[best] | I Remote Desktop Connection Error Code 0x904 Install

The Remote Desktop error code 0x904 (often accompanied by extended error 0x7) is a common hurdle for IT admins and remote workers. It typically signals a communication breakdown between your computer and the remote host, often due to expired security certificates or network instability.

Here is a short story of how an admin might encounter and solve this issue: The "Silent Expiration" Mystery

Imagine a Tuesday morning where everything seems normal until you try to log into a critical Windows Server. Instead of the familiar desktop, you're hit with a popup: "This computer can't connect to the remote computer. Error code: 0x904".

You check the server—it’s online. You check other servers on the same subnet, and they work perfectly. This "random" behavior is the first clue. As documented by experts at TheITBros.com, this error often stems from unstable network paths or VPN bottlenecks, but when it's specific to just one machine, the culprit is usually deeper. The Investigation

After digging through Reddit, you realize the issue might be an expired self-signed certificate. RDP uses these certificates to secure the "tunnel" between machines. If the certificate expires—which happens silently without warning—the connection simply drops.

To resolve this, you might follow these steps used by seasoned sysadmins:

Renew the Certificate: Log in locally (or via another remote tool) and open the Certificates manager (certlm.msc). Under Remote Desktop > Certificates, you find the expired one, delete it, and restart the Remote Desktop Services. Windows then automatically generates a fresh, valid certificate.

Firewall Check: Sometimes, a simple rule change is needed. As suggested by users on Spiceworks Community, you verify that both "Remote Desktop" and "Remote Desktop (WebSocket)" are allowed through the Windows Firewall on both ends.

The Windows 11 Workaround: If you are on Windows 11 and still stuck, a known fix discussed on the Devolutions Forum is to connect using the server's IP address instead of its hostname, or to switch to the Microsoft Store version of the Remote Desktop app.

Once the new certificate is in place and the network path is clear, the connection is restored, and the 0x904 error vanishes as quickly as it appeared. Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop error code (often with extended error typically points to a network connection issue or an expired/corrupt RDP certificate . It is common on Windows 11 and Windows Server 2019/2022. www.remoteaccesspcdesktop.com 1. Renew the RDP Certificate (Most Common Fix)

If you can connect to some servers but not others, an expired self-signed certificate is likely the cause. www.remoteaccesspcdesktop.com Locate Certificates : On the remote machine, press certlm.msc , and navigate to Remote Desktop > Certificates Delete Expired Cert

: Check the expiration date. If it has passed, right-click and the old certificate. Restart Service : Open Command Prompt as an administrator and run: restart-service termserv -force

Windows will automatically generate a new certificate upon restart. www.remoteaccesspcdesktop.com 2. Connect via IP Address Instead of Hostname

Windows 11 (builds 22H2 and later) sometimes has hostname resolution bugs that trigger this error. www.remoteaccesspcdesktop.com on the remote computer to find its local IP. Connect directly : Use the IP address (e.g., 192.168.1.100 ) in the Remote Desktop Connection "Computer" field. TheITBros.com 3. Verify Firewall and Antivirus Settings

The firewall on either the client or the remote server may be blocking the connection. Check Exceptions

: Search for "Allow an app through Windows Firewall." Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for Private and Public networks. Antivirus Exceptions

: If using third-party security software (like Bitdefender), try adding to the exception list. TheITBros.com 4. Advanced: Fix Certificate Corruption (Azure VMs)

If you are using an Azure VM and certificate operations are failing, you may need to clear the machine key store. www.remoteaccesspcdesktop.com From the Azure Portal, use the Run Command feature to execute this PowerShell script:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server to recreate the folder with fresh keys. www.remoteaccesspcdesktop.com 5. Alternative RDP Clients If the built-in Windows client continues to fail, the Microsoft Remote Desktop app available in the Microsoft Store

often uses different networking code that bypasses this specific error. Microsoft Learn PowerShell commands to verify if your RDP port (3389) is currently listening? Fix Remote Desktop Error Code 0x904: 4 Working Solutions

How to Fix Remote Desktop Connection Error Code 0x904 The Remote Desktop Connection Error Code 0x904 (often accompanied by extended error code 0x7) is a common issue in Windows 10, 11, and Windows Server environments. It typically signifies a failure to establish a secure TLS tunnel, often due to expired RDP certificates, unstable network connections, or firewall misconfigurations. 1. Renew Expired RDP Certificates

Expired self-signed certificates are a primary cause of error 0x904. Windows generates these for RDP connections, but they do not always renew automatically.

