Remote Desktop connection error 0x904 (often accompanied by extended error code 0x7) typically indicates a network instability or a certificate authentication failure during the "installation" or handshake phase of the connection.
Below is a complete guide to understanding and fixing this error. Common Causes
Expired or Corrupt Certificates: The most common trigger occurs when the self-signed RDP certificate on the host machine has expired and failed to renew automatically.
Network Instability: High latency, packet loss, or insufficient bandwidth, especially when connecting over a VPN.
Windows 11 Compatibility: A known bug in certain Windows 11 updates (like 22H2) can trigger this error when using hostnames instead of IP addresses.
Firewall Blockage: Security software (like Bitdefender) or Windows Defender Firewall may block the RDP executable (mstsc.exe) or port 3389. Solutions to Fix Error 0x904 1. Renew the Remote Desktop Certificate
If your connection fails suddenly while other servers on the same network work, an expired certificate is likely the culprit.
Access the remote server locally or via an alternative method.
Press Win + R, type certlm.msc, and hit Enter to open the Certificates console. Navigate to Remote Desktop > Certificates. Right-click the expired certificate and select Delete.
Open Command Prompt as administrator and run: net stop termservice then net start termservice.
Windows will automatically generate a new, valid self-signed certificate. 2. Connect via IP Address instead of Hostname
DNS resolution issues often cause 0x904. Bypassing the hostname can establish a more stable link. Open the Remote Desktop Connection client. i remote desktop connection error code 0x904 install
In the "Computer" field, enter the IP address (e.g., 192.168.1.50) instead of the computer name. 3. Fix Corrupt MachineKeys (Azure VMs)
For those using Azure, a corrupt certificate store often prevents new certificates from being created.
In the Azure Portal, go to your VM and select Run Command > RunPowerShellScript.
Enter the following command to rename the key folder:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the server to regenerate the keys. 4. Configure Firewall Exceptions
Ensure that both the RDP service and the application are allowed through your firewall.
Search for "Allow an app through Windows Firewall" in the Start menu.
Click Change settings and ensure Remote Desktop and Remote Desktop (WebSocket) are checked for both Private and Public networks.
If using third-party security like Bitdefender, add C:\Windows\System32\mstsc.exe to the exception list. 5. Use the Microsoft Store RDP App
Many users find that the Microsoft Remote Desktop app from the Microsoft Store is more resilient to the 0x904 bug than the classic mstsc.exe client.
Remote Desktop Connection error code 0x904 (often accompanied by extended error code 0x7) typically indicates a failure to establish a secure connection between the client and the remote host. This is frequently caused by expired RDP certificates, network instability, or firewall blocks. 1. Fix Expired RDP Certificates
The most common cause is an expired self-signed certificate on the host machine that failed to renew automatically. Remote Desktop connection error 0x904 (often accompanied by
Identify: On the host computer, press Win + R, type certlm.msc, and navigate to Remote Desktop > Certificates.
Action: If the certificate is expired, right-click and Delete it.
Renew: Open Command Prompt as an administrator and run: restart-service termserv -force. Windows will automatically generate a new certificate. 2. Configure Firewall Exceptions
Windows Defender or third-party antivirus software may block the RDP protocol even if previously allowed.
Action: Search for "Allow an app through Windows Firewall" in the Start menu.
Verification: Ensure both Remote Desktop and Remote Desktop (WebSocket) are checked for both "Private" and "Public" networks.
Manual Entry: Click "Allow another app," browse to C:\Windows\System32\mstsc.exe, and add it to the list. 3. Resolve Network or VPN Instability
Error 0x904 can occur due to insufficient bandwidth, packet loss, or slow VPN connections.
Test Connection: Run Test-NetConnection [Server_Name] -Port 3389 from PowerShell to verify if the RDP port is reachable.
Bypass DNS: Try connecting using the remote computer's IP address instead of its hostname to rule out DNS resolution issues.
Check VPN: If using a VPN, disconnect and reconnect to ensure a stable tunnel is established. 4. Special Fix for Azure VMs Do not use write-protected volumes (e
Azure Virtual Machines often encounter 0x904 due to a corrupt certificate store (MachineKeys).
Action: In the Azure Portal, use the Run Command feature to execute this PowerShell script:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old".
Restart: Reboot the VM to allow it to recreate a healthy certificate store. 5. Alternative RDP Clients
If the built-in Windows client continues to fail, users have reported success using the Microsoft Remote Desktop app from the Microsoft Store, as it often handles modern updates and encryption differently than the legacy client.
Are you connecting to a local computer or a cloud-hosted virtual machine? Fixed: Remote Desktop 0x904 Error [2 Solutions] - AnyViewer
This is a deep-dive technical article designed to troubleshoot and resolve Remote Desktop Protocol (RDP) Error Code 0x904, specifically focusing on the scenarios where it interrupts installation, connection setup, or remote software deployment.
HKLM\SOFTWARE\Microsoft\Terminal Server Client as read-only via Group Policy.Follow these solutions in order. Start with Solution #1, as it solves 70% of cases.
eventvwr, and hit Enter) for any related errors that might give more insight.Ensure the Remote Desktop server has a valid SSL certificate bound to the RDP listener.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TcpSSLCertificateSHA1Hash value.Before troubleshooting, it is vital to understand what this code represents. In the context of Windows Remote Desktop, error codes starting with 0x9xx generally point to a client-side initialization failure or a licensing store corruption.
Specifically, 0x904 translates to: "The Remote Desktop Connection client is unable to initialize the required components. The installation may be incomplete, or required registry keys are missing."
In plain English: Your operating system has a broken link to the RDP ActiveX control or the core mstscax.dll (Microsoft Terminal Services Client ActiveX). This is not a network error (like a firewall block) nor is it typically a credentials issue. It is a software/OS corruption issue.
Sometimes, Windows blocks RDP connections if an installation process is already hanging or if the "Active Setup" for a user profile is corrupted.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager for a key named PendingFileRenameOperations. If present, back it up and delete it.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\SystemLocalAccountTokenFilterPolicy1.
You need to verify your email address. The verification code has been sent to
Didn't get it? Check your spam or junk folder.
