I Remote Desktop Connection Error Code 0x904 Better -

Troubleshooting Remote Desktop Error Code 0x904 Remote Desktop Protocol (RDP) is essential for modern IT management, but encountering Error Code 0x904 (often accompanied by extended error code 0x7) can stall productivity. This error typically signals that the computer cannot establish a connection to the remote machine due to network instability, security policy mismatches, or certificate issues. Common Causes of Error 0x904

Before diving into technical fixes, it is helpful to understand why this specific error occurs:

Network Instability: Insufficient bandwidth, high packet loss, or a sluggish VPN connection often trigger this code.

Encryption Mismatches: The client and server may fail to agree on a supported cipher suite, especially after updates to Windows 11.

Firewall Blocks: Windows Defender Firewall or third-party antivirus software might be blocking mstsc.exe or RDP traffic.

Certificate Issues: A newly renewed or corrupted self-signed certificate can prevent the TLS tunnel from establishing correctly. Step-by-Step Solutions 1. Basic Connection Checks

Start with simple remedies that often resolve intermittent issues: Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop error code (often accompanied by extended error code

typically indicates a network instability or a security certificate mismatch

. This error is common on Windows 11 and Windows Server 2022. Most Common Fix: Refresh the RDP Certificate

Expired or corrupt self-signed certificates are a frequent cause for this error. www.remoteaccesspcdesktop.com On the remote server certlm.msc , and hit Enter. Navigate to Remote Desktop Certificates Right-click and

any expired certificates (Windows will regenerate one automatically). Open Command Prompt as an administrator and run: restart-service termserv -force to restart Remote Desktop Services. www.remoteaccesspcdesktop.com Network & Connection Workarounds Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop error 0x904 (often accompanied by extended error 0x7) typically signals a breakdown in the initial handshake between your device and the remote host. While it is often labeled as a "network instability" issue, modern troubleshooting identifies it more precisely as a failure in certificate validation or a specific Windows 11 compatibility bug. Why You’re Seeing It

Expired RDP Certificates: The remote server uses self-signed certificates that don't always auto-renew. If they expire, the connection is instantly dropped after you enter credentials.

Windows 11 "Hostname" Bug: Users on Windows 11 (especially version 22H2 and later) frequently encounter this error when connecting via a computer name rather than an IP address.

Security Layer Mismatch: If the server requires Network Level Authentication (NLA) or TLS 1.2 but the client isn't configured for it, the connection will fail.

Packet Loss or VPN Lag: True to its generic label, a high-latency VPN or unstable Wi-Fi can trigger it by timing out the connection mid-handshake. Proven Fixes

Based on expert reviews from platforms like Reddit's Sysadmin community and Microsoft Q&A, try these steps in order:

Switch to IP Connection: In the Remote Desktop window, replace the computer name with its local IP address (e.g., 192.168.1.50). This is the most common workaround for Windows 11 users.

Renew Server Certificates: If you have access to the host, open certlm.msc, navigate to Remote Desktop > Certificates, and delete any expired ones. Restart the Remote Desktop Services (termserv) to force Windows to generate a new one.

Try the Microsoft Store App: Users on Microsoft's support forums report that the Microsoft Remote Desktop app (from the Store) often bypasses the 0x904 error even when the built-in mstsc.exe fails.

Azure VM Fix: If you are using an Azure VM, the issue is often a corrupt "MachineKeys" folder. Renaming C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys to MachineKeys_old and rebooting typically clears the error.

Firewall Exceptions: Ensure mstsc.exe is explicitly allowed through both your local and remote firewalls. Some security suites like Bitdefender have been known to block these connections unexpectedly.

Are you connecting to a personal PC or a Windows Server managed by an IT department? Fix Remote Desktop Error Code 0x904: 4 Working Solutions

Remote Desktop error 0x904 (often accompanied by extended error code 0x7) is a common connection failure that occurs when the client cannot establish a stable or secure session with the remote host. Top Root Causes i remote desktop connection error code 0x904 better

Expired RDP Certificates: The most frequent cause for specific servers failing while others work. Windows generates self-signed certificates that don't always auto-renew.

