Tiger VNC startup in RHEL 7

Latest response

OS: RHEL 7

Used the instructions here:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/ch-TigerVNC.html

Expected behavior:
systemctl start vncserver@:4.service should report a successful start.

Actual behavior:
Job for vncserver@:4.service failed. See 'systemctl status vncserver@:4.service' and 'journalctl -xn' for details.

Workaround: start vncserver manually by USER with "vncserver" command with no arguments. This means that for every server restart, each VNC user has to SSH in and initialize a vncserver manually, figure out which port it opened on, and connect to that. Sometimes users connecting this way report only a black screen w/ a cross-pointer.

Issue: What can I do to make the config files load VNC service (with active GUI) for each user automatically at boot-up, to their assigned TCP ports?

Command line log:

sudo systemctl start vncserver@:4.service
Job for vncserver@:4.service failed. See 'systemctl status vncserver@:4.service' and 'journalctl -xn' for details.
[stanasa@localhost ~]$ sudo systemctl status vncserver@:4.service
vncserver@:4.service - Remote desktop service (VNC)
   Loaded: loaded (/usr/lib/systemd/system/vncserver@:4.service; disabled)
   Active: failed (Result: exit-code) since Wed 2014-07-30 15:26:03 EDT; 10s ago
  Process: 13245 ExecStart=/sbin/runuser -l stanasa -c /usr/bin/vncserver %i (code=exited, status=98)
  Process: 13238 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

Jul 30 15:26:03 localhost.localdomain systemd[1]: vncserver@:4.service: contr...
Jul 30 15:26:03 localhost.localdomain systemd[1]: Failed to start Remote desk...
Jul 30 15:26:03 localhost.localdomain systemd[1]: Unit vncserver@:4.service e...
Hint: Some lines were ellipsized, use -l to show in full.

###########
Content of /lib/ vncserver@:4.service, OWNED by root

...
[Unit]
Description=Remote desktop service (VNC)
After=syslog.target network.target
[Service]
Type=forking
# Clean any existing files in /tmp/.X11-unix environment
ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/sbin/runuser -l stanasa -c "/usr/bin/vncserver %i -geometry 1200x900"
PIDFile=/home/stanasa/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]
WantedBy=multi-user.target


####### Content of home/USERNAME/.vnc/xstartup, owned by USERNAME
#!/bin/sh

unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS

exec /etc/X11/xinit/xinitrc &

Responses

Hi Itay,

First of all, thank you very much for taking the time to report this issue. I tried to reproduce this on my Red Hat Enterprise Linux 7 machine and you are right that there is an error in the documentation. Could you please try running the following commands before attempting to start the service?

# su - stanasa
$ vncpasswd

Unlike the command mentioned in the documentation, these two commands will allow you to set the VNC password for user stanasa. Once this password is set, you should be able to start the VNC server as expected.

Please, let me know if this fixes the problem for you. In the meantime, I filed a bug against the System Administrator's Guide and I will make sure that it is resolved as soon as possible.

Hello

Bug was resolved and a new version published:
Revision 0.12-0.6 Tue Nov 18 2014 Stephen Wadeley Improved TigerVNC.
See original post for the link to the guide..

Thank you

Hi Jaromir
I tried that, followed by systemctl start vncserver@:4.service Same error message "Job for ... failed."

If you kill your vncserver or unexpected dead, Please read /var/log/messages and you can find .X started files with errors like below.
At first, please verify Xvnc process not running.

Dec 15 14:11:11 www runuser: Warning: www.example.com:4 is taken because of /tmp/.X4-lock
...
Dec 15 14:12:52 www runuser: Warning: www.example.com:4 is taken because of /tmp/.X11-unix/X4

then you remove

# rm -f /tmp/.X4-lock
# rm -f /tmp/.X11-unix/X4

and restart your vncserver.

# systemctl restart vncserver@:4.sevice

And if you don't have those .X files but your VNC still stays dead?

