I Remote Desktop Connection Error Code 0x904 Better May 2026

Remote Desktop error 0x904 (often accompanied by extended error code 0x7) is a common connection failure that occurs when the client cannot establish a stable or secure session with the remote host.  Top Root Causes 

Expired RDP Certificates: The most frequent cause for specific servers failing while others work. Windows generates self-signed certificates that don't always auto-renew.

Network Instability: Insufficient bandwidth, high packet loss, or a sluggish VPN connection.

Encryption Mismatch: Incompatibility between the client and server security layers (e.g., NLA or TLS versions).

Windows 11 Compatibility: Recent updates have introduced hostname resolution bugs.

Firewall/AV Blocking: Security software like Bitdefender or Windows Defender blocking mstsc.exe.  Step-by-Step Fixes  1. Renew Expired RDP Certificates (Recommended) 

If only some servers are affected, a silent certificate expiration is likely the culprit.  Log into the host locally. Open certlm.msc (Certificates console). i remote desktop connection error code 0x904 better

Navigate to Remote Desktop > Certificates and Delete the expired certificate.

Restart Remote Desktop Services via Command Prompt (Admin): restart-service termserv -force to trigger a new auto-generated certificate.  2. Bypass Hostname Issues 

Try connecting using the IP address (e.g., 192.168.1.50) instead of the computer name. This is a proven workaround for Windows 11 RDP bugs.  3. Repair Azure VM Certificate Stores 

For Azure Virtual Machines, address potential certificate corruption in the MachineKeys folder. 

Use the Run Command tool in the Azure Portal to run this PowerShell script:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" Reboot the server.  4. Adjust Security & Encryption Layers 

If connection drops occur, test by lowering security requirements via gpedit.msc:  Remote Desktop error 0x904 (often accompanied by extended

Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Enable "Require use of specific security layer..." and select RDP.

Disable "Require user authentication... using Network Level Authentication (NLA)".  5. Whitelist RDP in Firewall 

Ensure mstsc.exe is explicitly allowed through both Private and Public firewalls, ensuring Remote Desktop and Remote Desktop (WebSocket) are checked in "Allow an app through Windows Firewall".  Review Summary  Solution  Effectiveness Difficulty Best For Certificate Renewal Single server failures IP Address Connection Windows 11 users Firewall Exception New setups / After AV updates Azure MachineKeys Fix Azure VM instances

If these steps do not resolve the issue, consider if the problem is related to a VPN/local network issue, Windows 11 compatibility, or a recent Windows Update.  Unable to RDP into some Windows Servers - Error code: 0x904

Draft Guide: Resolving Remote Desktop Connection Error Code 0x904 Step-by-Step Troubleshooting Guide 7

Introduction

Remote Desktop Connection (RDC) is a convenient feature in Windows that allows users to connect to another computer remotely. However, users may encounter errors while trying to establish a connection. One such error is the Remote Desktop Connection error code 0x904. In this guide, we will explore possible causes and solutions to resolve this issue.

Understanding Error Code 0x904

The error code 0x904 typically indicates a problem with the Remote Desktop Connection. The exact cause can vary, but common issues include:

• Incorrect or outdated Remote Desktop settings
• Network connectivity problems
• Conflicting software or firewall rules
• Issues with the remote computer's configuration

Step-by-Step Troubleshooting Guide

7. Prevention & Best Practices

• Use internal PKI – Deploy a domain CA-issued certificate for all RDP hosts.
• Short hostname resolution – Ensure forward/reverse DNS matches certificate name.
• Automate cert renewal – Group Policy or Intune to push trusted root certs.
• Avoid self-signed certs in production RDP environments.
• Test certificate chain using CertUtil -verify or openssl verify.

Fix #1: Adjust the RDP Security Layer via Group Policy (Most Effective)

On the remote (host) computer:

1. Press Win + R, type gpedit.msc, hit Enter.
2. Navigate to:
   Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security
3. Double-click “Require use of specific security layer for remote (RDP) connections”.
4. Set it to Enabled and choose RDP (not Negotiate or SSL).
   • Why? Negotiate can fail if the host tries to use an unsupported TLS version. Forcing classic RDP encryption bypasses the certificate requirement entirely (safe for LANs; use with caution over the internet).
5. Click OK, then run gpupdate /force in Command Prompt.

Better approach: If you need SSL/TLS, choose SSL (TLS 1.0) only if the client supports it. Modern Windows prefers TLS 1.2+.

What is Error Code 0x904?

Error code 0x904 is generally categorized as a DNS or Network Discovery failure. In simple terms, your computer is trying to "dial" the remote machine, but it doesn't know the correct "phone number" (IP address) associated with the name you entered, or the network path is blocked.