Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 Best ((exclusive)) May 2026

The Remote Desktop error code (Extended Error ) typically signals a network-level disconnect or a security handshake failure. It often surfaces during unstable connections, when VPN speeds drop, or due to expired RDP certificates.

Below are the most effective solutions for resolving this error: 1. Fix Expired or Corrupt RDP Certificates

Often, the self-signed certificate used for RDP has expired or become corrupted, which explains why some servers work while others on the same network fail. For Windows Servers: Open the Certificates MMC snap-in ( certlm.msc Navigate to Remote Desktop > Certificates Delete the expired certificate. Open Command Prompt as Administrator and run: restart-service termserv -force to automatically generate a new one. For Azure VMs: Users often resolve this by renaming the MachineKeys folder via the Azure Portal's "Run Command" feature:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" then reboot the server. 2. Bypass DNS with IP Address

If there is a DNS resolution issue or a bug in a specific Windows 11 update, hostnames may fail to resolve correctly. Try connecting directly using the IP address of the remote computer instead of its hostname. Flush your DNS cache on the client machine by running ipconfig /flushdns in Command Prompt. 3. Adjust Security & NLA Settings

Compatibility issues with Network Level Authentication (NLA) or mismatched encryption cyphers frequently trigger this error. Disable NLA temporarily to test the connection:

Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security

Require use of specific security layer for remote (RDP) connections and select as the Security Layer.

Require user authentication for remote connections by using Network Level Authentication 4. Verify Firewall & Antivirus Exceptions

Troubleshooting Remote Desktop Error 0x904 (Extended Code 0x7)

The Remote Desktop connection error 0x904 with extended error code 0x7 is a common Windows error that typically indicates a network connectivity issue. It often occurs when the network connection is unstable, bandwidth is insufficient, or there is a mismatch in encryption settings between the client and the host. Quick Summary of Causes

Unstable Network: Slow VPN speeds, packet loss, or low bandwidth.

Security Software Interference: Firewalls or antivirus (like Bitdefender) blocking rdp.exe.

Expired Certificates: Corrupt or expired self-signed RDP certificates on the remote server.

NLA Conflicts: Network Level Authentication (NLA) issues, especially after a Windows 11 upgrade. Step-by-Step Solutions 1. Verify and Allow RDP Through Firewall

A single misconfigured firewall setting can trigger this error. Ensure RDP traffic is allowed on both the source and destination computers.

Press Win + S and type "Allow an app through Windows Firewall". Click Change settings.

Check both Remote Desktop and Remote Desktop (WebSocket) for both Private and Public networks.

If it’s missing, click Allow another app, browse to C:\Windows\System32\mstsc.exe, and add it.

Confirm that TCP port 3389 is open using PowerShell: Test-NetConnection [server_name] -Port 3389. 2. Renew Expired RDP Certificates

If the server's self-signed certificate is invalid, open the Certificates MMC snap-in (certlm.msc), navigate to Remote Desktop > Certificates, delete expired ones, and restart the Remote Desktop Services (restart-service termserv -force) to generate a new one. 3. Adjust Network Level Authentication (NLA)

Modify NLA settings via the Group Policy Editor (gpedit.msc) under Computer Configuration settings for Remote Desktop Services if compatibility issues are suspected. Unable to RDP into some Windows Servers - Error code: 0x904

Since these codes are less common than generic RDP errors, this content assumes a deeper Windows networking and licensing context.

4. Reset RDP certificate on the remote host

On the remote PC (admin CMD):

net stop termservice
del /f /s /q /a "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\*"
net start termservice

Then restart.

Fix #5: Network Level Authentication (NLA)

If the machine you are trying to reach is on a local network (not the cloud), this error can happen if NLA settings are mismatched.

To disable NLA requirement via Group Policy (On the Host):

  1. Open Group Policy Editor (gpedit.msc).
  2. Go to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
  3. Find "Require user authentication for remote connections by using Network Level Authentication".
  4. Set it to Disabled.
  5. Restart the host machine.

