The VNC That Wouldn’t Connect
Date: August 18, 2023 Duration: Most of the day Messages: 126 Issue: VNC server installation on Debian Result: TigerVNC working after complete purge
The Problem
I’d tried to install VNC on this Debian box before. Multiple times. Different packages. Each attempt left behind config files, systemd units, and broken state.
Now nothing worked. Fresh install attempts would fail because old configs conflicted with new ones.
Time to nuke it from orbit.
The Purge
First: find everything VNC-related and remove it.
# Remove all VNC packages
apt purge tigervnc-* tightvnc* x11vnc vnc4server realvnc-* -y
# Find leftover configs
find /etc -name "*vnc*" 2>/dev/null
find /home -name "*vnc*" 2>/dev/null
find ~/.vnc -type f 2>/dev/null
# Remove them
rm -rf ~/.vnc
rm -rf /etc/vnc*
rm -f /etc/systemd/system/*vnc*Reload systemd to forget the old units:
systemctl daemon-reloadThe Fresh Install
TigerVNC. It’s the most actively maintained, works with modern desktops.
apt update
apt install tigervnc-standalone-server tigervnc-common -ySet the VNC password:
vncpasswd
# Enter password twice
# "Would you like to enter a view-only password?" - NoThe First Failure
Started the server:
vncserver :1Connected from my laptop:
Connection refusedCheck if it’s running:
ss -tlnp | grep 590
# NothingNot running. Check the log:
cat ~/.vnc/*.logXvnc TigerVNC 1.x - built...
...
(EE) Fatal server error:
(EE) Cannot establish any listening socketsPort 5901 was blocked. By what?
The Port Conflict
ss -tlnp | grep 5901
# Shows nothing
lsof -i :5901
# Shows nothingNot a port conflict. Firewall?
iptables -L -n | grep 590
# Nothing blockingNot the firewall. What then?
Turns out: the previous VNC installation had created a socket file that still existed. TigerVNC was trying to use it and failing.
rm -rf /tmp/.X1-lock
rm -rf /tmp/.X11-unix/X1Try again:
vncserver :1New 'debian:1' desktop is debian:1
Starting applications specified in /home/argo/.vnc/xstartupFinally.
The Black Screen
Connected from the laptop. Got a connection. Saw… nothing. Black screen with an X cursor.
The VNC server was running, but no desktop environment was starting.
Check xstartup:
cat ~/.vnc/xstartupEmpty. Or worse, pointing to a desktop that wasn’t installed.
The xstartup Fix
Created a working xstartup:
#!/bin/sh
unset SESSION_MANAGER
unset DBUS_SESSION_BUS_ADDRESS
exec startxfce4 &Made it executable:
chmod +x ~/.vnc/xstartupKilled the VNC server and restarted:
vncserver -kill :1
vncserver :1Connected. XFCE desktop appeared. Finally working.
The Systemd Unit
Manual starts are annoying. Made it a service:
cat > /etc/systemd/system/[email protected] << 'EOF'
[Unit]
Description=VNC Server for display %i
After=network.target
[Service]
Type=forking
User=argo
ExecStart=/usr/bin/vncserver :%i -geometry 1920x1080 -depth 24
ExecStop=/usr/bin/vncserver -kill :%i
[Install]
WantedBy=multi-user.target
EOFEnable and start:
systemctl daemon-reload
systemctl enable vncserver@1
systemctl start vncserver@1Now VNC starts on boot, survives reboots, and can be managed with systemctl.
What I Learned
Purge completely before reinstalling. Half the debugging was fighting ghosts from previous attempts.
Check socket files. /tmp/.X* files can block new sessions even when no process is running.
xstartup is everything. Without it, you get a black screen. With the wrong one, you get a broken desktop.
126 messages for a VNC server. Sometimes the simple things aren’t simple.
The Final Config
~/.vnc/
├── config # Resolution and depth settings
├── passwd # Encrypted VNC password
├── xstartup # Desktop startup script
└── debian:1.log # Session logVNC on port 5901, XFCE desktop, auto-starting on boot. Remote access to the pentesting lab: achieved.
When something won’t install cleanly, the answer is usually: remove everything and start over.