Purpose
This guide explains how to troubleshoot macOS Screen Sharing or Remote Management connection issues when connecting from one Mac to another using:
vnc://<TARGET_IP>
Code language: HTML, XML (xml)
Typical symptoms include:
Connection failed
Connection refused
Username/password popup appears but login fails
Screen Sharing opens but disconnects
1. Identify target details
Replace these placeholders with your own values:
<TARGET_IP> = IP address of the remote Mac
<REMOTE_USER> = username on the remote Mac
<REMOTE_HOSTNAME> = hostname of the remote Mac
<CLIENT_IP> = IP address of your local Mac
Code language: HTML, XML (xml)
Example format:
Remote Mac IP: <TARGET_IP>
Remote user: <REMOTE_USER>
Code language: HTML, XML (xml)
2. Check network reachability
From the client Mac:
ping -c 4 <TARGET_IP>
Code language: HTML, XML (xml)
Expected result:
0.0% packet loss
Code language: CSS (css)
If ping fails, check:
Remote Mac is powered on
Remote Mac is not sleeping
Both Macs are on reachable networks
VPN/routing is correct
IP address has not changed
Firewall is not blocking ICMP
3. Check Screen Sharing port
macOS Screen Sharing / VNC uses TCP port 5900.
From the client Mac:
nc -vz <TARGET_IP> 5900
Code language: HTML, XML (xml)
Result interpretation
| Result | Meaning |
|---|---|
succeeded | Screen Sharing / Remote Management is listening |
Connection refused | Remote Mac is reachable, but Screen Sharing is not enabled/listening |
timed out | Firewall, routing, VPN, or network ACL may be blocking traffic |
If port 5900 is refused, continue with the next steps.
4. Check SSH access
If SSH is enabled:
ssh <REMOTE_USER>@<TARGET_IP>
Code language: HTML, XML (xml)
If SSH works, you can troubleshoot the remote Mac without physical access.
If SSH does not work, enable Remote Login locally on the remote Mac:
System Settings โ General โ Sharing โ Remote Login
5. Enable Remote Management from terminal
On the remote Mac over SSH:
REMOTE_USER="<REMOTE_USER>"
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-activate \
-configure \
-access -on \
-users "$REMOTE_USER" \
-privs -all \
-restart -agent \
-menu
Code language: JavaScript (javascript)
Expected output may include:
Activated Remote Management.
Set user remote control privileges.
Set user remote access.
Done.
6. Confirm port 5900 is listening
On the remote Mac:
sudo lsof -nP -iTCP:5900 -sTCP:LISTEN
Code language: CSS (css)
Expected output may show launchd, screensharingd, or ARDAgent.
Example:
COMMAND PID USER NAME
launchd 1 root TCP *:5900 (LISTEN)
Code language: CSS (css)
This is normal on macOS because launchd can listen first and start the actual service when a connection arrives.
7. Connect from client Mac
From the client Mac:
open "vnc://<TARGET_IP>"
Code language: HTML, XML (xml)
Or force the username:
open "vnc://<REMOTE_USER>@<TARGET_IP>"
Code language: HTML, XML (xml)
When prompted, use:
Username: <REMOTE_USER>
Password: remote Mac user password
Code language: HTTP (http)
Important: this is the password for the remote Mac user, not the local Mac user.
8. Verify user permissions
On the remote Mac:
whoami
groups
Check whether the user is an admin:
groups <REMOTE_USER>
Code language: HTML, XML (xml)
The user should ideally be in:
admin
com.apple.access_screensharing
Code language: CSS (css)
Check Screen Sharing group membership:
sudo dscl . -read /Groups/com.apple.access_screensharing GroupMembership
Add the user if needed:
sudo dseditgroup -o edit -a <REMOTE_USER> -t user com.apple.access_screensharing
Code language: CSS (css)
Restart the agent:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent
9. Check if the user account is valid for GUI access
On the remote Mac:
dscl . -read /Users/<REMOTE_USER> UserShell NFSHomeDirectory IsHidden AuthenticationAuthority
Code language: HTML, XML (xml)
Healthy examples:
UserShell: /bin/zsh
NFSHomeDirectory: /Users/<REMOTE_USER>
Code language: JavaScript (javascript)
If IsHidden returns:
No such key: IsHidden
That is usually fine. It means the account is not explicitly hidden.
10. Watch Screen Sharing logs
On the remote Mac, run:
sudo log stream --style compact --info --predicate 'process CONTAINS[c] "screensharing" OR process CONTAINS[c] "ARDAgent" OR process == "loginwindow" OR eventMessage CONTAINS[c] "VNC" OR eventMessage CONTAINS[c] "authenticate"'
Code language: JavaScript (javascript)
Then try connecting again from the client Mac.