Hi,
Any answer for this issue?
I have the same error, and I tried all the above steps, but the error persists.
I followed instructions at:
https://access.redhat.com/solutions/966063
But I fail at the step:
systemctl start vncserver@:1.service
with the error message:
[root@localhost]# systemctl start vncserver@:1.service
Job for vncserver@:1.service failed. See 'systemctl status vncserver@:1.service' and 'journalctl -xn' for details.

And upon inspecting the status, I see:
[root@localhost ~]# systemctl status vncserver@:1.service -l
vncserver@:1.service - Remote desktop service (VNC)
Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled)
Active: failed (Result: exit-code) since Wed 2015-02-11 10:09:35 EST; 9min ago
Process: 24429 ExecStart=/sbin/runuser -l dharmash -c /usr/bin/vncserver %i (code=exited, status=98)
Process: 24425 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

Feb 11 10:09:35 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Feb 11 10:09:35 localhost.localdomain systemd[1]: vncserver@:1.service: control process exited, code=exited status=98
Feb 11 10:09:35 localhost.localdomain systemd[1]: Failed to start Remote desktop service (VNC).
Feb 11 10:09:35 localhost.localdomain systemd[1]: Unit vncserver@:1.service entered failed state.

Hello

Could you take a look through the procedure here, I have checked it recently: TigerVNC in the Red Hat Enterprise Linux System Administrator's Guide.

Minor point, you do not need to have the display number in the file name, because systemd automatically creates the appropriately named instance in memory on demand, replacing '%i' in the service file by the display number.

In vncserver@.service file, there are 2 that needs to be changed. The Quick HowTo in comment only mentioned * runuser -l -c /usr/bin/vncserver %i -arg1 -arg2 * but there is also * PIDFile=/home//.vnc/%H%i.pid that needs to be changed. *

Can the configuration file example get updated so only needs to be defined once as a variable? I am not really sure if there is a use case when PID file gets stored in another user's .vnc directory. At least pointing out both lines need to be modified will be greatly helpful. I overlooked the PID path for so long and thought it did not work on RHEL.

I found this out from /var/log/messages. In this fail case, Outputs from "systemctl status vncserver@:0.service" and "journalctl -xe" are misleading at best.

Thanks Stephen.
All I did was "reboot", and it seems to be working fine now.
I had tried "shutdown -r now" a few times last night, but for some reason the persisted every time.
But, somehow, unexplainable (by me), it seems to work fine now.

Just one follow up question:

I currently have the default (system generated) in $HOME/.vnc/xstartup

!/bin/sh

unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS

exec /etc/X11/xinit/xinitrc

If I want KDE upon starting, do I simply add the line:
startkde
Is that right?

Hello

maybe it was the:
~]# systemctl daemon-reload
step you had missed?

WRT trying to run KDE, first try without changing the " ~/.vnc/xstartup" file. Nothing will be run that you put below the " exec /etc/X11/xinit/xinitrc " line anyway.
The vncserver runs " ~/.vnc/xstartup", which runs " /etc/X11/xinit/xinitrc ". That in-turn calls Xclients. If you look in " /etc/X11/xinit/Xclients " you will see it tries to call various window managers . Look for PREFERRED=, what happens if you put KDE there?

What symptoms are treated after a system restart .. why?

Regarding Section 11.3. When implementing "systemctl start vncserver@:display_number.service" how do you know what to place in "display_number" if it's auto created by systemd? I've notice many online tutorials use "cp /usr/lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service" for this very reason.

Hello, you can put any suitable display number in that command and then systemd automatically creates the service for that display. This saves you from having to create a config file for each display number.

By convention, the display number is related to the port. See Configuring the Firewall for VNC in the System Administrator's Guide for more information on the ports used by VNC.

I had VNCserver running for a while, and then it just stopped one day after an update. I just discovered that when I was trying to start it manually, I was using systemctl start vncserver@1.service, not systemctl start vncserver@:1.service, which is why I was getting failures to start manually. But I'm still not sure how to determine what the cause was. It may have been a stale socket in /tmp/.X11-unix, as there was a file in there when I looked before, although removing it was obviously only successful once I started using the correct startup command.

