The Remote Desktop error code (Extended Error ) typically signals a network-level disconnect or a security handshake failure. It often surfaces during unstable connections, when VPN speeds drop, or due to expired RDP certificates.
Below are the most effective solutions for resolving this error: 1. Fix Expired or Corrupt RDP Certificates
Often, the self-signed certificate used for RDP has expired or become corrupted, which explains why some servers work while others on the same network fail. For Windows Servers: Open the Certificates MMC snap-in ( certlm.msc Navigate to Remote Desktop > Certificates Delete the expired certificate. Open Command Prompt as Administrator and run: restart-service termserv -force to automatically generate a new one. For Azure VMs: Users often resolve this by renaming the MachineKeys folder via the Azure Portal's "Run Command" feature:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" then reboot the server. 2. Bypass DNS with IP Address
If there is a DNS resolution issue or a bug in a specific Windows 11 update, hostnames may fail to resolve correctly. Try connecting directly using the IP address of the remote computer instead of its hostname. Flush your DNS cache on the client machine by running ipconfig /flushdns in Command Prompt. 3. Adjust Security & NLA Settings
Compatibility issues with Network Level Authentication (NLA) or mismatched encryption cyphers frequently trigger this error. Disable NLA temporarily to test the connection:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
Require use of specific security layer for remote (RDP) connections and select as the Security Layer.
Require user authentication for remote connections by using Network Level Authentication 4. Verify Firewall & Antivirus Exceptions
Remote Desktop error 0x904 (Extended error 0x7) typically indicates a network instability or a security handshake failure, such as expired certificates or mismatched encryption settings. This error is common on modern Windows 10/11 and Windows Server (2016-2022) environments. Quick Fixes
Switch to IP Address: Attempt to connect using the remote computer's IP address instead of its hostname to bypass potential DNS resolution issues.
Restart RDP Services: On the remote machine, open a Command Prompt as Administrator and run:net stop termservice then net start termservice.
Check VPN/Network: If you are using a VPN, disconnect and reconnect. Slow or high-latency VPN connections are a primary cause of this specific error code. Detailed Troubleshooting Guide 1. Fix Expired RDP Certificates (Server Side)
Expired self-signed certificates are a frequent "hidden" cause for 0x904 errors on specific servers.
On the remote server, press Win + R, type certlm.msc, and press Enter. Navigate to Remote Desktop > Certificates.
Check if the certificate is expired. If it is, right-click and delete it.
Restart the Remote Desktop Services (as shown in Quick Fixes) to force Windows to generate a new valid certificate. 2. Adjust Security Layer Settings (GPO)
If the client and server have mismatched encryption ciphers, forcing a specific security layer can resolve the handshake failure.
Open the Group Policy Editor (gpedit.msc) on the remote server.
Go to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Require use of specific security layer for remote (RDP) connections: Set to Enabled and choose RDP from the dropdown.
Require user authentication... using Network Level Authentication (NLA): Set to Disabled for testing, then restart the server. 3. Firewall & Antivirus Exceptions
Third-party security software (like Bitdefender) often blocks RDP after Windows updates.
Ensure mstsc.exe is added to the exception list in your antivirus.
Verify Windows Firewall allows both Remote Desktop and Remote Desktop (WebSocket) for Private and Public networks on both machines. 4. Registry Modification (Client Side)
Adding a specific transport key can help the client handle modern RDP gateway connections better. Unable to RDP into some Windows Servers - Error code: 0x904
Before jumping to fixes, identify which scenario matches your environment. These causes are ranked from most to least common:
0x7 (untrusted timestamp)..rdp files or cached credentials become corrupted, forcing a broken SSL negotiation.Conclusion
By following these steps, you should be able to resolve the Remote Desktop Connection error code 0x904 with extended error code 0x7. If the issue persists, consider seeking additional help from your network administrator or a professional technician. Do you have any questions or would you like to add any additional troubleshooting steps?
