||Home||Switchboard||Unix Administration||Red Hat||TCP/IP Networks||Neoliberalism||Toxic Managers|
|(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix|
|News||Recommended Links||X Windows system Protocol||X display manager||Configuration||Fonts in X windows||IPTables|
|Enabling XDMCP in Solaris 10||Troubleshooting XDMCP Connections to UNIX and Linux Hosts - Tech Note 1229|
|Exporting_display||vnc||Xdefaults||X11 security||X11 forwaring over ssh||Humor||Etc|
This technical note describes how to troubleshoot problems connecting with XDMCP (X Display Manager Control Protocol), such as timeout or "cannot open display" errors. The troubleshooting options in this note apply to connections made to the most common UNIX and Linux hosts.
For information specific to Red Hat Linux, see Technical Note 1680.
The XDMCP protocol is used to communicate between the X Display Manager (XDM) running on a host machine and the X server (Reflection X) running on your workstation (computer). The X Display Manager provides a user friendly interface for starting X clients and opening X windows.
There are several reasons why an XDMCP connection might fail. The most common reasons are:
To determine the cause of the problem and resolve it, start with section A. XDMCP Error Codes, and proceed through each subsequent section as directed.
Note: The troubleshooting steps in this note help you ensure that the XDM daemon is running and that Reflection X can successfully connect and run sessions using this daemon. An alternate workaround for starting sessions is to manually start X sessions. This procedure is described below under "To manually start an X session without using the XDM Daemon."
The most common error codes and their definitions are:
This is a generic XDMCP error code. To determine the cause of the error and resolve it, proceed to section B. Examine the Network Environment.
XDM is running on the host and has accepted the connection request; however, XDM is unable to successfully reply to the Reflection X server. Refer to sections F. Verify that Reflection X is Detecting the Correct IP Address and G. Ping the Workstation from the Host.
Before you begin the troubleshooting steps, be sure that your network environment is compatible with XDMCP. XDMCP does not work with, or needs to be specifically configured for, the following network environments:
For details regarding this feature and Red Hat Linux 8.0, see technical note 1680.
Once you determine that your environment is compatible with XDMCP, proceed to C. Increase the Connection Timeout.
Increasing the connection timeout value may resolve connection problems, particularly when working in a low bandwidth environment. The connection timeout defines the number of seconds that Reflection X will try to make an XDMCP connection. By default, the value is set to 15 seconds.
Follow these steps to configure the connection timeout value.
Yes. Save the .RXC file with the increased timeout setting for future use.
No. Proceed to D. Make a Direct XDMCP Connection.
By default, Reflection X makes XDMCP connections using broadcast UDP packets. Some routers and firewalls are configured to block UDP or broadcast packets. Follow these steps to make a non-broadcast XDMCP connection:
Note: Depending on the configuration of your network, it may be possible to connect to your host using an unqualified host name; however, because this does not work in all network configurations, using a fully-qualified name is recommended.
Yes. Your router or firewall is most likely configured to block UDP broadcast packets. To workaround this problem, either use the Direct XDMCP connection; configure your workstation's firewall to permit UDP broadcasts, or contact your network administrator about configuring your router or firewall to permit UDP broadcasts.
No. Perform these steps:
Follow the steps below to determine if the host is available.
ping <host IP address or fully-qualified host name>
ping 22.214.171.124 or ping lindaj.mycompany.com
Yes. Proceed to F. Verify that Reflection X is Detecting the Correct IP Address.
No. Contact your system administrator to verify that the host is running and that you have the correct name or IP address for the host.
Reflection X sends the workstation's IP address to the XDM daemon on the host. To verify that the workstation IP address is correct, follow the steps below.
In Reflection X Manager 14.0 - 14.1:
Yes. Proceed to G. Ping the Workstation from the Host.
No. If the IP address automatically detected by Reflection X is not correct, manually enter the correct address under Settings > Network and return to D. Make a Direct XDMCP Connection.
Verify that the host can access the workstation and correctly resolve the workstation's fully-qualified name. Incorrect resolution of the workstation name to the workstation IP address may cause XDMCP connections to fail.
An example of a fully-qualified workstation name is "lindaj.mycompany.com" (not "Lindaj"). Depending on the configuration of your network, it may be possible to connect to your host using an unqualified host name; however, because this does not work in all network configurations, using a fully-qualified name is recommended.
Linux: ping -c 3 <fully-qualified workstation name>
Solaris: ping -a <fully-qualified workstation name>
HP-UX: ping <fully-qualified workstation name> -n 3
Note: You may need to navigate to the /etc directory before issuing the ping command. To do so, enter cd /etc. If you are unable to navigate to /etc, or are still unable to use the ping command from that location, contact your system administrator for assistance.
