Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Trying to do Screen Sharing with another user over the internet. We can chat, etc but when I "ask to share remote screen" the other person gets a "can't connect due to an unknown connection error." On my end I get a "refused to share screen " msg. Screen Sharing IS enable on both machines.
With a vague error msg like that how do I even begin to troubleshoot????
Suggestions?
Hi,
iChat Screen Sharing uses and Audio Chat (port 16402) and a VNC connection together.
The VNC part is on a random port.
This can be an issue for allowing this function of IChat through a router.
Using UPnP in most routers or Port Mapping Protocol in an Apple Base Station will tend to solve this.
Although at one level iChat deals with this as if it were an Audio Only chat the Auto-Accept feature (Actually an AppleScript) checks that it is not a Screen Share as well and will not accept it.
10:02 PM Friday; February 10, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously
1.) If I bypassed the rounter would that help? ie: Connect my iMac directly to Cable modem via Ethernet? This is my home network... I can do without the wireless while I'm trying this.
2.) I don't understand how to setup Port Mapping. My Airport Util asks for a "Public Port Number." "Private IP Address", and "Private Port Number". Where do I get these?
3.) What about the Mac on the other end? Any special router issues there?
MOST IMPORTANTLY.. THANKS FOR REPLYING TO MY ORIGINAL QUESTION! I Appreciate It!
Hi,
Most cable Modems do not route so it can be useful to try just the computer and the modem.
The Port Mapping Protocol just needs to be enabled. It does not need any other fancy set up
There may be a delay due to Sleep and Time Zone stuff before more replies.
10:33 PM Friday; February 10, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously
OK... Under "NAT" I have a checkbox and form like this:
[ ] Enable default host at: ___________
then beneath that is "Enable NAT Port Mapping Protocaol"
"Enable NAT PMP" is already checked (Enabled) but the top linie, "Enablel default hose," is not checked.
Hi,
You do not need the Default Host Enabled just the Port Mapping Protocol.
Having said that it is not the only thing that can get in the way of iChat.
Is there any chance the Modem also Routes ? (it would be unusual for Cable modem).
1:24 PM Saturday; February 11, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously
I've just experienced the same issue.
I'm trying to get the screen sharing working for a conference call. We all managed to connect on video chat however neither of us can share screens - we all get the same message Greg got.
We're UK based.
Ralph - When you say using UPnP solves this can you explain this?
Hi,
Also in the UK. (Not that it important in this)
OK. (The Ports and then how to open them)
The Internet conections you have are made up of what are called ports.
There 65535 of them.
Most routing devicdes have the first 1024 ports open by default.
Web Browsing on port 80 and secure logins like Banks and Apple Discussions use port 443
Mail servers use a whole host of port and depending on how many accounts you have your Mail app maybe using up to 20 ports (25 for out going STMP stuff, 110, 567, 568, 995 and 996 are common and 443 again is not unusual) Google for instance uses port 993 for their IMAP server 995 for their POP server and 25 for STMP with 465 and 587 as backups)
If you are running a web site and using an FTP app to upload the stuff it is likely this is using port 20 and 21 to start with.
So all these are using ports below 1024 and will therefore work with the router Out-of-the-Box.
Games and IM apps in particular use port above 1024
Apple have several Docs about the ports iChat uses.
http://support.apple.com/kb/HT1507 lists those used by iChat 3 (Bonjour, Jabber, AIM and A/V stuff is listed)
Video was over 4 ports at this time and the SIP Invite/Connection Process started on port 5060
| Bonjour | Jabber | AIM | iChat AV | |
| TCP | 5298 | 5220, 5222, 5223 | 5190 | |
| UDP | 5297, 5298, 5353 | None | 5190 | 5060, 5678, 16384-16403 |
| ALL | 5060, 5190. 5220, 5222, 5223, 5297, 5298, 5353, 5768, 16384-16403 | |||
At iChat 4 Apple changed the SIP Invite/Connection Process to be one of the Ports that the Video or Audio chats would use and changes in the Processing of Video allowed one port for In and Out, Audio and Video to be used.
