Error Code 0x904 with Extended Error 0x7 is an authentication handshake failure.
Did these fixes work for you? Let us know in the comments if you found a different solution!
Remote Desktop Error 0x904 (Extended Error 0x7) typically indicates a failure to establish a stable network handshake or an authentication mismatch between the client and the remote host. Key Causes and Quick Fixes
Expired RDP Certificates: This is the most common "hidden" cause. If a server's self-signed certificate expires, it won't automatically renew, leading to random connection failures on specific hosts.
Unstable Network/VPN: This error frequently occurs due to packet loss, insufficient bandwidth, or slow VPN connections.
Windows 11 Compatibility: Recent builds (22H2+) sometimes struggle with hostname resolution for RDP, throwing this error even when the network is fine.
Firewall Blocking: Even if RDP is enabled, Windows Defender or third-party security software like Bitdefender may block the specific mstsc.exe process. Step-by-Step Troubleshooting Guide 1. Renew Expired RDP Certificates
If you can access the server via another method (e.g., local console or Azure portal): Open the Certificates MMC snap-in (certlm.msc). Navigate to Remote Desktop > Certificates.
Check the expiration date. If expired, delete the old certificate.
Restart the Remote Desktop Service by running restart-service termserv -force in an elevated PowerShell. Windows will automatically generate a new one. 2. Connect via IP Address
Bypass potential DNS or hostname resolution issues by entering the remote computer's IP address directly into the Remote Desktop Connection client instead of its name. 3. Adjust Firewall Rules
Ensure RDP is fully permitted in Windows Firewall. Verify that Remote Desktop and Remote Desktop (WebSocket) are enabled for both Private and Public networks. 4. Fix Azure VM Certificate Corruption
For Azure VMs, a corrupted key store often causes this error. This guide from remoteaccesspcdesktop.com details using Azure Portal's "Run command" to rename the MachineKeys folder, which forces a rebuild of the certificate store upon restart. After Windows 11 Upgrade RDP Error 0x904 extended error 0x7 Error Code 0x904 with Extended Error 0x7 is
Remote Desktop error 0x904 (Extended Error 0x7) is a general connectivity failure usually triggered by expired self-signed certificates, network instability, or firewall blocks. Top Fixes for Error 0x904 / 0x7
Renew Expired RDP CertificatesRDP relies on a self-signed certificate that may not auto-renew. If this certificate expires, the connection will fail instantly.
Log into the host machine locally or via an alternative tool. Run certlm.msc to open the certificate manager. Navigate to Remote Desktop > Certificates. If the certificate is expired, Delete it.
Restart the Remote Desktop Services (termserv) via the Services app or PowerShell (restart-service termserv -force) to trigger the generation of a new certificate.
Fix Corrupt Certificate Store (Azure VMs)If you are using an Azure Virtual Machine, a corrupt MachineKeys folder can prevent RDP from functioning.
Use the Run Command feature in the Azure Portal to execute this PowerShell command:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM to allow Windows to rebuild the folder.
Verify Firewall and Port 3389Firewalls may block RDP traffic even if the service is enabled.
Use PowerShell to test connectivity: Test-NetConnection [Remote_IP] -Port 3389.
On the host machine, ensure Remote Desktop and Remote Desktop (WebSocket) are allowed for both Public and Private networks in the Windows Firewall.
Adjust Security LayersMismatched encryption settings between the client and host can cause 0x904. On the host, open gpedit.msc.
Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Set Require use of specific security layer for remote (RDP) connections to Enabled and select RDP from the dropdown. Did these fixes work for you
Disable Require user authentication... using Network Level Authentication (NLA) as a test to see if the connection establishes. Summary of Likely Causes Unable to RDP into some Windows Servers - Error code: 0x904
The Remote Desktop connection error 0x904 (Extended Error Code: 0x7) is a common RDP issue that typically indicates a network connection failure security certificate problem
. It often occurs after Windows updates (especially Windows 11) or when using a VPN
Here is a summary of the best troubleshooting steps compiled from expert blog posts and technical forums: 1. Fix Expired RDP Certificates (Most Common Solution)
If you can connect to some servers but not others, an expired self-signed certificate on the host machine is a likely culprit : Log in to the host machine locally or via another tool. Certificates (Local Computer) by running certlm.msc Navigate to Remote Desktop > Certificates Find the expired certificate, right-click, and Restart the Remote Desktop Services ) via Command Prompt as Administrator: restart-service termserv -force . Windows will automatically generate a fresh certificate 2. Rename Corrupt MachineKeys (For Azure VMs)
If you are using an Azure Virtual Machine, a corrupt certificate store may prevent RDP from creating new certificates : Use the Azure Portal's Run Command feature to execute a PowerShell script:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" : Reboot the server 3. Adjust Firewall & Antivirus Settings Security software like Bitdefender or the native Windows Firewall may block the connection Remote Desktop (WebSocket)
are allowed through the firewall for both Private and Public networks
: Try temporarily disabling third-party antivirus to see if the connection is restored 4. Network & Connection Quick Fixes
The Remote Desktop Connection error 0x904 (Extended Code 0x7)
typically indicates a network instability or a security handshake failure
, often caused by expired certificates, firewall blocks, or compatibility issues with newer Windows versions like Windows 11. Step 1: Fix Expired RDP Certificates To apply the best fix, you need to diagnose the root cause
This is the most common cause when a connection suddenly fails while others on the same network work fine.
Log into the remote server (via console or alternative access). certlm.msc , and hit Enter to open the Certificates MMC snap-in. Navigate to Remote Desktop > Certificates (or Personal > Certificates).
Look for the certificate issued to the computer name. Check its expiration date. If it is expired or corrupt, right-click and Delete Open Command Prompt as Administrator and run: restart-service termserv -force (or simply restart the server).
Windows will automatically generate a fresh self-signed certificate upon service restart. www.remoteaccesspcdesktop.com Step 2: Windows 11 Compatibility Workarounds
Windows 11 (builds 22H2 and later) has known bugs with RDP hostname resolution and specific cipher suites. www.remoteaccesspcdesktop.com Connect via IP Address : Instead of typing the computer name (e.g., ), use the target's internal IP address (e.g., 192.168.1.100 Use the Microsoft Store App : Users have reported success using the Remote Desktop app from the Microsoft Store instead of the built-in Spiceworks Community Step 3: Check Firewall and Security Software
Even if RDP is "Allowed," specific security layers may still block the connection. www.remoteaccesspcdesktop.com Allow MSTSC explicitly "Allow an app through Windows Firewall" Ensure both Remote Desktop Remote Desktop (WebSocket) are checked for Private and Public. Allow another app , browse to C:\Windows\System32\mstsc.exe , and add it with full permissions. Third-Party Antivirus : Apps like Bitdefender have been known to block RDP. Add to their exception lists. Spiceworks Community Step 4: Azure VM Special Case
If the target is an Azure Virtual Machine, a corrupt certificate store is a frequent culprit. www.remoteaccesspcdesktop.com Azure Portal , go to your VM and select Run command > RunPowerShellScript Run this command to rename the key folder:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server. www.remoteaccesspcdesktop.com Step 5: Adjust Security Layer (Last Resort) Unable to RDP into some Windows Servers - Error code: 0x904 24 Apr 2025 —
To apply the best fix, you need to diagnose the root cause. This error rarely stems from a simple typo. The top triggers include:
netsh int ip reset netsh winsock reset
If you need to reconnect right now, follow this rapid triage sequence. These steps resolve over 80% of 0x904/0x7 cases.