The Remote Desktop error 0x904 (Extended Code 0x7) is a common connection failure that typically stems from network instability, firewall misconfigurations, or expired security certificates. This error often appears on Windows 10/11 and Windows Server 2016/2019/2022, especially after system updates. www.remoteaccesspcdesktop.com Primary Causes Network Instability:
Insufficient bandwidth, high packet loss, or slow VPN connections. Certificate Issues:
Expired self-signed RDP certificates or corrupt certificate stores (common on Azure VMs). Firewall Blocks: Misconfigured rules on either the client or host machine. Compatibility: Known quirks in Windows 11 hostname resolution. Spiceworks Community Best Fixes & Troubleshooting Steps 1. Fix Expired RDP Certificates (Recommended)
This is the most common resolution for persistent 0x904 errors on physical servers. www.remoteaccesspcdesktop.com
Access the host server locally or via an alternative method. Open the Certificates snap-in: Press certlm.msc , and hit Enter. Navigate to Remote Desktop > Certificates Check for an expired certificate. If it is past its date, right-click and delete Open Command Prompt as Administrator and run: restart-service termserv -force . Windows will automatically generate a new certificate. www.remoteaccesspcdesktop.com 2. Use IP Address Instead of Hostname
Windows 11 sometimes fails to resolve hostnames correctly for RDP, triggering 0x904. www.remoteaccesspcdesktop.com In the Remote Desktop Connection window, enter the IP address 192.168.1.50 ) instead of the computer name. TheITBros.com 3. Configure Firewall Rules Ensure the correct RDP services are allowed through the Windows Defender Firewall on both machines.
Search for "Allow an app through Windows Firewall" in the Start menu. Change settings Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for both C:\Windows\System32\mstsc.exe manually if it is not in the list. www.remoteaccesspcdesktop.com 4. Fix Azure VM Certificate Corruption If the error occurs on an Azure Virtual Machine Azure Portal to reset the certificate store. www.remoteaccesspcdesktop.com In the Azure Portal, go to your VM's Run command RunPowerShellScript and execute:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server. www.remoteaccesspcdesktop.com 5. Adjust Security Layers (Legacy Support)
If connecting from an older client to a newer host, the security layer might be too high. TheITBros.com On the host, open Local Group Policy Editor gpedit.msc Navigate to: The Remote Desktop error code (Extended Error )
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
Require use of specific security layer for remote (RDP) connections and set it to Microsoft Learn Are you connecting over a local network , and which version of is the host machine running? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
The Remote Desktop Connection error 0x904 (Extended Code 0x7)
typically indicates a network instability or a security handshake failure
, often caused by expired certificates, firewall blocks, or compatibility issues with newer Windows versions like Windows 11. Step 1: Fix Expired RDP Certificates
This is the most common cause when a connection suddenly fails while others on the same network work fine.
Log into the remote server (via console or alternative access). certlm.msc , and hit Enter to open the Certificates MMC snap-in. Navigate to Remote Desktop > Certificates (or Personal > Certificates).
Look for the certificate issued to the computer name. Check its expiration date. If it is expired or corrupt, right-click and Delete Open Command Prompt as Administrator and run: restart-service termserv -force (or simply restart the server).
Windows will automatically generate a fresh self-signed certificate upon service restart. www.remoteaccesspcdesktop.com Step 2: Windows 11 Compatibility Workarounds
Windows 11 (builds 22H2 and later) has known bugs with RDP hostname resolution and specific cipher suites. www.remoteaccesspcdesktop.com Connect via IP Address : Instead of typing the computer name (e.g., ), use the target's internal IP address (e.g., 192.168.1.100 Use the Microsoft Store App : Users have reported success using the Remote Desktop app from the Microsoft Store instead of the built-in Spiceworks Community Step 3: Check Firewall and Security Software
Even if RDP is "Allowed," specific security layers may still block the connection. www.remoteaccesspcdesktop.com Allow MSTSC explicitly "Allow an app through Windows Firewall" Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for Private and Public. Allow another app , browse to C:\Windows\System32\mstsc.exe , and add it with full permissions. Third-Party Antivirus : Apps like Bitdefender have been known to block RDP. Add to their exception lists. Spiceworks Community Step 4: Azure VM Special Case
If the target is an Azure Virtual Machine, a corrupt certificate store is a frequent culprit. www.remoteaccesspcdesktop.com Azure Portal , go to your VM and select Run command > RunPowerShellScript Run this command to rename the key folder:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server. www.remoteaccesspcdesktop.com Step 5: Adjust Security Layer (Last Resort) Unable to RDP into some Windows Servers - Error code: 0x904 24 Apr 2025 —
Remote Desktop Error 0x904 (Extended Error 0x7) typically indicates a failure to establish a stable network handshake or an authentication mismatch between the client and the remote host. Key Causes and Quick Fixes
Expired RDP Certificates: This is the most common "hidden" cause. If a server's self-signed certificate expires, it won't automatically renew, leading to random connection failures on specific hosts.