Network Instability: Insufficient bandwidth, high packet loss, or a sluggish VPN connection.

Encryption Mismatch: Incompatibility between the client and server security layers (e.g., NLA or TLS versions).

Windows 11 Compatibility: Recent updates have introduced hostname resolution bugs.

Firewall/AV Blocking: Security software like Bitdefender or Windows Defender blocking mstsc.exe. Step-by-Step Fixes 1. Renew Expired RDP Certificates (Recommended)

If only some servers are affected, a silent certificate expiration is likely the culprit. Log into the host locally. Open certlm.msc (Certificates console).

Navigate to Remote Desktop > Certificates and Delete the expired certificate.

Restart Remote Desktop Services via Command Prompt (Admin): restart-service termserv -force to trigger a new auto-generated certificate. 2. Bypass Hostname Issues

Try connecting using the IP address (e.g., 192.168.1.50) instead of the computer name. This is a proven workaround for Windows 11 RDP bugs. 3. Repair Azure VM Certificate Stores

For Azure Virtual Machines, address potential certificate corruption in the MachineKeys folder.

Use the Run Command tool in the Azure Portal to run this PowerShell script:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" Reboot the server. 4. Adjust Security & Encryption Layers

If connection drops occur, test by lowering security requirements via gpedit.msc:

Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Enable "Require use of specific security layer..." and select RDP.

Disable "Require user authentication... using Network Level Authentication (NLA)". 5. Whitelist RDP in Firewall

Ensure mstsc.exe is explicitly allowed through both Private and Public firewalls, ensuring Remote Desktop and Remote Desktop (WebSocket) are checked in "Allow an app through Windows Firewall". Review Summary Solution Effectiveness Difficulty Best For Certificate Renewal Single server failures IP Address Connection Windows 11 users Firewall Exception New setups / After AV updates Azure MachineKeys Fix Azure VM instances

If these steps do not resolve the issue, consider if the problem is related to a VPN/local network issue, Windows 11 compatibility, or a recent Windows Update. Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop Connection Error Code 0x904 (often accompanied by extended error code 0x7) is a generic connection failure that typically stems from network instability, expired security certificates, or firewall blocks. It is most common in modern Windows 10/11 environments and Windows Server setups. Core Causes & Fixes 1. Expired RDP Certificates (Most Common)

The error often triggers when a server's self-signed RDP certificate expires, as they do not always renew automatically.

Fix: Log into the affected server locally. Open the Certificates MMC snap-in (certlm.msc), navigate to Remote Desktop > Certificates, and delete any expired certificates. Restart the Remote Desktop Services (TermService) to force Windows to generate a new certificate. 2. Network & VPN Instability

Insufficient bandwidth, high packet loss, or slow VPN speeds frequently cause 0x904.

Fix: Verify your internet speed on both ends. If using a VPN, try reconnecting or switching to a more stable ISP. 3. Firewall & Antivirus Obstruction

Security software may block mstsc.exe even if Remote Desktop is technically "enabled".

Fix: Access Allow an app through Windows Firewall and ensure both Remote Desktop and Remote Desktop (WebSocket) are checked for both Private and Public networks. Some users find that adding rdp.exe or mstsc.exe as an exception in third-party antivirus (like Bitdefender) resolves the issue. 4. Windows 11 Compatibility Bugs Open Group Policy Editor ( gpedit

Users have reported this error specifically after Windows 11 updates.

Workaround: Try connecting via the IP address of the remote machine instead of its hostname. Alternatively, download the Microsoft Store version of the Remote Desktop app, which often bypasses bugs found in the standard legacy client. Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer

Remote Desktop Connection error 0x904 (often accompanied by extended error code 0x7) is a common issue typically caused by network instability, expired RDP certificates, or Windows 11 compatibility bugs. Most Effective Fixes for Error 0x904

Renew Expired RDP Certificates: The most common root cause is an expired self-signed certificate on the remote server.

On the remote server, press Win + R, type certlm.msc, and hit Enter to open Local Computer Certificates. Navigate to Remote Desktop > Certificates.

Check the expiration date of the certificate. If it has expired, delete it.

