Title: Fixing Remote Desktop Connection Error 0x904 (Extended Error 0x7)
Having trouble connecting via Remote Desktop? Error 0x904 with extended error code 0x7 typically indicates an authentication or TLS/credSSP issue between client and server. Try the steps below in order until the connection succeeds.
qwinsta to confirm listener status.If you want, share the exact Windows versions (client/server), recent updates applied, and key Event Viewer error messages and I’ll provide targeted commands or registry edits.
The Remote Desktop error 0x904 (Extended Code 0x7) is a common connection failure that typically stems from network instability, firewall misconfigurations, or expired security certificates. This error often appears on Windows 10/11 and Windows Server 2016/2019/2022, especially after system updates. www.remoteaccesspcdesktop.com Primary Causes Network Instability:
Insufficient bandwidth, high packet loss, or slow VPN connections. Certificate Issues:
Expired self-signed RDP certificates or corrupt certificate stores (common on Azure VMs). Firewall Blocks: Misconfigured rules on either the client or host machine. Compatibility: Known quirks in Windows 11 hostname resolution. Spiceworks Community Best Fixes & Troubleshooting Steps 1. Fix Expired RDP Certificates (Recommended)
This is the most common resolution for persistent 0x904 errors on physical servers. www.remoteaccesspcdesktop.com
Access the host server locally or via an alternative method. Open the Certificates snap-in: Press certlm.msc , and hit Enter. Navigate to Remote Desktop > Certificates Check for an expired certificate. If it is past its date, right-click and delete Open Command Prompt as Administrator and run: restart-service termserv -force . Windows will automatically generate a new certificate. www.remoteaccesspcdesktop.com 2. Use IP Address Instead of Hostname
Windows 11 sometimes fails to resolve hostnames correctly for RDP, triggering 0x904. www.remoteaccesspcdesktop.com In the Remote Desktop Connection window, enter the IP address 192.168.1.50 ) instead of the computer name. TheITBros.com 3. Configure Firewall Rules Ensure the correct RDP services are allowed through the Windows Defender Firewall on both machines.
Search for "Allow an app through Windows Firewall" in the Start menu. Change settings Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for both C:\Windows\System32\mstsc.exe manually if it is not in the list. www.remoteaccesspcdesktop.com 4. Fix Azure VM Certificate Corruption If the error occurs on an Azure Virtual Machine Azure Portal to reset the certificate store. www.remoteaccesspcdesktop.com In the Azure Portal, go to your VM's Run command RunPowerShellScript and execute:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server. www.remoteaccesspcdesktop.com 5. Adjust Security Layers (Legacy Support)
If connecting from an older client to a newer host, the security layer might be too high. TheITBros.com On the host, open Local Group Policy Editor gpedit.msc Navigate to:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
Require use of specific security layer for remote (RDP) connections and set it to Microsoft Learn Are you connecting over a local network , and which version of is the host machine running? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
Remote Desktop error 0x904 (Extended Error Code 0x7) typically indicates a general connectivity failure often caused by expired self-signed RDP certificates, network instability, or firewall interference. This error is common after Windows 11 upgrades or when connecting via VPN. Primary Fix: Renew RDP Certificates
Most IT professionals find that an expired or corrupt self-signed certificate on the host machine is the root cause.
Access the host computer locally or through another remote method.
Open Certificates MMC: Press Win + R, type certlm.msc, and press Enter.
Delete Expired Certificate: Navigate to Remote Desktop > Certificates. Identify the certificate, check the expiration date, and delete it if it has passed.
Restart RDP Services: Open Command Prompt as an administrator and run:restart-service termserv -force.Windows will automatically generate a new, valid self-signed certificate.. Secondary Solutions
If renewing the certificate does not resolve the issue, try these targeted workarounds:
Connect via IP Address: Windows 11 may have hostname resolution bugs causing 0x904. Try connecting using the server's internal IP address (e.g., 192.168.1.100) instead of its computer name.
Disable UDP on Client: Some connections stabilize when forced to use TCP only. Open Group Policy Editor (gpedit.msc).
Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client. Set Turn off UDP on client to Enabled.
Firewall & Antivirus Exceptions: Ensure mstsc.exe (Remote Desktop Connection) is allowed through the firewall on both the client and host. Users from Spiceworks Community specifically noted that third-party security software like Bitdefender can block these connections.
Use the Microsoft Store App: The "Remote Desktop" app available in the Microsoft Store uses a different networking stack and often bypasses the 0x904 error found in the built-in mstsc.exe client. Azure VM Specific Fix Quick checks
If you are encountering this on an Azure Virtual Machine, it may be due to a corrupt MachineKeys folder.
Use the Run command feature in the Azure Portal to execute:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old".
Reboot the server to let Windows recreate a clean certificate store. After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
The Remote Desktop error code 0x904 (extended error 0x7) typically indicates a network-level connection failure caused by unstable network conditions, expired security certificates, or firewall blocks. It is most common when using a VPN or after upgrading to Windows 11. Top Recommended Solutions
Renew Expired RDP CertificatesExpired self-signed certificates often prevent certain servers from accepting connections while others on the same network work fine.
Action: Log into the affected server locally. Open Certificates MMC (certlm.msc), navigate to Remote Desktop > Certificates, and delete the expired certificate.
Restart: Open Command Prompt as admin and run restart-service termserv -force to let Windows generate a fresh certificate.
Verify Network and VPN StabilityThis error is frequently triggered by packet loss, insufficient bandwidth, or slow VPN response times.
Action: Reconnect your VPN or test the connection speed. If the connection is sluggish, try switching to a different ISP or network.
Adjust Firewall and Antivirus ExceptionsThird-party security software (like Bitdefender Security) can abruptly block RDP traffic. Action: Add mstsc.exe as an exception in your firewall.
Rule: Ensure both Remote Desktop and Remote Desktop (WebSocket) are allowed for both Private and Public networks.
Connect via IP Instead of HostnameDNS resolution issues can sometimes present as a 0x904 error.
Action: Try establishing the connection using the server’s static IP address rather than its Friendly Domain Name (FQDN).
Azure VM Special Fix: MachineKeys CorruptionIf the error occurs on an Azure Virtual Machine, it often stems from a corrupt certificate store.
Action: In the Azure Portal, use the Run Command feature to execute a PowerShell script renaming the folder: Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM afterward.
Force RDP Security LayerMismatched encryption ciphers or Network Level Authentication (NLA) failures can cause immediate disconnects.
Action: Use the Group Policy Editor (gpedit.msc) on the server. Navigate to Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Setting: Enable Require use of specific security layer and select RDP. Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer
Fixing Remote Desktop Error Code 0x904 (Extended Code 0x7) Remote Desktop Connection (RDP) error code 0x904 with extended error code 0x7 is a common connection failure that often occurs after Windows updates (especially Windows 11 upgrades) or when network conditions are unstable. It typically signifies that the client is unable to establish a secure, stable handshake with the remote host. Core Causes
Unstable Network/VPN: Insufficient bandwidth, high packet loss, or slow VPN connections.
Expired RDP Certificates: Self-signed certificates on the host machine may have expired and failed to auto-renew.
Encryption Mismatches: A failure in TLS/SSL negotiation where the client and server do not support the same cipher suites.
Firewall Blockage: Antivirus software or Windows Defender Firewall may be blocking the connection on either the source or destination.
OS Compatibility: Frequent issues reported when connecting from Windows 11 to older Windows Server versions. Step-by-Step Solutions 1. Renew Expired RDP Certificates
Expired self-signed certificates are a primary cause of this error on servers that haven't been rebooted in a while. Confirm both machines are powered on and reachable
Log into the remote server locally or via a different remote access tool.
Press Win + R, type certlm.msc, and press Enter to open the Certificates console. Navigate to Remote Desktop > Certificates.
Check the expiration date. If expired, delete the old certificate.
Open an elevated Command Prompt and restart the term service to generate a new certificate:restart-service termserv -force.
It looks like there's no response available for this search. Try asking something else. Unable to RDP into some Windows Servers - Error code: 0x904
Remote Desktop error 0x904 (extended error 0x7) typically indicates a general network connection failure, often triggered by expired RDP certificates firewall blocks unstable network/VPN conditions www.remoteaccesspcdesktop.com Core Troubleshooting Steps Renew Expired RDP Certificates: On the remote server, open certlm.msc , navigate to Remote Desktop > Certificates , and delete expired certificates. Restart Remote Desktop Services to generate a new one. Use IP Address:
Bypass DNS issues by connecting using the server’s internal IP address instead of its hostname. Verify Firewall Settings: Remote Desktop
is allowed in Windows Firewall for both Private/Public networks. Add exceptions for in third-party security software if necessary. Use Microsoft Store App: Try using the alternative Microsoft Remote Desktop app for better compatibility. Fix Certificate Store (Azure): If using Azure VMs, rename C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys to address potential corruption. Spiceworks Community Additional Solutions Restart Remote Host: Reboot the server to resolve service issues. Check VPN: Ensure your connection is stable. Disable NLA: If needed, disable Network Level Authentication (NLA) on the host for testing. Spiceworks Community Are you connecting to a local server cloud-hosted machine like an Azure VM? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7 30 Jun 2021 —
Remote Desktop error 0x904 (Extended Error 0x7) typically indicates a general network connectivity failure. It most commonly occurs due to unstable network conditions, expired RDP certificates, or firewall blocks. Phase 1: Network & VPN Stability
This error is frequently triggered by insufficient bandwidth or packet loss.
Reconnect VPN: If you are using a VPN, disconnect and reconnect to refresh the tunnel.
Use IP Address: Try connecting using the remote computer's IP address instead of its hostname to rule out DNS resolution issues.
Test Ping: Run a ping -t [remote-ip] to check for high latency or dropped packets. Phase 2: Fix Expired RDP Certificates
A common cause in server environments is an expired self-signed RDP certificate that fails to renew automatically.
Log into the target server (locally or via an alternative remote tool).
Press Win + R, type certlm.msc, and hit Enter to open the Certificate Manager. Navigate to Remote Desktop > Certificates.
Locate the expired certificate, right-click it, and select Delete.
Restart the Remote Desktop Service to generate a new certificate by running this command in an administrator Command Prompt:restart-service termserv -force. Phase 3: Firewall & Security Software
Security suites like Bitdefender or Windows Firewall may block the specific RDP process.
Allow mstsc.exe: Ensure Remote Desktop and Remote Desktop (WebSocket) are allowed through the firewall on both the source and destination computers.
Add Exception: Add C:\Windows\System32\mstsc.exe to your antivirus/firewall exclusion list. Phase 4: Azure VM Specific Fix
If the error occurs on an Azure Virtual Machine, the certificate store may be corrupt. Access the VM via the Azure Portal. Use the Run command feature and select RunPowerShellScript.
Execute the following to rename the corrupt key folder:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the server.
Are you connecting over a local network or a wide-area network/VPN? Unable to RDP into some Windows Servers - Error code: 0x904
The Remote Desktop Connection error 0x904 (Extended Code 0x7) Quick diagnostic questions
typically indicates a network instability or a security handshake failure
, often caused by expired certificates, firewall blocks, or compatibility issues with newer Windows versions like Windows 11. Step 1: Fix Expired RDP Certificates
This is the most common cause when a connection suddenly fails while others on the same network work fine.
Log into the remote server (via console or alternative access). certlm.msc , and hit Enter to open the Certificates MMC snap-in. Navigate to Remote Desktop > Certificates (or Personal > Certificates).
Look for the certificate issued to the computer name. Check its expiration date. If it is expired or corrupt, right-click and Delete Open Command Prompt as Administrator and run: restart-service termserv -force (or simply restart the server).
Windows will automatically generate a fresh self-signed certificate upon service restart. www.remoteaccesspcdesktop.com Step 2: Windows 11 Compatibility Workarounds
Windows 11 (builds 22H2 and later) has known bugs with RDP hostname resolution and specific cipher suites. www.remoteaccesspcdesktop.com Connect via IP Address : Instead of typing the computer name (e.g., ), use the target's internal IP address (e.g., 192.168.1.100 Use the Microsoft Store App : Users have reported success using the Remote Desktop app from the Microsoft Store instead of the built-in Spiceworks Community Step 3: Check Firewall and Security Software
Even if RDP is "Allowed," specific security layers may still block the connection. www.remoteaccesspcdesktop.com Allow MSTSC explicitly "Allow an app through Windows Firewall" Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for Private and Public. Allow another app , browse to C:\Windows\System32\mstsc.exe , and add it with full permissions. Third-Party Antivirus : Apps like Bitdefender have been known to block RDP. Add to their exception lists. Spiceworks Community Step 4: Azure VM Special Case
If the target is an Azure Virtual Machine, a corrupt certificate store is a frequent culprit. www.remoteaccesspcdesktop.com Azure Portal , go to your VM and select Run command > RunPowerShellScript Run this command to rename the key folder:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server. www.remoteaccesspcdesktop.com Step 5: Adjust Security Layer (Last Resort) Unable to RDP into some Windows Servers - Error code: 0x904 24 Apr 2025 —
Troubleshooting Remote Desktop Connection Error Code 0x904 with Extended Error Code 0x7
Are you encountering the frustrating Remote Desktop Connection (RDC) error code 0x904 accompanied by an extended error code 0x7? This error typically occurs when there's a problem establishing a connection to the remote computer. Don't worry; we've got you covered. In this article, we'll guide you through the possible causes and provide step-by-step solutions to resolve this issue.
Understanding the Error Codes
Possible Causes of the Error
Step-by-Step Solutions
Error Code 0x904 with Extended Error 0x7 is an authentication handshake failure.
Did these fixes work for you? Let us know in the comments if you found a different solution!
It looks like you're encountering Remote Desktop error 0x904 with extended error 0x7, and you're looking for the best fix.
Let me break down what this means and the most effective solutions.
Encountering a Remote Desktop Connection error is frustrating, but seeing a specific code like 0x904 with an extended error code 0x7 often indicates a precise issue rather than a generic network glitch.
What does this error mean?
ERROR_ARENA_TRASHED (Windows kernel error) or, in RDP context, often correlates with "The license cannot be stored locally" or "The server’s security layer rejected the connection."In plain English: Your computer and the remote server disagree on how to securely store the connection license or negotiate encryption.
Because extended error code 0x7 points to storage control blocks, the local license store is suspect. Deleting it forces Windows to request a fresh license.
Warning: Back up your registry first.
Win + R, type regedit, and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
MRU (Most Recently Used).HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Licensing Core\CalCache
CalCache folder.wsreset /i or roll back recent RDP-related updates.