cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

disconnect-vpnuser error. (Powershell, RRAS)

WillCun
Copper Contributor

‎Mar 11 2021 12:43 PM - edited ‎Mar 11 2021 12:44 PM

‎Mar 11 2021 12:43 PM - edited ‎Mar 11 2021 12:44 PM

disconnect-vpnuser error. (Powershell, RRAS)

Hello,

 

I'm trying to disconnect a user from a RRAS VPN Server with the below PowerShell command:

 

disconnect-vpnuser -username domain\username

 

However, I get the below error when the command is run.  The user is definitely connected to the VPN.  Has anyone got a remedy for the below error when running disconnect-vpnuser:

 

disconnect-vpnuser : User domain\username cannot be disconnected.
At line:1 char:1
+ disconnect-vpnuser -UserName domain\username
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (domain\username:root/Microsoft/...ces
s/PS_VpnUser) [Disconnect-VpnUser], CimException
+ FullyQualifiedErrorId : REMOTEACCESS 200,Disconnect-VpnUser

Labels:
2,039 Views
0 Likes
9 Replies
Reply
9 Replies
farismalaeb

‎Mar 11 2021 09:35 PM

‎Mar 11 2021 09:35 PM

Re: disconnect-vpnuser error. (Powershell, RRAS)

Which Windows version are you using.
Type the following commands after you get the failure.

$error.CategoryInfo
$error.Exception

If you used the GUI, are able to disconnect the user
Also when you can the error from Windows PowerShell, did you check Windows Event Log \ PowerShell
0 Likes
Reply
WillCun

‎Mar 12 2021 08:38 AM

‎Mar 12 2021 08:38 AM

Re: disconnect-vpnuser error. (Powershell, RRAS)

@farismalaeb 

 

Thanks for the reply.  When I run the commands you suggested here is what I get:

 

$error.categoryinfo
Category : NotSpecified
Activity : Disconnect-VpnUser
Reason : CimException
TargetName : thrws
TargetType : root/Microsoft/Windows/RemoteAccess/PS_VpnUser

 

$error.exception
User thrws cannot be disconnected.

 

I'm using Windows Server 2012R2 and yes I can disconnect them from the RRAS Console.  There are no errors in the Event Viewer for Powershell.  Any help would be greatly appreciated.

0 Likes
Reply
WillCun

‎Mar 12 2021 09:21 AM

‎Mar 12 2021 09:21 AM

Re: disconnect-vpnuser error. (Powershell, RRAS)

Today I installed Universal C Runtime and also installed PowerShell 7.1.3 and I still get the same errors.
0 Likes
Reply
farismalaeb

‎Mar 13 2021 09:30 PM - edited ‎Mar 13 2021 09:32 PM

‎Mar 13 2021 09:30 PM - edited ‎Mar 13 2021 09:32 PM

Re: disconnect-vpnuser error. (Powershell, RRAS)

PowerShell will use some CIM classes to do this task, lets try it and run the following command in the RRAS Server itself

$xArg=@{
ComputerName =$null
PassThru = $null
UserName = @('DOMAIN\TheUserName')
}
Invoke-CimMethod -ClassName PS_VpnUser -Namespace "Root\Microsoft\Windows\RemoteAccess" -MethodName "DisconnectByUserName" -Arguments $xArg


Btw, are you using Microsoft Direct Access or its just an RRAS

Let me know if the command above disconnects the user.
in the background, this is what PowerShell should be calling.

0 Likes
Reply
WillCun

‎Mar 14 2021 07:09 PM - edited ‎Mar 14 2021 08:23 PM

‎Mar 14 2021 07:09 PM - edited ‎Mar 14 2021 08:23 PM

Re: disconnect-vpnuser error. (Powershell, RRAS)

Thanks for the reply again. When I run the script that you provided I get the below error. Similar to what I get in running disconnect-vpnuser. I am using just VPN without Direct Access. The sad thing is I have used disconnect-vpnuser on this server before. I'm using a standard phonebook entry for the user to connect via SSTP to the VPN. I have rebuilt WMI, disabled RRAS and reinstalled with the default settings. I have even built a new server that even gives the same error. At this point I'm looking into Group Policy settings to see if something is causing this error.

Invoke-CimMethod : User domain\user cannot be disconnected.
At line:6 char:1
+ Invoke-CimMethod -ClassName PS_VpnUser -Namespace "Root\Microsoft\Windows\Remote ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (domain\user:) [Invoke-CimMethod], CimException
+ FullyQualifiedErrorId : REMOTEACCESS 200,Microsoft.Management.Infrastructure.CimCmdlets.InvokeCimMetho
dCommand


PSComputerName
--------------

0 Likes
Reply
farismalaeb

‎Mar 14 2021 10:46 PM

‎Mar 14 2021 10:46 PM

Re: disconnect-vpnuser error. (Powershell, RRAS)

would you please check windows update history?
when this command last time was working and the installed update after that
0 Likes
Reply
WillCun

‎Mar 14 2021 11:43 PM - edited ‎Mar 14 2021 11:44 PM

‎Mar 14 2021 11:43 PM - edited ‎Mar 14 2021 11:44 PM

Re: disconnect-vpnuser error. (Powershell, RRAS)

No updates have been installed since 2017. The command was working prior to some firewall rule changes and enabling Certificate Enrollment.

 

I'm currently building a new RRAS using only the Windows 2012 R2 ISO.

0 Likes
Reply
WillCun

‎Mar 15 2021 03:28 AM

‎Mar 15 2021 03:28 AM

Re: disconnect-vpnuser error. (Powershell, RRAS)

I found my problem. I want to thank you again for replying and offering help.

I have a unique setup going on with my VPN where I'm assigning users static IP Addresses through the Active Directory Dial-In properties. I'm also using Radius with a Network Policy Server. My problem was the NPS Policy. On the VPN I have Inbound and Outbound rules set on each NIC. I also had IP Filters enabled on my NPS Policy with the same settings. Once I removed the IP Filters from the NPS Policy I was able to use disconnect-vpnuser successfully.
0 Likes
Reply
farismalaeb

‎Mar 15 2021 05:54 AM

‎Mar 15 2021 05:54 AM

Re: disconnect-vpnuser error. (Powershell, RRAS)

That's good news, glad your issue was resolved and you post the answer back.
0 Likes
Reply