Mar 11 2021 12:43 PM - edited Mar 11 2021 12:44 PM
Hello,
I'm trying to disconnect a user from a RRAS VPN Server with the below PowerShell command:
disconnect-vpnuser -username domain\username
However, I get the below error when the command is run. The user is definitely connected to the VPN. Has anyone got a remedy for the below error when running disconnect-vpnuser:
disconnect-vpnuser : User domain\username cannot be disconnected.
At line:1 char:1
+ disconnect-vpnuser -UserName domain\username
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (domain\username:root/Microsoft/...ces
s/PS_VpnUser) [Disconnect-VpnUser], CimException
+ FullyQualifiedErrorId : REMOTEACCESS 200,Disconnect-VpnUser
Mar 11 2021 09:35 PM
Mar 12 2021 08:38 AM
Thanks for the reply. When I run the commands you suggested here is what I get:
$error.categoryinfo
Category : NotSpecified
Activity : Disconnect-VpnUser
Reason : CimException
TargetName : thrws
TargetType : root/Microsoft/Windows/RemoteAccess/PS_VpnUser
$error.exception
User thrws cannot be disconnected.
I'm using Windows Server 2012R2 and yes I can disconnect them from the RRAS Console. There are no errors in the Event Viewer for Powershell. Any help would be greatly appreciated.
Mar 12 2021 09:21 AM
Mar 13 2021 09:30 PM - edited Mar 13 2021 09:32 PM
PowerShell will use some CIM classes to do this task, lets try it and run the following command in the RRAS Server itself
$xArg=@{
ComputerName =$null
PassThru = $null
UserName = @('DOMAIN\TheUserName')
}
Invoke-CimMethod -ClassName PS_VpnUser -Namespace "Root\Microsoft\Windows\RemoteAccess" -MethodName "DisconnectByUserName" -Arguments $xArg
Btw, are you using Microsoft Direct Access or its just an RRAS
Let me know if the command above disconnects the user.
in the background, this is what PowerShell should be calling.
Mar 14 2021 07:09 PM - edited Mar 14 2021 08:23 PM
Thanks for the reply again. When I run the script that you provided I get the below error. Similar to what I get in running disconnect-vpnuser. I am using just VPN without Direct Access. The sad thing is I have used disconnect-vpnuser on this server before. I'm using a standard phonebook entry for the user to connect via SSTP to the VPN. I have rebuilt WMI, disabled RRAS and reinstalled with the default settings. I have even built a new server that even gives the same error. At this point I'm looking into Group Policy settings to see if something is causing this error.
Invoke-CimMethod : User domain\user cannot be disconnected.
At line:6 char:1
+ Invoke-CimMethod -ClassName PS_VpnUser -Namespace "Root\Microsoft\Windows\Remote ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (domain\user:) [Invoke-CimMethod], CimException
+ FullyQualifiedErrorId : REMOTEACCESS 200,Microsoft.Management.Infrastructure.CimCmdlets.InvokeCimMetho
dCommand
PSComputerName
--------------
Mar 14 2021 10:46 PM
Mar 14 2021 11:43 PM - edited Mar 14 2021 11:44 PM
No updates have been installed since 2017. The command was working prior to some firewall rule changes and enabling Certificate Enrollment.
I'm currently building a new RRAS using only the Windows 2012 R2 ISO.
Mar 15 2021 03:28 AM
Mar 15 2021 05:54 AM