Share via

Does Global Secure Access work with RealVNC Viewer

Darin Mirchev 40 Reputation points
2023-10-02T09:12:58.1566667+00:00

Hello,

We have set up Private access profile of Global Secure Access.
There is a Linux host with a private IP address that is reachable via RealVNC Viewer app on port 5931.
We have added this IP as a Quick Access app and allowed all ports 0-65535.

If I do a tnc (test network connection) on Powershell towards this IP and port, it will return a True status and traffic is seen on the other end as reachable. However, if we try to connect to the host via the RealVNC app, it returs an error "The connection closed unexpectedly.". If I try to connect to the host from the Proxy Connector that we have set up, I can successfully connect via RealVNC.

I know that GSA is still not running UDP, so I disabled the UDP traffic on the RealVNC Viewer app, thus forcing the traffic via TCP only. So, I assume that UDP is not part of the whole equation, however I am not enitrely sure. Under the "Connection Diagnostics" of the GSA client, I can also see TCP traffic passing to the host. However, no traffic is seen on the other end and packets are being RST reset from my end.

Can somebody confirm if GSA is NOT expected to work with VNC because of some complications?

Microsoft Entra Private Access
Microsoft Entra Private Access
Microsoft Entra Private Access provides secure and deep identity-aware, Zero Trust network access to all private apps and resources.
47 questions
0 comments
Accepted answer
  1. Marilee Turscak-MSFT 35,366 Reputation points Microsoft Employee
    2023-10-06T23:18:36.9033333+00:00

    @Darin Mirchev ,

    Yes, Global Secure Access works with VNC viewer. That said, there was a recent bug reported that happens where the client initiates the connection, but the server is the one that sends the first payload. This happens in the VNC protocol and for some customers this week was triggering the "connection closed" error you mentioned.

    The bug was fixed this Wednesday though, so you should see a resolution.

    If you still face this issue though, please feel free to reach out to me at AzCommunity@microsoft.com ("Attn: Marilee Turscak") and include your subscription ID, and I will open a one-time support ticket to look into this.

    If the information helped you, please Accept the answer. This will help us as well as others in the community who may be researching similar information. Otherwise let me know if you have further questions.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. MojiTMJ 685 Reputation points
    2023-10-02T13:13:02.58+00:00

    Hello Darin,

    Thank you for reaching out in Microsoft Q&A.

    From your description, it seems like you've taken several troubleshooting steps, including disabling UDP traffic and confirming that TCP traffic is passing through the GSA client but getting reset on the other end.

    To address your question, GSA is primarily designed to secure and manage remote access to resources, and it should be compatible with various applications and protocols, including VNC. However, there could be specific configurations or issues causing the problem you're encountering.

    Here are some steps you can take to further diagnose and potentially resolve the issue:

    • Ensure that your GSA policies and rules are not blocking VNC traffic. Double-check the firewall rules and security policies within your GSA setup to make sure they are correctly configured to allow traffic on the necessary ports.
    • Verify that the RealVNC Server on the Linux host is configured correctly to accept incoming connections, and that it's listening on the expected port (5931 in your case). Also, check if any authentication or access control settings on the VNC server might be causing issues.
    • Examine logs and diagnostics on both the GSA server and the Linux host to see if there are any error messages or events that can provide more insight into the connection issue.
    • Ensure that there are no network-level issues, such as routing or NAT configurations, that might be affecting the connection between the RealVNC Viewer and the Linux host via GSA.
    • Make sure you are using the latest versions of RealVNC Viewer and GSA, as updates may include bug fixes and improvements.

    In summary, GSA should, in theory, work with VNC, but there may be configuration or compatibility issues causing your problem. Carefully reviewing your policies, server configurations, and logs, as well as seeking support from the respective vendors, should help you pinpoint and resolve the issue.

    Note: If you found this response helpful, please acknowledge it to help others facing similar challenges.

    Best of luck!