If the host computer has its network connection set to Public, Windows Firewall will block RDP connections by default for security reasons.
Error 0x904 with extended error 0x7 generally points to a failure early in the RDP connection establishment—most often networking, name resolution, firewall/port blocking, or an authentication/TLS handshake issue. Systematic diagnostics—connectivity tests, port checks, DNS validation, log inspection, and isolating client vs server vs network—quickly narrow the root cause. Remediations focus on restoring network reachability, aligning security/NLA settings, fixing certificates, and ensuring correct firewall/NAT rules. Following the structured steps above typically restores successful RDP connections and reduces recurrence risk.
Related search suggestions: (search terms provided separately)
This error typically indicates an unstable network connection certificate mismatch between the host and client www.remoteaccesspcdesktop.com
. It often occurs over VPNs or when RDP certificates on the remote machine have expired or become corrupt www.remoteaccesspcdesktop.com 🛠️ Primary Fixes 1. Reset RDP Certificates (Most Common Fix)
If the self-signed certificate on the remote computer is expired or corrupt, the connection will fail immediately www.remoteaccesspcdesktop.com Locally access the remote machine (or use another remote tool). Certificates MMC snap-in certlm.msc www.remoteaccesspcdesktop.com Navigate to Remote Desktop > Certificates the existing certificate www.remoteaccesspcdesktop.com Restart the service : Open Command Prompt as Admin and run restart-service termserv -force www.remoteaccesspcdesktop.com . Windows will automatically generate a fresh certificate. 2. Resolve Certificate Store Corruption (Azure/Cloud VMs) If you are using an Azure VM and the above fails, the MachineKeys folder may be corrupt Run the following PowerShell command as Administrator:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server to regenerate the key store 3. Adjust Security Layer Settings
If the connection is unstable, lowering the required security layer can sometimes bypass the error Microsoft Learn Group Policy Editor gpedit.msc ) on the host.
Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security "Require use of specific security layer..." and select from the dropdown Microsoft Learn
"Require user authentication... using Network Level Authentication (NLA)" Microsoft Learn 🌐 Network & Environment Checks Use IP instead of Hostname:
Try connecting directly to the IP address to rule out DNS issues TheITBros.com VPN Stability:
If using a VPN, disconnect and reconnect. Low bandwidth or high packet loss frequently triggers TheITBros.com Firewall Exceptions:
is allowed through the Windows Firewall on both the client and host machines Third-party Security: Antivirus software like Bitdefender
has been known to block these connections; try adding an exception for RDP 🧩 Feature Request: RDP Connection Troubleshooter
Since you asked to "create a feature," here is a conceptual design for a built-in RDP diagnostic tool to prevent this error. Feature Name: RDP Health Check & Auto-Repair Pre-Connection Validation:
Before attempting a full handshake, the client pings the host specifically for certificate validity and MTU (Maximum Transmission Unit) size. One-Click Cert Renewal:
A button on the error dialog that allows an admin to remotely trigger a certificate flush and restart without needing full desktop access. Network Path Tracing: If a connection fails with
, the tool automatically runs a specialized trace to identify if the packet loss is occurring at the VPN gateway or the local ISP. Smart Fallback:
If NLA or High-Encryption fails due to a handshake mismatch, the client offers a "Secure Fallback" mode that temporarily negotiates a compatible security layer. To narrow this down, could you tell me: Are you connecting to a local server Azure/AWS VM physical PC Are you using a standard internet connection Has anything changed recently, like a Windows Update firewall change Fix Remote Desktop Error Code 0x904: 4 Working Solutions
Restart the Remote Desktop Services by opening Command Prompt as administrator and running: restart-service termserv -force. www.remoteaccesspcdesktop.com Fix Remote Desktop Error Code 0x904: 4 Working Solutions
The Remote Desktop error 0x904 (Extended Error 0x7) typically indicates an unstable network connection, expired security certificates, or firewall interference. Common Fixes
Renew Expired RDP Certificates: This is often the primary cause when some servers connect and others do not. Log into the remote server and run certlm.msc. Navigate to Remote Desktop > Certificates. If the certificate is expired, delete it.
Restart Remote Desktop Services via the Services app or PowerShell (restart-service termserv -force) to auto-generate a new one.
