The Remote Desktop error code (Extended Error ) typically signals a network-level disconnect or a security handshake failure. It often surfaces during unstable connections, when VPN speeds drop, or due to expired RDP certificates.
Below are the most effective solutions for resolving this error: 1. Fix Expired or Corrupt RDP Certificates
Often, the self-signed certificate used for RDP has expired or become corrupted, which explains why some servers work while others on the same network fail. For Windows Servers: Open the Certificates MMC snap-in ( certlm.msc Navigate to Remote Desktop > Certificates Delete the expired certificate. Open Command Prompt as Administrator and run: restart-service termserv -force to automatically generate a new one. For Azure VMs: Users often resolve this by renaming the MachineKeys folder via the Azure Portal's "Run Command" feature:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" then reboot the server. 2. Bypass DNS with IP Address
If there is a DNS resolution issue or a bug in a specific Windows 11 update, hostnames may fail to resolve correctly. Try connecting directly using the IP address of the remote computer instead of its hostname. Flush your DNS cache on the client machine by running ipconfig /flushdns in Command Prompt. 3. Adjust Security & NLA Settings
Compatibility issues with Network Level Authentication (NLA) or mismatched encryption cyphers frequently trigger this error. Disable NLA temporarily to test the connection:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
Require use of specific security layer for remote (RDP) connections and select as the Security Layer.
Require user authentication for remote connections by using Network Level Authentication 4. Verify Firewall & Antivirus Exceptions
Remote Desktop error 0x904 (Extended Error Code 0x7) typically indicates a general connectivity failure often caused by expired self-signed RDP certificates, network instability, or firewall interference. This error is common after Windows 11 upgrades or when connecting via VPN. Primary Fix: Renew RDP Certificates
Most IT professionals find that an expired or corrupt self-signed certificate on the host machine is the root cause.
Access the host computer locally or through another remote method.
Open Certificates MMC: Press Win + R, type certlm.msc, and press Enter.
Delete Expired Certificate: Navigate to Remote Desktop > Certificates. Identify the certificate, check the expiration date, and delete it if it has passed.
Restart RDP Services: Open Command Prompt as an administrator and run:restart-service termserv -force.Windows will automatically generate a new, valid self-signed certificate.. Secondary Solutions
If renewing the certificate does not resolve the issue, try these targeted workarounds:
Connect via IP Address: Windows 11 may have hostname resolution bugs causing 0x904. Try connecting using the server's internal IP address (e.g., 192.168.1.100) instead of its computer name.
Disable UDP on Client: Some connections stabilize when forced to use TCP only. Open Group Policy Editor (gpedit.msc).
Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client. Set Turn off UDP on client to Enabled.
Firewall & Antivirus Exceptions: Ensure mstsc.exe (Remote Desktop Connection) is allowed through the firewall on both the client and host. Users from Spiceworks Community specifically noted that third-party security software like Bitdefender can block these connections.
Use the Microsoft Store App: The "Remote Desktop" app available in the Microsoft Store uses a different networking stack and often bypasses the 0x904 error found in the built-in mstsc.exe client. Azure VM Specific Fix
If you are encountering this on an Azure Virtual Machine, it may be due to a corrupt MachineKeys folder. The Remote Desktop error code (Extended Error )
Use the Run command feature in the Azure Portal to execute:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old".
Reboot the server to let Windows recreate a clean certificate store. After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
The Remote Desktop error code 0x904 (extended error 0x7) typically indicates a network-level connection failure caused by unstable network conditions, expired security certificates, or firewall blocks. It is most common when using a VPN or after upgrading to Windows 11. Top Recommended Solutions
Renew Expired RDP CertificatesExpired self-signed certificates often prevent certain servers from accepting connections while others on the same network work fine.
Action: Log into the affected server locally. Open Certificates MMC (certlm.msc), navigate to Remote Desktop > Certificates, and delete the expired certificate.
Restart: Open Command Prompt as admin and run restart-service termserv -force to let Windows generate a fresh certificate.
Verify Network and VPN StabilityThis error is frequently triggered by packet loss, insufficient bandwidth, or slow VPN response times.
Action: Reconnect your VPN or test the connection speed. If the connection is sluggish, try switching to a different ISP or network.
Adjust Firewall and Antivirus ExceptionsThird-party security software (like Bitdefender Security) can abruptly block RDP traffic. Action: Add mstsc.exe as an exception in your firewall.
Rule: Ensure both Remote Desktop and Remote Desktop (WebSocket) are allowed for both Private and Public networks.
Connect via IP Instead of HostnameDNS resolution issues can sometimes present as a 0x904 error.
Action: Try establishing the connection using the server’s static IP address rather than its Friendly Domain Name (FQDN).
Azure VM Special Fix: MachineKeys CorruptionIf the error occurs on an Azure Virtual Machine, it often stems from a corrupt certificate store.
Action: In the Azure Portal, use the Run Command feature to execute a PowerShell script renaming the folder: Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM afterward.
Force RDP Security LayerMismatched encryption ciphers or Network Level Authentication (NLA) failures can cause immediate disconnects.