Unstable Network/VPN: This error frequently occurs due to packet loss, insufficient bandwidth, or slow VPN connections.
Windows 11 Compatibility: Recent builds (22H2+) sometimes struggle with hostname resolution for RDP, throwing this error even when the network is fine.
Firewall Blocking: Even if RDP is enabled, Windows Defender or third-party security software like Bitdefender may block the specific mstsc.exe process. Step-by-Step Troubleshooting Guide 1. Renew Expired RDP Certificates
If you can access the server via another method (e.g., local console or Azure portal): Open the Certificates MMC snap-in (certlm.msc). Navigate to Remote Desktop > Certificates.
Check the expiration date. If expired, delete the old certificate.
Restart the Remote Desktop Service by running restart-service termserv -force in an elevated PowerShell. Windows will automatically generate a new one. 2. Connect via IP Address
Bypass potential DNS or hostname resolution issues by entering the remote computer's IP address directly into the Remote Desktop Connection client instead of its name. 3. Adjust Firewall Rules
Ensure RDP is fully permitted in Windows Firewall. Verify that Remote Desktop and Remote Desktop (WebSocket) are enabled for both Private and Public networks. 4. Fix Azure VM Certificate Corruption
For Azure VMs, a corrupted key store often causes this error. This guide from remoteaccesspcdesktop.com details using Azure Portal's "Run command" to rename the MachineKeys folder, which forces a rebuild of the certificate store upon restart. After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
The Remote Desktop error code 0x904 (extended error 0x7) typically indicates a network-level connection failure caused by unstable network conditions, expired security certificates, or firewall blocks. It is most common when using a VPN or after upgrading to Windows 11. Top Recommended Solutions
Renew Expired RDP CertificatesExpired self-signed certificates often prevent certain servers from accepting connections while others on the same network work fine.
Action: Log into the affected server locally. Open Certificates MMC (certlm.msc), navigate to Remote Desktop > Certificates, and delete the expired certificate.
Restart: Open Command Prompt as admin and run restart-service termserv -force to let Windows generate a fresh certificate.
Verify Network and VPN StabilityThis error is frequently triggered by packet loss, insufficient bandwidth, or slow VPN response times.
Action: Reconnect your VPN or test the connection speed. If the connection is sluggish, try switching to a different ISP or network.
Adjust Firewall and Antivirus ExceptionsThird-party security software (like Bitdefender Security) can abruptly block RDP traffic. Action: Add mstsc.exe as an exception in your firewall.
Rule: Ensure both Remote Desktop and Remote Desktop (WebSocket) are allowed for both Private and Public networks.
Connect via IP Instead of HostnameDNS resolution issues can sometimes present as a 0x904 error.
Action: Try establishing the connection using the server’s static IP address rather than its Friendly Domain Name (FQDN).
Azure VM Special Fix: MachineKeys CorruptionIf the error occurs on an Azure Virtual Machine, it often stems from a corrupt certificate store.
Action: In the Azure Portal, use the Run Command feature to execute a PowerShell script renaming the folder: Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM afterward.
Force RDP Security LayerMismatched encryption ciphers or Network Level Authentication (NLA) failures can cause immediate disconnects. Top 5 Causes of the 0x904 / 0x7
Action: Use the Group Policy Editor (gpedit.msc) on the server. Navigate to Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Setting: Enable Require use of specific security layer and select RDP. Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer
Troubleshooting Remote Desktop Error 0x904 (Extended Code 0x7)
The Remote Desktop connection error 0x904 with extended error code 0x7 is a common Windows error that typically indicates a network connectivity issue. It often occurs when the network connection is unstable, bandwidth is insufficient, or there is a mismatch in encryption settings between the client and the host. Quick Summary of Causes
Unstable Network: Slow VPN speeds, packet loss, or low bandwidth.
Security Software Interference: Firewalls or antivirus (like Bitdefender) blocking rdp.exe.