A successful ping looks similar to this:
# ping lindaj.mycompany.com -n 3
PING LINDAJ.mycompany.com: 64 byte packets
64 bytes from 126.96.36.199: icmp_seq=0. time=1. ms
64 bytes from 188.8.131.52: icmp_seq=1. time=1. ms
64 bytes from 184.108.40.206: icmp_seq=2. time=1. ms
Yes. If you can ping the workstation by name, and the IP address returned is correct, proceed to H. Confirm that the Host XDM Daemon is Running.
If you can ping, but the IP address returned by ping is incorrect, you may have identified a DNS problem and should contact your network administrator for assistance. This problem must be resolved before proceeding.
Note: A temporary workaround for a DNS error is for the system administrator to add the correct workstation IP address and fully-qualified workstation name to the host's /etc/hosts file. Once this has been done, pinging from the host to the workstation should resolve properly. This method should only be used as a temporary workaround, especially in a DHCP network environment, because the /etc/hosts file would need to be updated each time the workstation obtains a new DHCP lease.
No. If you are unable to successfully ping using the workstation's name, try using the workstation's IP address in place of <fully-qualified workstation name>. If this works, proceed to the next section, "Reconfigure the Windows DNS suffix setting."
If a ping to the workstation IP address fails, contact your network administrator for assistance.
Note: Personal firewalls (running on the workstation) can be configured to disallow incoming echo requests (such as ping requests). If you have a personal firewall on your workstation, ensure that it is configured to allow incoming echo requests while you are testing with the ping command.
Reconfigure the Windows DNS suffix setting:
- Windows 7: Control Panel > Networking and Sharing Center > Local Area Connection > Properties
- Windows XP: Control Panel > Network and Internet Connections > Network Connections > right-click Local Area Connections > Properties
If changing this setting does not resolve the issue, clear the "Use this connection's DNS suffix in DNS registration" check box, and save the setting again. Proceed to H. Confirm that the Host XDM Daemon is Running.
Follow these steps to confirm that the XDM daemon is running on your host.
|UNIX host running CDE
|UNIX - Generic
|Linux host running KDM
|Linux host running GDM
|Linux host running XDM
A typical UNIX host response looks similar to the following; the path will vary depending on the host environment.
root 1355 1340 0 11:16 ? 14:25 /usr/dt/bin/dtlogin
guest 14519 14499 0 11:16 pts/10 00:00:00 grep dtlogin
In this example, the 'root' line confirms that the XDM daemon, entitled dtlogin, is running on the host, and is owned by the user 'root.'
A typical Linux host response looks similar to the following:
root 15099 1 0 Mar31 ? 00:00:09 /usr/bin/kdm -nodaemon
guest 15108 25084 09:07 00:00:00 grep kdm
In this example, the 'root' line confirms that the XDM daemon, entitled kdm, is running on the host, and is owned by the user 'root.' (The '-nodaemon' parameter does not indicate that the daemon is unavailable.)
Yes. Proceed to I. Check Port 177.
No. Contact your system administrator about the daemon. For more information on the XDM daemon, refer to the host Man pages.
Note: Whether the XDM Daemon is running or not, you can follow the steps below to manually start your X sessions. This workaround may allow you to use Reflection X while you are troubleshooting the XDMCP connection problem.
You can use the following steps to start an X desktop session if the XDM Daemon is not running.
/usr/dt/bin/Xsession -display <workstation IP or name>:0 &
/etc/X11/xdm/Xsession -display <workstation IP or name>:0 &
gnome-session & (no path needed)
startkde & (no path needed)
To use either of these last two Linux commands, the display variable has to be set first as neither supports the -display switch. (For example: "export SET DISPLAY=<workstation IP or name>:0")
Note: When you manually start an X session, some windows may stay open when you exit. To close these windows, reset your Reflection X server from the Action menu in the Reflection X Manager.
To make an XDMCP connection, the network must be configured to allow the host and X server to communicate using UDP packets over port 177.
To verify that port 177 is open, contact your network administrator for assistance or use the Microsoft Portqry.exe command-line utility to determine if port 177 is available. For information about this utility, see Microsoft article 310099 at http://support.microsoft.com/default.aspx?scid=kb;en-us;310099.
Yes. Proceed to J. Check Port 6000.
No. Work with your network administrator to identify why port 177 is unavailable. The port can be blocked by a network router and/or firewall. Connections using XDMCP are not possible until UDP port 177 is open.