Step 1: Log into the affected remote server locally or via an alternative access method.

Step 2: Press Win + R, type certlm.msc, and press Enter to open the Certificates MMC snap-in. Step 3: Navigate to Remote Desktop > Certificates. i remote desktop connection error code 0x904 install

Step 4: Check the expiration date. If expired, right-click and Delete the old certificate.

Step 5: Open Command Prompt as Administrator and run: restart-service termserv -force.

Result: Windows will automatically generate a new, valid self-signed certificate upon restart. 2. Fix Certificate Corruption (Azure VMs)

If you encounter this error on an Azure Virtual Machine, the certificate store might be corrupt.

Step 1: Access the VM via the Azure Portal and select Run command > RunPowerShellScript.

Step 2: Execute: Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old".

Step 3: Reboot the server. This forces the system to recreate the necessary key folders. 3. Verify Firewall and Security Settings

A misconfigured firewall can block the TLS handshake necessary for the connection.

Allow RDP Apps: Go to "Allow an app through Windows Firewall" and ensure both Remote Desktop and Remote Desktop (WebSocket) are checked for Private and Public networks.

Exception for MSTSC: Add C:\Windows\System32\mstsc.exe to the allowed list on both the client and host.

Port Check: Use PowerShell to ensure port 3389 is open: Test-NetConnection [server_name] -Port 3389. 4. Network and VPN Stability

Error 0x904 is frequently linked to "dodgy" or unstable network paths, especially over VPNs.

Use IP Instead of Hostname: Try connecting using the remote computer's IP address (e.g., 192.168.1.100) rather than its name to bypass potential DNS resolution issues.

Check VPN Bandwidth: Ensure your VPN provides sufficient bandwidth and isn't dropping packets.

Security Layer Adjustment: If the connection still fails, you can try lowering the security requirements via Group Policy. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security and set the "Security Layer" to RDP. 5. Alternative Connection Tools

If standard RDP remains broken, consider using alternative remote access tools like AnyViewer or the Microsoft Remote Desktop app from the Microsoft Store, which can sometimes bypass legacy protocol errors.

Remote Desktop error code (often accompanied by extended error 0x7)

typically points to an unstable network connection, expired RDP certificates, or firewall interference

. Below is a draft you can use for a support post or a technical guide. Draft Post: Troubleshooting RDP Error 0x904 How to Fix Remote Desktop Connection Error 0x904 & 0x7 If you're seeing the error message

"This computer can't connect to the remote computer. Error code: 0x904,"

you're likely dealing with one of three common issues: certificate expiration, network instability, or firewall blocks. 1. Refresh Expired RDP Certificates

The most frequent cause is an expired self-signed certificate on the remote host that failed to auto-renew. Log into the remote server (locally or via another tool). Open the Certificates MMC snap-in ( certlm.msc Remote Desktop > Certificates Check the expiration date. If it’s expired, Restart the Remote Desktop Services restart-service termserv -force in PowerShell) to force Windows to generate a new one. 2. Adjust Firewall Settings

Even if RDP is "enabled," specific rules might be blocking the handshake. On both computers, go to Allow an app through Windows Firewall Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for both Private and Public networks.

If using Bitdefender or similar third-party suites, manually add to the exception list. 3. Network & Connection Workarounds Use IP instead of Hostname: Try connecting directly via the target's IP address (e.g., 192.168.1.50 The Remote Desktop error code 0x904 (often accompanied

) instead of its computer name to bypass potential DNS issues. Check VPN/Bandwidth:

This error often triggers if your VPN connection is sluggish or dropping packets. Azure VM Fix: If this is an Azure Virtual Machine, the MachineKeys

folder might be corrupt. Use the Azure Portal's "Run Command" to rename C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and reboot the VM. Is this error happening on a local network or over a VPN?