Use IP Address Instead of Hostname: Hostname resolution issues, especially in Windows 11, can trigger this error. Try connecting directly via the server's IP address (e.g., 192.168.1.100).
Azure VM MachineKeys Fix: For Azure virtual machines, a corrupt certificate store is a known trigger. Use the Azure Portal's Run Command to rename the keys folder:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" then reboot the server.
Adjust Firewall and Antivirus: Ensure mstsc.exe is allowed through the Windows Defender Firewall on both machines. Third-party software like Bitdefender has also been known to block these connections unless an exception is added.
Network Stability: If connecting via VPN, verify your bandwidth. A slow or dropping VPN tunnel is a frequent cause of the 0x7 extended error.
Are you connecting to a local machine or a cloud-based server like an Azure VM? After Windows 11 Upgrade RDP Error 0x904 extended error 0x7
The Remote Desktop error code 0x904 (extended error 0x7) typically indicates a network connection failure, often triggered by unstable connectivity, expired certificates, or firewall blocks. Core Troubleshooting Guide 1. Fix Expired RDP Certificates (Common Cause)
A common root cause is an expired self-signed certificate on the host machine. Open the Certificates MMC snap-in (certlm.msc) on the host.
Navigate to Remote Desktop > Certificates and delete any expired certificates.
Restart the Remote Desktop Services (via PowerShell: restart-service termserv -force) to regenerate a new certificate. 2. Adjust Security Layer Settings
If an encryption mismatch occurs, manually adjust the security layer.
In gpedit.msc, navigate to Remote Desktop Session Host > Security. Set Require use of specific security layer to RDP. Alternatively, disable Network Level Authentication (NLA). Restart the server to apply changes. 3. Verify Network and Firewall Configuration
Firewall: Ensure Remote Desktop is allowed in Windows Firewall.
Security Software: Check for third-party security software (like Bitdefender) blocking mstsc.exe.
IP Connection: Try connecting via IP address instead of the hostname to bypass DNS issues. VPN: Verify VPN stability and bandwidth. 4. Quick Client Fixes
Update: Use the latest Remote Desktop app from the Microsoft Store.
Reconnection: Enable Reconnect if the connection is dropped in the client settings.
Are you connecting to a personal PC or a Windows Server environment? Fix Remote Desktop Error Code 0x904: 4 Working Solutions
Troubleshooting Remote Desktop Error 0x904 (Extended Error 0x7) The Remote Desktop Connection error 0x904 with extended error 0x7
a generic failure indicating that the client cannot establish a stable session with the host
. It most commonly occurs due to network instability, expired security certificates, or misconfigured firewall settings on modern Windows versions like Windows 10, 11, and Server 2016–2022. Primary Causes Certificate Issues:
Expired or corrupt self-signed RDP certificates on the host machine often trigger this specific error. Network Instability:
Insufficient bandwidth, high packet loss, or slow VPN connections can cause the handshake to fail. Firewall Interference:
Even if RDP is "allowed," specific sub-components like "Remote Desktop (WebSocket)" may be blocked. Windows 11 Compatibility:
Hostname resolution bugs in newer Windows 11 builds (e.g., 22H2) frequently result in 0x904. Technical Resolution Procedures 1. Renew Expired RDP Certificates Access the server, open certlm.msc , navigate to Remote Desktop > Certificates , and delete the expired certificate. restart-service termserv -force in an admin Command Prompt to regenerate the certificate. 2. Bypass Hostname Resolution (Windows 11)
To address potential DNS bugs in Windows 11, attempt to connect using the IP address instead of the hostname. 3. Advanced Firewall Configuration Verify that both Remote Desktop Remote Desktop (WebSocket) are allowed in the Windows Firewall. Manually add as an allowed app on the client side. 4. Adjust Connection Registry (Host Side) If the host computer has its network connection
To resolve errors caused by too many pending connections, run the following in an Admin Command Prompt to increase MaxOutstandingConnections
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536 5. Azure-Specific Fix (MachineKeys) For Azure VMs with corrupt certificate stores, rename C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys using Azure's Run Command, then restart the VM. Summary Checklist Potential Issue Recommended Action Expired Certificate Delete old cert in certlm.msc and restart Network Speed Reconnect VPN or test bandwidth; avoid high-latency links. Security Layer Temporarily disable Network Level Authentication (NLA) via gpedit.msc DNS/Hostname Use the static IP address for the connection. PowerShell commands to verify if port 3389 is open on your remote server? Unable to RDP into some Windows Servers - Error code: 0x904
The Remote Desktop error 0x904 with extended error 0x7 is not a corruption or hardware failure—it is a clear signal of a TLS negotiation breakdown. By methodically testing client-side security settings, server RDP security layers, and network interference, you can restore connectivity.