Look for messages like:
Authentication: FAILED
bad authentication occurred
valid admin
screenCaptureFlag 0
kTCCServiceScreenCapture
These help identify whether the issue is:
wrong credentials
missing user permission
privacy/TCC issue
MDM restriction
ScreenCapture permission issue
Remote Management policy issue
11. Test legacy VNC password
This is useful only as a temporary diagnostic test.
On the remote Mac:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-configure \
-clientopts \
-setvnclegacy -vnclegacy yes \
-setvncpw -vncpw Temp1234
Then from the client Mac:
open "vnc://<TARGET_IP>"
Code language: HTML, XML (xml)
Try:
Username: leave blank if possible
Password: Temp1234
Code language: HTTP (http)
If username is required:
Username: <REMOTE_USER>
Password: Temp1234
Code language: HTTP (http)
Result interpretation
| Result | Meaning |
|---|---|
| Legacy VNC works | Account-based Screen Sharing auth may be broken |
| Legacy VNC also fails | Likely MDM/TCC/ScreenCapture/Remote Management policy issue |
Disable legacy VNC after testing:
sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-configure \
-clientopts \
-setvnclegacy -vnclegacy no
Do not leave legacy VNC enabled.
12. Check MDM enrollment
On the remote Mac:
sudo profiles status -type enrollment
Possible output:
Enrolled via DEP: Yes
MDM enrollment: Yes
If the Mac is MDM-managed, local kickstart commands may not be enough. MDM profiles can control Screen Sharing, Remote Management, privacy permissions, firewall, login window behavior, and PPPC/TCC permissions.
13. List installed configuration profiles
sudo profiles list -type configuration
Code language: PHP (php)
Look for profiles related to:
PPPC
Privacy
Restrictions
Login Window
Firewall
Remote Management
Security
MDM
14. Inspect privacy / PPPC / TCC profiles
Dump profile details:
sudo system_profiler SPConfigurationProfileDataType > /tmp/profile-details.txt
Code language: JavaScript (javascript)
Search for remote access and screen permissions:
grep -iE "Remote Desktop|RemoteManagement|Remote Management|ARD|ARDAgent|ScreenCapture|Screen Capture|Screen Recording|screensharing|ScreensharingAgent|AppleVNC|ListenEvent|PostEvent|Accessibility|Deny|Allow|Authorization" /tmp/profile-details.txt -C 12
Code language: JavaScript (javascript)
You want to know whether the MDM profile allows or denies:
ScreenCapture
ListenEvent
PostEvent
Accessibility
ARDAgent
ScreensharingAgent
AppleVNCServer
Remote Management
Apple Remote Desktop
15. Check local TCC database
On the remote Mac:
sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" \
'.headers on' \
'.mode column' \
'select service, client, client_type, auth_value, auth_reason, flags, datetime(last_modified,"unixepoch","localtime") as modified
from access
where service like "%Screen%"
or service like "%Listen%"
or service like "%Post%"
or service like "%Accessibility%"
order by service, client;'
Code language: PHP (php)
Important services:
| Service | Meaning |
|---|---|
kTCCServiceScreenCapture | Screen capture / screen recording |
kTCCServiceListenEvent | Observe input events |
kTCCServicePostEvent | Control keyboard/mouse |
kTCCServiceAccessibility | Accessibility control |
16. Check MDM TCC overrides
sudo ls -l "/Library/Application Support/com.apple.TCC/"
Code language: JavaScript (javascript)
Then:
sudo plutil -p "/Library/Application Support/com.apple.TCC/MDMOverrides.plist" 2>/dev/null | \
grep -iE "ScreenCapture|Screen|ListenEvent|PostEvent|Accessibility|ARDAgent|screensharing|Remote|AppleVNC|Deny|Allow" -C 8
Code language: JavaScript (javascript)
If MDM overrides exist and do not allow Apple Remote Desktop / Screen Sharing components, IT may need to update the MDM policy.
17. Check Login Window profile
If a Login Window profile is installed:
sudo profiles show -type configuration > /tmp/all-profiles.txt 2>&1
grep -iE "loginwindow|Autologin|allowed|denied|authorized|users|groups|Disable|Deny|Allow" /tmp/all-profiles.txt -C 10
Code language: JavaScript (javascript)
Login Window profiles may affect:
autologin
allowed users
login display behavior
remote login/session behavior
18. Check firewall profile
sudo profiles show -type configuration > /tmp/all-profiles.txt 2>&1
grep -iE "firewall|stealth|block|allow|screen|remote|5900|sharing|ARD|VNC" /tmp/all-profiles.txt -C 10
Code language: JavaScript (javascript)
Also check listening port again:
sudo lsof -nP -iTCP:5900 -sTCP:LISTEN
Code language: CSS (css)
If 5900 is listening and the connection reaches the login popup, firewall is less likely to be the main issue.