Knowing this can help narrow down the exact network bottleneck. Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop error code is often described by IT professionals as a "

silent ghost" error because it frequently appears on servers that have worked perfectly for months, only to suddenly block access without any prior warning or obvious configuration change www.remoteaccesspcdesktop.com The "Silent" Root Causes

Experts and system administrators have identified that this specific error rarely stems from a single setting but is usually triggered by one of the following "invisible" issues: Expired RDP Certificates

: This is the most common culprit discovered by admins in troubleshooting communities. Windows creates self-signed certificates for Remote Desktop that do not always renew automatically. When they expire, the connection fails with 0x904. Network Instability

: Unlike other codes that signal a complete block, 0x904 often points to "dodgy" or unstable network paths, such as insufficient VPN bandwidth, packet loss, or mismatched encryption ciphers. Windows 11 Compatibility Quirks

: In builds 22H2 and later, some users found that hostname resolution specifically for RDP is buggy, causing 0x904 unless an IP address is used instead. www.remoteaccesspcdesktop.com Top Recommended "Reviewer" Fixes Based on successful documentation from IT forums like Microsoft Q&A , these are the most effective solutions: Renew the Self-Signed Certificate certlm.msc on the host machine. Navigate to Remote Desktop > Certificates Delete the expired certificate and restart the Remote Desktop Services (TermService) to force Windows to generate a fresh one. Bypass DNS with IP Addresses

: If you are on Windows 11, try connecting using the remote machine's internal IP address (e.g., 192.168.1.50) rather than its computer name. Switch to the Microsoft Store App : Many professionals recommend using the Microsoft Remote Desktop app from the Store rather than the built-in

, as the Store version uses a more resilient networking stack that often bypasses the 0x904 error. The Azure "MachineKeys" Fix

: For Azure Virtual Machines, 0x904 is often caused by a corrupt certificate store. Admins have fixed this by renaming the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and rebooting the server. www.remoteaccesspcdesktop.com Are you attempting to connect to a local workstation cloud-hosted server like Azure?

How to Fix Remote Desktop Connection Error Code 0x904 Encountering Error Code 0x904 (often accompanied by extended error 0x7) can be a major roadblock when you're trying to access a remote server or workstation. This error usually signals that the Remote Desktop client cannot establish a secure tunnel, often due to network instability, expired security certificates, or firewall blocks. 1. Refresh Expired RDP Certificates

The most common cause of error 0x904 is an expired self-signed certificate on the host machine. These certificates sometimes fail to renew automatically, causing the connection to drop immediately. How to fix it:

Log into the affected host machine locally or via an alternative remote tool.

Press Win + R, type certlm.msc, and hit Enter to open the Certificates MMC. Navigate to Remote Desktop > Certificates.

Identify the expired certificate, right-click it, and select Delete.

Restart the Remote Desktop Services by opening Command Prompt as an admin and running: restart-service termserv -force. Windows will automatically generate a new, valid certificate. 2. Configure Firewall Exceptions

Even if RDP is "enabled," your firewall might still be blocking specific traffic types needed for the connection. Check these settings:

Search for "Allow an app through Windows Firewall" in the Start menu.

Ensure both Remote Desktop and Remote Desktop (WebSocket) are checked for both Private and Public networks.

If the issue persists, verify that Port 3389 is open using PowerShell: Test-NetConnection [ComputerName] -Port 3389. 3. Use the IP Address Instead of Hostname

Sometimes, DNS issues prevent the RDP client from resolving the remote computer's name correctly, leading to a 0x904 error. Important Note: The error code 0x904 is relatively

Workaround: Try connecting using the IP address (e.g., 192.168.1.50) of the remote machine instead of its name. If this works, your local network's DNS configuration needs attention. 4. Adjust Security and Registry Settings

If the standard fixes don't work, you may need to tweak how Windows handles the RDP transport layer or security requirements.

Registry Tweak: On the client computer, navigate to HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client in the Registry Editor and create a DWORD named RDGClientTransport with a value of 1.

Disable NLA (Last Resort): If there is a mismatch in encryption, you can try disabling Network Level Authentication (NLA) through the Group Policy Editor (gpedit.msc) under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security. 5. Azure-Specific Fix (MachineKeys)

If you are receiving this error on an Azure VM, the certificate store itself might be corrupted.

