# TightVNC - Failed to Connect to Server



## terencewklau (Sep 18, 2005)

Hi,

I'm having trouble getting TightVNC to work. Here's the setup:

Linksys Wireless Router - 192.168.1.1
PC 1 - 192.168.1.2
PC 2 - 192.168.1.3
TightVNC server installed as service with password configured for both PC's.
TightVNC viewer also installed on both PC's.
PC 1 - PC1.homeip.net with dyndns updater installed and running as service.
PC 2 - PC2.homeip.net with dyndns updater installed and running as service.
Zone Alarm free version installed on both PC's.
Windows XP Pro on both PC's.
I've forwarded port 5900 to 192.168.1.2 and 192.168.1.3 on the router.

When I open TightVNC viewer and type in PC1.homeip.net from PC 2 or vice versa, it says "Failed to connect to server". Same result even after shutting down Zone Alarm.

But it works fine if I use the internal IP address to connect, namely 192.168.1.2 or 192.168.1.3 even with Zone Alarm (internal IP's configured as trusted zone) running.

I can ping PC1.homeip.net and PC2.homeip.net without any problems. Its probably something simple I'm missing but I can't figure it out.

Any ideas would be greatly appreciated. Thanks in advance.


----------



## coulterp (Oct 20, 2003)

It works on the LAN because you are going direct to the LAN IP address and each PC responds to port 5900 (assuming VNC server is installed). The port-forwarding on the router is irrelevant, as you are not going through the WAN-->LAN firewall, your comms are remaining entirely on the LAN side of the router.

When you access from the WAN (Internet) - which is what is happening when you use PC1.homeip.net - the router, on receipt of the incoming VNC request, has to port-forward 5900 to the appropriate LAN IP address. So I do not see how you would expect the port-forward configuration you've entered to work - as you have told the router to port-forward to two different LAN IP addresses. I can't say if it is the case for all routers, but certainly any I have used do not offer the option to port-forward the same port to two different LAN IP address - how does the router decide which it should sent the request to?

Better to port-forward 5900 to PC 1 LAN IP address and 5901 to PC2 LAN IP address. You can configure VNC displays 0 - 9 to use ports 5900 - 5909 (see VNC documentation), so it is a frequently used approach to port-forward ports 5900 - 5909 (say) to the LAN IP address for PCs 1 - 9 respectively and configure VNC on each PC to respond to the VNC port appropriate to the display.


----------



## terencewklau (Sep 18, 2005)

Thanks for the reply coulterp.

I've reconfigured port forwarding on 5900 for PC 1 and 5901 for PC 2 and made the necessary changes on the VNC server settings as well.

I'll try and remote in from office tomorrow and see if it works.

Just some added info, I initially only configured PC 1 with VNC server and PC 2 with VNC viewer. And port forwarding was only configured for PC 1 on 5900. But I couldn't connect from office using PC1.homeip.net or using the public IP address.

So I configured PC 2 as well to see if it will work on a different machine. But it didn't. Will reply again once I'm in the office.


----------



## coulterp (Oct 20, 2003)

I routinely put both VNC server and viewer on all PCs I want to use VNC.

It may well be that your office networks are blocking the use of VNC. I know I cannot VNC from the office to my home LAN.

In order to achieve access I have to establish a secure - SSH - connection and tunnel VNC through that. Works fine, if a litlle slow.

PuTTY from work PC to home LAN/PC (router configure to forwrad port 22 for SSH as necessary. Setup to use VNC through the PuTTY/SSH tunnel. See the following for guidance:

http://pigtail.net/LRP/vnc/
http://martybugs.net/smoothwall/puttyvnc.cgi (Smoothwall is just a Linux software router, so just imagine that is your Linksys)


----------



## terencewklau (Sep 18, 2005)

Hi Coulterp,

I've just tried again from my office but still getting that "failed to connect to server" message.

I'm actually using a direct internet connection at my office and it has worked before. I've setup tightvnc on a desktop at the remote office location and can vnc into that pc just fine.

I was actually going to setup ssh via cygwin once I get tightvnc going. But gotta get tightvnc going first.

Would appreciate any comment. Thanks.


----------



## coulterp (Oct 20, 2003)

As you say, getting it right with VNC first is advised, before fiddling with SSH over Cygwin (which from experience I've always found to be a bit of a PITA).

Back on VNC you've checked all the obvious: 

VNC server is running as a service on re-boot so is truely listening on port 5900
Incomming Connnecionshasa tick in the box for Accept Socket Connections? (soory I'm looking at [email protected] here, so not sure if that is in the TightVNC GUI
Use, or not, of password
Display Number (0) and/or Port (5900) correctly set 
Router port-forwarding to correct correct LAN IP (have you set up for static LAN IP address so DCHP doesn't hop your VNC server IP address all over the shop?)
ZA either has the port open or is disabled/uninstalled
You don't have Windows Firewall enabled by any chance?


----------



## terencewklau (Sep 18, 2005)

Double checked the following:

1. vnc running as service on 5900
2. accept connections is ticked
3. password is set
4. display number and/or port set to auto
5. router port forward to correct internal ip which is static
6. zone alarm has been shut down
7. windows firewall disabled

Will give it one last try tomorrow at work. I forgot to shut down zone alarm when I went to work today. By the way, the free version of zone alarm doesn't let you configure ports, does it?


----------



## terencewklau (Sep 18, 2005)

Sorry for the late response. Was away at a remote location for a couple of days. Anyway, no luck even with zone alarm turned off. Checked all the settings and everything seems to be in order. Guess I'll just start from scratch again. Thanks for the help coulterp.


----------

