UltraVNC and DirectAccess

I’ve finally got UltraVNC working properly with a computer connected through DirectAccess. Here’s how a very brief description of how its working.

First I deploy UltraVNC through a group policy shutdown script.


This script uninstalls previous versions, installs the latest version, copies the ultravnc.ini for standard settings, an ACL file for Active Directory group integration, and then overwrites winvnc.exe with the IPv6 version provided by the creator. Then it deletes the desktop icons and starts the service.

The important part is that IPv6 executable, because otherwise the traffic will not pass through to the DirectAccess client.

The other key note is that to make a connection, it needs to be a Reverse VNC connection; initiated from the server (user) side.

First, the Technician needs to start a VNCViewer listening session. The easiest way is to create a shortcut with this command target:

"c:\program files\uvnc bvba\UltraVNC\vncviewer.exe" -listen -dsmplugin SecureVNCPlugin64.dsm

This will place an icon in your task tray, and prepare your computer for receiving the request.

We deploy a shortcut to all workstations in the Start Menu that runs this command:

"c:\program files\uvnc bvba\UltraVNC\winvnc.exe" -connect

When clicking on the shortcut, the user will be presented with a window, which they can enter the Technician’s workstation name to connect.

In this method, there is no authentication needed because it was initiated by the server.


2 thoughts to “UltraVNC and DirectAccess”

  1. Hi Jeff,

    Great tutorial by the way and really thank you. I am a fan of directaccess and ultraVNC.

    I tried setting this up but it seems that port 5500 on the direct access client machine wont pass when connected to directaccess outside of network. It just time out with a message “Failed to connect to listening VNC Server”. However, when inside the network I am able to remotely controlled the client machine on my Technician workstation without error. All other services via directaccess works (SMB-445, group policy, authentication..etc). Any idea what I am missing here? Thanks.

    1. Hi Erik, thanks for the comment. I’m no longer in an environment with either UltraVNC or DirectAccess, so my recollection of this operation is a little rusty.

      I’d start with ensuring that your port 5500 works outbound from the DirectAccess client machine using Test-NetConnection PowerShell cmdlet; if not, then basic network connectivity on that port isn’t functioning and may need to be allowed somewhere.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.