Note: Disabling NLA reduces security and should only be done for troubleshooting purposes or within secure private networks.

The Fix: Reset the Web Account Manager (WAM)

The most reliable way to fix this for cloud-based connections is to reset the WAM, which forces the RDP client to ask for fresh credentials.

  1. Open the Start Menu and search for Command Prompt.
  2. Right-click and select Run as Administrator.
  3. Paste the following command and hit Enter: 
    msdt.exe /id SettingsDiagnosticAch
    Alternatively, you can run the Windows Store Apps troubleshooter, which often resets these background tokens.
  4. Restart your computer and attempt the connection again.

Final Verdict

Error 0x904 Extended 0x7 is a "False Positive" error—it looks like a permissions issue, but it is usually a protocol negotiation failure. While the error message itself is cryptic and unhelpful, the resolution is straightforward if you disable UDP.

Pros of the fix:

  • Does not require a reboot.
  • Stabilizes the connection significantly.

Cons of the error:

  • Microsoft provides no documentation on this specific extended code, leading to significant troubleshooting time.

Recommendation: If you are an IT admin, push out the "Turn off UDP on Client" group policy to users experiencing this issue. If you are an end-user, try

Remote Desktop error 0x904 (Extended Error 0x7) is a general connectivity failure usually triggered by expired self-signed certificates, network instability, or firewall blocks. Top Fixes for Error 0x904 / 0x7 The Remote Desktop error code (Extended Error )

Renew Expired RDP CertificatesRDP relies on a self-signed certificate that may not auto-renew. If this certificate expires, the connection will fail instantly.

Log into the host machine locally or via an alternative tool. Run certlm.msc to open the certificate manager. Navigate to Remote Desktop > Certificates. If the certificate is expired, Delete it.

Restart the Remote Desktop Services (termserv) via the Services app or PowerShell (restart-service termserv -force) to trigger the generation of a new certificate.

Fix Corrupt Certificate Store (Azure VMs)If you are using an Azure Virtual Machine, a corrupt MachineKeys folder can prevent RDP from functioning.

Use the Run Command feature in the Azure Portal to execute this PowerShell command:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM to allow Windows to rebuild the folder.

Verify Firewall and Port 3389Firewalls may block RDP traffic even if the service is enabled.

Use PowerShell to test connectivity: Test-NetConnection [Remote_IP] -Port 3389.

On the host machine, ensure Remote Desktop and Remote Desktop (WebSocket) are allowed for both Public and Private networks in the Windows Firewall.

Adjust Security LayersMismatched encryption settings between the client and host can cause 0x904. On the host, open gpedit.msc.

Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Set Require use of specific security layer for remote (RDP) connections to Enabled and select RDP from the dropdown.

Disable Require user authentication... using Network Level Authentication (NLA) as a test to see if the connection establishes. Summary of Likely Causes Unable to RDP into some Windows Servers - Error code: 0x904

How to Fix Remote Desktop Error 0x904 (Extended Error 0x7) Getting the "This computer can't connect to the remote computer" message is a common headache for sysadmins and remote workers alike. When accompanied by Error Code 0x904 and Extended Error Code 0x7, the problem typically points to unstable network conditions, expired security certificates, or compatibility issues following a Windows 11 upgrade. 1. Fix Expired RDP Certificates

The most common cause of error 0x904 is an expired self-signed certificate on the remote server. These certificates often fail to renew automatically, causing silent connection failures.

Locate the Certificate: Log into the remote server (locally or via another tool) and open the Certificates MMC snap-in by running certlm.msc.

Check Validity: Navigate to Remote Desktop > Certificates. If the certificate is expired, right-click and Delete it.

Regenerate: Restart the Remote Desktop Services through the Services console or by running restart-service termserv -force in an admin Command Prompt. Windows will automatically generate a fresh certificate. 2. Rename the MachineKeys Folder (Azure VMs)

If you are seeing this error while trying to access an Azure Virtual Machine, it often indicates a corrupt certificate store that prevents new certificates from being created.

