Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Help!!!

Post Reply
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Help!!!

Post by fsidegrind »

Hi, new to Uvnc and below is my scinerio, what am i doing wrong?

I have tried to set this up at 3 different sites now all with the same results. It seems I can only connect to the server.

I am trying to set this up so I can connect from my laptop (xp pro service pack 2, uvnc viewer) to different companies networks, over the internet. I go to the company, set up port forwarding on the router and install uvnc server and run it as a service. Everytime I can only connect to the server (w2k3).

mymachine uvnc viewer

port forwards are as follows
vnc0 5900 to 5900 TCP 192.168.1.2 enabled (this is the server of the domain)
vnc1 5901 to 5901 TCP 192.168.1.109 enabled (this is an xp pro work station).

I bring up uvncviewer type in public ip x.x.x.x:5900 everything works fine
bring up uvncviewer type in public ip x.x.x.x:5901 failed to connect to server (i am unable to connect to any machine beyond the server).

please help, this is killing me

P.S. if there are any UVNC Techies that want to earn some money to train me on this thing, speak up now, and if you live in utah and can come onsite, all the better.

thanks,
fsidegrind

[mod=494,1225494676]moved from vnc related to beginner help[/mod]
Last edited by fsidegrind on 2008-10-31 23:11, edited 1 time in total.
nobody3
20
20
Posts: 54
Joined: 2008-08-28 02:25

Re: Help!!!

Post by nobody3 »

hey we would do things for free..

ok here is the solution:

for simplicity i am going to call your laptop the client
and
vnc0 5900 to 5900 TCP 192.168.1.2 enabled (this is the server of the domain)
vnc1 5901 to 5901 TCP 192.168.1.109 enabled (this is an xp pro work station).
i will call vnc0 <--> server0 and vnc1 <--> server1

i am assuming you want to connect from client to server0 and server1
now answer the following questions :

is the server1 and server2 setup correctly ? ie port forwarding on the router + holes in the firewall for ultravnc ports ( 5900 & 5901 ) ?

what is the exact error message you are getting ?

what is the network config ( with exact ip address and port numbers, except for the public addresses you can use x.x.x.x in their place ) ?
( use x.x.x.x in client public address and y.y.y.y in server public ip address )

what is the version of ultravnc client and server that you are using ?
make sure that you are using the latest version downloaded from http://sc.uvnc.com/105


you need to give me the above info and i will be able to help you out....
nobody3
20
20
Posts: 54
Joined: 2008-08-28 02:25

Re: Help!!!

Post by nobody3 »

here is how to debug some basic problems over here

http://www.bevingtontechnologies.com/ww ... ortqry.pdf


you might want to try out all the suggestions outlined in the above link and then report back if the problem is still unsolvable
Last edited by nobody3 on 2008-08-28 07:58, edited 1 time in total.
User avatar
JDaus
Friend of UVNC
Friend of UVNC
Posts: 537
Joined: 2007-03-17 11:00
Location: Sydney, Australia
Contact:

Re: Help!!!

Post by JDaus »

why don't you setup the repeater on the server and then use the repeater to connect to the other remote machines, then you are setting up one computer only with port-forwarding ...

but a few words of warning.
  • You should use the MS logon where-ever possible, this minimises the use of registry hacks to get remote passwords
    You should NOT use 5900 for a direct port forward, use something like 25900 or 45900 ... you choose one, the more random the better.
I would recomend that you setup a server in your office DMZ and have the remote sites "dial" into it using either openvpn or ssh port forwarding.

i used to use SSH dialed into a server in my office, then connect to a repeater running on a machine onsite (using the ssh port forwarding tunnel), which then allowed me to setup secured "on call" connection to remote sites without needing to open holes in firewalls ... much safer for everyone.

my guess at your problem is that its a windows firewall problem (using repeater on the server will get round you having to change ports on each machine on the network also ...


but then in my last job i had hundreds of sites to support each with up to 70 PCs onsite (with software i needed to support) ... i got good at automated uvnc setups.
ask a silly question and remain a fool for 5 minutes...
don't ask, and remain a fool for life - JDaus 2003

without imperfections, neither you nor i would exist - Steven Hawkins
__
JD
SCPrompt - OpenSource Free Remote Screen\Desktop Sharing Solution
SecureTech.com.au
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Re: Help!!!

