Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 Full

Remote Desktop error 0x904 (Extended Error 0x7) typically indicates a network connection failure

caused by unstable network conditions, expired security certificates, or firewall blocks Top Solutions to Fix Error 0x904 1. Renew Expired RDP Certificates

This is a common cause for servers that were working but suddenly stopped. Log into the target server locally or via another tool. certlm.msc , and hit Enter to open local certificates. Navigate to Remote Desktop > Certificates Check for an expired certificate. If found,

Restart Remote Desktop Services via Command Prompt (Admin) by running: restart-service termserv -force

Windows will automatically generate a new valid certificate. 2. Clear Corrupt MachineKeys (For Azure VMs)

If you are using an Azure Virtual Machine, a corrupt certificate store often prevents RDP from working. In the Azure Portal, go to your VM and select Run Command RunPowerShellScript Run the following command to rename the key folder:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the VM to regenerate the keys. 3. Update Firewall and Network Profile

Mismatched network profiles (e.g., being set to "Public" instead of "Private") can block traffic. Check Network Profile: Settings > Network & Internet > Status . Ensure your connection is set to Allow through Firewall: Search for "Allow an app through Windows Firewall." Ensure Remote Desktop Remote Desktop (WebSocket) are checked for both Private and Public networks. Test the Port:

Use PowerShell to see if the RDP port (3389) is actually reachable: Test-NetConnection [TargetIP] -Port 3389 4. Registry Fix (Client-Side)

If the issue is related to the Remote Desktop Gateway, a registry adjustment may help. Registry Editor (regedit.exe). HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client Create a new DWORD (32-bit) Value RDGClientTransport and set its value to Restart your computer. Are you connecting to a local server cloud-hosted virtual machine? Fix Remote Desktop Error Code 0x904: 4 Working Solutions

Remote Desktop error 0x904 (Extended Error 0x7) typically indicates a general network connection issue where the client and remote server cannot establish or maintain a stable handshake

. It is frequently linked to unstable network conditions, expired security certificates, or compatibility bugs in newer Windows versions (like Windows 11). Most Common Causes Unstable Network/VPN

: High latency, packet loss, or low bandwidth often trigger this disconnect. Expired RDP Certificates

: The remote server's self-signed RDP certificate may have expired and failed to renew. Encryption Mismatch

: The TLS version or encryption ciphers on the client do not match the server's requirements. Firewall Interference

: Security software or the Windows Firewall might be blocking or port 3389. Recommended Solutions Connect via IP Address Try connecting using the remote server's IP address

instead of its hostname. This bypasses potential DNS or NetBIOS resolution bugs often found in Windows 11. Renew RDP Certificates (Server-Side)

Expired certificates are a major culprit. On the remote computer: Certificates (Local Computer) by running certlm.msc Navigate to Remote Desktop > Certificates If a certificate is expired, delete it. Restart the Remote Desktop Services TermService ) via the Services app to automatically generate a new one. Use the Microsoft Store RDP App Users have reported that the Microsoft Remote Desktop app from the Windows Store often works when the built-in client fails due to these specific error codes. Allow Through Firewall Ensure RDP is permitted on both machines:

Control Panel > System and Security > Windows Defender Firewall > Allowed apps Change settings and ensure Remote Desktop Remote Desktop (WebSocket) are checked for both Private and Public networks. Fix Corrupt MachineKeys (Azure/Server)

If the server cannot generate new certificates, the key store might be corrupt. : This requires an administrative reboot. Rename the folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and restart the server to rebuild the key store. Spiceworks Community PowerShell commands to verify if your RDP port (3389) is open on the network? Unable to RDP into some Windows Servers - Error code: 0x904 24 Apr 2025 —

The "Remote Desktop Connection Error Code 0x904 (Extended Error Code 0x7)" is a frustrating hurdle that usually points to a breakdown in communication between your local machine and the remote host. Unlike generic "cannot connect" messages, this specific pairing often signals that while the network path is open, the Remote Desktop Protocol (RDP) session handshake failed to complete.

Here is a comprehensive guide to diagnosing and fixing this error. What Does Error 0x904 / 0x7 Actually Mean? In the world of Windows RDP:

Error 0x904: Indicates a failure to initiate the connection.