Azure PowerShell Fix: From the Azure Portal, go to your VM and select Run Command, then choose RunPowerShellScript.

Execute Command: Enter the following to rename the potentially corrupt store:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old".

Reboot: Restart the VM to allow it to rebuild the certificate structure. 3. Windows 11 Compatibility Workarounds

Users often report this error after upgrading to Windows 11. This is sometimes due to how the newer OS handles hostname resolution or security layers.

Connect via IP: Try entering the remote computer's IP address (e.g., 192.168.1.50) instead of its hostname in the Remote Desktop Connection window.

Switch RDP Clients: If the standard "mstsc.exe" continues to fail, try downloading the Microsoft Remote Desktop app from the Windows Store, as it uses a slightly different connection protocol. 4. Adjust Security and Encryption Layers

Mismatched encryption ciphers between the client and server can trigger extended error 0x7.

Group Policy Adjustments: Open gpedit.msc and navigate to:Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Force RDP Security: Enable Require use of specific security layer for remote (RDP) connections and select RDP as the Security Layer.

Disable NLA: As a temporary troubleshooting step, try disabling Require user authentication for remote connections by using Network Level Authentication (NLA). 5. Verify Network and Firewall Settings

Since 0x904 is inherently a network-related error, ensure your traffic isn't being throttled or blocked.

Firewall Exceptions: Ensure both Remote Desktop and Remote Desktop (WebSocket) are allowed through the Windows Defender Firewall for both Public and Private networks.

VPN Stability: If you are on a VPN, check for packet loss or insufficient bandwidth. Experts from The IT Bros note that unstable VPN connections are a primary trigger for this specific error code.

Are you troubleshooting a physical server or an Azure VM, and did the certificate renewal step resolve the issue for you? Unable to RDP into some Windows Servers - Error code: 0x904

The Quick Workaround (Use the Web Client)

If you need immediate access and cannot troubleshoot right now, try using the Web Client instead of the desktop app. Then restart

  • Go to the Azure Virtual Desktop web client (or your specific cloud provider’s web portal).
  • Log in there and try to connect. This often bypasses the token issues present in the local RDP app.

5. Additional Troubleshooting Steps

  • Restart both the client and remote computers.
  • Ensure the remote computer is turned on and connected to the internet.
  • Try connecting using a different RDC client or an alternative remote access tool.

Conclusion

By following these steps, you should be able to resolve the Remote Desktop Connection error code 0x904 with extended error code 0x7. If the issue persists, consider seeking additional help from your network administrator or a professional technician. Do you have any questions or would you like to add any additional troubleshooting steps?

The Remote Desktop connection error 0x904 (Extended Error Code: 0x7) is a common RDP issue that typically indicates a network connection failure security certificate problem

. It often occurs after Windows updates (especially Windows 11) or when using a VPN

Here is a summary of the best troubleshooting steps compiled from expert blog posts and technical forums: 1. Fix Expired RDP Certificates (Most Common Solution)

If you can connect to some servers but not others, an expired self-signed certificate on the host machine is a likely culprit : Log in to the host machine locally or via another tool. Certificates (Local Computer) by running certlm.msc Navigate to Remote Desktop > Certificates Find the expired certificate, right-click, and Restart the Remote Desktop Services ) via Command Prompt as Administrator: restart-service termserv -force . Windows will automatically generate a fresh certificate 2. Rename Corrupt MachineKeys (For Azure VMs)

If you are using an Azure Virtual Machine, a corrupt certificate store may prevent RDP from creating new certificates : Use the Azure Portal's Run Command feature to execute a PowerShell script:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" : Reboot the server 3. Adjust Firewall & Antivirus Settings Security software like Bitdefender or the native Windows Firewall may block the connection Remote Desktop (WebSocket)

are allowed through the firewall for both Private and Public networks

: Try temporarily disabling third-party antivirus to see if the connection is restored 4. Network & Connection Quick Fixes

Understanding and Fixing Remote Desktop Error 0x904 (Extended Error 0x7)

The Remote Desktop Protocol (RDP) error code 0x904 with extended error code 0x7 typically indicates a generic network connectivity issue. It most commonly occurs when the connection is unstable, bandwidth is insufficient, or packets are being lost during the handshake process. Common Causes

Unstable Network/VPN: High latency or a "dodgy" connection, particularly when connecting over a slow VPN.

