPad App

Community Member

Re: VPN Establishement Capability from a Remote Desktop is disab

Thanks for your reply karsten,

As I explored to resolve this issue I came to know about the following  items,

  1. By default VPN connection for RDC will be disabled.
  2. The settings should be changed in VPN to establish the VPN connection from  the RDC machine.

I found the following solutions for that,

Solution 1: Change the settings in the AnyConnectProfile.tmpl configuration  file.

  • In the following configuration file AnyConnectProfile.tmpl  (c:/ProgramData/Cisco/Cisco AnyConnect Secure Mobility Client/Profile), change  the WindowsVPNEstablishment node value to “AllowRemoteUsers” instead of  “LocalUsersOnly”.  But I don’t find this file in this path after the Cisco  installation. But I found the configuration file named Scripts.xml which  contains the settings as I mentioned above.
  • I done the above mentioned changes and tried to establish the VPN  connection. After I attempted to connect the VPN, it throws the same message and  the configuration which I changed from “LocalUsersOnly” to “AllowRemoteUsers” is  revoked.
  • I got the above solution from the following URL (

Solution 2: Any connect client profile needs to be created using  ASDM.

I attempted to download the ASDM for the any connect. I am getting the  following message. since It needs valid service account contract to  download.


I got the solution from the following URL

Please help me to resolve this issue and connect the VPN from the staging  server machine using RDC.

Please let me know if you need any additional details on this.



CreatePlease to create content