Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 ((install))

Here’s a focused troubleshooting guide for Remote Desktop Connection error code 0x904 (extended error code 0x7).

---

Common causes

1. Network connectivity issues
   • Packet loss, high latency, or routing failures between client and host.
2. DNS or name-resolution failures
   • Hostname not resolving, stale DNS record, or split-horizon DNS mismatches.
3. Firewall or port blocking
   • TCP port 3389 (or custom RDP port) blocked on client, server, or intermediate firewall.
4. Remote Desktop service configuration
   • RDP service disabled, listening on a different port, or limited to certain network interfaces.
5. TLS/Encryption or certificate issues
   • Failed TLS handshake due to invalid/expired certificate or mismatched security settings.
6. Network Level Authentication (NLA) mismatch
   • Client requires or lacks NLA support while server settings differ.
7. Intermediate devices (VPNs, proxies, load balancers)
   • Misconfigured VPN split-tunnel, NAT translation issues, or RDP-aware gateways interfering.
8. Local client configuration or corrupted cache
   • Bad saved credentials, corrupted RDP cache, or incompatible client settings.

Fixes (targeted actions)

• If connectivity tests fail: resolve routing or ISP issues, coordinate with network administrators.
• If DNS fails: flush DNS cache (ipconfig /flushdns), update DNS records, or use IP address to connect.
• If port blocked: open TCP 3389 (or the custom port) on all relevant firewalls and NAT rules.
• If service misconfigured: re-enable Remote Desktop on server (System Properties → Remote), ensure the service is running, restart the machine if necessary.
• If NLA/TLS mismatch: temporarily disable NLA on server to test; update client or server to support compatible security protocols; renew or replace expired certificates.
• If RD Gateway or NAT problem: ensure correct forwarding, TLS passthrough, or proper RD Gateway configuration and that certificate names match.
• If client corruption: reinstall or update the RDP client, clear cached credentials, and recreate the .rdp file.
• If intermittent packet loss: use a more reliable network path or fix network hardware causing loss.

Method 1: Check the Network Profile (Public vs. Private)

If the host computer has its network connection set to Public, Windows Firewall will block RDP connections by default for security reasons. Here’s a focused troubleshooting guide for Remote Desktop

1. Log in to the host machine (locally or via console).
2. Go to Settings > Network & Internet > Ethernet (or Wi-Fi, depending on the connection).
3. Click on the connected network connection.
4. Under "Network Profile Type," ensure it is set to Private.
   • Note: If you are in a public location (like a coffee shop), switch this back to Public when finished working remotely.

Registry Fix for RDP Session Lock Failure (0x904 specific)

On the RDP host, create or modify:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
DWORD: fDenyTSConnections = 0 (to allow RDP)
DWORD: AllowRemoteRPC = 1

Then:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
DWORD: UserAuthentication = 0 (disables NLA requirement – test only)

Reboot after changes.