Re: VNC behind ISA Server
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Mon, 10 Sep 2007 06:19:12 GMT
Hello,
Thanks for posting in our newsgroup and also for Luka's great input.
On what ports VNC uses, please read the following information from VPN
website:
Q52 Which TCP/IP ports does VNC use?
A VNC server listens on two ports. The exact port numbers depend on the VNC
display number, because a single machine may run multiple servers. The most
important one is 59xx, where xx is the display number. The VNC protocol
itself runs over this port. So for most PC servers, the port will be 5900,
because they use display 0 by default.
In addition, VNC servers normally have a small and very restricted web
server built in, which allows you to connect a browser to them and use the
Java viewer. This runs on port 58xx. Note that this is the HTTP port used
for downloading pages and applets, but once the applet is running it uses
59xx for VNC just like any other viewer.
The servers can be changed to listen on other ports if, for any reason,
these are not suitable for you. See the server's documentation for more
details. Most of the viewers, if given a display number larger than 99,
will interpret it as a direct port number and will not add 5900. See also
the next question.
If you are running a viewer in 'listening' mode, where it accepts
connections initiated by the server, it will listen for incoming VNC on
port 5500.
More info:
Excerpt from the VNC FAQ Page
http://ubl.cim3.org/~lcsc/collaboration_tools/VNC_connectivity_faq.html
NOTE: This response contains a reference to a Third party World Wide Web
site. You should know that Third party sites are not under the control of
Microsoft. Accordingly, Microsoft can make no representation concerning
the content of these sites. Microsoft is providing this information only
as a convenience to you. This is to inform you that Microsoft has not
tested any software or information found on these sites and therefore
cannot make any representations regarding the quality, safety, or
suitability of any software or information found there. There are inherent
dangers in the use of any software found on the Internet, and Microsoft
cautions you to make sure that you completely understand the risk before
retrieving any software on the Internet.
If you need to publish VNC server, please refer to the following KB:
How to publish a Citrix Metaframe version 1.8 server by using Internet
Security and Acceleration Server 2006 or ISA Server 2004
http://support.microsoft.com/kb/837739/en-us
If you need to create an access rule to allow VNC communication, please
refer to the following KB:
How to permit non-Microsoft programs to connect to the Internet through
Internet Security and Acceleration Server 2006 or in ISA Server 2004
http://support.microsoft.com/kb/837831/en-us
Hope this helps.
If you need further assistance, please don't hesitate to let me know.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<From: "Luka Manojlovic" <luka@xxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<Subject: Re: VNC behind ISA Server
<Date: Sun, 9 Sep 2007 21:32:38 +0200
<Organization: A noiseless patient Spider
<Lines: 40
<Message-ID: <fc1hom$5jm$1@xxxxxxxxxxxxxxxxxxxxxxxxx>
<References: <zPqdnShbftuFqnnbRVnyhQA@xxxxxxxxxxxxxx>
<X-Trace: tomate.motzarella.org
U2FsdGVkX1+UPGHx0VlE/rQfcxnPmGnJNi3uG/lG2zLoqvzOeHCr/ElP8pVmmK93uV/Mnm+XJBlj
Q1Aq2CsRdyi30eoa/43RE/qUbAFJgaFEOgrJD6iB1V7xAjVf9Yst741vu/f0oVz6spTuStJ1fg==
<X-Complaints-To: Please send complaints to abuse@xxxxxxxxxxxxxx with full
headers
<NNTP-Posting-Date: Sun, 9 Sep 2007 19:32:38 +0000 (UTC)
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
<X-RFC2646: Format=Flowed; Response
<X-Newsreader: Microsoft Outlook Express 6.00.2900.3028
<X-Auth-Sender: U2FsdGVkX18dHljlgpFUARPMMpT7TaXEnwm5MTp9F8orbJROWJA0uA==
<Cancel-Lock: sha1:ifnd9uVw3ljJ2zSN7Svpt2Fa9FM=
<X-Priority: 3
<X-MSMail-Priority: Normal
<Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!msrtrans!
msrn-in!newshub.sdsu.edu!feeder.news-service.com!news.motzarella.org!motzare
lla.org!not-for-mail
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:61764
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<
<You should check if you are using VNC server - this one listens on port
5900
<or you "call" their VNC Viewer in listening mode that listens on port
<5500...
<
<So this ports are the one to check. For example:
<
<Your machine inside network | ISA | External programmers
<VNC server (listens on 5900)
<
<If you want this setup you need to pass port 5900 from internet to
specific
<IP in your lan.
<
<2 example:
<External programmers | ISA | Your machine inside network - you initiate by
<left clicking on vnc server and add new client
<VNC viewer listening (5500) | | VNC server (listens on port 5900 but it
does
<not matter)
<
<In this setup you need to allow "calls" from your internal PCs to internet
<on port 5500.
<
<Hope it helps,
<Luka
<
<"Al" <nospamplease@xxxxxxxxxxxxxxxxxx> wrote in message
<news:zPqdnShbftuFqnnbRVnyhQA@xxxxxxxxxxxxxxxxx
<> Anyone able to help with how to configure permissions for VNC? We have a
<> site with an application which uses VNC to enable users to call up
support
<> from the application programmers - however while this works fine for a pc
<> directly connected to the router, it does not work for those who are
<> linked
<> to the SBS 2003 R2 network via ISA 2004. Any ideas? - I suspect that a
<> new
<> access rule has to be added to ISA but not sure exactly what or how!.
<> Thanks
<>
<>
<>
<
<
<
.
- References:
- VNC behind ISA Server
- From: Al
- Re: VNC behind ISA Server
- From: Luka Manojlovic
- VNC behind ISA Server
- Prev by Date: Re: Not able to ping between SBS 2003 and Vista
- Next by Date: Re: CEICW settings
- Previous by thread: Re: VNC behind ISA Server
- Next by thread: Re: VNC behind ISA Server
- Index(es):
Relevant Pages
|