Extended Error 0x7: Often refers to a timeout or a security negotiation failure. Remote Desktop error 0x904 (Extended Error 0x7) typically

Essentially, your computer reached out to the server, but the server didn't respond in time or rejected the "handshake" because of security settings or an overloaded session. 1. The "Quick Fix" Checklist

Before diving into registry edits, try these baseline steps:

Verify the IP/Hostname: Ensure no typos and that the remote PC is actually turned on and connected to the internet.

Toggle Remote Desktop: On the host PC, go to Settings > System > Remote Desktop, turn it off, and then back on.

Check VPN Status: If you are using a VPN, disconnect and reconnect. 0x904 is frequently caused by "MTU fragmentation," where the VPN packet size is too large for the network to handle. 2. Adjust RDP Security Settings (NLA)

Network Level Authentication (NLA) is a security layer that requires the user to authenticate before a session is established. If t

On the Host PC, open Control Panel > System and Security > System > Remote Settings.

Under the Remote Desktop section, uncheck "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)."

Warning: This lowers security slightly, so only do this to test if it resolves the error. 3. Clear the DNS Cache and Reset Sockets Sometimes the network "map" on your computer is stale. Open Command Prompt as Administrator.

Type the following commands one by one, hitting Enter after each: ipconfig /flushdns netsh winsock reset Restart your computer and try the connection again. 4. Configure Windows Firewall

Even if RDP is "Allowed," the specific port (3389) might be blocked by a specific rule.

Search for Windows Defender Firewall with Advanced Security. Click Inbound Rules.

Ensure all rules for Remote Desktop (TCP-In) and Remote Desktop (UDP-In) are enabled (look for the green checkmark). 5. Disable UDP for RDP (Group Policy)

While RDP uses both TCP and UDP, the UDP stream is often the culprit for 0x904 errors on unstable connections. Forcing RDP to use only TCP often fixes the "Extended Error 0x7" timeout.

On the Client PC, press Win + R, type gpedit.msc, and hit Enter.

Navigate to: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client. Find Turn Off UDP On Client and set it to Enabled. Restart the Remote Desktop app. 6. Registry Fix (Last Resort)

If the above fails, you can manually reset the RDP security provider via the Registry.

Navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Find the SecurityLayer DWORD.

Change the value to 1 (this allows the server to negotiate the security layer).

The 0x904 / 0x7 error is usually a symptom of a security mismatch or a network timeout. Start by disabling NLA and forcing TCP-only connections; these two steps resolve roughly 80% of cases.

Troubleshooting Remote Desktop Error 0x904 (Extended Error 0x7)

Remote Desktop Protocol (RDP) is a lifesaver for remote work, but it’s notorious for cryptic errors. If you’ve run into Error Code 0x904 with the Extended Error Code 0x7, you’re likely staring at a message that says, "Your computer can't connect to the remote computer."

This specific combination usually points to a breakdown in the initial handshake or network security layer. Here is a comprehensive guide to getting back online. What Causes Error 0x904 (0x7)? Summary: The fastest fix is usually Solution 1

While standard RDP errors often involve wrong passwords, the 0x904/0x7 combo is more specific. It typically indicates:

Network Congestion: The connection timed out before it could stabilize.

NLA Conflicts: Network Level Authentication (NLA) is failing to verify the user.

Firewall Blocks: A security suite is letting the ping through but dropping the actual data stream.

WVD/Azure Issues: This error is particularly common in Windows Virtual Desktop (Azure Virtual Desktop) environments where the gateway fails to hand off the session. Phase 1: Quick Fixes (The "Easy Wins") Before diving into registry edits, try these basic steps:

Toggle the VPN: If you are on a VPN, disconnect and reconnect. Often, MTU (Maximum Transmission Unit) size issues on a VPN cause the 0x7 extended error.

Check RDP Port (3389): Ensure the remote PC is actually listening on port 3389 and that it hasn't been changed in the registry.

Restart the "Remote Desktop Services" Service: On the host machine, open services.msc, find Remote Desktop Services, and hit Restart. Phase 2: Adjusting Network Level Authentication (NLA)

NLA is a security layer that requires users to authenticate before a session is established. If there’s a mismatch in security certificates, the connection will drop with error 0x7.

On the Remote PC, right-click "This PC" and go to Properties.

Click Remote Desktop (or Advanced System Settings > Remote tab).

Uncheck the box: "Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)."

