Too many local usersOne of our Surface Pro users was unable to connect to our Vpn with his Cisco Anyconnect (3.1.10010) client.
The message was clear: He was not alone on his machine and blocking such a machine makes sense (e.g. in a terminal server environment).
The message in the ASA's log was:
Group <XXXX> User <XXXX> IP <XXX.XXX.XXX.XXX> SVC Message: 16/ERROR: Profile settings require a single local user but multiple local users are logged in..
The error message on the client was:
AnyConnect profile settings mandate a single local user, but multiple local users are currently logged into your computer. A VPN connection will not be established.
The task manager's "Users" tab did not show any additional users on his machine.
But there was one additional session visible in the command shell:
SITZUNGSNAME BENUTZERNAME ID STATUS TYP GERÄT
services 0 Getr.
>console YYYY 4 Aktiv
rdp-tcp 65536 Abhör.
Power of the shell!
The inactive "Session 1" should not be there.
To find out more about it, we need PowerShell:
PS C:\Users\YYY> Get-Process | Where SessionId -eq 1
Handles NPM(K) PM(K) WS(K) VM(M) CPU(s) Id SI ProcessName
------- ------ ----- ----- ----- ------ -- -- -----------
372 10 1544 10456 ...00 5312 1 csrss
314 46 13420 4288 193 3,63 9208 1 PccNTMon
Virus scanner troubles...
The user could not kill any of there processes in the task manager. But PccNTMon is part of Trend Micro' Office scan.
So we disabled that. The processes and both the processes and the session disappeared.
Anyconnect then connected without problems. - Ok as a one-time workaround, but not acceptable as a permanent solution.