Unable to get VPN_PROFILE.PS1 to generate VPN

[DiPersia Technology Solutions]

This is on version 1709 using user authentication. Made our template VPN, which connects fine. Ran MakeProfile.ps1 fine and it generated the VPN_Profile.XML and PS1 files. We're use Powershell; VPN_Profile.PS1 looks fine to this untrained eye.

When we run it, locally, as an admin of the machine, running Powershell as admin with execution policy set to bypass, we get this error from the script -

"Unable to create AlwaysOn VPN profile: A general error occurred that is not covered by a more specific error code."

I commented out all of the error catching and found the error is the following line -
$session.CreateInstance($namespaceName, $newInstance, $options)

I looked at each of the variables being passed to the createinstance and all seem fine. Below is their output.

Also including the text of the VPN_PROFILE.PS1 file.

Any thoughts?


Variable output:

$namespacename = root\cimv2\mdm\dmmap

$newinstance =
ParentID : ./Vendor/MSFT/VPNv2
InstanceID : AlwaysOn%20VPN
ProfileXML : <VPNProfile>
<DnsSuffix>domain.internal</DnsSuffix>
<NativeProfile>
<Servers>vpn.domain.com</Servers>
<NativeProtocolType>IKEv2</NativeProtocolType>
<Authentication>
<UserMethod>Eap</UserMethod>
<Eap>
<Configuration>

</Configuration>
</Eap>
</Authentication>
<RoutingPolicyType>SplitTunnel</RoutingPolicyType>
</NativeProfile>
<AlwaysOn>true</AlwaysOn>
<RememberCredentials>true</RememberCredentials>
<TrustedNetworkDetection>domain.internal</TrustedNetworkDetection>
<DomainNameInformation>
<DomainName>.domain.internal</DomainName>
<DnsServers>10.0.1.5,10.0.1.8</DnsServers>
</DomainNameInformation>
</VPNProfile>
PSComputerName :

$options =
Timeout :
ResourceUriPrefix :
ResourceUri :
UseMachineId :
WriteErrorMode :
PromptUserMode :
WriteMessage :
WriteProgress :
WriteError :
PromptUser :
CancellationToken :
KeysOnly : False
ClassNamesOnly : False
Flags : None
ReportOperationStarted : False
EnableMethodResultStreaming : False
ShortenLifetimeOfResults : False
IsDisposed : False



PS C:\Users\admin\Desktop> $session.CreateInstance($namespaceName, $newInstance, $options)
Exception calling "CreateInstance" with "3" argument(s): "A general error occurred that is not covered by a more
specific error code."
At line:1 char:1
+ $session.CreateInstance($namespaceName, $newInstance, $options)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: ) [], MethodInvocationException
+ FullyQualifiedErrorId : CimException



VPN_PROFILE.PS1:

$ProfileName = 'AlwaysOn VPN'
$ProfileNameEscaped = $ProfileName -replace ' ', '%20'

$ProfileXML = '<VPNProfile>
<DnsSuffix>domain.internal</DnsSuffix>
<NativeProfile>
<Servers>vpn.domain.com</Servers>
<NativeProtocolType>IKEv2</NativeProtocolType>
<Authentication>
<UserMethod>Eap</UserMethod>
<Eap>
<Configuration>

</Configuration>
</Eap>
</Authentication>
<RoutingPolicyType>SplitTunnel</RoutingPolicyType>
</NativeProfile>
<AlwaysOn>true</AlwaysOn>
<RememberCredentials>true</RememberCredentials>
<TrustedNetworkDetection>domain.internal</TrustedNetworkDetection>
<DomainNameInformation>
<DomainName>.domain.internal</DomainName>
<DnsServers>10.0.1.5,10.0.1.8</DnsServers>
</DomainNameInformation>
</VPNProfile>'

$ProfileXML = $ProfileXML -replace '<', '&lt;'
$ProfileXML = $ProfileXML -replace '>', '&gt;'
$ProfileXML = $ProfileXML -replace '"', '&quot;'

$nodeCSPURI = './Vendor/MSFT/VPNv2'
$namespaceName = 'root\cimv2\mdm\dmmap'
$className = 'MDM_VPNv2_01'

try
{
$username = Gwmi -Class Win32_ComputerSystem | select username
$objuser = New-Object System.Security.Principal.NTAccount($username.username)
$sid = $objuser.Translate([System.Security.Principal.SecurityIdentifier])
$SidValue = $sid.Value
$Message = "User SID is $SidValue."
Write-Host "$Message"
}
catch [Exception]
{
$Message = "Unable to get user SID. User may be logged on over Remote Desktop: $_"
Write-Host "$Message"
exit
}

$session = New-CimSession
$options = New-Object Microsoft.Management.Infrastructure.Options.CimOperationOptions
$options.SetCustomOption('PolicyPlatformContext_PrincipalContext_Type', 'PolicyPlatform_UserContext', $false)
$options.SetCustomOption('PolicyPlatformContext_PrincipalContext_Id', "$SidValue", $false)

try
{
$deleteInstances = $session.EnumerateInstances($namespaceName, $className, $options)
foreach ($deleteInstance in $deleteInstances)
{
$InstanceId = $deleteInstance.InstanceID
if ("$InstanceId" -eq "$ProfileNameEscaped")
{
$session.DeleteInstance($namespaceName, $deleteInstance, $options)
$Message = "Removed $ProfileName profile $InstanceId"
Write-Host "$Message"
} else {
$Message = "Ignoring existing VPN profile $InstanceId"
Write-Host "$Message"
}
}
}
catch [Exception]
{
$Message = "Unable to remove existing outdated instance(s) of $ProfileName profile: $_"
Write-Host "$Message"
exit
}

try
{
$newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", "$nodeCSPURI", 'String', 'Key')
$newInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", "$ProfileNameEscaped", 'String', 'Key')
$newInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ProfileXML", "$ProfileXML", 'String', 'Property')
$newInstance.CimInstanceProperties.Add($property)
$session.CreateInstance($namespaceName, $newInstance, $options)
$Message = "Created $ProfileName profile."

Write-Host "$Message"
}
catch [Exception]
{
$Message = "Unable to create $ProfileName profile: $_"
Write-Host "$Message"
exit
}

$Message = "Script Complete"
Write-Host "$Message"

Continue reading...