MSRC4 Plugin - FAQ




Q: Which plugin should I use?
Q: Where did my key go?
Q: Can I run the Viewer and the Plugin from a Flash Drive?
Q: Second connection to the Server fails with "Connection failed - Invalid protocol!"
Q: How can I verify that encryption is really working?"
Q: Why do I have to select the plugin every time, isn't there an easier way?"








Q: Which plugin should I use?

Choice is good, except when you don't have enough information to make an informed decision. So, there are two plugins that use exactly the same security measures, which should you use?

A:   No easy answer...but here are some things to think about:

BOTH plugins use the same codebase. The only difference is how they find their key files.

The plugins can connect to each other, they are completely compatible.

Unless noted in the Release Notes, different versions are interchangable.

The "NoReg version was developed with SC in mind... (Just remember to rename the plugin msrc4plugin.dsm so SC will use it.)

The "NoReg" version doesn't modify the host PC in any way. It is extremely useful in low-permission situations like running from a flash-drive on a Kiosk PC logged-in as Guest.

The "NoReg" version is better for scripting situations since you can set an environment variable to point to the key file.

The Registry version is more flexible, especially in "permanent" install situations, since the viewer and server can be pointed to different key files independantly and simultaneously.

The Registry version is easier to "debug" since you know where it is going to look for (and find) the key file.

You'll have to decide for yourself!


Q: Where did my key go?

So, you clicked on "Generate Key" and now you have no idea where the key file is. What do you do?

A:   First, I highly recommend you use the viewer to generate the key file. There are fewer places that the viewer will dump the key, therefore fewer places to look.

Second, which plugin did you use?

If you used the Registry version, open the configuration dialog. In the "Generate New Key file section is a text box where the full path and filename are specified. THAT is where your key is. Please notice that by default the new key file is named NEW_RC4.KEY but the plugin will be looking for RC4.KEY. You will need to rename it.

If you used the NoReg version things are a little more complicated. This is because there is no place to store a full name and path for the new key file. The key file will be named NEW_RC4.KEY. The file will end up in the directory that VNC thinks is the "current working directory."

Where is the current working directory? That depends. How did you start the viewer?

Did you click on a shortcut? Right-click on the shortcut icon, then select Properties. One of the text fields on the window is called "Start In:". This is the current working directory. Is it blank? The key is probably on your desktop. Do yourself a favor. Paste this ext in there, including the quotes:

"C:\Program Files\UltraVNC\"

Now when you start the viewer, the current working directory will be someplace specific.

Did you select the viewer from a menu item? Good chance that the working directory was the same directory that the vncviewer.exe was in.

Did you browse to the folder and double-click on the vncviewer.exe directly? Great. The current working directory is that folder!

Are you still stuck? Really? Well, follow the instructions here to create a command script and then run it. This will do two things for you: 1. Set the working directory to something specific. 2. Generate a log file you can send to me if you STILL can't find the key file.

DON'T FORGET TO RENAME THE FILE FROM NEW_RC4.KEY TO RC4.KEY!


Q: Can I run the Viewer and the Plugin from a Flash Drive?

So, you want to go to the library, or a friend's house, or the airport, and still access your home PC, eh?

A:  

The "NoReg" plugin is perfect for this situation.

To setup the flash drive, create a directory on the flash drive where you will put your VNC files. You need to copy the folowing files into the directory:

That's it!

Now, when you get where you are going, insert your flash drive, bring up Explorer, browse to your flash drive, locate the vncviewer.exe and double-click on it. Since one of the first places the "NoReg" plugin looks for the rc4.key is the "current directory" it will find the key on your flash drive. Viola! Secure VNC connection anywhere you go.




Q: Second connection to the Server fails with "Connection failed - Invalid protocol!"

You downloaded the plugin, set it up, connected, and everything worked great! Now you tried to connect again AND IT FAILED! What's the deal???

A:  

This is an easy one. You didn't follow the instructions!!!

Since you didn't follow the instructions, now you get a history lesson. Starting with plugin version 1.1.2 a bug in the plugin was fixed that required the plugin to be reset after each connection. Before this change the plugin wasn't using the Crypto API quite right. Version 1.1.2 fixed this. This change required a change in the UltraVNC Server. The Server has to reset the plugin after each connection. This change was introduced in UltraVNC RC19-5. Any version of UltraVNC RC19-5 or greater will work with the plugin version 1.1.2 or greater.

Short Answer: You need to use UltraVNC RC19-5 or later and you won't have this problem!!!




Q: How can I verify that encryption is really working?"

You downloaded the plugin, set it up, connected, and everything worked great! How can you prove to your boss that this stuff works?

A:  

This is an age-old problem. I don't have any fool-proof way to prove you are using encryption, but here are a few hints:

1. If the plugin is working, you CAN'T connect without the plugin. You get a protocol error.

2. The VNC window should say something like UltraVNC + MS RC4 Plugin-vX.X.X.X

3. If you click on the Show Status Window button, you should see the plugin mentioned there too.

4. You could always put a sniffer (Ethereal is a good one) on the line and watch the initial exchange between the viewer and server. The first 2 messages are easy to recognize when the connection is NOT encrypted. (The viewer and server exchange RFB version information. You'll see something like "RFB 003.006") With encryption on, you won't see anything recognizable.

If you can think of a better way drop me an Email and I'll add it to the FAQ.




Q: Why do I have to select the plugin every time, isn't there an easier way?"

I only use the plugin for one connection so I don't want to make it the "default" but I"m tired of clicking to select it when I do need it. What's a guy to do?

A:  

My first solution was going to be use the "Save connection settings as Default" (or whatever its called these days...) option thoughtfully provied by UltraVNC. But you don't want that...

Another option is to setup a shortcut with the options you want. Then all you have to do it click on the shortcut and the connection is established using the plugin. Here's how:

First create a shortcut to the vncviewer.exe. You know how to do that, right? Next we're going to edit the properties of the shortcut. Right-click on the shortcut, then select "Properties." There are 2 fields in here that need to be modified. "Target" and "Start In."

Target: This should already be something like "c:\program files\ultravnc\vncviewer.exe" complete with the double-quotes. AFTER the quotes, add something like this: /dsmplugin MSRC4Plugin.dsm -connect MyServer.com The complete target should look like this:

"c:\program files\ultravnc\vncviewer.exe" /dsmplugin MSRC4Plugin.dsm -connect MyServer.com

Start In: Make use this is set to the path where the vncviewer and plugin are located. It should look like this:

"c:\program files\ultravnc\"

That's all. If you did it right you should be able to click on the shortcut and it will connect and ask for your password. Nice and simple.