I am getting below error when I submit "start system vncserver@:1.service", Job for vncserver@:1.service failed because a configured resource limit was execeed. See 'systemctl status vncserver@:1.service' and 'journalctl -xe' for details.

# sudo systemctl start vncserver@:1.service Job for vncserver@:1.service failed because a configured resource limit was exceeded. See "systemctl status vncserver@:1.service" and "journalctl -xe" for details. [root@SIW ~]# sudo systemctl status vncserver@:1.service ● vncserver@:1.service - Remote desktop service (VNC) Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled) Active: failed (Result: resources) since Mon 2016-12-26 09:39:21 MST; 36s ago Process: 4774 ExecStart=/usr/sbin/runuser -l root -c /usr/bin/vncserver %i -geometry 1280x768 (code=exited, status=0/SUCCESS) Process: 4771 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

Dec 26 09:39:18 SIW systemd[1]: Starting Remote desktop service (VNC)... Dec 26 09:39:21 SIW systemd[1]: PID file /home/root/.vnc/SIW:1.pid not read...t. Dec 26 09:39:21 SIW systemd[1]: Failed to start Remote desktop service (VNC). Dec 26 09:39:21 SIW systemd[1]: Unit vncserver@:1.service entered failed state. Dec 26 09:39:21 SIW systemd[1]: vncserver@:1.service failed.

Please help me to solve this

Thank you,

Sanjeewa

Firtst of all, remove all files of the alphabet followed by a number

[root@xxx ~]# ls /tmp/.X
.X0-lock   .X1-lock   .X11-unix/ .X2-lock
[root@xxx ~]# rm -Rf /tmp/.X0-lock
[root@xxx ~]# rm -Rf /tmp/.X1-lock
[root@xxx ~]# rm -Rf /tmp/.X11-unix
[root@xxx ~]# rm -Rf /tmp/.X2-lock

And then, refer to the following Links/URLs Red Hat Customer Portal

The following shows that the process works fine.

[root@host07 ~]# systemctl status vncserver@:2.service
● vncserver@:2.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:2.service; enabled; vendor preset: disabled)
   Active: active (running) since 일 2017-04-09 10:55:56 KST; 7min ago
  Process: 6566 ExecStop=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
  Process: 6585 ExecStart=/sbin/runuser -l lee -c /usr/bin/vncserver %i -geometry 1280x768 -depth 16 (code=exited, status=0/SUCCESS)
  Process: 6581 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 6624 (Xvnc)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:2.service
           ‣ 6624 /usr/bin/Xvnc :2 -desktop host07.seoul.test:2 (lee) -auth /home/lee/.Xauthority -geometry 1280x768 -depth 16 -rfbwait 30000 -rfbauth /home/lee/.vnc/pass...

 4. 09 10:55:53 host07.seoul.test systemd[1]: Starting Remote desktop service (VNC)...
 4. 09 10:55:56 host07.seoul.test systemd[1]: Started Remote desktop service (VNC).

How is this any sort of an improvement over the previous version of Vnc server? Systemd gets to hand out the :X number? just went to install this and am missing /etc/sysconfig/vncserver. RTFM .. yup looked over that. cant even find twm.
Is there a problem with associating One user to one port? Sure helps communication with my end users. Is there a better way to provide remote X for clients that are all over the planet?

Some here post code that is obviously not going to run. And then claim relevancy by pointing to offical docs. Removing files in /tmp/X11-unix does solve the problem of starting the VNC server. Great, you'll start the server but you'll still receive the dark screen. Unless you manually invoke the vncserver executable (it almost always seems to be /usr/bin/vncserver). And then you'll get the desktop at :1. No more dark screen.

As of the latest centos (RHEL) 7.7 upgrade, it appears that systemd has broken the interpretation of %i which is used within the tigervnc scripts to resolve the actual display number. Rather, it monotonically grows while it is expected that the pid file match that specified in the service name designated by the admin. This does not occur.

I document this after banging my head against the wall for several hours now here:

https://community.oracle.com/message/15467240#15467240

Hope there's a quick patch for this.

