Example VNC-Server Setup

This example describes how you can set up a CentOS/RHEL host to accept VNC connections from PrivX.

VNC-Server Setup

  1. Install a VNC server on the host. In this case we use tigervnc-server:

    sudo yum install tigervnc-server

  2. Log in as user to whom you want to provide vnc access or create a new user e.g. vnc-user. Then set their VNC password with:

    vncpasswd

  3. Create a copy of the VNC-configuration template:

    sudo cp /lib/systemd/system/vncserver@.service /etc/systemd/system/vncserver@:1.service

This example configures the VNC service for monitor 1. You will need to adapt these instructions if using other monitors.

  1. Set the user(s) as specified in /etc/tigervnc/vncserver.users.

    The VNC server is now configured to allow access for the VNC user.

Start VNC Server

sudo systemctl daemon-reload
sudo systemctl start vncserver@:1
sudo systemctl status vncserver@:1 -l

You may confirm that vnc server is listening on port 5901 by running

ss -tulpn| grep vnc

The command should output similar to the following:

tcp  LISTEN   0   5        *:5901      *:*   users:(("Xvnc",pid=1330,fd=9))
tcp  LISTEN   0   128      *:6001      *:*   users:(("Xvnc",pid=1330,fd=6))
tcp  LISTEN   0   5     [::]:5901   [::]:*   users:(("Xvnc",pid=1330,fd=10))
tcp  LISTEN   0   128   [::]:6001   [::]:*   users:(("Xvnc",pid=1330,fd=5))

If you want to automatically start the VNC sever at reboot, also run:

sudo systemctl enable vncserver@:1

Configure VNC Port with PrivX UI

On PrivX, under Administration→Hosts→Services, add VNC service and change PORT to 5901.

1062

Connect to VNC Server

On PrivX, under Connections→Available Hosts, find the Host with configured VNC server and click to connect.

327

Stop VNC Server

sudo systemctl stop vncserver@:1

Change Port and Display

To change the display (in this example, from 1 to 0):

Copy existing VNC-server configuration to a file with the corresponding monitor number:

cp /etc/systemd/system/vncserver@:1.service /etc/systemd/system/vncserver@:0.service

Before reloading systemctl daemon you probably need to remove the remaining temporary files

rm /tmp/.X0-lock /tmp/.X11-unix/X0k

Reload the VNC server to apply the changes:

systemctl daemon-reload
==== AUTHENTICATING FOR org.freedesktop.systemd1.reload-daemon ===
Authentication is required to reload the systemd state.
Authenticating as: vnc-user
Password: 
==== AUTHENTICATION COMPLETE ===
[vnc-user@localhost system]$ systemctl start vncserver@:0
==== AUTHENTICATING FOR org.freedesktop.systemd1.manage-units ===
Authentication is required to manage system services or units.
Authenticating as: vnc-user
Password: 
==== AUTHENTICATION COMPLETE ===
[vnc-user@localhost system]$ systemctl status vncserver@:0
● vncserver@:0.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:0.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2021-03-17 16:55:56 EET; 11s ago
  Process: 8426 ExecStart=/usr/bin/vncserver_wrapper vnc-user %i (code=exited, status=2)
  Process: 8424 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 8426 (code=exited, status=2)

Mar 17 16:55:55 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 16:55:55 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: Warning: localhost.localdomain:0 is taken because of /tmp/.X0-lock
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: Remove this file if there is no X server localhost.localdomain:0
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: A VNC server is already running as :0
Mar 17 16:55:56 localhost.localdomain systemd[1]: vncserver@:0.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 17 16:55:56 localhost.localdomain vncserver_wrapper[8426]: FATAL: 'runuser -l vnc-user' failed!
Mar 17 16:55:56 localhost.localdomain systemd[1]: Unit vncserver@:0.service entered failed state.
Mar 17 16:55:56 localhost.localdomain systemd[1]: vncserver@:0.service failed.

Notice the following warning: Warning: localhost.localdomain:0 is taken because of /tmp/.X0-lock

File .X0-lock should be deleted

rm /tmp/.X0-lock
systemctl start vncserver@:0
systemctl status vncserver@:0 -l
● vncserver@:0.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:0.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Wed 2021-03-17 17:14:50 EET; 13s ago
  Process: 9358 ExecStart=/usr/bin/vncserver_wrapper vnc-user %i (code=exited, status=2)
  Process: 9356 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9358 (code=exited, status=2)

Mar 17 17:14:50 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 17:14:50 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: Warning: localhost.localdomain:0 is taken because of /tmp/.X11-unix/X0
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: Remove this file if there is no X server localhost.localdomain:0
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: A VNC server is already running as :0
Mar 17 17:14:50 localhost.localdomain systemd[1]: vncserver@:0.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Mar 17 17:14:50 localhost.localdomain vncserver_wrapper[9358]: FATAL: 'runuser -l vnc-user' failed!
Mar 17 17:14:50 localhost.localdomain systemd[1]: Unit vncserver@:0.service entered failed state.
Mar 17 17:14:50 localhost.localdomain systemd[1]: vncserver@:0.service failed.

Now delete .X11-unix/X0k

rm /tmp/.X11-unix/X0k
systemctl daemon-reload
systemctl start vncserver@:0
systemctl status vncserver@:0
● vncserver@:0.service - Remote desktop service (VNC)
   Loaded: loaded (/etc/systemd/system/vncserver@:0.service; enabled; vendor preset: disabled)
   Active: active (running) since Wed 2021-03-17 17:16:39 EET; 4s ago
  Process: 9513 ExecStartPre=/bin/sh -c /usr/bin/vncserver -kill %i > /dev/null 2>&1 || : (code=exited, status=0/SUCCESS)
 Main PID: 9516 (vncserver_wrapp)
   CGroup: /system.slice/system-vncserver.slice/vncserver@:0.service
           └─9516 /bin/sh /usr/bin/vncserver_wrapper vnc-user :0

Mar 17 17:16:39 localhost.localdomain systemd[1]: Starting Remote desktop service (VNC)...
Mar 17 17:16:39 localhost.localdomain systemd[1]: Started Remote desktop service (VNC).
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: WARNING: The first attempt to start Xvnc failed, possibly because the font
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: catalog is not properly configured.  Attempting to determine an appropriate
Mar 17 17:16:42 localhost.localdomain vncserver_wrapper[9516]: font path for this system and restart Xvnc using that font path ...

Firewall setup

For running VNC connection from PrivX there is no need to open VNC dedicated port.

If you want to test VNC connection with an external client, e.g. Remmina:

Run

sudo firewall-cmd --add-port=5901/tcp --permanent
sudo firewall-cmd --reload

Confirm that port 5901 is now open in firewall by executing:

sudo firewall-cmd --list-ports

This should output:

5901/tcp

Was this page helpful?

On this page