Try connecting again. If this works, you likely have a domain trust or certificate issue that needs addressing. Phase 3: Update the Remote Desktop Client

If you are using the older "Remote Desktop Connection" (mstsc.exe) to connect to Azure or a modern Windows 11 setup, it may lack the protocol support needed for modern gateways.

Download the Microsoft Remote Desktop app from the Microsoft Store. It handles the 0x904 handshake much more gracefully than the legacy tool. Phase 4: Registry Tweak for "MaxOutstandingConnections"

In some cases, the remote server is "too busy" to handle the incoming request, triggering a timeout. Press Win + R, type regedit, and hit Enter.

Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server Look for a DWORD named MaxOutstandingConnections.

If it’s not there, create it (Right-click > New > DWORD 32-bit).

Set the value to 1000 (Decimal). This gives the server more "room" to handle pending connection requests. Phase 5: Specific Fix for Azure Virtual Desktop (AVD)

If you see this error while using AVD, it is almost always a Resource Group or Network Security Group (NSG) issue. Ensure the RD Gateway is reachable.

Verify that the host pool is "Healthy" in the Azure portal. If the status is "Needs Assistance" or "Unavailable," the 0x904 error is just a symptom of the VM being stuck in a boot loop or update state.

Remote Desktop error 0x904 (Extended 0x7) is essentially a "connection timed out during authentication" error. Starting with disabling NLA and updating your client software usually resolves 90% of cases.

Are you connecting to a local office PC or a cloud-based virtual machine like Azure? Knowing this helps narrow down if the issue is your router or a cloud gateway configuration. Error Code: 0x904 Extended Error Code: 0x7 Affected

The error code 0x904 and extended error code 0x7 when trying to establish a Remote Desktop Connection (RDC) can be quite specific and may not have a widely documented solution. However, I'll guide you through some general troubleshooting steps and potential solutions that might help resolve the issue.

Article Difficulty: Advanced / System Administrator Level
Estimated Reading Time: 8 minutes

Error 0x904 (extended 0x7) commonly indicates a connection/authentication failure between the client and Remote Desktop infrastructure—focus on network/DNS, RD Gateway and certificate configuration, authentication/NLA, and service health. Follow the checklist above to isolate and remediate the root cause.

Related search suggestions will be provided.

Remote Desktop error 0x904 (Extended error 0x7) generally indicates a connection failure often caused by network instability, expired security certificates, or firewall blocks

. It frequently appears after Windows updates or when connecting over a VPN. Spiceworks Community Common Fixes Renew Remote Desktop Certificates

: Expired or missing self-signed certificates on the host machine are a frequent cause. certlm.msc , navigate to Remote Desktop > Certificates , and check for expired entries. Delete expired certificates and restart Remote Desktop Services ) to force Windows to generate a new one. Configure Firewall Exceptions Remote Desktop (WebSocket)

are allowed through the Windows Firewall on both the host and client computers. Stabilize the Network/VPN

: This error often points to insufficient bandwidth or packet loss. Try connecting via the IP address instead of the hostname to bypass potential DNS issues.

If using a VPN, reconnect to the workspace or check if your ISP is throttling the connection. Adjust Security Settings (NLA) : In some cases, disabling Network Level Authentication (NLA)

on the server side or forcing the RDP security layer via Group Policy ( gpedit.msc ) can resolve encryption mismatches. Fix MachineKeys Corruption (Azure/Cloud VMs) : If the host is an Azure VM, the MachineKeys

folder might be corrupt, preventing certificate generation. Renaming the folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and rebooting can fix this. www.remoteaccesspcdesktop.com Alternative Workarounds Microsoft Store App Remote Desktop app

from the Microsoft Store, as it often bypasses bugs present in the standard Check Max Connections

: Increase the allowed connection requests in the registry by setting MaxOutstandingConnections HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server Microsoft Learn After Windows 11 Upgrade RDP Error 0x904 extended error 0x7

If none of the above works, you need telemetry.

Extended error code 0x7 can occasionally reference a refusal due to resource limits. If you are using the Remote Desktop Services (RDS) role rather than a standard desktop OS:

Summary: The fastest fix is usually Solution 1. By disabling the NLA requirement, you force the connection to authenticate at the session layer rather than the network layer, bypassing the specific handshake causing error 0x904.

Error Code: 0x904
Extended Error Code: 0x7
Affected Service: Remote Desktop Protocol (RDP)
Observed On: Windows Remote Desktop Client

The RD Gateway server is presenting a certificate that the client does not trust. Specifically: