Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

โ€œInvest in yourself โ€” your confidence is always worth it.โ€

Explore Cosmetic Hospitals

Start your journey today โ€” compare options in one place.

macOS Screen Sharing / Remote Management Troubleshooting Guide

Purpose

This guide explains how to troubleshoot macOS Screen Sharing or Remote Management connection issues when connecting from one Mac to another using:

vnc://<TARGET_IP>
Code language: HTML, XML (xml)

Typical symptoms include:

Connection failed
Connection refused
Username/password popup appears but login fails
Screen Sharing opens but disconnects

1. Identify target details

Replace these placeholders with your own values:

<TARGET_IP>        = IP address of the remote Mac
<REMOTE_USER>      = username on the remote Mac
<REMOTE_HOSTNAME>  = hostname of the remote Mac
<CLIENT_IP>        = IP address of your local Mac
Code language: HTML, XML (xml)

Example format:

Remote Mac IP: <TARGET_IP>
Remote user: <REMOTE_USER>
Code language: HTML, XML (xml)

2. Check network reachability

From the client Mac:

ping -c 4 <TARGET_IP>
Code language: HTML, XML (xml)

Expected result:

0.0% packet loss
Code language: CSS (css)

If ping fails, check:

Remote Mac is powered on
Remote Mac is not sleeping
Both Macs are on reachable networks
VPN/routing is correct
IP address has not changed
Firewall is not blocking ICMP

3. Check Screen Sharing port

macOS Screen Sharing / VNC uses TCP port 5900.

From the client Mac:

nc -vz <TARGET_IP> 5900
Code language: HTML, XML (xml)

Result interpretation

ResultMeaning
succeededScreen Sharing / Remote Management is listening
Connection refusedRemote Mac is reachable, but Screen Sharing is not enabled/listening
timed outFirewall, routing, VPN, or network ACL may be blocking traffic

If port 5900 is refused, continue with the next steps.


4. Check SSH access

If SSH is enabled:

ssh <REMOTE_USER>@<TARGET_IP>
Code language: HTML, XML (xml)

If SSH works, you can troubleshoot the remote Mac without physical access.

If SSH does not work, enable Remote Login locally on the remote Mac:

System Settings โ†’ General โ†’ Sharing โ†’ Remote Login

5. Enable Remote Management from terminal

On the remote Mac over SSH:

REMOTE_USER="<REMOTE_USER>"

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-activate \
-configure \
-access -on \
-users "$REMOTE_USER" \
-privs -all \
-restart -agent \
-menu
Code language: JavaScript (javascript)

Expected output may include:

Activated Remote Management.
Set user remote control privileges.
Set user remote access.
Done.

6. Confirm port 5900 is listening

On the remote Mac:

sudo lsof -nP -iTCP:5900 -sTCP:LISTEN
Code language: CSS (css)

Expected output may show launchd, screensharingd, or ARDAgent.

Example:

COMMAND   PID   USER   NAME
launchd   1     root   TCP *:5900 (LISTEN)
Code language: CSS (css)

This is normal on macOS because launchd can listen first and start the actual service when a connection arrives.


7. Connect from client Mac

From the client Mac:

open "vnc://<TARGET_IP>"
Code language: HTML, XML (xml)

Or force the username:

open "vnc://<REMOTE_USER>@<TARGET_IP>"
Code language: HTML, XML (xml)

When prompted, use:

Username: <REMOTE_USER>
Password: remote Mac user password
Code language: HTTP (http)

Important: this is the password for the remote Mac user, not the local Mac user.


8. Verify user permissions

On the remote Mac:

whoami
groups

Check whether the user is an admin:

groups <REMOTE_USER>
Code language: HTML, XML (xml)

The user should ideally be in:

admin
com.apple.access_screensharing
Code language: CSS (css)

Check Screen Sharing group membership:

sudo dscl . -read /Groups/com.apple.access_screensharing GroupMembership

Add the user if needed:

sudo dseditgroup -o edit -a <REMOTE_USER> -t user com.apple.access_screensharing
Code language: CSS (css)

Restart the agent:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -restart -agent

9. Check if the user account is valid for GUI access

On the remote Mac:

dscl . -read /Users/<REMOTE_USER> UserShell NFSHomeDirectory IsHidden AuthenticationAuthority
Code language: HTML, XML (xml)

Healthy examples:

UserShell: /bin/zsh
NFSHomeDirectory: /Users/<REMOTE_USER>
Code language: JavaScript (javascript)

If IsHidden returns:

No such key: IsHidden

That is usually fine. It means the account is not explicitly hidden.


10. Watch Screen Sharing logs

On the remote Mac, run:

sudo log stream --style compact --info --predicate 'process CONTAINS[c] "screensharing" OR process CONTAINS[c] "ARDAgent" OR process == "loginwindow" OR eventMessage CONTAINS[c] "VNC" OR eventMessage CONTAINS[c] "authenticate"'
Code language: JavaScript (javascript)

Then try connecting again from the client Mac.

Look for messages like:

Authentication: FAILED
bad authentication occurred
valid admin
screenCaptureFlag 0
kTCCServiceScreenCapture

These help identify whether the issue is:

wrong credentials
missing user permission
privacy/TCC issue
MDM restriction
ScreenCapture permission issue
Remote Management policy issue

11. Test legacy VNC password

This is useful only as a temporary diagnostic test.

On the remote Mac:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-configure \
-clientopts \
-setvnclegacy -vnclegacy yes \
-setvncpw -vncpw Temp1234

Then from the client Mac:

open "vnc://<TARGET_IP>"
Code language: HTML, XML (xml)

Try:

Username: leave blank if possible
Password: Temp1234
Code language: HTTP (http)

If username is required:

Username: <REMOTE_USER>
Password: Temp1234
Code language: HTTP (http)

Result interpretation

ResultMeaning
Legacy VNC worksAccount-based Screen Sharing auth may be broken
Legacy VNC also failsLikely MDM/TCC/ScreenCapture/Remote Management policy issue

Disable legacy VNC after testing:

sudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart \
-configure \
-clientopts \
-setvnclegacy -vnclegacy no

Do not leave legacy VNC enabled.


12. Check MDM enrollment

On the remote Mac:

sudo profiles status -type enrollment

Possible output:

Enrolled via DEP: Yes
MDM enrollment: Yes

If the Mac is MDM-managed, local kickstart commands may not be enough. MDM profiles can control Screen Sharing, Remote Management, privacy permissions, firewall, login window behavior, and PPPC/TCC permissions.


13. List installed configuration profiles

sudo profiles list -type configuration
Code language: PHP (php)

Look for profiles related to:

PPPC
Privacy
Restrictions
Login Window
Firewall
Remote Management
Security
MDM

14. Inspect privacy / PPPC / TCC profiles

Dump profile details:

sudo system_profiler SPConfigurationProfileDataType > /tmp/profile-details.txt
Code language: JavaScript (javascript)

Search for remote access and screen permissions:

grep -iE "Remote Desktop|RemoteManagement|Remote Management|ARD|ARDAgent|ScreenCapture|Screen Capture|Screen Recording|screensharing|ScreensharingAgent|AppleVNC|ListenEvent|PostEvent|Accessibility|Deny|Allow|Authorization" /tmp/profile-details.txt -C 12
Code language: JavaScript (javascript)

You want to know whether the MDM profile allows or denies:

ScreenCapture
ListenEvent
PostEvent
Accessibility
ARDAgent
ScreensharingAgent
AppleVNCServer
Remote Management
Apple Remote Desktop

15. Check local TCC database

On the remote Mac:

sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" \
'.headers on' \
'.mode column' \
'select service, client, client_type, auth_value, auth_reason, flags, datetime(last_modified,"unixepoch","localtime") as modified
 from access
 where service like "%Screen%"
    or service like "%Listen%"
    or service like "%Post%"
    or service like "%Accessibility%"
 order by service, client;'
Code language: PHP (php)

Important services:

ServiceMeaning
kTCCServiceScreenCaptureScreen capture / screen recording
kTCCServiceListenEventObserve input events
kTCCServicePostEventControl keyboard/mouse
kTCCServiceAccessibilityAccessibility control

16. Check MDM TCC overrides

sudo ls -l "/Library/Application Support/com.apple.TCC/"
Code language: JavaScript (javascript)

Then:

sudo plutil -p "/Library/Application Support/com.apple.TCC/MDMOverrides.plist" 2>/dev/null | \
grep -iE "ScreenCapture|Screen|ListenEvent|PostEvent|Accessibility|ARDAgent|screensharing|Remote|AppleVNC|Deny|Allow" -C 8
Code language: JavaScript (javascript)

If MDM overrides exist and do not allow Apple Remote Desktop / Screen Sharing components, IT may need to update the MDM policy.


