Fixing Cisco VPN AnyConnect “Multiple Local users are currently logged into your computer”

Since I’ve rebuilt my home testlab as a Server 2012 R2 box, I’ve been unable to connect to my companies VPN, which has caused me a world of…well, minor inconveniences. This will not do!

The message I would get upon connection was:

AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer.  A VPN connection will not be established.
AnyConnect was not able to establish a connection to the specified secure gateway. Please try connecting again.

I was befuddled, as I was clearly the only logged on user (or so I thought).  After digging in deeply, I noticed in my Get-Process list that in addition to Session 0 (Kernel.Services) and my own home Session 1, there was an interloper!   I determined this by launching PowerShell and checking for open sessions. I used Get-Process | Select SessionID -Unique

I didn’t take a screen shot at the time, but the output was this, with one extra entry, a Session 2.

vpn0
Imagination time, envision a very guilty and yet innocuous looking Session # 2 listed here.

I then launched “query session” (or qwinsta, as it is commonly refered to for some reason, probably an old OS2 joke), and noted the below!

vpn1
SMOKING GUN! Actually, pretend there Is a session 2 listed here.

The problem was that I’m running Hyper-V (not the issue) with Remote Desktop Services Virtualization Host (the problem) enabled as well

What happens when you enable Virtualization host is that the Remote Desktop Session Host service launches as Session 2 and above, so you’d have

Session 0 – Services,

Session 1 – Console/User,

Session 2 – RDSH.

It doesn’t run many process or anything very incriminating other than an instance of CSRSS and some other base services, but that alone running will register as an additional Session, which is enough to give sadness to the VPN Client.  You can see what processes are run by the Session if you’d like using the following command:   Get-Process | Where SessionId -eq '$Interloper_id_from_above'

I ended up fixing it by using Remove-WindowsFeature PowerShell commandlette to remove the Remote Desktop Services roles, as Add Windows Features in Server Manager will not allow you to remove certain RSDH roles. The command to remove it was:

Remove-WindowsFeature Remote-Desktop-Services, RDS-Virtualization

The issue impacted Cisco VPN AnyConnect versions 2.4x, 2.5x and 3.1.01065.

Advertisements

6 thoughts on “Fixing Cisco VPN AnyConnect “Multiple Local users are currently logged into your computer”

  1. martin June 16, 2014 / 2:20 pm

    you sir, are a gentleman and a scholar

    • Twixxino September 2, 2015 / 5:04 pm

      Thank you very much! Works like a charm. Very well explained

      • FoxDeploy September 4, 2015 / 1:14 pm

        Yep, use the period character for the folder path

  2. twisterino September 2, 2015 / 5:07 pm

    Thanks you very much! Works like a charm. Very well explained

  3. Manny July 27, 2016 / 11:24 pm

    This is happening to me in Windows 10, but I cannot seem to work with the scripts provided. Any ideas?

    • FoxDeploy July 28, 2016 / 6:18 am

      Try to make it a manual start service. I’ve had to do this as well. Then start the service when you need to VPN

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s