These changes are noted here http://support.apple.com/kb/HT2282 (This does not list the Bonjour Ports or those for Jabber (Google and Facebook inlcuded).
It give you these ports.
| iChat 4 and 5 Ports for iChat |
||
| Service | TCP Ports | UDP Ports |
| iChat over AIM | 5190 | 5190 |
| Bonjour | 5298 | 5297, 5298, 5353 |
| Jabber | 5220, 5222, 5223 | No ports |
| A/V Ports | No ports | 5678, 16393-16402 |
Note this is the iChat 4 and 5 Range Port 5060 has gone and the "group of 20" is now only 10 ports.
Also missing is anything about Screen Sharing
Testing iChat connections with Little Snitch show that the Screen Share is a random undocumented port (it is in fact a VNC connection like Apple Remote Desktop or the Screen Sharing app invoked from the Finder's Go Menu > Go to Server [it is actually based on the ARD engine])
Routers and Methods to open ports
Almost all routers can do Port Forwarding.
You list a Port and an IP for it to go to on the LAN (repeat for as many ports as the app uses)
You end up with a table like this
This pic would aopen the ports to the IP 192.168.1.100 on the LAN
This is only one compter and no other computer or device could use those ports.
You cannot not Forward a Port to two IPs. (Some devices have issues with port 5190 for Login on TCP and File sharing on UDP being "forwarded" twice - one reason for moving the AIM login in earlier versions)
DMZ (Demilitaried Zone) is like and Extreme form of Port Forwarding.
Although it is an Enable/Disable settiing it open all 65535 ports to one IP.
Some devices use Port Triggering (Sometimes called Special Applications)
This sets "Listening" ports that in turn open other when something is "heard".
For iChat this needs to be done for the SIP invite and Audio Video Ports in particular.
Example of that same Linksys You will notice that the Visible Invite (port 5678) triggers the SIP port for iChat 3 (5060) and that in a separate line triggers the Video/Audio ports (16384-16403) (This device needed this round robin method, others can list combined single ports and groups (5060, 16384-16403) together)
Neither Port Forwarding or Port Triggering allow for the random ports used by iChat 4, 5 and 6 for Screen Sharing.
DMZ is too insecure in that all the ports are open to one device plus it can also restrict what can be done on other computers.
Add to that the fact on some devices the table can only contain so many entries. (Some makes and models only have 12 places in their tables where as iChat 3 uses 30 ports)
UPnP (Universal Plug and Play)
This allows the apps on the computer to control the ports the router has open and how long they stay open.
This is somewhat like the Mac Firewall in Leopard and above except you don't have to list the apps allowed.
On the Mac if the Firewall is ON and a App is Allowed then it gets "Certified" that it is allowed though the firewall. The app tells the firewall part of the OS which ports it will be using. (Hence you can change the Login ports for Buddy Lists).
UPnP works similarly in that apps can use UPnP to talk to the router.
This way ALL the ports a app uses can be allowed with a simple Enable/Disable setting.
Apple Base Stations have something that is similar called Port Mapping Protocol
This is found in the NAT tab (Internet icon) and need to simply Enabled - no ports need to be set.
UPnP also works for Multiple computers and devices.
Being that FaceTime uses similar ports to iChat and is on Phones and Touches as well as computers you tend to need UPnP.
It also appears that Port Forwarding (DMZ) and Port Triggering use NAT on the router to achieve their function.
It appears that this is less so with UPnP to the extent that in some cases using UPnP will enable Video Chats (or Audio) which Port Forwarding does not on some routers.
Summary.
Routers have some ports open by default although not all by a long way.
iChat uses ports above this threshold port.
This means opening the ports in the router that iChat uses.
There are different methods of Opening the ports
Of those only UPnP is secure enough to use every day (Or Port Mapping Protocol in an Apple Base Station)
I hope this helps
8:33 PM Monday; February 13, 2012
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
G4/1GhzDual MDD (Leopard 10.5.8)
MacBookPro 2Gb (Snow Leopard 10.6.8)
Mac OS X (10.6.8),
"Limit the Logs to the Bits above Binary Images." No, Seriously
Chat works, Screen sharing returns "unknown connection error"