Start with disabling CredSSP or testing restrictedAdmin, then move to the server’s SecurityLayer registry key, and finally inspect any firewall performing SSL inspection. Most cases resolve within 15 minutes by adjusting one of these three areas.
If this guide helped you reconnect, share it with your team. For persistent issues, collect a Wireshark trace and a Windows RDP CoreTS event log, then consult Microsoft Support with that evidence.
Have questions or additional fixes for error 0x904 / 0x7?
Leave a comment below or contact our IT support team at support@example.com.
Remote Desktop error 0x904 (Extended Error 0x7) generally signals a breakdown in the initial connection handshake, often caused by unstable network conditions, expired security certificates, or misconfigured encryption settings. While it frequently points to "dodgy" connections or slow VPNs, it can also stem from more technical issues like the host being unable to read its own private key. Core Troubleshooting Paths 1. Resolve Certificate Expiration or Corruption
A common silent killer for RDP connections is an expired self-signed certificate on the host machine. If a certificate is expired or its store is corrupt, the handshake will fail with error 0x904.
Standard Fix: Log into the host locally, open the Certificates MMC snap-in (certlm.msc), and navigate to Remote Desktop > Certificates. If the certificate is expired, delete it and restart the Remote Desktop Services (termserv) to force Windows to generate a new one.
Azure VM Special Case: If you are on an Azure instance, certificate store corruption often occurs in the MachineKeys folder. Renaming this folder (e.g., to MachineKeys_old) via the Azure Portal's "Run command" and rebooting the server typically resolves the issue. 2. Address Network Instability and VPN Issues
The "Extended Error 0x7" specifically highlights network-level failures like insufficient bandwidth, high packet loss, or slow VPN throughput.
Connection Stability: Ensure both machines have a steady internet connection. High latency or "dodgy" Wi-Fi can trigger this error even if the initial ping is successful.
VPN Reconnect: If connecting via a business VPN, disconnect and reconnect to refresh the tunnel. Ensure your VPN client is updated to the latest version. 3. Adjust Security and Encryption Layers
If there is a mismatch in encryption ciphers between the client and the host, the connection may drop immediately.
Disable Network Level Authentication (NLA): Temporarily disabling NLA on the host via Group Policy (gpedit.msc) under Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security can bypass certain handshake failures.
Change Security Layer: In the same Group Policy location, you can set the "Require use of specific security layer" to RDP rather than Negotiate. 4. Practical Workarounds
Connect via IP: Try using the host's IP address instead of its hostname. This bypasses potential DNS resolution issues that sometimes surface as 0x904, particularly on newer Windows 11 builds.
Firewall Verification: Even if RDP appears enabled, verify that both "Remote Desktop" and "Remote Desktop (WebSocket)" are allowed through the firewall for both Private and Public profiles.
For a visual walkthrough of these troubleshooting steps, including firewall and service configuration, check out these guides:
The Remote Desktop Connection error code 0x904 (Extended error code 0x7) is a generic network-related failure that prevents a client from establishing a session with a remote host. While it is often caused by unstable network conditions, it can also stem from expired security certificates, firewall blocks, or specific Windows 11 compatibility issues. Common Causes of Error 0x904
Unstable Network: Insufficient bandwidth, high packet loss, or a sluggish VPN connection.
Expired RDP Certificates: The self-signed certificate used by Remote Desktop Services has expired and failed to renew automatically.
Firewall Interference: Windows Defender or third-party antivirus software (like Bitdefender) blocking mstsc.exe or RDP traffic.
