VNC server stopped working

grob115 · 08-22-2010, 07:56 AM

I have followed the official instructions here to setup VNC service initially and was able to get it working.

However, during the course of setting up my BIND service, I have done the following:
1) Turned on SELinux
2) Used system-config-security to add the ports TCP:53 and UDP:53

When I tried to save the settings from 2) above, my GNOME desktop delivered via VNC got frozen.

Now when I tried to restart vncserver with "service vncserver restart", I see the following. I am also unable to connect via http://<IP>:5801 anymore. Any idea what I need to do to fix this?

Code:

[root@backup sbin]# cat /root/.vnc/backup.test.com:1.log

Xvnc Free Edition 4.1.2
Copyright (C) 2002-2005 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.
Underlying X server release 70101000, The X.Org Foundation


Sun Aug 22 08:47:25 2010
 vncext:      VNC extension running!
 vncext:      Listening for VNC connections on port 5901
 vncext:      Listening for HTTP connections on port 5801
 vncext:      created VNC server for screen 0
localuser:root being added to access control list
No profile for user 'root' found
SESSION_MANAGER=local/backup.test.com:/tmp/.ICE-unix/7846
Window manager warning: Log level 32: could not find XKB extension.

** (eggcups:8027): WARNING **: IPP request failed with status 1030

** (eggcups:8027): WARNING **: IPP request failed with status 1030
Getting adapter list failed: The name org.bluez was not provided by any .service files
Passkey agent registration failed: The name org.bluez was not provided by any .service files
Initializing nautilus-open-terminal extension

** (nm-applet:8070): WARNING **: No connections defined
Unable to open desktop file /usr/share/applications/redhat-email.desktop for panel launcher: No such file or directory
Unable to open desktop file /usr/share/applications/openoffice.org-1.9-writer.desktop for panel launcher: No such file or directory
Unable to open desktop file /usr/share/applications/openoffice.org-1.9-impress.desktop for panel launcher: No such file or directory
Unable to open desktop file /usr/share/applications/openoffice.org-1.9-calc.desktop for panel launcher: No such file or directory
Introspect error: The name edu.duke.linux.yum was not provided by any .service files
Traceback (most recent call last):
  File "/usr/bin/puplet", line 467, in ?
    main()
  File "/usr/bin/puplet", line 464, in main
    p.run()
  File "/usr/bin/puplet", line 451, in run
    self._refreshInfo()
  File "/usr/bin/puplet", line 191, in _refreshInfo
    if self.updatesObject is not None and \
AttributeError: DBusException instance has no attribute '_dbus_error_name'
[root@backup sbin]#

carltm · 08-22-2010, 08:02 AM

Do you really need selinux? If not, your problems will probably go
away simply by disabling selinux. You might want to at least put
selinux in permissive mode to verify this. You will also be able
to search the logs to find what access the VNC service needs.

grob115 · 08-22-2010, 08:07 AM

Man..... after hours and hours of digging online. I have it back up working! What I did was

Code:

view /etc/sysconfig/iptables

Inserted the following lines:

Code:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5801 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5802 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5902 -j ACCEPT

Code:

./service iptables restart
./service vncserver restart

It appears that when I attempted to use "config-system-security" to add the TCP:53 and UDP:53 ports for BIND, it turned off the 5801 port.

3 strange things I have observed so far:
1) The GNOME desktop now have many Terminal windows opened. I have to close them one at a time. Not sure what caused this. The first time I saw 10 of these. The 2nd and 3rd time I reconnected I saw 11. And it appears that as soon as I hit the Close button, they'll re-spawn! I have done a reboot, and now there is only one Terminal window opened. Despite attempts to close it, it is re-spawning still. What can I do to fix it?
2) The 5801, 5802, 5901, 5902 ports added to the iptables as indicated above are not reflected in the "system-config-security" GUI. I have added them using the GUI nevertheless. Not sure why the ports I added using the GUI appears in the file but not the other way around.
3) The /root/.vnc/backup.test.com:1.log file still is showing the same content as what I posted in the first post above.

grob115 · 08-22-2010, 08:31 AM

Quote:

Originally Posted by carltm

Do you really need selinux? If not, your problems will probably go
away simply by disabling selinux. You might want to at least put
selinux in permissive mode to verify this. You will also be able
to search the logs to find what access the VNC service needs.

Well yes I kind of do. I saw the following in /etc/sysconfig/named

Code:

# ENABLE_ZONE_WRITE=yes  --  If SELinux is disabled, then allow named to write
#                            its zone files and create files in its $ROOTDIR/var/named
#                            directory, necessary for DDNS and slave zone transfers.
#                            Slave zones should reside in the $ROOTDIR/var/named/slaves
#                            directory, in which case you would not need to enable zone
#                            writes. If SELinux is enabled, you must use only the
#                            'named_write_master_zones' variable to enable zone writes.

And by enabling SELinux I was able to save the configurations I set using the BIND GUI tool "system-config-bind". Prior to enabling SELinux, I wasn't able to do this.

I'd like to keep SELinux on. If someone can assist me in deciphering what the "/root/.vnc/backup.test.com:1.log" file is saying, that'd probably solves all the problems (I'm guessing). Thanks.