Restart the Remote Desktop Services by opening Command Prompt as an admin and running: restart-service termserv -force . Windows will automatically generate a new, valid certificate. 2. Configure Firewall Exceptions
Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" Use code with caution.
Software conflicts, particularly from background applications, security tools, or system utilities, can interfere with RDP and cause error 0x904. Performing a clean boot on both the client and the server can help identify the culprit.
Access the host machine locally or via an alternative remote tool. Certificates MMC snap-in certlm.msc Navigate to Remote Desktop > Certificates
Windows 11 builds (22H2 and later) sometimes have hostname resolution bugs that trigger 0x904. In the Remote Desktop Connection window, enter the IP address of the target machine (e.g., 192.168.1.50 ) instead of the computer name. Alternatively, use the Microsoft Store Remote Desktop app i remote desktop connection error code 0x904 install
Ensure both and Remote Desktop (WebSocket) are checked for both Private and Public networks.
Ensure your VPN provides sufficient bandwidth and isn't dropping packets.
If the issue persists, verify that is open using PowerShell: Test-NetConnection [ComputerName] -Port 3389 . 3. Use the IP Address Instead of Hostname
In the Azure Portal, go to your VM and select . Restart the Remote Desktop Services by opening Command
When a fresh Windows installation or a major update occurs, the default group policy for CredSSP may revert to a stricter setting. Consequently, a previously functional RDP connection breaks, returning 0x904.
attrib -r -s -h %WinDir%\System32\mstsc.exe attrib -r -s -h %ProgramFiles%\Remote Desktop /s /d
Increase connections by running: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536 .
Security suites flag RDP network traffic after system updates. Deep packet inspection abruptly terminates active ports. Step-by-Step Solutions to Fix Error 0x904 1. Recreate Expired RDP Self-Signed Certificates Access the host machine locally or via an
Low bandwidth, high packet loss, or slow VPN connections can trigger this timeout. Firewall & Antivirus Blocks: Security software may block even if RDP is technically enabled. Azure VM Corruption: In Azure environments, a corrupt MachineKeys
| Strategy | Description | When to Use | |:----------|:-------------|:--------------| | | Examine the Windows Event Viewer logs on both client and server to pinpoint the exact failure point. Look under Applications and Services Logs > Microsoft > Windows > TerminalServices-LocalSessionManager for entries around the time of the failed connection. | When you need to differentiate between a network timeout, an authentication failure, or a certificate error. | | Third-Party Tool Conflicts | Temporarily uninstall any third-party remote access tools or RDP wrappers. Tools like RustDesk, TeamViewer, or VNC can sometimes intercept RDP traffic at a low level, replacing expected error codes with 0x904. | When you have recently installed or updated a remote access tool and the problem began after that. | | Reset RDP Configuration | Reset the entire Remote Desktop configuration to its default state. Open an elevated Command Prompt and run: net stop TermService , then del %systemroot%\system32\GroupPolicy\Machine\Registry.pol , and finally net start TermService . You may also need to delete the existing RDP listener configuration by running wmic /namespace:\\root\cimv2\TerminalServices path Win32_TerminalServiceSetting where (__CLASS !="") call SetAllowTSConnections 1 . | When other solutions fail and you suspect deep-seated corruption in the RDP subsystem. |
Before diving into more advanced troubleshooting, start with these foundational checks:
This is the most common resolution for persistent 0x904 errors on physical servers. www.remoteaccesspcdesktop.com
: For Azure Virtual Machines, 0x904 is often caused by a corrupt certificate store. Admins have fixed this by renaming the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and rebooting the server. www.remoteaccesspcdesktop.com Are you attempting to connect to a local workstation cloud-hosted server like Azure?