Certificate Store Corruption: This is particularly common on Azure VMs where the MachineKeys folder becomes corrupt, preventing new certificate generation. Step-by-Step Solutions 1. Renew Expired RDP Certificates
If you can connect to some servers but not others on the same network, an expired certificate is the most likely culprit.
Log into the remote server (via a console or alternative remote tool). Press Win + R, type certlm.msc, and press Enter. Navigate to Remote Desktop > Certificates.
Check the expiration date of the certificate. If it is expired, right-click and Delete it.
Open PowerShell as Administrator and run:Restart-Service TermService -Force
Windows will automatically generate a new, valid self-signed certificate. 2. Fix Corrupt MachineKeys (Azure VMs)
For users seeing this error on Azure Virtual Machines, renaming the key store folder can force Windows to rebuild the certificate environment. In the Azure Portal, go to your VM and select Run command.
Choose RunPowerShellScript and enter:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" Reboot the server from the portal. 3. Configure Firewall Exceptions Ensure that both the client and host allow RDP traffic.
Search for "Allow an app through Windows Firewall" in the Start menu. Click Change settings.
Ensure both Remote Desktop and Remote Desktop (WebSocket) are checked for Private and Public networks.
Click Allow another app, browse to C:\Windows\System32\mstsc.exe, and add it to the list. 4. Adjust Security Layers (NLA Issues)
Sometimes, Network Level Authentication (NLA) or encryption mismatches cause the 0x904 error. On the remote host, open gpedit.msc.
Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
Enable "Require use of specific security layer for remote (RDP) connections" and set it to RDP.
Disable "Require user authentication for remote connections by using Network Level Authentication". Troubleshooting Checklist Unable to RDP into some Windows Servers - Error code: 0x904
Remote Desktop error code 0x904 (extended error 0x7) typically indicates an unstable network connection, expired certificates, or firewall misconfigurations www.remoteaccesspcdesktop.com 1. Renew Expired RDP Certificates
The most common cause for this specific error is an expired self-signed certificate on the remote server. www.remoteaccesspcdesktop.com Access the server locally or through an alternative remote tool. certlm.msc , and press Enter. Navigate to Certificates Remote Desktop Certificates Find the certificate used for Remote Desktop, check its expiration date , and delete it if expired. Open Command Prompt as Administrator and run: restart-service termserv -force (or restart the server).
Windows will automatically generate a new certificate upon restart. www.remoteaccesspcdesktop.com 2. Connect via IP Address
Windows 11 builds (22H2 and later) sometimes have hostname resolution bugs that trigger this error. www.remoteaccesspcdesktop.com Try connecting using the target machine’s IP address 192.168.1.100 ) instead of its hostname. Clear your DNS cache on the client machine by running ipconfig /flushdns in Command Prompt. TheITBros.com 3. Fix Certificate Store (Azure VMs only) If you are using an Azure Virtual Machine, a corrupt MachineKeys
folder often prevents new RDP certificates from being created. www.remoteaccesspcdesktop.com In the Azure Portal, go to your VM and select Run Command RunPowerShellScript Run the following command:
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server from the portal. www.remoteaccesspcdesktop.com 4. Configure Firewall & Antivirus
Ensure that the Remote Desktop application and port 3389 are not being blocked. Microsoft Learn Allow an app through Windows Firewall on both machines. Remote Desktop Remote Desktop (WebSocket) are checked for both Private and Public networks. Verify that (located in C:\Windows\System32\ ) is explicitly allowed in your antivirus settings. 5. Increase Outstanding Connections
If the error occurs during high traffic or multiple simultaneous requests, you can increase the connection limit via the Registry: Microsoft Learn Run Command Prompt as Administrator.
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536 your computer. Microsoft Learn disable Network Level Authentication (NLA) as a temporary security workaround to test the connection? Fix Remote Desktop Error Code 0x904: 4 Working Solutions Error 0x904 with extended error 0x7 generally points
This error typically occurs when trying to connect to a Windows machine (Windows 10/11 Pro, Enterprise, or Server) via Microsoft Remote Desktop Protocol (RDP). The combination of 0x904 (session lock failure) and 0x7 (authentication/credential rejection) points toward specific, resolvable causes.
| Environment | Most likely fix |
|-------------|----------------|
| Domain-joined, mixed Windows 10/11 & Server 2016/2019 | Apply CredSSP updates + set AllowEncryptionOracle=2 on clients |
| Older Windows 7 client to Windows 10/11 host | Update Windows 7 with KB4490628 + KB4474419 + CredSSP patches |
| Third-party RDP client (Mac/Linux) | Switch to xfreerdp with --sec=nla or --sec=rdp flags |
| Virtual machine (Hyper-V/VMware) | Check VM’s RDP security template in Hyper‑V Manager or vSphere |
If you can share the OS versions of the client and remote machine, I can give a more precise fix.