Restart the Remote Desktop Services by running restart-service termserv -force in PowerShell as an Administrator. Windows will automatically generate a fresh certificate.

Use the IP Address Instead of Hostname: Many users on Windows 11 (specifically builds 22H2 and later) encounter 0x904 due to a bug in hostname resolution.

Instead of entering the computer's name (e.g., "Office-PC"), enter its internal IP address (e.g., 192.168.1.50) in the Remote Desktop Connection window.

Switch to the Microsoft Store RDP App: If the built-in mstsc.exe client continues to fail, the Microsoft Remote Desktop app available in the Microsoft Store often works because it uses a different networking stack that bypasses these specific bugs.

Fix Azure VM Certificate Corruption: If you are using an Azure Virtual Machine, the 0x904 error frequently stems from a corrupt MachineKeys folder.

Access the VM via the Azure Portal and use the Run Command feature to execute the following PowerShell script:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old".

Reboot the VM; Windows will recreate a healthy folder and fresh certificates.

Grant Private Key Permissions: In advanced environments like CyberArk PSM, the error may occur if the NETWORK SERVICE account lacks read access to the RDP certificate's private key.

In the Certificates MMC snap-in, right-click your certificate > All Tasks > Manage Private Keys, and ensure NETWORK SERVICE has Read permissions. Quick Connectivity Checklist

Check Firewall: Ensure "Remote Desktop" and "Remote Desktop (WebSocket)" are allowed through the Windows Defender Firewall on both the client and host.

Verify RDP Port: Use PowerShell to test if port 3389 is open: Test-NetConnection [TargetIP] -Port 3389.

Network Stability: If connecting over a VPN, ensure you have sufficient bandwidth; high packet loss can trigger this code.

3. Enable CredSSP vulnerable mode as fallback

Set-ItemProperty -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation" -Name "AllowEncryptionOracle" -Value 2 -Type DWord

On the remote computer (where you’re connecting to):

  1. Open Group Policy Editor (gpedit.msc) on the remote machine.
  2. Navigate to:
    Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security
  3. Set “Require use of specific security layer for remote (RDP) connections” to Enabled.
  4. Under “Security Layer,” select “RDP Security Layer” (not SSL or Negotiate).
  5. Apply and restart the Remote Desktop Services:
    • Open Services.msc
    • Restart Remote Desktop Services (TermService)

Why this is better:
It bypasses SSL certificate validation. While less secure, it’s the only reliable method for older, unpatched embedded systems or legacy industrial PCs.

Verdict:

Error 0x904 is annoying but fixable. The registry reset method works ~90% of the time. If you're in a corporate environment, your IT may need to reissue RDP CALs. For personal use, clearing cache + NLA tweak usually resolves it without reinstalling anything.

Rating for Microsoft's error handling: ⭐⭐☆☆☆ (Poor – error messages are vague, forcing registry edits)
Fix effectiveness: ⭐⭐⭐⭐☆ (Good if you follow the steps above)

Would you like a step-by-step PowerShell script to automate the registry fix?

Remote Desktop Protocol (RDP) error code 0x904 is a connection failure message typically indicating network instability, expired security certificates, or firewall interference. While it often appears alongside "Extended Error Code: 0x7," the root cause usually lies in how the client and server negotiate their secure handshake. The Core Causes of Error 0x904 expired security certificates

Expired RDP Certificates: This is the most common "silent" cause. Every RDP host generates a self-signed certificate that eventually expires, causing connections to fail even if network settings remain unchanged.

Network Instability: Low bandwidth, high packet loss, or a sluggish VPN can disrupt the RDP session before it fully establishes.

Credential and Security Mismatches: Discrepancies in encryption ciphers between Windows 11 clients and older servers (like Windows Server 2016/2019) frequently trigger this error.

Azure VM Specifics: On Azure Virtual Machines, a corrupt "MachineKeys" folder can prevent the system from creating the necessary certificates for remote access. Effective Troubleshooting Strategies

To resolve error 0x904, follow these steps in order of effectiveness:

Renew the RDP CertificateIf you have local access to the server, open the Certificates Manager (certlm.msc), find the expired certificate under Remote Desktop > Certificates, and delete it. Afterward, restart the Remote Desktop Services in the Command Prompt as an administrator using restart-service termserv -force. Windows will then automatically generate a fresh certificate.