Solution: Use the "Run Command" feature in the Azure Portal to execute:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old"Then, reboot the server to let it rebuild the key store.

Still can't connect? Try using the Microsoft Store version of the Remote Desktop app, which often uses different connection protocols that bypass the bugs found in the legacy mstsc.exe client.

Are you connecting to a local server or a cloud-based VM like Azure or AWS? Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop connection error 0x904 (often accompanied by extended error 0x7) typically signals a failure in establishing a secure handshake between the client and server. While it often points to network instability, recent findings suggest it frequently stems from expired RDP certificates or security mismatches. Primary Causes of Error 0x904

Expired Self-Signed Certificates: RDP uses certificates to secure connections. If these expire and fail to auto-renew, the connection is rejected.

Network Instability: High latency, packet loss, or poor bandwidth—especially over a VPN—can trigger this timeout error.

Security Protocol Mismatch: Differences in required encryption layers or TLS versions between the two machines.

Firewall Interference: Windows Defender or third-party security software (like Bitdefender) blocking mstsc.exe or port 3389. Verified Solutions to Fix Error 0x904 1. Renew the RDP Certificate (Most Common Fix)

If you can access the host machine physically or via an alternative tool, resetting the certificate store often clears the error:

Press Win + R, type certlm.msc, and hit Enter to open Local Computer Certificates. Navigate to Remote Desktop > Certificates. Right-click the expired certificate and Delete it.

Restart the Remote Desktop Services via the Services app or by running restart-service termserv -force in an Administrator Command Prompt to generate a new one. 2. Connect via IP Address Instead of Hostname DNS resolution issues can sometimes trigger 0x904.

Identify the remote PC's IP address (run ipconfig on the remote machine).

In your RDP client, enter the IP address (e.g., 192.168.1.50) instead of the computer name.

How to Resolve Remote Desktop Error Code 0x104: Proven Solutions

Important Note: The error code 0x904 is relatively rare and is not a standard Microsoft RDP client error (like 0x4, 0x7, 0x104, etc.). In Windows core networking, 0x904 is often interpreted as ERROR_WRITE_PROTECT (The media is write protected) or a derived RDP-specific internal session error. In the context of "install" and "RDP," it typically points to a prerequisite installation failure (e.g., RDP 8.0/8.1 update, licensing component, or a graphics stack update) that then prevents RDP connections.

Step 5 – Manual extraction workaround

Download the RDP 8.1 update (KB2923545 for Win7/8) or RDP 10.0 CAB from Microsoft Update Catalog, then:

expand -r *.cab C:\RDPExtract
regsvr32 C:\RDPExtract\mstscax.dll

The "Active Setup" Conflict

Sometimes, Windows blocks RDP connections if an installation process is already hanging or if the "Active Setup" for a user profile is corrupted.

  1. Clear Pending Installs: Check HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager for a key named PendingFileRenameOperations. If present, back it up and delete it.
  2. Disable UAC Remote Restrictions: If UAC (User Account Control) is enabled, local accounts may be blocked from remote installs.
    • Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
    • Create a new DWORD: LocalAccountTokenFilterPolicy
    • Set value to 1.
    • This allows the remote admin token to function correctly for installations.

Solution 5: Disable Third-Party Shell Extensions (Explorer Crash Fix)

Because mstsc.exe runs as a child process of explorer.exe, a buggy shell extension can cause the RDP client to fail with code 0x904. The primary culprits are NVIDIA Display Container LS and Intel Graphics Shell Extension.

Temporary fix (to test):

  1. Kill Explorer: Press Ctrl + Shift + Esc to open Task Manager.
  2. Find Windows Explorer, right-click it, and select End task. Your taskbar and desktop will disappear.
  3. In Task Manager, click File > Run new task.
  4. Type mstsc.exe and check "Create this task with administrative privileges".
  5. The RDP client should open without the 0x904 error. If it works, a shell extension is the cause.

Permanent fix: Use Autoruns from Microsoft Sysinternals to disable all non-Microsoft shell extensions.