I discovered that the increasing display numbers were actually as a result of sticky sockets under /tmp/.X11-unix/X?:

[root@berne .vnc]# ls -ltr /tmp/.X11-unix/ total 0 srwxrwxrwx 1 virt virt 0 Oct 3 17:05 X1 srwxrwxrwx 1 virt2 virt2 0 Oct 3 17:06 X2 srwxrwxrwx 1 virt2 virt2 0 Oct 3 17:10 X3 srwxrwxrwx 1 virt virt 0 Oct 3 17:16 X4 srwxrwxrwx 1 virt2 virt2 0 Oct 3 17:18 X5 srwxrwxrwx 1 virt virt 0 Oct 3 17:39 X6 srwxrwxrwx 1 virt virt 0 Oct 3 17:39 X7 srwxrwxrwx 1 virt virt 0 Oct 3 17:45 X8 srwxrwxrwx 1 virt virt 0 Oct 3 17:47 X9 srwxrwxrwx 1 virt virt 0 Oct 3 17:48 X10 srwxrwxrwx 1 virt virt 0 Oct 3 17:53 X11 srwxrwxrwx 1 virt virt 0 Oct 3 20:01 X12 srwxrwxrwx 1 virt2 virt2 0 Oct 3 20:02 X13 srwxrwxrwx 1 virt virt 0 Oct 3 20:10 X14 srwxrwxrwx 1 virt2 virt2 0 Oct 3 20:49 X15 srwxrwxrwx 1 virt2 virt2 0 Oct 3 20:56 X16 srwxrwxrwx 1 root root 0 Oct 3 21:00 X0 srwxrwxrwx 1 virt virt 0 Oct 3 21:00 X17 srwxrwxrwx 1 virt2 virt2 0 Oct 3 21:35 X18

Manually removing these after shutting down all vncserver services (with the exception of X0 for the X server), resolves this problem. The original issue is still present where even with the correct display number, systemd cannot stop the vncserver process and still emits an error on the PID which it no longer creates as it is owned by root:

[root@berne .vnc]# ls -ltr total 32 -rw-r--r--. 1 virt virt 330 Jan 29 2018 config -rw-------. 1 virt virt 8 Jul 19 2018 passwd -rwxr-xr-x. 1 virt virt 950 Jul 19 2018 xstartup -rw-rw-r-- 1 virt virt 17074 Oct 3 21:52 berne:1.log

yet still complains about it:

[root@berne .vnc]# systemctl -l status vncserver@:1 ● vncserver@:1.service - Remote desktop service (VNC) Loaded: loaded (/etc/systemd/system/vncserver@:1.service; enabled; vendor preset: disabled) Active: failed (Result: resources) since Thu 2019-10-03 21:40:11 EDT; 11s ago Process: 13370 ExecStart=/usr/sbin/runuser -l virt -c /usr/bin/vncserver %i -geometry 1800x900 -Log '*:stderr:100' (code=exited, status=0/SUCCESS) Process: 13364 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)

Oct 03 21:40:08 berne systemd[1]: Starting Remote desktop service (VNC)... Oct 03 21:40:11 berne systemd[1]: New main PID 13401 does not belong to service, and PID file is not owned by root. Refusing. Oct 03 21:40:11 berne systemd[1]: New main PID 13401 does not belong to service, and PID file is not owned by root. Refusing. Oct 03 21:40:11 berne systemd[1]: Failed to start Remote desktop service (VNC). Oct 03 21:40:11 berne systemd[1]: Unit vncserver@:1.service entered failed state. Oct 03 21:40:11 berne systemd[1]: vncserver@:1.service failed.

Any ideas?

It seems like TigerVNC Server documentation hasn't caught up with the new changes in systemd.
I built a new 7.7 system and I suffer from the issues listed here- https://access.redhat.com/solutions/4420581. I did try to remove the -l option in the config. Now I get a timeout issue (insteasd of message about PID not not belonging to service and owned by root). This does seem to partially prove systemd is the culprit. Check your systemd version - rpm -qa | grep systemd My next test is a 7.6 system and check systemd there and see if the service starts normally. More to follow.....

The OP above might also review https://access.redhat.com/solutions/3776191.

I just built a new 7.7 system and had the same issues everyone else had. I followed the RedHat official instructions with no success. After multiple iterations of testing, I finally found out how to make it work. Note that this is for a single user.

First, remove the runuser command since we can't use the -l option. You can't just remove the -l flag.
Second, start the service once as the user. The official instructions leave this part out.
Once you do both of those things, then everything works correctly.

So here's my full procedure.
1. Install vnc
2. copy the unit file to the correct location
3. edit the unit file. Mine is listed below.
4. add firewall rules. In my case:
firewall-cmd --permanent --add-port=5905/tcp
firewall-cmd --reload
5. switch to the user [MYUSER] and launch vnc with the command vncserver
6. set the vnc password with vncpasswd
7. switch back to root. No other action here, no need to kill vnc or anything.
8. systemctl daemon-reload
9. systemctl start vncserver@:5.service
this should not generate any errors
10. systemctl enable vncserver@:5.service
11. reboot

After the server starts, I can now vnc with [IPAddress]:5 or [IPAddress]:5905.
Note the port - it is 5900 + whatever number you used when you start the service in steps 9 and 10 above.

I'm a bit of a noob at this, so I don't have full insight as to why this works, but it does for me.

And here's my unit file that works. Note the ExecStart line.

Description=Remote desktop service (VNC)
After=syslog.target network.target

[Service]
Type=forking
User=MYUSER
Group=MYUSER

Clean any existing files in /tmp/.X11-unix environment

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'
ExecStart=/usr/bin/vncserver %I
PIDFile=/home/MYUSER/.vnc/%H%i.pid
ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install]

WantedBy=multi-user.target

After I had made my initial posts above I did find a related Bugzilla. https://bugzilla.redhat.com/show_bug.cgi?id=1747191 I performed the procedure listed at the bottom by Martin Krajnak and I can confirm it works. Problem solved.

cat /etc/systemd/system/vncserver@:1.service

[Unit] Description=Remote desktop service (VNC) After=syslog.target network.target

[Service] Type=forking User=testuser Group=testuser

Clean any existing files in /tmp/.X11-unix environment

ExecStartPre=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :' ExecStart=/usr/bin/vncserver %i PIDFile=/home/testuser/.vnc/%H%i.pid ExecStop=/bin/sh -c '/usr/bin/vncserver -kill %i > /dev/null 2>&1 || :'

[Install] WantedBy=multi-user.target

Following Martin's instructions verbatim did not work for me. I still needed to manually start the vnc server once as the user as per my steps.

There is also another issue: this works fine if you vnc into the server, then just close the vnc window. You can then reconnect. But if you vnc into the server, and then Log Out of the user account, the vnc service is killed and has to be manually restarted from an SSH session.
It seems like the vnc service should not do this.
I am ok with this issue because I am aware of it, but it is not really good behavior.

Leigh, I have also encountered the same issue you describe when logging out. I recall having to add an additional line or two in the service config section. Something like: Restart=on-failure RestartSec=5s

That might not be exact, (I am not at my lab computer right now) but it's something like that/along those lines. Using that type of technique worked for me prior to the systemd changes. I was experimenting with this issue last night using the new version of systemd after a fresh rebuild of a server using tigervnc. I'll see if I can confirm a working config for automatically restarting the service upon logout and post back here.

Sorry to say in this fourm that i want fix rhl_register i am using developer editon where i can get satallite url and its cert for register and can i have step by step of how to use repository and register redhat for developer editio rhel 8.0

I did play around with trying to get the service to restart automatically. I haven't had any luck. I tried restart always or on-failure (both ways but one at a time). Any ideas? Restart=always RestartSec=5s

Restart=on-failure RestartSec=5s

this is how i got it to work 1- I've changed the [Service] Type=notify 2- daemon_reload 3- systemctl start/enable vncserver@:1.service