17. Check Login Window profile

If a Login Window profile is installed:

sudo profiles show -type configuration > /tmp/all-profiles.txt 2>&1

grep -iE "loginwindow|Autologin|allowed|denied|authorized|users|groups|Disable|Deny|Allow" /tmp/all-profiles.txt -C 10
Code language: JavaScript (javascript)

Login Window profiles may affect:

autologin
allowed users
login display behavior
remote login/session behavior

18. Check firewall profile

sudo profiles show -type configuration > /tmp/all-profiles.txt 2>&1

grep -iE "firewall|stealth|block|allow|screen|remote|5900|sharing|ARD|VNC" /tmp/all-profiles.txt -C 10
Code language: JavaScript (javascript)

Also check listening port again:

sudo lsof -nP -iTCP:5900 -sTCP:LISTEN
Code language: CSS (css)

If 5900 is listening and the connection reaches the login popup, firewall is less likely to be the main issue.


19. Common root causes

SymptomLikely cause
Ping failsNetwork, VPN, sleep, wrong IP
Ping works, 5900 refusedScreen Sharing/Remote Management disabled
5900 works, login popup appears, password failsUser permission, auth, MDM, or privacy issue
User is admin and allowed, but login still failsMDM/PPPC/TCC policy likely
Legacy VNC also failsStrong sign of MDM/ScreenCapture/Remote Desktop policy issue
Screen connects but black screenScreenCapture / display / headless Mac issue
Can view but not controlPostEvent / Accessibility / Remote Management control permission issue

20. Full diagnostic collection script

Run this on the remote Mac:

echo "=== Host Info ==="
hostname
scutil --get ComputerName
scutil --get LocalHostName
sw_vers
date

echo
echo "=== Listening Ports ==="
sudo lsof -nP -iTCP:5900 -sTCP:LISTEN
sudo lsof -nP -iTCP:22 -sTCP:LISTEN

echo
echo "=== User Info ==="
whoami
id <REMOTE_USER>
groups <REMOTE_USER>

echo
echo "=== Screen Sharing Group ==="
sudo dscl . -read /Groups/com.apple.access_screensharing GroupMembership

echo
echo "=== User Record ==="
dscl . -read /Users/<REMOTE_USER> UserShell NFSHomeDirectory IsHidden AuthenticationAuthority 2>&1

echo
echo "=== ARD / Screen Sharing Processes ==="
ps aux | egrep "screensharingd|ARDAgent|ScreensharingAgent" | grep -v grep

echo
echo "=== MDM Enrollment ==="
sudo profiles status -type enrollment

echo
echo "=== Configuration Profiles ==="
sudo profiles list -type configuration

echo
echo "=== Profile Details Search ==="
sudo system_profiler SPConfigurationProfileDataType > /tmp/profile-details.txt
grep -iE "Remote Desktop|RemoteManagement|Remote Management|ARD|ARDAgent|ScreenCapture|Screen Capture|Screen Recording|screensharing|ScreensharingAgent|AppleVNC|ListenEvent|PostEvent|Accessibility|Deny|Allow|Authorization" /tmp/profile-details.txt -C 12

echo
echo "=== TCC Database ==="
sudo sqlite3 "/Library/Application Support/com.apple.TCC/TCC.db" \
'.headers on' \
'.mode column' \
'select service, client, client_type, auth_value, auth_reason, flags, datetime(last_modified,"unixepoch","localtime") as modified
 from access
 where service like "%Screen%"
    or service like "%Listen%"
    or service like "%Post%"
    or service like "%Accessibility%"
 order by service, client;'

echo
echo "=== MDM Overrides ==="
sudo plutil -p "/Library/Application Support/com.apple.TCC/MDMOverrides.plist" 2>/dev/null | \
grep -iE "ScreenCapture|Screen|ListenEvent|PostEvent|Accessibility|ARDAgent|screensharing|Remote|AppleVNC|Deny|Allow" -C 8
Code language: PHP (php)

21. Escalation message for IT

Hi IT,

I am trying to connect to a managed Mac using macOS Screen Sharing / Remote Management.