Post by fsidegrind »

Nobody3, thanks for the reply, here are the answers...

is the server1 and server2 setup correctly ? ie port forwarding on the router + holes in the firewall for ultravnc ports ( 5900 & 5901 ) ?
I have forwarded port 5900 to the private (192.168.1.2) IP addy which is server0 (I can connect to server0 no problem).
I have forwarded port 5901 to the private (192.168.1.109) IP addy which is server1. this was done on the router. on server1 i have gone into windows firewall exceptions and allowed 5901 and the winvnc executable to come through.



what is the exact error message you are getting ?
failed to connect to server

what is the network config ( with exact ip address and port numbers, except for the public addresses you can use x.x.x.x in their place ) ?
( use x.x.x.x in client public address and y.y.y.y in server public ip address )
when i try to connect to server1 i open up uvnc viewer and type in x.x.x.x:5901. i get error failed to connect to server. I have forwarded port 5901 to 192.168.1.109.


what is the version of ultravnc client and server that you are using ?
make sure that you are using the latest version downloaded from http://sc.uvnc.com/105
I have downloaded and installed (UltraVNC_1.0.4_RC17_Setup.exe)
I will download the version you are recommending and see if it helps

you need to give me the above info and i will be able to help you out....

I hope i have answered all of your questions.
BarqMulch
8
8
Posts: 13
Joined: 2006-06-12 21:39
Contact:

Re: Help!!!

Post by BarqMulch »

fsidegrind wrote: port forwards are as follows
vnc0 5900 to 5900 TCP 192.168.1.2 enabled (this is the server of the domain)
vnc1 5901 to 5901 TCP 192.168.1.109 enabled (this is an xp pro work station).
Is it as simple as not having set .109's VNC server to run on port 5901? If you didn't specify, then it's still running on 5900. Can you VNC from .2 to .109?
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Re: Help!!!

Post by fsidegrind »

More info on this issue
I walked through your troubleshooting doc (kick a** document btw), below are my results

server0 = 192.168.1.2 (this manchine is fine, I can connect internally and externally no probs).

Server1 = 192.168.1.109
PortQueryUI results:
from server1:
destination IP 127.0.0.1 port 5901, result: port is listening
from server0:
destination IP 192.168.1.109 port 5901, result: port is listening
from workstation:
destination IP x.x.x.x port 5901, result: port is filtered
from server0: (dont know if this is a valid test or not but did it anyway)
destination IP x.x.x.x port 5901, result: port is listening


my router port forwarding page looks like this:
VNC1 5900 to 5900 TCP 192.168.1.2 enabled
VNC1 5901 to 5901 TCP 192.168.1.109 enabled
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Re: Help!!!

Post by fsidegrind »

BarqMulch,

I wish it was, but i have gone into vnc server properties on .109 and made sure the port is 5901.

Yes i am able to connect to .109 from .2 via vnc.
BarqMulch
8
8
Posts: 13
Joined: 2006-06-12 21:39
Contact:

Re: Help!!!

Post by BarqMulch »

fsidegrind wrote: from workstation:
destination IP x.x.x.x port 5901, result: port is filtered
from server0: (dont know if this is a valid test or not but did it anyway)
destination IP x.x.x.x port 5901, result: port is listening

my router port forwarding page looks like this:
VNC1 5900 to 5900 TCP 192.168.1.2 enabled
VNC1 5901 to 5901 TCP 192.168.1.109 enabled
Well, it really sounds like the Windows Firewall on .109 is set to only allow incoming TCP 5901 traffic from the local network instead of All, or your router is messed up.
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Re: Help!!!

Post by fsidegrind »

BarqMulch,

if the windows firewall on .109 is turned off and the service is disabled i should be good right?
User avatar
JDaus
Friend of UVNC
Friend of UVNC
Posts: 537
Joined: 2007-03-17 11:00
Location: Sydney, Australia
Contact:

Re: Help!!!

