cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
28175
Views
15
Helpful
6
Replies
David Morgan
Beginner

Since installing AnyConnect, cannot switch users "Only one user session allowed"

Hello

 

- Windows 7 Ultimate 64bit, all updates applied.

- Cisco AnyConnect Secure Mobility Client version 3.1.0809

 

Since installing the above Cisco product I can no longer switch users on my Windows 7 PC.  When attempting to do so I get a message saying Logon Denied - only one user session is allowed.

Can someone please advise how I can use this Cisco product and enjoy the user-switching capabilities of Windows.

Thank you

 

P.S. This has nothing to do with disabling of fast user switching, the enabling of which is well documented online.

6 REPLIES 6
Kipyts2015
Beginner

Same problems here

 

- Windows 7 Pro 64bit, all updates applied.

- Cisco AnyConnect Secure Mobility Client version 3.1.05178

 

Can anyone at Cisco please help since most of our users use this user-switching capabilities of Windows.  Thanks

Do you have NAM module installed on the PC?

Also "AnyConnect is not compatible with fast user switching."

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac03vpn.html#pgfId-1524170

Microsoft Windows allows multiple users to be logged on concurrently, but AnyConnect Network Access Manager restricts network authentication to a single user. AnyConnect Network Access Manager can only be active for one user per desktop/server, regardless of how many users are logged on.

For configuring multiple sign-on it is required to change the registry key in Windows.

 

Just in case anyone was wondering what the registry fix is and where to find it.

 

Single Sign On “Single User” Enforcement

Microsoft Windows allows multiple users to be logged on concurrently, but Cisco AnyConnect Network Access Manager restricts network authentication to a single user. AnyConnect Network Access Manager can be active for one user per desktop or server, regardless of how many users are logged on. Single user login enforcement implies that only one user can be logged in to the system at any one time and that administrators cannot force the currently logged-in user to log off.

When the Network Access Manager client module is installed on Windows desktops, the default behavior is to enforce single user logon. When installed on servers, the default behavior is to relax the single user login enforcement. In either case, you can modify or add a registry to change the default behavior.

Restrictions

  • Windows administrators are restricted from forcing currently logged-on users to log off.

     

  • RDP to a connected workstation is supported for the same user.

     

  • To be considered the same user, credentials must be in the same format. For example, user/example is not the same as user@example.com.

     

  • Smart-card users must also have the same PIN to be considered the same user.

     

Configure Single Sign-On Single User Enforcement

To change how a Windows workstation or server handles multiple users, change the value of EnforceSingleLogon in the registry.

On Windows, the registry key is EnforceSingleLogon and is in the same registry location as the OverlayIcon key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{B12744B8-5BB7-463a-B85E-BB7627E73002}

To configure single or multiple user logon, add a DWORD named EnforceSingleLogon, and give it a value of 1 or 0.

For Windows:

  • 1 restricts logon to a single user.

     

  • 0 allows multiple users to be logged on.

 

https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect41/administration/guide/b_AnyConnect_Administrator_Guide_4-1/configure_nam.html

 

 

How can i logon to change the registry key?

 

jlouro
Beginner

try this registry key
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM
HideFastUserSwitching DWORD should be set to 0
Sung Paek
Beginner

same here

Create
Recognize Your Peers
Content for Community-Ad