X protocol typically uses port 6000 for communication between the host and Reflection X; therefore, if port 6000 is blocked between the host and the workstation, you will probably be unable to connect using Reflection X (one exception is when using Secure Shell). Follow the steps below to determine if port 6000 is available for the X protocol.
telnet <fully-qualified workstation name or IP address> 6000
For example: telnet lindaj.mycompany.com 6000
Port 6000 is open between the host and the workstation if the response looks similar to the following:
"Trying lindaj.mycompany.com...Connected to lindaj.mycompany.
com. Escape character is '^]'."
To exit the telnet connection, enter Ctrl+], and then enter quit.
Port 6000 is not open between the host and the workstation if the response is similar to one of the following strings:
"Telnet: Unable to connect to remote host: Connection refused"
"Telnet: connect: Connection refused"
"Connection timed out"
"Could not open a connection to host on port 6000: Connection failed"
Yes. For further troubleshooting assistance, contact Attachmate Technical Support: http://support.attachmate.com/contact/.
No. If this is the case, check the following.
Note: It is not always obvious that a firewall is running, because it might be running in the background as a service. You may be able to determine if a firewall is running in this manner by looking in the Task Manager under the Application and Processes tabs, or by looking in the Services list. (Click Start > Control Panel > Administrative Tools > Services.)
Determine if port 6000 is currently in use by an application other than Reflection X by entering netstat -a at the Windows Command Prompt (Programs > Accessories > Command Prompt).
TCP LINDAJ:6000 LINDAJ.mycompanye.com:0 LISTENING
If you are successful in opening port 6000, try to connect using XDMCP again. If still unable to connect, proceed to Contact Attachmate.
Follow the steps below to view and modify the Windows Firewall settings
Yes. Before you can make an XDMCP connection, you must include Reflection X in the list of allowed programs. (You may also choose to disable the firewall temporarily for testing, or permanently if this is appropriate in your environment.)
Add Reflection X to the list of allowed programs:
On Windows 7:
On Windows XP:
No. Return to J. Check Port 6000 and proceed through the firewalls list. Or, if you have already done this, proceed to Contact Attachmate.
If you are familiar with network traces, take a network trace of your XDMCP connection attempt and refer to the following Reflection XDMCP connection details while reviewing the trace.
Note: If you do not have a network trace utility, you may want to try one of the free online utilities, such as Wireshark, a multi-platform network protocol analyzer available at http://www.wireshark.org/.
In the network trace, you should see something similar to the following, showing Reflection X and the host negotiating and maintaining the connection. (Exactly how the information is presented depends on the trace utility you are using.)
The first set of entries show Reflection X connecting to port 177 on the host using XDMCP protocol over UDP. Communication is established between a random port number on the PC and port 177 on the host. During this process Reflection X (on the PC) provides the host with information about which port number it is configured to use for X11 protocol. Typically, this is port 6000.
Note: If there is a firewall between the PC and host, the firewall must be configured to allow UDP packets from the PC to the host on port 177.
The second set of entries shows the host sending a SYN request to the PC on the port that Reflection X specified for X11 protocol (typically port 6000), using TCP. The following SYN and ACK communications are made between a random host port and the port Reflection X specified for X11 protocol.
Note: If there is a firewall between the PC and host, the firewall must be configured to allow TCP packets from the host to the PC on port 6000 (or whichever port Reflection X is listening on for X11 traffic).
||specified host port number > X11 port number [SYN]
||38197 > 6000 [SYN]
38197 > X11 [SYN]
Note: If the default X11 port is being used, 6000, "X11" may be displayed instead of 6000.
||X11 port number > specified host port number [SYN, ACK]
||X11 > 38197 [SYN, ACK]
||specified host port number > X11 port number [ACK]
||38197 > X11 [ACK]
Finally, the host and Reflection X begin communicating using X11 protocol over TCP on the ports established during the SYN-ACK process above. No additional ports need be opened in the firewall.
Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers : Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism : The Iron Law of Oligarchy : Libertarian Philosophy
War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda : SE quotes : Language Design and Programming Quotes : Random IT-related quotes : Somerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose Bierce : Bernard Shaw : Mark Twain Quotes
Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 : Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law
Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds : Larry Wall : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOS : Programming Languages History : PL/1 : Simula 67 : C : History of GCC development : Scripting Languages : Perl history : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history
The Peter Principle : Parkinson Law : 1984 : The Mythical Man-Month : How to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite
Most popular humor pages:
Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor
The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D
Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.
FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.
This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...
|You can use PayPal to to buy a cup of coffee for authors of this site|
Last modified: March 12, 2019