Post by JDaus »

JDaus wrote:why don't you setup the repeater on the server and then use the repeater to connect to the other remote machines ...
*YAWN*

:crazy:
ask a silly question and remain a fool for 5 minutes...
don't ask, and remain a fool for life - JDaus 2003

without imperfections, neither you nor i would exist - Steven Hawkins
__
JD
SCPrompt - OpenSource Free Remote Screen\Desktop Sharing Solution
SecureTech.com.au
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Re: Help!!!

Post by fsidegrind »

JDaus

do you have a link to instructions on how to configure this? I have seen several differnt links but they all seem to be a little bit different. I want to make sure I do it correctly.

thanx
BarqMulch
8
8
Posts: 13
Joined: 2006-06-12 21:39
Contact:

Re: Help!!!

Post by BarqMulch »

fsidegrind wrote:BarqMulch,

if the windows firewall on .109 is turned off and the service is disabled i should be good right?
Just turning off the firewall should eliminate it as the problem, if it still doesn't work. You should also make sure there's no other firewall programs on there, like ZoneAlarm or Norton (even Antivirus programs have firewalls these days).
"I was gratified to be able to answer promptly, and I did. I said I didn't know." -- Mark Twain
fsidegrind
8
8
Posts: 13
Joined: 2008-08-27 22:52

Re: Help!!!

Post by fsidegrind »

AAAAAARRRRRRRRRGGGGGGGGGGGGGGG!!!!!!!!!!!

Thank you to everyone who posted. I think i have found the culprit. Kaspersky is running on this machine. As soon as i disabled it, i was able to connect. I did not look at this before because I did not realize there was built in firewall type of security there. Anyway, i will continue to test and work on this but I believe this to be the issue. thank you soo much.
User avatar
JDaus
Friend of UVNC
Friend of UVNC
Posts: 537
Joined: 2007-03-17 11:00
Location: Sydney, Australia
Contact:

Re: Help!!!

Post by JDaus »

fsidegrind wrote:do you have a link to instructions on how to configure this? I have seen several differnt links but they all seem to be a little bit different.
they probably will all work ... and good luck with the method you choose ...

just remmeber that no matter how good a programmer is (and i believe rudi is excelent), there is always someone who can hack the code to find some volnerability ...

(INHO) You shouldn't leave anything listening on the net that is a complex program that is built for anything but security purposes, and if you do, you have to make sure that it resides in a DMZ, as the more complex the application, the easier it is to hack (IMHO)

i would use something that is built for security purposes with security as its first priority, something like openvpn or ssh tunneling is a good place to start.

i would not be punching holes in a clients firewall (especially when you are forwarding to EVERY machine on their site ...
ask a silly question and remain a fool for 5 minutes...
don't ask, and remain a fool for life - JDaus 2003

without imperfections, neither you nor i would exist - Steven Hawkins
__
JD
SCPrompt - OpenSource Free Remote Screen\Desktop Sharing Solution
SecureTech.com.au
nobody3
20
20
Posts: 54
Joined: 2008-08-28 02:25

Re: Help!!!

Post by nobody3 »

ok good to see your mail problems solved.

and i can get your ( the poster above me ) feelings about security - i recommend you take a look at openvpn for your security needs

it will enable you to make a virtual lan card - and all the connection to and from this card is encrypted so your ports are not open for the world only on the vpn

some other features of openvpn : its free, is avilable for windows OS X and linux as well as some BSDs and is pretty solid as VPNs go.

also it can allows both endpoints of the VPN to be dynamic, and you can use x.509 certs for auth - much better than passwords...

only downside : you have to do quite a bit of reading to get it up and running but once done its stays online for years together

http://www.openvpn.org
nobody3
20
20
Posts: 54
Joined: 2008-08-28 02:25

Re: Help!!!

Post by nobody3 »

i would not be punching holes in a clients firewall (especially when you are forwarding to EVERY machine on their site ...
yep just close everything incomming and just allow the openvpn traffic inside and your problem is solved .
User avatar
averkiev
40
40
Posts: 121
Joined: 2005-06-12 06:40
Location: Singapore
Contact:

Re: Help!!!

Post by averkiev »

Now if the mods would move this thread to the beginners or general help sub forum, that would be really great.
Last edited by averkiev on 2008-09-02 12:20, edited 1 time in total.
Post Reply