NoMachine NX for OS X Successfully Authenticates But Won’t Load Sessions

I recently discovered NoMachine’s NX while looking for an easy way to encrypt VNC. NX, if you aren’t familiar with it, is generally a PITA to setup, but well worth the pain (on Linux anyway). All traffic goes over SSH and while the performance isn’t as great as Windows’ RDP, it’s faster and more secure than VNC. NoMachine’s NX client works on Windows, OS X and Linux and even works well on roaming profiles.

Installing NX Server on OS X is challenging. Well, installing it is easy, getting it to work is another story.

First, starting with Mountain Lion, Apple no longer ships OS X with X11 already installed so XQuartz must be downloaded and installed manually. Initially, I installed XQuartz X11 2.7.4 and NX for OSX 4.0.181-7.

After adding the nx user to my allowed list of SSH logins, connecting was easy using the account I use to login to my MacBook Pro everyday. When prompted for Desktop type, I selected Shadow.

Once I connected, my session would appear for a split second then disappear. If you’re quick, sometimes you can catch the session before it disappears then click Attach.

Oops! Missed it :(

Got it!

Now, initially when I’d attach, it would hang at “Requesting users authorization” but no window would pop up to request the authorization. I checked to ensure that PhysicalDesktopAuthorization 0 was set in server.cfg and sure enough it was. I thought, then, that maybe there was an issue with xauth. I spent about a day troubleshooting that, and eventually tried a different version of XQuartz. I uninstalled everything across the board. Then reinstalled everything across the board and still no dice. Messing with shadowing in the configs proved fruitless and decided to pour over NX’s documentation one last time. This time, I saw that it should have installed the nxnode –mirror service, but no such service was running.

I created /Library/LaunchDaemons/com.nomachine.node.plist and pasted the following into it, ensuring that Username was set to my regular user account (otherwise, my session never showed)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">
<plist version="1.0">

I ran launchctl load -w /Library/LaunchDaemons/com.nomachine.node.plist and voila! My screen appeared. It was ugly and smudgy, though, no matter how well I optimized my client settings. Look:

Also, it often freezes about 10 seconds after. Seeing that the screen quality wasn’t worth it anyway, I decided to go with VNC over SSL until NoMachine NX is out of beta for OS X. Ultimately, I really wanted remote access to manage my virtual Windows farm, so I finally got around to installing and configuring Remote Desktop Gateway. If you’re a Windows admin who wants secure Remote Desktop access, you should try Remote Desktop Gateway which does RDP over SSL RPC. It was easy-ish to setup and the quality is just as you’d expect from RDP. Slick!

Chrissy is a PowerShell MVP who has worked in IT for nearly 20 years, and currently serves as a Sr. Database Engineer in Belgium. Always an avid scripter, she attended the Monad session at Microsoft’s Professional Developers Conference in Los Angeles back in 2005 and has worked and played with PowerShell ever since. Chrissy is currently pursuing an MS in Systems Engineering at Regis University and helps maintain in her spare time. She holds a number of certifications, including those relating to SQL Server, SuSE Linux, SharePoint and network security. She recently became co-lead of the SQL PASS PowerShell Virtual Chapter. You can follow her on Twitter at @cl.

Posted in OS X & iPhone, Security

Leave a Reply

Your email address will not be published. Required fields are marked *