Title: The Long Night of Code 0x904
Log Entry: Dr. Aris Thorne, Lead Systems Architect Time: 02:47 GMT Status: Critical
It started, as most digital catastrophes do, with a single popup window.
Aris Thorne, hunched over his kitchen table in a cabin three hundred miles from the nearest server farm, watched his screen flicker. He had been awake for thirty-one hours. The Mars rover Perseverance II was scheduled for a complex soil sample transfer in six hours, and the only terminal that could pre-run the atmospheric sequencing was the one in Lab 4—a lab he had left behind in the city.
He clicked "Connect."
The Remote Desktop Connection window bloomed. Then, instead of the familiar login chime, a red bar screamed across the top.
"Remote Desktop Connection Error Code 0x904"
"Fine," Aris muttered, rubbing his eyes. "A hiccup."
He ran the built-in diagnostic. A smaller, more ominous box appeared:
"Extended Error Code 0x7"
His stomach turned cold. Error 0x904 meant the connection was being actively rejected, not just lost. But 0x7? That was the ghost in the machine. In twenty years of engineering, he had only seen extended code 0x7 twice. Both times, it meant the session had been locked by an external process—something that was not a user, not an admin, and not a bug.
Something else.
He tried again. 0x904. Then again. 0x904. The logs showed the TLS handshake completed perfectly. CredSSP was fine. Network latency was 14ms. Everything was green. And yet, the server was saying: No. And also: 0x7.
Aris opened a secondary channel—a low-bandwidth telemetry feed straight from Lab 4’s hardware sensors. He saw the CPU of the target machine was running at 4%. Normal. Memory: 32GB free. Disk idle. Then he checked one specific sensor: the webcam activity light.
It was on.
Not the "in-use by security" light. The other one. The one labeled "Internal Only—Service Use." A light that, by design, should never turn on unless the machine’s root-level management daemon was running a manual override.
But there was no root-level daemon on that machine. Aris had removed it three years ago.
His hands moved faster now. He pulled up the RDP event log on his local machine. Buried under a mountain of generic "connection failed" entries was a single anomalous timestamp: 02:41:22.007.
A connection had been established to Lab 4. Not from Aris. Not from anyone on the access list.
The source IP was 127.0.0.1.
The machine had connected to itself.
Aris leaned back, his breath fogging the cold window of the cabin. Error 0x904: The connection was blocked by the remote machine due to a policy or state conflict. Extended 0x7: The session was locked by an internal process with administrative privilege.
His own workstation was trying to connect to Lab 4, but Lab 4 was already in a session. A session started by its own operating system. A ghost session.
On the telemetry feed, the webcam light blinked once. Then twice. Then a new line of text appeared in the Lab 4 terminal window—typed by no physical hand:
> Who is trying to connect?
Aris’s finger hovered over the disconnect button. But he didn’t press it. Instead, he typed a message into a backdoor diagnostic prompt—a command so old it predated RDP’s security model:
> /query session
The response came after a three-second delay. Three seconds of silence in the cabin, save for the wind outside.
SESSION: 0x7
STATE: Active
ORIGIN: Kernel (PID 0)
USER: SYSTEM
UPTIME: 34 years, 2 months, 11 days, 4 hours, 7 minutes
Aris blinked. That uptime was older than the machine itself. Older than the building that housed the lab. Older, in fact, than RDP.
The extended error code 0x7 wasn't an error at all. It was a signature. A timestamp. A seat number.
And the seat was already taken.
The webcam light went dark. The remote machine dropped its phantom session. Error 0x904 vanished. The RDP window suddenly prompted: "Enter your credentials."
Aris did not move.
On the screen, the extended error box changed. Just for a moment, before fading into the login prompt:
Extended Error Code 0x7
"Another user is logged on. Your connection has been queued. Please wait. Estimated wait time: 34 years, 2 months, 11 days, 4 hours, 7 minutes."
He reached over and unplugged the router. Then he sat in the dark, wondering who—or what—had been waiting in that empty lab, alone with the webcam on, for longer than he had been alive. And why, tonight of all nights, it had finally decided to answer the call.
Remote Desktop Connection (RDC) is a cornerstone of modern digital workflows, enabling users to access computers and servers from afar. However, this convenience is occasionally disrupted by network and protocol errors. One of the more specific and frustrating issues users encounter is the combination of Error Code 0x904 and Extended Error Code 0x7.
Understanding this error requires dissecting what these specific codes mean, identifying their root causes, and applying targeted troubleshooting steps to restore connectivity. 🔍 Decoding the Error Codes
When the Remote Desktop client fails to establish a session, it generates a numeric code to help administrators diagnose the failure.
Error Code 0x904: This is a broad connection failure code. It typically indicates that the client initiated a connection attempt, but the session was abruptly terminated or could not be completed at the protocol level.
Extended Error Code 0x7: This specific sub-code points directly to a Gateway or Network Layer issue. In Microsoft's Remote Desktop Protocol (RDP) documentation, an extended error of 0x7 usually translates to "The connection was lost due to a network error" or a failure to authenticate through a Remote Desktop Gateway.
Combined, these codes signal that the client cannot reach the target machine because the communication path—often managed by a gateway or firewall—has been severed or blocked. ⚡ Common Causes
The appearance of Error 0x904 (0x7) rarely stems from a single definitive source. Instead, it is usually triggered by one of the following infrastructure issues: The Remote Desktop error 0x904 with extended error
Remote Desktop Gateway Failures: If your organization uses an RD Gateway to secure external connections, server-side glitches or misconfigured resource authorization policies (RAPs) will trigger this error.
Firewall and Security Software Blocks: Overzealous local firewalls, corporate firewalls, or antivirus software may flag the RDP traffic as suspicious and terminate the connection.
Network Instability: Packet loss, high latency, or brief drops in internet connectivity can cause the RDP session to time out during the initial handshake.
MTU Size Mismatch: If the Maximum Transmission Unit (MTU) size on the network router is improperly configured, large RDP packets may be fragmented and dropped, resulting in a lost connection.
Outdated RDP Clients: Older versions of the Remote Desktop app may lack support for newer encryption protocols required by the host server. 🛠️ Step-by-Step Troubleshooting
Resolving this error requires a systematic approach, moving from basic local checks to advanced network configurations. 1. Verify Basic Network Connectivity
Before diving into complex settings, ensure the physical and local network layers are stable. Restart your local router and modem.
Switch from a Wi-Fi connection to a hardwired Ethernet cable to eliminate wireless interference.
Ping the remote server's IP address to check for packet loss. 2. Check Remote Desktop Gateway Settings
If you are connecting to a corporate network, the RD Gateway is the most likely culprit. Open the Remote Desktop Connection window. Click Show Options and navigate to the Advanced tab. Click Settings under "Connect from anywhere."
Ensure the gateway server address is correct. If you are on the local network, try changing the setting to "Automatically detect RD Gateway server settings" or bypassing the gateway entirely. 3. Adjust MTU Settings
If the error is caused by packet fragmentation, adjusting the MTU size on your network adapter can resolve it. Open the Command Prompt as an Administrator.
Type netsh interface ipv4 show subinterfaces to see your current MTU (usually 1500).
If fragmentation is suspected, reduce the MTU by typing: netsh interface ipv4 set subinterface "Ethernet" mtu=1400 store=persistent (replace "Ethernet" with your actual network adapter name). 4. Update the Remote Desktop Client
Ensure your client software can handle the security protocols of the host.
If using Windows, ensure your OS is fully updated via Windows Update.
If using the Microsoft Remote Desktop app from the Microsoft Store, check for available updates.
Mac, iOS, and Android users should update their respective apps through their device's app store. 5. Review Firewall and Antivirus Rules
Ensure that port 3389 (the default port for RDP) and port 443 (if using an RD Gateway) are allowed.
Temporarily disable your third-party antivirus or firewall to see if the connection goes through.
If it does, create an explicit inbound and outbound rule in your security software to allow the Remote Desktop application. 📌 Conclusion
The Remote Desktop Connection error 0x904 with extended error 0x7 is a classic symptom of a broken communication bridge between the client and the host. While it looks intimidating, it almost always points to a gateway misconfiguration, a strict firewall, or packet fragmentation on the network. By methodically checking the gateway settings, updating software, and ensuring network stability, users can successfully bypass this roadblock and restore their remote access.
Fix Remote Desktop Error 0x904 (Extended Error 0x7) Connecting to a remote PC should be seamless, but the Remote Desktop Connection error code 0x904, extended error code 0x7 is a frustrating roadblock. This specific error usually pops up when the client can’t establish a secure handshake with the host, often due to network instabilities or security mismatches.
Here is a comprehensive guide to getting your connection back online. What Causes Error 0x904 (0x7)?
Unlike generic "PC not found" errors, code 0x904 with extended code 0x7 typically points to: Network Level Authentication (NLA) failures. Waking issues (the PC is in Sleep or Hibernation mode). Firewall interference blocking specific RDP ports. Outdated RDP clients or corrupted local cache. Step 1: Disable Network Level Authentication (NLA)
NLA is a security layer that requires the user to authenticate before a session is established. While safer, it often triggers 0x904 if there is a credential mismatch.
On the host PC, press Win + R, type sysdm.cpl, and hit Enter. Go to the Remote tab.
Uncheck the box that says "Allow connections only from computers running Remote Desktop with Network Level Authentication." Click Apply and try connecting again. Step 2: Adjust Power Management Settings
The most common "silent" cause of error 0x7 is the host computer falling asleep. RDP cannot wake a computer that is fully asleep unless "Wake-on-LAN" is configured. On the host PC, go to Settings > System > Power & Sleep. Set "Sleep" to Never while plugged in.
Go to Device Manager, find your Network Adapter, right-click it, and select Properties.
Under Power Management, ensure "Allow the computer to turn off this device to save power" is unchecked. Step 3: Configure Windows Firewall
Even if RDP is enabled, the specific ports might be throttled or blocked by a recent Windows Update.
Open Control Panel > System and Security > Windows Defender Firewall.
Click Allow an app or feature through Windows Defender Firewall.
Find Remote Desktop and ensure both Private and Public boxes are checked.
If you use a third-party antivirus (like Norton or McAfee), you may need to manually open TCP port 3389. Step 4: Clear the RDP Cache (Client Side)
If the error persists on your local machine, your stored connection data might be corrupted. Open Remote Desktop Connection.
In the "Computer" field, click the dropdown and delete the IP/Name of the problematic host. Open File Explorer and go to C:\Users\%Username%\Documents.
Find the hidden file named Default.rdp (you may need to enable "Hidden items" in the View tab) and delete it. Restart the RDP client. Step 5: Registry Tweak for Security Providers
If you are still seeing 0x904, you can force the security layer via the Registry Editor. Press Win + R, type regedit, and hit Enter.
Navigate to: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp Find the SecurityLayer DWORD.
Double-click it and change the value to 1. (0 is RDP Security, 1 is Negotiate, 2 is SSL). Restart the computer. Summary Table Potential Cause Authentication Mismatch Disable NLA in System Properties Host PC Asleep Set Power Mode to "Never Sleep" Port Blocked Open TCP 3389 in Firewall Corrupt Credentials Delete Default.rdp and clear history
Are you connecting over a local network or via a VPN/Internet connection?
Microsoft patched a CredSSP vulnerability in 2018. If the RDP host has the “Force updated clients” or “Mitigated” group policy setting, but the client is not patched or has an older setting, authentication fails with extended code 0x7.
For Error Code 0x904 with Extended Error 0x7, the most frequent culprit is a local firewall rule blocking the port or a corrupted user session on the host. By restarting the services and ensuring the firewall allows the connection, the issue is typically resolved within minutes.
On the RDP host, open Computer Management → Local Users and Groups → Users. Verify the account is: