Skip to Main Content

Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 Best [GENUINE]

Remote Desktop error 0x904 (Extended Error 0x7) is a general connectivity failure usually triggered by expired self-signed certificates, network instability, or firewall blocks. Top Fixes for Error 0x904 / 0x7

Renew Expired RDP CertificatesRDP relies on a self-signed certificate that may not auto-renew. If this certificate expires, the connection will fail instantly.

Log into the host machine locally or via an alternative tool. Run certlm.msc to open the certificate manager. Navigate to Remote Desktop > Certificates. If the certificate is expired, Delete it.

Restart the Remote Desktop Services (termserv) via the Services app or PowerShell (restart-service termserv -force) to trigger the generation of a new certificate.

Fix Corrupt Certificate Store (Azure VMs)If you are using an Azure Virtual Machine, a corrupt MachineKeys folder can prevent RDP from functioning.

Use the Run Command feature in the Azure Portal to execute this PowerShell command:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM to allow Windows to rebuild the folder.

Verify Firewall and Port 3389Firewalls may block RDP traffic even if the service is enabled. Remote Desktop error 0x904 (Extended Error 0x7 )

Use PowerShell to test connectivity: Test-NetConnection [Remote_IP] -Port 3389.

On the host machine, ensure Remote Desktop and Remote Desktop (WebSocket) are allowed for both Public and Private networks in the Windows Firewall.

Adjust Security LayersMismatched encryption settings between the client and host can cause 0x904. On the host, open gpedit.msc.

Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Set Require use of specific security layer for remote (RDP) connections to Enabled and select RDP from the dropdown.

Disable Require user authentication... using Network Level Authentication (NLA) as a test to see if the connection establishes. Summary of Likely Causes Unable to RDP into some Windows Servers - Error code: 0x904 Fix 1: Clear the Local RDP License Cache

Fix 1: Clear the Local RDP License Cache (Most Effective for Error 0x7)

Since extended error 0x7 often means "cannot store the license," deleting the corrupted cache forces a fresh license negotiation.

  1. Close all RDP sessions.
  2. Press Win + R, type %windir%\system32\mstsc.exe (do not open via Start menu yet).
  3. Navigate to the cache folder:
    • Open File Explorer and go to: %localappdata%\Microsoft\Terminal Server Client\Cache
    • Alternatively: C:\Users\YourUsername\AppData\Local\Microsoft\Terminal Server Client\Cache
  4. Delete all files inside the Cache folder (files like cache.bin, bcache.bin).
  5. Also delete Default.rdp in the parent folder (...\Terminal Server Client\).
  6. Restart your computer and try connecting again.

Step-by-Step Fixes (Listed by success rate)

Summary

Error Code 0x904 with Extended Error 0x7 is an authentication handshake failure.

  1. For Cloud/Azure Users: It is almost certainly a token caching issue. Reset the WAM or use the Web Client.
  2. For Local Users: Check your Group Policy settings regarding Credential Delegation and NLA.

Did these fixes work for you? Let us know in the comments if you found a different solution!

The Remote Desktop connection error 0x904 (Extended Error Code: 0x7) is a common RDP issue that typically indicates a network connection failure security certificate problem

. It often occurs after Windows updates (especially Windows 11) or when using a VPN

Here is a summary of the best troubleshooting steps compiled from expert blog posts and technical forums: 1. Fix Expired RDP Certificates (Most Common Solution) Close all RDP sessions

If you can connect to some servers but not others, an expired self-signed certificate on the host machine is a likely culprit : Log in to the host machine locally or via another tool. Certificates (Local Computer) by running certlm.msc Navigate to Remote Desktop > Certificates Find the expired certificate, right-click, and Restart the Remote Desktop Services ) via Command Prompt as Administrator: restart-service termserv -force . Windows will automatically generate a fresh certificate 2. Rename Corrupt MachineKeys (For Azure VMs)

If you are using an Azure Virtual Machine, a corrupt certificate store may prevent RDP from creating new certificates : Use the Azure Portal's Run Command feature to execute a PowerShell script:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" : Reboot the server 3. Adjust Firewall & Antivirus Settings Security software like Bitdefender or the native Windows Firewall may block the connection Remote Desktop (WebSocket)

are allowed through the firewall for both Private and Public networks

: Try temporarily disabling third-party antivirus to see if the connection is restored 4. Network & Connection Quick Fixes