0

I’ve got a problem with the Screen Sharing connection to my macos server. I’m using a macbook pro to connect to my mac server. It works fine on the local network, but fails to connect from remote networks via internet.

I can connect via AFP and SSH to the server remotely, websites and mail work fine as well al the Server App from any network. It is just the Screen Sharing that stopped connecting at some point few months ago, wrestling to solve it since then.

The port TCP 5900 is forwarded on my router, (I have also forwarded the 4120 for Keberos authentication, as listed on Apple’s website but it doesn’t seem to do any good).

My server runs macos 10.13.4 at the moment. It is connected to the internet via SKY broadband (UK, Hub model ER115, Firmware 2.07.2356.R, DSL Firmware VersionA2pv6F039m1.d24m) and Apple router (Airport Express 7.6.9).

Improve this question
0

3 Answers 3

Reset to default
3
+50

4120 is the RFC document number, you need TCP88 for Kerberos authentication. Let us know if that doesn't work. Assuming you're looking at HT202944 apple article

Improve this answer
6
  • 1
    Did you mean that TCP 88 port should be open and forwarded as well? If so, yes it is open as my web server works fine.
    – Maciek Rek
    Commented Aug 30, 2018 at 12:13
  • oops, the websites use port TCP 80 (not 88).
    – Maciek Rek
    Commented Aug 30, 2018 at 12:34
  • Per Apples document you need ports 88+5900 open/forwarded for screen sharing. I believe you misread 4120 as that doesn't need to be open
    – gregg
    Commented Aug 30, 2018 at 13:39
  • Yes, that's true, I've taken the RFC number as a port number! fml... I also found out that online port scanner might be useful...
    – Maciek Rek
    Commented Aug 30, 2018 at 14:34
  • Did it resolve your issue, do I get the bounty? Nmap is easy to install & use w/o relaying on website, but sometimes it nice to have those. Here is one I use: nmap.online-domain-tools.com
    – gregg
    Commented Aug 30, 2018 at 17:55
0

There exist some other options for Screen Sharing that are easier to set up and are safer, since they do not require opening ports to the internet.

  • If you have macOS Sierra and an iCloud account, then see this Apple article: macOS Sierra: Share your screen using Back to My Mac. This is essentially a built-in Screen Sharing feature VNC server with some extra features.

  • A third-party VNC product is TeamViewer, which is free for personal use and very easy to use. TeamViewer is convenient because you won’t have to forward ports or worry about server configuration issues.

  • If you use Chrome, then Chrome Remote Desktop is another option, using the Chrome Remote Desktop extension. This is another convenient way to access your Mac that doesn’t require port forwarding and other configuration.

image

For more information see this article :
3 Free Ways to Remotely Connect to Your Mac’s Desktop.

Improve this answer
5
  • Thanks! I should probably mention that I'm connecting to an unattended, headless mac, and would prefer to avoid using any additional software such as TeamViewer etc.
    – Maciek Rek
    Commented Aug 30, 2018 at 12:17
  • I'm still a bit wary of exposing a Kerberos port to the internet at the same time as a screen sharing one. I hope that you have on the router at least port-forwarded other external ports than the standard ones.
    – harrymc
    Commented Aug 31, 2018 at 7:35
  • Turns out that you don't really need Keberos to use macos built-in Screen Sharing, only TCP 5900.
    – Maciek Rek
    Commented Aug 31, 2018 at 18:07
  • And yes, it is forwarded to the server and usually blocked with the server's internal firewall, only opening when in use.
    – Maciek Rek
    Commented Aug 31, 2018 at 18:35
  • Use another port on the router than 5900, preferably with 5 digits. You may forward to 5900 on the computer.
    – harrymc
    Commented Sep 1, 2018 at 7:23
0

I have updated the settings of my server in the Server App > Access > Screen Sharing > All networks

(For some reason the access was limited to Private Networks only!)

Now I can connect with the Screen Sharing remotely.

Keberos authentication port (TCP 88) does not need to be open in my setup. Only the TCP 5900. (In the question there is a mistake in the Keberos port number.)

@gregg answer helped to put things together and with an online port scanner (Web search > scan my ports) I've discovered that the TCP5900 was blocked (by server itself) despite being open on the router.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .