Too many local users
One of our Surface Pro users was unable to connect to our Vpn with his Cisco Anyconnect (3.1.10010) client.The message was clear: He was not alone on his machine and blocking such a machine makes sense (e.g. in a terminal server environment).
The message in the ASA's log was:
Group <XXXX> User <XXXX> IP <XXX.XXX.XXX.XXX> SVC Message: 16/ERROR: Profile settings require a single local user but multiple local users are logged in..
The error message on the client was:
AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.
The task manager's "Users" tab did not show any additional users on his machine.
But there was one additional session visible in the command shell:
C:\Users\YYY>query
session
SITZUNGSNAME BENUTZERNAME ID STATUS TYP GERÄT
services 0 Getr.
1 Inakt.
>console YYYY 4 Aktiv
rdp-tcp 65536 Abhör.
C:\Users\YYY>
Power of the shell!
The inactive "Session 1" should not be there.
To find out more about it, we need PowerShell:
PS
C:\Users\YYY> Get-Process | Where SessionId -eq 1
Handles
NPM(K) PM(K) WS(K)
VM(M) CPU(s) Id SI ProcessName
-------
------ ----- -----
----- ------ -- -- -----------
372 10
1544 10456
...00
5312 1 csrss
314 46
13420 4288 193
3,63 9208 1 PccNTMon
Virus scanner troubles...
The user could not kill any of there processes in the task manager. But PccNTMon is part of Trend Micro' Office scan.
So we disabled that. The processes and both the processes and the session disappeared.
Anyconnect then connected without problems. - Ok as a one-time workaround, but not acceptable as a permanent solution.
In PowerShell, if logoff [SessionID] doesn't work, the Stop-Computer command worked for me
ReplyDelete