Unable to connect to VNC server

Latest response

I've installed a new server with RHEL 6.4 and updated all packages using yum. I've also installed the VNC server from the repository and am having trouble getting connections to work from any of the various VNC viewers (UltraVNC, TightVNC and even TigerVNC) from my Windows 7 client PC.

SELinux is disabled, the necessary ports are open (5900-5904) and four users are set up including vnc passwords. When I attempt to connect I receive the following in the users log file:


Tue Oct 29 15:30:06 2013 Connections: accepted: <-snip IP address->::57062 SConnection: Client needs protocol version 3.8

I've taken the IP address out of the above. The client itself generally gives me a blank error message apart from the generic "connection failed". I've tried a few suggestions I have seen around the internet including unsetting DBUS_SESSION_BUS_ADDRESS, killing all vnc processes and restarting and the suggested xstartup file for the user I'm testing with above from the RHN documentation.

My /etc/sysconfig/vncservers configuration is per below. The user names match actual accounts on the server as well, again I've cleaned this up below.


# The VNCSERVERS variable is a list of display:user pairs. # # Uncomment the lines below to start a VNC server on display :2 # as my 'myusername' (adjust this to your own). You will also # need to set a VNC password; run 'man vncpasswd' to see how # to do that. # # DO NOT RUN THIS SERVICE if your local area network is # untrusted! For a secure way of using VNC, see this URL: # http://kbase.redhat.com/faq/docs/DOC-7028 # Use "-nolisten tcp" to prevent X connections to your VNC server via TCP. # Use "-localhost" to prevent remote VNC clients connecting except when # doing so through a secure tunnel. See the "-via" option in the # `man vncviewer' manual page. # VNCSERVERS="2:myusername" # VNCSERVERARGS[2]="-geometry 800x600 -nolisten tcp -localhost" # VNCSERVERS="1:usera 2:userb 3:userc 4:userd" VNCSERVERARGS[1]="-geometry 800x600" VNCSERVERARGS[2]="-geometry 800x600"

iptables-save output. Note that server is on 10.31.1.77 (eth0) the below POSTROUTING entries are for virbr0.


# Generated by iptables-save v1.4.7 on Tue Oct 29 15:45:08 2013 *nat :PREROUTING ACCEPT [4002:488378] :POSTROUTING ACCEPT [164:11192] :OUTPUT ACCEPT [164:11192] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Tue Oct 29 15:45:08 2013 # Generated by iptables-save v1.4.7 on Tue Oct 29 15:45:08 2013 *mangle :PREROUTING ACCEPT [7201:1281703] :INPUT ACCEPT [7049:1252859] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [3051:816215] :POSTROUTING ACCEPT [3051:816215] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Tue Oct 29 15:45:08 2013 # Generated by iptables-save v1.4.7 on Tue Oct 29 15:45:08 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [302:40209] -A INPUT -p tcp -m state --state NEW -m tcp --dport 57237 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5904 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5903 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5902 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5900 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 5991 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Tue Oct 29 15:45:08 2013

Responses

Just a quick note; you'll want to make sure and set VNC server arguments for each of the four users you've defined. Also, you can test straight TCP connectivity by using 'telnet vncserver 5900' .. 5904 appropriately. You should see an 'RFB' response if the server is listening properly.