disconnect-vpnuser error. (Powershell, RRAS)

Copper Contributor

Hello,

 

I'm trying to disconnect a user from a RRAS VPN Server with the below PowerShell command:

 

disconnect-vpnuser -username domain\username

 

However, I get the below error when the command is run.  The user is definitely connected to the VPN.  Has anyone got a remedy for the below error when running disconnect-vpnuser:

 

disconnect-vpnuser : User domain\username cannot be disconnected.
At line:1 char:1
+ disconnect-vpnuser -UserName domain\username
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (domain\username:root/Microsoft/...ces
s/PS_VpnUser) [Disconnect-VpnUser], CimException
+ FullyQualifiedErrorId : REMOTEACCESS 200,Disconnect-VpnUser

9 Replies
Which Windows version are you using.
Type the following commands after you get the failure.

$error.CategoryInfo
$error.Exception

If you used the GUI, are able to disconnect the user
Also when you can the error from Windows PowerShell, did you check Windows Event Log \ PowerShell

@farismalaeb 

 

Thanks for the reply.  When I run the commands you suggested here is what I get:

 

$error.categoryinfo
Category : NotSpecified
Activity : Disconnect-VpnUser
Reason : CimException
TargetName : thrws
TargetType : root/Microsoft/Windows/RemoteAccess/PS_VpnUser

 

$error.exception
User thrws cannot be disconnected.

 

I'm using Windows Server 2012R2 and yes I can disconnect them from the RRAS Console.  There are no errors in the Event Viewer for Powershell.  Any help would be greatly appreciated.

Today I installed Universal C Runtime and also installed PowerShell 7.1.3 and I still get the same errors.

PowerShell will use some CIM classes to do this task, lets try it and run the following command in the RRAS Server itself

$xArg=@{
ComputerName =$null
PassThru = $null
UserName = @('DOMAIN\TheUserName')
}
Invoke-CimMethod -ClassName PS_VpnUser -Namespace "Root\Microsoft\Windows\RemoteAccess" -MethodName "DisconnectByUserName" -Arguments $xArg


Btw, are you using Microsoft Direct Access or its just an RRAS

Let me know if the command above disconnects the user.
in the background, this is what PowerShell should be calling.

Thanks for the reply again. When I run the script that you provided I get the below error. Similar to what I get in running disconnect-vpnuser. I am using just VPN without Direct Access. The sad thing is I have used disconnect-vpnuser on this server before. I'm using a standard phonebook entry for the user to connect via SSTP to the VPN. I have rebuilt WMI, disabled RRAS and reinstalled with the default settings. I have even built a new server that even gives the same error. At this point I'm looking into Group Policy settings to see if something is causing this error.

Invoke-CimMethod : User domain\user cannot be disconnected.
At line:6 char:1
+ Invoke-CimMethod -ClassName PS_VpnUser -Namespace "Root\Microsoft\Windows\Remote ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (domain\user:) [Invoke-CimMethod], CimException
+ FullyQualifiedErrorId : REMOTEACCESS 200,Microsoft.Management.Infrastructure.CimCmdlets.InvokeCimMetho
dCommand


PSComputerName
--------------

would you please check windows update history?
when this command last time was working and the installed update after that

No updates have been installed since 2017. The command was working prior to some firewall rule changes and enabling Certificate Enrollment.

 

I'm currently building a new RRAS using only the Windows 2012 R2 ISO.

I found my problem. I want to thank you again for replying and offering help.

I have a unique setup going on with my VPN where I'm assigning users static IP Addresses through the Active Directory Dial-In properties. I'm also using Radius with a Network Policy Server. My problem was the NPS Policy. On the VPN I have Inbound and Outbound rules set on each NIC. I also had IP Filters enabled on my NPS Policy with the same settings. Once I removed the IP Filters from the NPS Policy I was able to use disconnect-vpnuser successfully.
That's good news, glad your issue was resolved and you post the answer back.