Fix Azure VM CorruptionIf the error occurs on an Azure VM, use the Azure Portal "Run Command" feature to execute a PowerShell script that renames the corrupt MachineKeys folder to MachineKeys_old and reboots the server.

Adjust Security Layer SettingsUsing the Group Policy Editor (gpedit.msc), you can force the server to use a standard RDP security layer. Navigate to Remote Desktop Session Host > Security and set "Require use of specific security layer for remote (RDP) connections" to Enabled, selecting RDP as the security layer.

Verify Firewall and NetworkEnsure that Remote Desktop (WebSocket) is allowed through the Windows Defender Firewall on both the client and host machines. If using a VPN, ensure it is stable; switching from a computer name to a direct IP address in the connection field can also bypass local DNS resolution issues.

Are you connecting to a local workstation or a cloud-hosted virtual machine? Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer

Remote Desktop Connection error (often accompanied by extended error code

typically signals a network-level connection failure caused by expired RDP certificates firewall blocks hostname resolution issues Quick Fixes Connect via IP Address : Instead of using the computer name (e.g., ), use the internal IP address (e.g., 192.168.1.50 ) in the "Computer" field of the Remote Desktop Connection app Use the Microsoft Store App : Users often find that the Microsoft Store version of Remote Desktop bypasses bugs present in the built-in Windows Restart RDP Services

: On the remote machine, open a Command Prompt as Administrator and run: net stop termservice && net start termservice www.remoteaccesspcdesktop.com Advanced Troubleshooting If the quick fixes fail, follow these steps in order: 1. Renew Expired RDP Certificates

Expired self-signed certificates are a primary cause of 0x904 errors. www.remoteaccesspcdesktop.com remote computer certlm.msc , and hit Enter. Navigate to Remote Desktop Certificates Right-click and any expired certificates.

Restart the computer; Windows will automatically generate a fresh certificate upon reboot. www.remoteaccesspcdesktop.com 2. Adjust Firewall Settings

Ensure the firewall isn't blocking RDP traffic on either end: Search Windows for "Allow an app through Windows Firewall." Remote Desktop Remote Desktop (WebSocket) are checked for both If using third-party antivirus (like Bitdefender), add to the exception list. www.remoteaccesspcdesktop.com 3. Fix Certificate Store Corruption (Azure/Advanced) If certificates cannot be generated, the MachineKeys folder may be corrupt. www.remoteaccesspcdesktop.com

: Use the "Run Command" feature in the Azure Portal to run this PowerShell script:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old"

: Run the same command in PowerShell as Administrator, then reboot. www.remoteaccesspcdesktop.com 4. Security Layer Configuration

In cases of mismatched encryption, forcing a specific security layer can help. Microsoft Learn Unable to RDP into some Windows Servers - Error code: 0x904 24-Apr-2025 —

Troubleshooting Guide: RDP Error Code 0x904 (Better Solutions)

Summary Checklist

| Check | Status | | :--- | :--- | | Is the IP address correct? | Yes | | Is DNS flushed? | Yes | | Is Network Discovery ON? | Yes | | Is VPN connected (if applicable)? | Yes |

Step 1: Basic Troubleshooting

  1. Restart your computer: Ensure both the local and remote computers are restarted to resolve any temporary issues.
  2. Check network connectivity: Verify that both computers have a stable internet connection.

Part 5: When Nothing Works – The Nuclear Options

If error 0x904 persists after all fixes, use these last-resort strategies.

1. Clear Corrupted RDP Client Licenses (Most Effective)

The client machine may have a corrupted license cache.

Steps:

  1. Close all RDP sessions.
  2. Open Run (Win + R), type regedit, press Enter.
  3. Navigate to: 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSLicensing
  4. Delete the entire MSLicensing key (right-click → Delete).
  5. Close Registry Editor and restart your PC.
  6. Try reconnecting. Windows will request a new license automatically.

Better because: It directly removes the corrupted license file that generic cleaning tools miss.