Action: Use the Group Policy Editor (gpedit.msc) on the server. Navigate to Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Setting: Enable Require use of specific security layer and select RDP. Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer
The Remote Desktop connection error 0x904 (Extended Error Code: 0x7) is a common RDP issue that typically indicates a network connection failure security certificate problem
. It often occurs after Windows updates (especially Windows 11) or when using a VPN
Here is a summary of the best troubleshooting steps compiled from expert blog posts and technical forums: 1. Fix Expired RDP Certificates (Most Common Solution)
If you can connect to some servers but not others, an expired self-signed certificate on the host machine is a likely culprit : Log in to the host machine locally or via another tool. Certificates (Local Computer) by running certlm.msc Navigate to Remote Desktop > Certificates Find the expired certificate, right-click, and Restart the Remote Desktop Services ) via Command Prompt as Administrator: restart-service termserv -force . Windows will automatically generate a fresh certificate 2. Rename Corrupt MachineKeys (For Azure VMs) Restart both the client and remote computers
If you are using an Azure Virtual Machine, a corrupt certificate store may prevent RDP from creating new certificates : Use the Azure Portal's Run Command feature to execute a PowerShell script:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" : Reboot the server 3. Adjust Firewall & Antivirus Settings Security software like Bitdefender or the native Windows Firewall may block the connection Remote Desktop (WebSocket)
are allowed through the firewall for both Private and Public networks
: Try temporarily disabling third-party antivirus to see if the connection is restored 4. Network & Connection Quick Fixes
Conclusion
By following these steps, you should be able to resolve the Remote Desktop Connection error code 0x904 with extended error code 0x7. If the issue persists, consider seeking additional help from your network administrator or a professional technician. Do you have any questions or would you like to add any additional troubleshooting steps?
Remote Desktop error 0x904 (Extended Error 0x7) typically indicates a general network connectivity failure. It most commonly occurs due to unstable network conditions, expired RDP certificates, or firewall blocks. Phase 1: Network & VPN Stability
This error is frequently triggered by insufficient bandwidth or packet loss.
Reconnect VPN: If you are using a VPN, disconnect and reconnect to refresh the tunnel.
Use IP Address: Try connecting using the remote computer's IP address instead of its hostname to rule out DNS resolution issues.
Test Ping: Run a ping -t [remote-ip] to check for high latency or dropped packets. Phase 2: Fix Expired RDP Certificates
A common cause in server environments is an expired self-signed RDP certificate that fails to renew automatically.
Log into the target server (locally or via an alternative remote tool).
Press Win + R, type certlm.msc, and hit Enter to open the Certificate Manager. Navigate to Remote Desktop > Certificates.
Locate the expired certificate, right-click it, and select Delete.
Restart the Remote Desktop Service to generate a new certificate by running this command in an administrator Command Prompt:restart-service termserv -force. Phase 3: Firewall & Security Software
Security suites like Bitdefender or Windows Firewall may block the specific RDP process.
Allow mstsc.exe: Ensure Remote Desktop and Remote Desktop (WebSocket) are allowed through the firewall on both the source and destination computers.
Add Exception: Add C:\Windows\System32\mstsc.exe to your antivirus/firewall exclusion list. Phase 4: Azure VM Specific Fix
If the error occurs on an Azure Virtual Machine, the certificate store may be corrupt. Access the VM via the Azure Portal. Use the Run command feature and select RunPowerShellScript.
Execute the following to rename the corrupt key folder:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the server. Install Certificate >
Are you connecting over a local network or a wide-area network/VPN? Unable to RDP into some Windows Servers - Error code: 0x904
Remote Desktop Error 0x904 (Extended Error 0x7) typically indicates a failure to establish a stable network handshake or an authentication mismatch between the client and the remote host. Key Causes and Quick Fixes
Expired RDP Certificates: This is the most common "hidden" cause. If a server's self-signed certificate expires, it won't automatically renew, leading to random connection failures on specific hosts.
Unstable Network/VPN: This error frequently occurs due to packet loss, insufficient bandwidth, or slow VPN connections.
Windows 11 Compatibility: Recent builds (22H2+) sometimes struggle with hostname resolution for RDP, throwing this error even when the network is fine.
Firewall Blocking: Even if RDP is enabled, Windows Defender or third-party security software like Bitdefender may block the specific mstsc.exe process. Step-by-Step Troubleshooting Guide 1. Renew Expired RDP Certificates
If you can access the server via another method (e.g., local console or Azure portal): Open the Certificates MMC snap-in (certlm.msc). Navigate to Remote Desktop > Certificates.
Check the expiration date. If expired, delete the old certificate.
Restart the Remote Desktop Service by running restart-service termserv -force in an elevated PowerShell. Windows will automatically generate a new one. 2. Connect via IP Address
Bypass potential DNS or hostname resolution issues by entering the remote computer's IP address directly into the Remote Desktop Connection client instead of its name. 3. Adjust Firewall Rules
Ensure RDP is fully permitted in Windows Firewall. Verify that Remote Desktop and Remote Desktop (WebSocket) are enabled for both Private and Public networks. 4. Fix Azure VM Certificate Corruption
For Azure VMs, a corrupted key store often causes this error. This guide from remoteaccesspcdesktop.com details using Azure Portal's "Run command" to rename the MachineKeys folder, which forces a rebuild of the certificate store upon restart. After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
On the remote PC (admin CMD):
net stop termservice
del /f /s /q /a "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\*"
net start termservice
Then restart.
Below are the most effective solutions, ranked from quickest to most technical. For best results, follow them in order.
Because extended error code 0x7 points to storage control blocks, the local license store is suspect. Deleting it forces Windows to request a fresh license.
Warning: Back up your registry first.
Win + R, type regedit, and navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default
MRU (Most Recently Used).HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Licensing Core\CalCache
CalCache folder.Self-signed certificates cause untrusted authority errors (0x7). Instead of ignoring the warning, install a trusted certificate.
On the remote Windows machine (Server or Pro):
Certlm.msc (Local Machine Certificates).Remote Desktop > Certificates.Remote Desktop > All Tasks > Create Custom Certificate.Alternatively – Force the client to trust the bad certificate:
certlm.msc on the server under Remote Desktop).Trusted Root Certification Authorities > Finish.If the error still appears after trying everything above, the issue lies deeper in the RDP stack or OS corruption.