Firewall Interference: Windows Defender or third-party security software (like Bitdefender) blocking the RDP executable.

Mismatched Encryption: Differences in TLS or encryption cipher requirements between the client and the host. DNS Resolution: Failure to resolve the hostname correctly. Step-by-Step Solutions 1. Test the Connection Basics

Before changing complex settings, verify the fundamental connection:

Use the IP Address: Attempt to connect using the remote computer's IP address instead of its hostname to bypass potential DNS issues.

Flush DNS: On your local machine, open Command Prompt as an administrator and run ipconfig /flushdns.

Check Network Profile: Ensure your network is set to Private rather than Public, as Public profiles often have stricter inbound rules. 2. Configure Firewall Permissions

The RDP application must be explicitly allowed through your firewall on both the host and client computers.

Search for "Allow an app through Windows Firewall" in the Start menu.

Ensure Remote Desktop and Remote Desktop (WebSocket) are checked for both Private and Public networks.

If the issue persists, manually add C:\Windows\System32\mstsc.exe to the allowed list. 3. Adjust Security and Encryption Layers

If the error occurs immediately after entering credentials, it may be an encryption mismatch.

Enable TLS 1.2: Some administrators have resolved this by ensuring TLS 1.2 is enabled via Group Policy on the server. Modify Security Layers: Open the Local Group Policy Editor (gpedit.msc).

Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Enable Require use of specific security layer for remote (RDP) connections and set it to RDP.

Disable Require user authentication... using Network Level Authentication (NLA) as a temporary test to see if it allows the connection. 4. Increase Connection Outstanding Requests

For systems handling multiple requests, you can increase the maximum outstanding connections via the Registry:

Open Command Prompt as Admin and run:REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536. Best Alternatives

If standard RDP continues to fail, users often find success with:

Microsoft Remote Desktop (Store App): Many users report that the modern app version from the Microsoft Store works when the legacy mstsc.exe client fails.

Third-Party Tools: Software like AnyViewer or TeamViewer can bypass complex RDP configuration requirements entirely. Conclusion By following these steps

Are you connecting over a VPN, or are both computers on the same local network? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7

The Remote Desktop error code 0x904 (extended error 0x7) typically indicates a network-level connection failure caused by unstable network conditions, expired security certificates, or firewall blocks. It is most common when using a VPN or after upgrading to Windows 11. Top Recommended Solutions

Renew Expired RDP CertificatesExpired self-signed certificates often prevent certain servers from accepting connections while others on the same network work fine.

Action: Log into the affected server locally. Open Certificates MMC (certlm.msc), navigate to Remote Desktop > Certificates, and delete the expired certificate.

Restart: Open Command Prompt as admin and run restart-service termserv -force to let Windows generate a fresh certificate.

Verify Network and VPN StabilityThis error is frequently triggered by packet loss, insufficient bandwidth, or slow VPN response times.

Action: Reconnect your VPN or test the connection speed. If the connection is sluggish, try switching to a different ISP or network.

Adjust Firewall and Antivirus ExceptionsThird-party security software (like Bitdefender Security) can abruptly block RDP traffic. Action: Add mstsc.exe as an exception in your firewall.

Rule: Ensure both Remote Desktop and Remote Desktop (WebSocket) are allowed for both Private and Public networks.

Connect via IP Instead of HostnameDNS resolution issues can sometimes present as a 0x904 error.

Action: Try establishing the connection using the server’s static IP address rather than its Friendly Domain Name (FQDN).

Azure VM Special Fix: MachineKeys CorruptionIf the error occurs on an Azure Virtual Machine, it often stems from a corrupt certificate store.