Expired Certificates: Corrupt or expired self-signed RDP certificates on the remote server.
NLA Conflicts: Network Level Authentication (NLA) issues, especially after a Windows 11 upgrade. Step-by-Step Solutions 1. Verify and Allow RDP Through Firewall
A single misconfigured firewall setting can trigger this error. Ensure RDP traffic is allowed on both the source and destination computers.
Press Win + S and type "Allow an app through Windows Firewall". Click Change settings.
Check both Remote Desktop and Remote Desktop (WebSocket) for both Private and Public networks.
If it’s missing, click Allow another app, browse to C:\Windows\System32\mstsc.exe, and add it.
Confirm that TCP port 3389 is open using PowerShell: Test-NetConnection [server_name] -Port 3389. 2. Renew Expired RDP Certificates
If the server's self-signed certificate is invalid, open the Certificates MMC snap-in (certlm.msc), navigate to Remote Desktop > Certificates, delete expired ones, and restart the Remote Desktop Services (restart-service termserv -force) to generate a new one. 3. Adjust Network Level Authentication (NLA)
Modify NLA settings via the Group Policy Editor (gpedit.msc) under Computer Configuration settings for Remote Desktop Services if compatibility issues are suspected. Unable to RDP into some Windows Servers - Error code: 0x904
Understanding and Fixing Remote Desktop Error 0x904 (Extended Error 0x7)
The Remote Desktop Protocol (RDP) error code 0x904 with extended error code 0x7 typically indicates a generic network connectivity issue. It most commonly occurs when the connection is unstable, bandwidth is insufficient, or packets are being lost during the handshake process. Common Causes
Unstable Network/VPN: High latency or a "dodgy" connection, particularly when connecting over a slow VPN.
Firewall Interference: Windows Defender or third-party security software (like Bitdefender) blocking the RDP executable.
Mismatched Encryption: Differences in TLS or encryption cipher requirements between the client and the host. DNS Resolution: Failure to resolve the hostname correctly. Step-by-Step Solutions 1. Test the Connection Basics
Before changing complex settings, verify the fundamental connection:
Use the IP Address: Attempt to connect using the remote computer's IP address instead of its hostname to bypass potential DNS issues.
Flush DNS: On your local machine, open Command Prompt as an administrator and run ipconfig /flushdns.
Check Network Profile: Ensure your network is set to Private rather than Public, as Public profiles often have stricter inbound rules. 2. Configure Firewall Permissions
The RDP application must be explicitly allowed through your firewall on both the host and client computers.
Search for "Allow an app through Windows Firewall" in the Start menu.
Ensure Remote Desktop and Remote Desktop (WebSocket) are checked for both Private and Public networks.
If the issue persists, manually add C:\Windows\System32\mstsc.exe to the allowed list. 3. Adjust Security and Encryption Layers
If the error occurs immediately after entering credentials, it may be an encryption mismatch.
Enable TLS 1.2: Some administrators have resolved this by ensuring TLS 1.2 is enabled via Group Policy on the server. Modify Security Layers: Open the Local Group Policy Editor (gpedit.msc).
Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Enable Require use of specific security layer for remote (RDP) connections and set it to RDP.
Disable Require user authentication... using Network Level Authentication (NLA) as a temporary test to see if it allows the connection. 4. Increase Connection Outstanding Requests
For systems handling multiple requests, you can increase the maximum outstanding connections via the Registry:
Open Command Prompt as Admin and run:REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536. Best Alternatives
If standard RDP continues to fail, users often find success with:
Microsoft Remote Desktop (Store App): Many users report that the modern app version from the Microsoft Store works when the legacy mstsc.exe client fails. Expired or Self-Signed Certificates (Most Common): You are
Third-Party Tools: Software like AnyViewer or TeamViewer can bypass complex RDP configuration requirements entirely.
Are you connecting over a VPN, or are both computers on the same local network? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
Fixing Remote Desktop Error Code 0x904 (Extended Code 0x7) Remote Desktop Connection (RDP) error code 0x904 with extended error code 0x7 is a common connection failure that often occurs after Windows updates (especially Windows 11 upgrades) or when network conditions are unstable. It typically signifies that the client is unable to establish a secure, stable handshake with the remote host. Core Causes
Unstable Network/VPN: Insufficient bandwidth, high packet loss, or slow VPN connections.
