0

Unable to connect on LAN using VNCViewer to a TigerVNC-Server on Centos

My Centos 6 installation of Vino or more accurately tigervnc-server is set up and starts successfully as defined by the procedure here:

http://wiki.centos.org/HowTos/VNC-Server

I am however unable to connect to the server using the vnc-client on a W7 machine or using a java enabled browser.

I have configured a user, namely '1:mark'

After running "ss -l" to determine the port (thanks to arcyqwerty for the netstat suggestion), I determined the correct port is 5901 or 5902.

ss -l output

State      Recv-Q Send-Q     Local Address:Port       Peer Address:Port   
LISTEN     0      50                     *:mysql                 *:*       
LISTEN     0      5                     :::vnc-server           :::*       
LISTEN     0      5                      *:5901                  *:*       
LISTEN     0      128                   :::41485                :::*       
LISTEN     0      5                     :::5902                 :::*

Below is the output of my /home/mark/.vnc/log after service start

Thu Dec  5 12:09:58 2013
vncext:      VNC extension running!
vncext:      Listening for VNC connections on all interface(s), port 5901
vncext:      created VNC server for screen 0
GNOME_KEYRING_SOCKET=/tmp/keyring-icjZAi/socket
SSH_AUTH_SOCK=/tmp/keyring-icjZAi/socket.ssh
GNOME_KEYRING_PID=7644
Failed to play sound: File or data not found
An instance of nm-applet is already running.
** Message: adding killswitch idx 2 state KILLSWITCH_STATE_SOFT_BLOCKED
** Message: killswitch 2 is KILLSWITCH_STATE_SOFT_BLOCKED
** Message: killswitches state KILLSWITCH_STATE_SOFT_BLOCKED
05/12/2013 12:10:02 PM Autoprobing TCP port in (all) network interface
05/12/2013 12:10:02 PM Listening IPv{4,6}://*:5900
05/12/2013 12:10:02 PM Listening IPv4://0.0.0.0:5900
05/12/2013 12:10:02 PM Problems in NewSocketListenTCP(), sock=-1
05/12/2013 12:10:02 PM Listening IPv{4,6}://*:5901
05/12/2013 12:10:02 PM Listening IPv4://0.0.0.0:5901
05/12/2013 12:10:02 PM Problems in NewSocketListenTCP(), sock=-1
05/12/2013 12:10:02 PM Listening IPv{4,6}://*:5902
05/12/2013 12:10:02 PM Autoprobing selected port 5902
05/12/2013 12:10:02 PM Advertising authentication type: 'VNC Authentication' (2)
05/12/2013 12:10:02 PM Advertising security type: 'VNC Authentication' (2)
** Message: killswitch 2 is KILLSWITCH_STATE_SOFT_BLOCKED
** Message: killswitches state KILLSWITCH_STATE_SOFT_BLOCKED

(polkit-gnome-authentication-agent-1:7711): GLib-GObject-WARNING **: cannot register     
existing type `_PolkitError'

(polkit-gnome-authentication-agent-1:7711): GLib-CRITICAL **: g_once_init_leave: assertion `initialization_value != 0' failed
Initializing nautilus-gdu extension
Initializing nautilus-open-terminal extension
(null):  Warning no default label for /home/mark/.gvfs`

My /etc/sysconfig/vncservers contains

VNCSERVERS="1:mark"
VNCSERVERARGS[1]="-geometry 800x600"

However from the netstat it appears that ports 5900, 5901 and 5902 are involved. Here are the results of my tests:

  1. browsed on the host using 'localhost:5900' Result: RFB 003.007
  2. browsed on the host using 'localhost:5901' Result: RFB 003.008. (note: user:mark)
  3. browsed on the host using 'localhost:5902' Result: RFB 003.007
  4. VNC'd on the host using 'localhost:5901' Result: worked.

Note: From http://www.realvnc.com/docs/rfbproto.pdf RFB represents the Remote Frame Buffer required protocol version numbers.

I tried 1,2,3 and 4 from above substituting localhost:port for the 'hosts ip':port on a network client machine and all timed-out.

The following extra steps have been taken

  • Turned off the firewall
  • Temporarily disabled SeLinux
  • Successfully pinged host from client on LAN.

I am also successfully running a visible httpd service from the offending host

Any pointers would be appreciated.

Mark
  • 166
  • 1
  • 13

1 Answers1

1

Make sure that the server is actually runnning (try ps or ps aux).

If that works, then try netstat to make sure it's LISTEN on the right port

arcyqwerty
  • 10,325
  • 4
  • 47
  • 84
  • I used ss -l as an alternative to netstat as you suggested as it has a clearer output and this indicated 5901 was a listening port not 5801 as I was advised. I have updated my question with the subsequent new findings. – Mark Dec 05 '13 at 01:32
  • It is now working. Even though I had the firewall disabled. I set a port range from 5900 to 5910 as safe for TCP and it now works. So I consider it a port/firewall issue. As a new member I am unable to increment your usefulness count. – Mark Dec 05 '13 at 02:40
  • @Mark What VNC client are you using? I am using the default screen share on Fedora 20 which uses vino I believe. When I visit `http://example.com:5900` I see the same `RFB 003.007` message. Yet connecting via RealVNC shows "Unable to connect to VNC Server using your chosen security setting". [This question](https://ask.fedoraproject.org/en/question/35616/) seems to suggest that TLS is being used for VNC now which might be the problem. Which client are you using? – styfle Mar 25 '14 at 20:42