I verified the following:

Network:
- ping works
- SSH works
- port 5900 is listening
- Screen Sharing reaches the remote Mac and shows the login popup

User/permission:
- the remote user is valid
- the remote user is an admin
- the remote user is in com.apple.access_screensharing
- Remote Management was enabled using kickstart
- ARDAgent was restarted

Failure:
- Screen Sharing login still fails
- temporary legacy VNC password auth was also tested and failed
- logs show Screen Sharing authentication failure

MDM:
- the Mac is DEP/MDM enrolled
- configuration profiles include PPPC/privacy, restrictions, login window, and firewall policies
- I do not see a clear PPPC/TCC allow entry for Apple Remote Desktop / ARDAgent / ScreensharingAgent / AppleVNCServer

Can you please check MDM policy for this Mac and confirm:

1. Apple Remote Desktop / Remote Management is enabled via MDM, not only local kickstart
2. Observe + Control permissions are enabled
3. PPPC/TCC allows ScreenCapture, ListenEvent, PostEvent, and Accessibility for Apple Remote Desktop / ARDAgent / ScreensharingAgent / AppleVNCServer
4. No restriction, login window, or firewall profile is blocking Screen Sharing
Code language: JavaScript (javascript)

22. Final takeaway

When macOS Screen Sharing fails, troubleshoot in this order:

Network โ†’ Port 5900 โ†’ SSH โ†’ Remote Management โ†’ User permissions โ†’ Logs โ†’ Legacy VNC test โ†’ MDM/PPPC/TCC policy

If all local checks pass but both normal Screen Sharing and legacy VNC fail, the issue is usually outside the local user account and should be handled by the MDM/IT team.

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services โ€” all in one place.

Explore Hospitals
Iโ€™m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at <a href="https://www.cotocus.com/">Cotocus</a>. I share tech blog at <a href="https://www.devopsschool.com/">DevOps School</a>, travel stories at <a href="https://www.holidaylandmark.com/">Holiday Landmark</a>, stock market tips at <a href="https://www.stocksmantra.in/">Stocks Mantra</a>, health and fitness guidance at <a href="https://www.mymedicplus.com/">My Medic Plus</a>, product reviews at <a href="https://www.truereviewnow.com/">TrueReviewNow</a> , and SEO strategies at <a href="https://www.wizbrand.com/">Wizbrand.</a> Do you want to learn <a href="https://www.quantumuting.com/">Quantum Computing</a>? <strong>Please find my social handles as below;</strong> <a href="https://www.rajeshkumar.xyz/">Rajesh Kumar Personal Website</a> <a href="https://www.youtube.com/TheDevOpsSchool">Rajesh Kumar at YOUTUBE</a> <a href="https://www.instagram.com/rajeshkumarin">Rajesh Kumar at INSTAGRAM</a> <a href="https://x.com/RajeshKumarIn">Rajesh Kumar at X</a> <a href="https://www.facebook.com/RajeshKumarLog">Rajesh Kumar at FACEBOOK</a> <a href="https://www.linkedin.com/in/rajeshkumarin/">Rajesh Kumar at LINKEDIN</a> <a href="https://www.wizbrand.com/rajeshkumar">Rajesh Kumar at WIZBRAND</a> <a href="https://www.rajeshkumar.xyz/dailylogs">Rajesh Kumar DailyLogs</a>

Related Posts

Why Do Software Modernization Projects Fail? 5 Traps That Destroy Modernizations from the Inside

Companies approaching software modernization for the first time almost always stumble over the same obstacle โ€” and it isnโ€™t a technical one. Software modernization most often fails…

Read More

What Is SCMGalaxy OS?

A New Software Delivery Governance Platform for Modern Engineering Teams Modern software engineering has changed dramatically. Twenty years ago, software delivery was mostly about source code management,…

Read More

How Intelligent Automation Is Reshaping Online Visibility

Today, online visibility is one of the most valuable assets a business can possess. Whether a company is trying to attract new customers, establish authority, or grow…

Read More

Agentic AI vs. RPA: Are Bots About to Become Obsolete?

For years, “automation” in enterprise circles meant one thing: RPA. You mapped a process, recorded the steps, deployed a bot, and watched it grind through thousands of…

Read More

Top 10 B2B E-commerce Platforms: Features, Pros, Cons & Comparison

Introduction B2B e-commerce platforms are specialized digital systems that enable businesses to sell products or services directly to other businesses through online channels. Unlike B2C platforms, B2B…

Read More

The Engineering Manager Guide to Designing High-Performing DevOps Teams

Introduction In todayโ€™s competitive software landscape, the difference between market leaders and those trailing behind often boils down to how their engineering teams collaborate. Many organizations believe…

Read More
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
0
Would love your thoughts, please comment.x
()
x