Expired RDP Certificates: Self-signed certificates on the host machine may have expired and failed to auto-renew.
Encryption Mismatches: A failure in TLS/SSL negotiation where the client and server do not support the same cipher suites.
Firewall Blockage: Antivirus software or Windows Defender Firewall may be blocking the connection on either the source or destination.
OS Compatibility: Frequent issues reported when connecting from Windows 11 to older Windows Server versions. Step-by-Step Solutions 1. Renew Expired RDP Certificates
Expired self-signed certificates are a primary cause of this error on servers that haven't been rebooted in a while.
Log into the remote server locally or via a different remote access tool.
Press Win + R, type certlm.msc, and press Enter to open the Certificates console. Navigate to Remote Desktop > Certificates.
Check the expiration date. If expired, delete the old certificate.
Open an elevated Command Prompt and restart the term service to generate a new certificate:restart-service termserv -force.
It looks like there's no response available for this search. Try asking something else. Unable to RDP into some Windows Servers - Error code: 0x904
net start "Remote Desktop Services"
The dreaded "remote desktop connection error code 0x904 extended error code 0x7" is a classic authentication and certificate trust failure. While intimidating, it is almost always fixable using the steps above.
Summary of the best fix by scenario:
Start with the rapid triage, move to the permanent fixes, and you will restore your remote connection within minutes. Don’t let error 0x904/0x7 stop your productivity—apply the solutions above and connect with confidence.
Have a unique variation of this error? Check your Event Viewer logs (Applications and Service Logs > Microsoft > Windows > TerminalServices... > Operational) for the exact sub-status code. Good luck!
Remote Desktop error 0x904 (Extended Error 0x7) is a general connectivity failure usually triggered by expired self-signed certificates, network instability, or firewall blocks. Top Fixes for Error 0x904 / 0x7
Renew Expired RDP CertificatesRDP relies on a self-signed certificate that may not auto-renew. If this certificate expires, the connection will fail instantly.
Log into the host machine locally or via an alternative tool. Run certlm.msc to open the certificate manager. Navigate to Remote Desktop > Certificates. If the certificate is expired, Delete it.
Restart the Remote Desktop Services (termserv) via the Services app or PowerShell (restart-service termserv -force) to trigger the generation of a new certificate.
Fix Corrupt Certificate Store (Azure VMs)If you are using an Azure Virtual Machine, a corrupt MachineKeys folder can prevent RDP from functioning.
Use the Run Command feature in the Azure Portal to execute this PowerShell command:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM to allow Windows to rebuild the folder.
Verify Firewall and Port 3389Firewalls may block RDP traffic even if the service is enabled.
Use PowerShell to test connectivity: Test-NetConnection [Remote_IP] -Port 3389.
On the host machine, ensure Remote Desktop and Remote Desktop (WebSocket) are allowed for both Public and Private networks in the Windows Firewall.
Adjust Security LayersMismatched encryption settings between the client and host can cause 0x904. On the host, open gpedit.msc.
Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Set Require use of specific security layer for remote (RDP) connections to Enabled and select RDP from the dropdown.
Disable Require user authentication... using Network Level Authentication (NLA) as a test to see if the connection establishes. Summary of Likely Causes Unable to RDP into some Windows Servers - Error code: 0x904
It looks like you're encountering Remote Desktop error 0x904 with extended error 0x7, and you're looking for the best fix.
Let me break down what this means and the most effective solutions.
ERROR_ARENA_TRASHED (roughly) or, in RDP context, often indicates a credential/security layer mismatch or a license store corruptionSo the core issue: your Windows RDP client cannot establish a secure, licensed session with the remote host.
Sometimes, error 0x7 occurs because the system is trying to send saved credentials, but the server requires fresh credentials every time.
mstsc).0x7 often maps to E_INVALIDARG (Invalid Argument). This implies that the client sent a parameter or request to the server (or gateway) that was malformed, unrecognized, or blocked by a policy.Sometimes, the automatic security negotiation fails, triggering 0x904.
On the Client Side (Your PC):
mstsc.exe)..rdp file..rdp file, open with Notepad.authentication level:i:0
enablecredsspsupport:i:0On the Server Side (If you control it):
Open gpedit.msc > Computer Config > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security: