-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-9.6.z
-
None
-
tigervnc-1.15.0-4.el9
-
Yes
-
Important
-
ZStream
-
2
-
rhel-display-applications
-
ssg_display
-
14
-
16
-
3
-
False
-
False
-
-
None
-
Display - Sprint 4/2025, Display - Sprint 5/2025
-
Approved Blocker
-
Unspecified
-
Unspecified
-
Unspecified
-
-
x86_64
-
None
What were you trying to do that didn't work?
x0vncserver auth no longer working after upgrade from RHEL 9.4 EUS to RHEL 9.6 EUS.
What is the impact of this issue to you?
Was no longer able to start an RDP session for seat0. This has worked just fine since the RHEL8 times.
Please provide the package NVR for which the bug is seen:
I am not sure the issue is the actual tigervnc rpm. It might be a side effect of a library update.
How reproducible is this bug?:
Had is happen on all my freshly upgraded RHEL 9.6 EUS hosts.
all hosts were previously on RHEL 9.4 EUS with kernel-5.14.0-427.68.2.el9_4.x86_64.
All hosts were upgraded to RHEL 9.6 EUS with kernel kernel-5.14.0-570.17.1.el9_6.x86_64 on May 25th 2025.
After that, VNC auth using x0vncserver no longer worked.
Steps to reproduce
- create a vnc password for your user, e,g: vncpasswd
- start the vnc server with the password, e.g:
/usr/bin/x0vncserver -rfbport 5891 -rfbauth /export/home/raistlin/.vnc/passwd or
/usr/bin/x0vncserver -rfbport 5891 -PasswordFile /export/home/raistlin/.vnc/passwd -SecurityTypes VncAuth,None,Plain,TLSNone,TLSVnc -PlainUsers raistlin -Log "*:stderr:100"
On RHEL 9.6, this was reporting:
SConnection: processing security type message SConnection: Client requests security type VeNCrypt(19) SConnection: processing security message SConnection: processing security message SConnection: processing security message SVeNCrypt: Client requests security type TLSVnc (258) TLS: Process security message (session (nil)) TLS: Anonymous session has been set TLS: Deferring completion of TLS handshake: Resource temporarily unavailable, try again. SConnection: processing security message TLS: Process security message (session 0x55c3a4acf0e0) TLS: Deferring completion of TLS handshake: Resource temporarily unavailable, try again. SConnection: processing security message TLS: Process security message (session 0x55c3a4acf0e0) TLS: TLS handshake completed with (TLS1.2)-(ANON-DH)-(AES-256-GCM) Mon May 26 13:47:36 2025 SConnection: processing security message SVncAuth: reading password file VNCServerST: starting desktop XDesktop: Enabling 8 buttons of X pointer device XDesktop: Allocated shared memory image XDesktop: Detected screen layout: XDesktop: 1 screen(s) XDesktop: 1804289383 (0x6b8b4567): 3840x2160+0+0 (flags 0x00000000) XDesktop: Mon May 26 13:47:47 2025 VNCSConnST: closing 10.0.129.244::45706: Authentication failure: Connection rejected by local user EncodeManager: Framebuffer updates: 0 EncodeManager: Total: 0 rects, 0 pixels
Expected results
A successful connection looks like this:
SConnection: Client requests security type VeNCrypt(19) SConnection: Processing security message SConnection: Processing security message SConnection: Processing security message SVeNCrypt: Client requests security type TLSVnc (258) TLS: Process security message (session (nil)) TLS: Anonymous session has been set TLS: Deferring completion of TLS handshake: Resource temporarily unavailable, try again. SConnection: Processing security message TLS: Process security message (session 0x5583f14325c0) TLS: Deferring completion of TLS handshake: Resource temporarily unavailable, try again. SConnection: Processing security message TLS: Process security message (session 0x5583f14325c0) TLS: TLS handshake completed with (TLS1.2)-(ANON-DH)-(AES-256-GCM) Mon May 26 14:26:14 2025 SConnection: Processing security message SVncAuth: Reading password file VNCServerST: Starting desktop XDesktop: Enabling 9 buttons of X pointer device XDesktop: Allocated shared memory image XDesktop: Detected screen layout: XDesktop: 1 screen(s) XDesktop: 1804289383 (0x6b8b4567): 3840x2160+0+0 (flags 0x00000000) XDesktop: VNCSConnST: Server default pixel format depth 24 (32bpp) little-endian rgb888 SConnection: Reading client initialisation SConnection: Reading client initialisation VNCSConnST: Client pixel format depth 24 (32bpp) little-endian rgb888 Mon May 26 14:26:26 2025 VNCSConnST: Closing 10.0.129.244::45530: Clean disconnection EncodeManager: Framebuffer updates: 27 EncodeManager: Tight: EncodeManager: Solid: 197 rects, 1.28984 Mpixels EncodeManager: 3.07812 KiB (1:1637.6 ratio) EncodeManager: Bitmap RLE: 121 rects, 44.431 kpixels EncodeManager: 4.9248 KiB (1:35.5296 ratio) EncodeManager: Indexed RLE: 344 rects, 2.92724 Mpixels EncodeManager: 694.178 KiB (1:16.4778 ratio) EncodeManager: Full Colour: 229 rects, 4.93448 Mpixels EncodeManager: 3.36676 MiB (1:5.59179 ratio) EncodeManager: Total: 891 rects, 9.19599 Mpixels EncodeManager: 4.05248 MiB (1:8.65892 ratio) Connections: Closed: 10.0.129.244::45530 VNCServerST: Stopping desktop ComparingUpdateTracker: 17.8138 Mpixels in / 901.271 kpixels out ComparingUpdateTracker: (1:19.7652 ratio)
Actual results
As a workaround, I grabbed the latest tigervnc from Fedora which I rebuilt on RHEL 9.6 and things started working again:
tigervnc-1.15.0-5.el9.src.rpm
with:
xkbcomp-1.4.7-3.el9.src.rpm and xorg-x11-font-utils-7.5-61.el9.src.rpm
- links to
-
RHSA-2025:147220 tigervnc security update