19. Common root causes
| Symptom | Likely cause |
|---|---|
| Ping fails | Network, VPN, sleep, wrong IP |
| Ping works, 5900 refused | Screen Sharing/Remote Management disabled |
| 5900 works, login popup appears, password fails | User permission, auth, MDM, or privacy issue |
| User is admin and allowed, but login still fails | MDM/PPPC/TCC policy likely |
| Legacy VNC also fails | Strong sign of MDM/ScreenCapture/Remote Desktop policy issue |
| Screen connects but black screen | ScreenCapture / display / headless Mac issue |
| Can view but not control | PostEvent / Accessibility / Remote Management control permission issue |
20. Full diagnostic collection script
Run this on the remote Mac:
echo "=== Host Info ==="
hostname
scutil --get ComputerName
scutil --get LocalHostName
sw_vers
date
echo
echo "=== Listening Ports ==="
sudo lsof -nP -iTCP:5900 -sTCP:LISTEN
sudo lsof -nP -iTCP:22 -sTCP:LISTEN
echo
echo "=== User Info ==="
whoami
id <REMOTE_USER>
groups <REMOTE_USER>
echo
echo "=== Screen Sharing Group ==="
sudo dscl . -read /Groups/com.apple.access_screensharing GroupMembership
echo
echo "=== User Record ==="
dscl . -read /Users/<REMOTE_USER> UserShell NFSHomeDirectory IsHidden AuthenticationAuthority 2>&1
echo
echo "=== ARD / Screen Sharing Processes ==="
ps aux | egrep "screensharingd|ARDAgent|ScreensharingAgent" | grep -v grep
echo
echo "=== MDM Enrollment ==="
sudo profiles status -type enrollment
echo
echo "=== Configuration Profiles ==="
sudo profiles list -type configuration
echo
echo "=== Profile Details Search ==="
sudo system_profiler SPConfigurationProfileDataType > /tmp/profile-details.txt
grep -iE "Remote Desktop|RemoteManagement|Remote Management|ARD|ARDAgent|ScreenCapture|Screen Capture|Screen Recording|screensharing|ScreensharingAgent|AppleVNC|ListenEvent|PostEvent|Accessibility|Deny|Allow|Authorization" /tmp/profile-details.txt -C 12
echo
echo "=== TCC Database ==="
sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" \
'.headers on' \
'.mode column' \
'select service, client, client_type, auth_value, auth_reason, flags, datetime(last_modified,"unixepoch","localtime") as modified
from access
where service like "%Screen%"
or service like "%Listen%"
or service like "%Post%"
or service like "%Accessibility%"
order by service, client;'
echo
echo "=== MDM Overrides ==="
sudo plutil -p "/Library/Application Support/com.apple.TCC/MDMOverrides.plist" 2>/dev/null | \
grep -iE "ScreenCapture|Screen|ListenEvent|PostEvent|Accessibility|ARDAgent|screensharing|Remote|AppleVNC|Deny|Allow" -C 8
Code language: PHP (php)
21. Escalation message for IT
Hi IT,
I am trying to connect to a managed Mac using macOS Screen Sharing / Remote Management.
I verified the following:
Network:
- ping works
- SSH works
- port 5900 is listening
- Screen Sharing reaches the remote Mac and shows the login popup
User/permission:
- the remote user is valid
- the remote user is an admin
- the remote user is in com.apple.access_screensharing
- Remote Management was enabled using kickstart
- ARDAgent was restarted
Failure:
- Screen Sharing login still fails
- temporary legacy VNC password auth was also tested and failed
- logs show Screen Sharing authentication failure
MDM:
- the Mac is DEP/MDM enrolled
- configuration profiles include PPPC/privacy, restrictions, login window, and firewall policies
- I do not see a clear PPPC/TCC allow entry for Apple Remote Desktop / ARDAgent / ScreensharingAgent / AppleVNCServer
Can you please check MDM policy for this Mac and confirm:
1. Apple Remote Desktop / Remote Management is enabled via MDM, not only local kickstart
2. Observe + Control permissions are enabled
3. PPPC/TCC allows ScreenCapture, ListenEvent, PostEvent, and Accessibility for Apple Remote Desktop / ARDAgent / ScreensharingAgent / AppleVNCServer
4. No restriction, login window, or firewall profile is blocking Screen Sharing
Code language: JavaScript (javascript)
22. Final takeaway
When macOS Screen Sharing fails, troubleshoot in this order:
Network โ Port 5900 โ SSH โ Remote Management โ User permissions โ Logs โ Legacy VNC test โ MDM/PPPC/TCC policy
If all local checks pass but both normal Screen Sharing and legacy VNC fail, the issue is usually outside the local user account and should be handled by the MDM/IT team.
Iโm a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
Find Trusted Cardiac Hospitals
Compare heart hospitals by city and services โ all in one place.
Explore Hospitals