Action: In the Azure Portal, use the Run Command feature to execute a PowerShell script renaming the folder: Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM afterward.

Force RDP Security LayerMismatched encryption ciphers or Network Level Authentication (NLA) failures can cause immediate disconnects.

Action: Use the Group Policy Editor (gpedit.msc) on the server. Navigate to Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Setting: Enable Require use of specific security layer and select RDP. Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer

Remote Desktop error 0x904 (extended error 0x7) typically indicates a general network connection failure, often triggered by expired RDP certificates firewall blocks unstable network/VPN conditions www.remoteaccesspcdesktop.com Core Troubleshooting Steps Renew Expired RDP Certificates: On the remote server, open certlm.msc , navigate to Remote Desktop > Certificates , and delete expired certificates. Restart Remote Desktop Services to generate a new one. Use IP Address:

Bypass DNS issues by connecting using the server’s internal IP address instead of its hostname. Verify Firewall Settings: Remote Desktop

is allowed in Windows Firewall for both Private/Public networks. Add exceptions for in third-party security software if necessary. Use Microsoft Store App: Try using the alternative Microsoft Remote Desktop app for better compatibility. Fix Certificate Store (Azure): If using Azure VMs, rename C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys to address potential corruption. Spiceworks Community Additional Solutions Restart Remote Host: Reboot the server to resolve service issues. Check VPN: Ensure your connection is stable. Disable NLA: If needed, disable Network Level Authentication (NLA) on the host for testing. Spiceworks Community Are you connecting to a local server cloud-hosted machine like an Azure VM? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7 30 Jun 2021 —

The Remote Desktop Connection error 0x904 (Extended Code 0x7)

typically indicates a network instability or a security handshake failure

, often caused by expired certificates, firewall blocks, or compatibility issues with newer Windows versions like Windows 11. Step 1: Fix Expired RDP Certificates

This is the most common cause when a connection suddenly fails while others on the same network work fine.

Log into the remote server (via console or alternative access). certlm.msc , and hit Enter to open the Certificates MMC snap-in. Navigate to Remote Desktop > Certificates (or Personal > Certificates).

Look for the certificate issued to the computer name. Check its expiration date. If it is expired or corrupt, right-click and Delete Open Command Prompt as Administrator and run: restart-service termserv -force (or simply restart the server).

Windows will automatically generate a fresh self-signed certificate upon service restart. www.remoteaccesspcdesktop.com Step 2: Windows 11 Compatibility Workarounds

Windows 11 (builds 22H2 and later) has known bugs with RDP hostname resolution and specific cipher suites. www.remoteaccesspcdesktop.com Connect via IP Address : Instead of typing the computer name (e.g., ), use the target's internal IP address (e.g., 192.168.1.100 Use the Microsoft Store App : Users have reported success using the Remote Desktop app from the Microsoft Store instead of the built-in Spiceworks Community Step 3: Check Firewall and Security Software

Even if RDP is "Allowed," specific security layers may still block the connection. www.remoteaccesspcdesktop.com Allow MSTSC explicitly "Allow an app through Windows Firewall" Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for Private and Public. Allow another app , browse to C:\Windows\System32\mstsc.exe , and add it with full permissions. Third-Party Antivirus : Apps like Bitdefender have been known to block RDP. Add to their exception lists. Spiceworks Community Step 4: Azure VM Special Case

If the target is an Azure Virtual Machine, a corrupt certificate store is a frequent culprit. www.remoteaccesspcdesktop.com Azure Portal , go to your VM and select Run command > RunPowerShellScript Run this command to rename the key folder:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server. www.remoteaccesspcdesktop.com Step 5: Adjust Security Layer (Last Resort) Unable to RDP into some Windows Servers - Error code: 0x904 24 Apr 2025 —

Since the phrase "best" at the end of your request suggests you are looking for a solution or a guide on how to interpret this error, I have written a technical review and guide regarding this specific error code combination.

Here is a review of the error, its causes, and the best methods to resolve it.