Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 Best Access
Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 Best Access
Recent builds (22H2+) sometimes struggle with hostname resolution for RDP, throwing this error even when the network is fine.
: Use the Group Policy Editor ( gpedit.msc ) on the server. Navigate to Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security .
To resolve this, check the SCHANNEL\Protocols registry key on both the client and the server: HKLM SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols . Compare the enabled TLS versions (TLS 1.0, 1.1, 1.2, 1.3) between the working and non-working machines. Ensure both are configured to support a common protocol, such as TLS 1.2. To resolve this, check the SCHANNEL\Protocols registry key
Change the underlying protocol from to WireGuard or OpenVPN (TCP) .
Avoid using a mix of outdated security settings across your environment. Whether you use NLA, TLS 1.2, or specific cipher suites, apply the same configuration policies to all servers and client workstations. Standardization eliminates the compatibility mismatches that often trigger the 0x904 error. Change the underlying protocol from to WireGuard or
Run these on the (as Admin) to capture detailed logs:
, often caused by expired certificates, firewall blocks, or compatibility issues with newer Windows versions like Windows 11. Step 1: Fix Expired RDP Certificates often caused by expired certificates
For Azure VMs, a corrupted key store often causes this error. This guide from remoteaccesspcdesktop.com details using Azure Portal's "Run command" to rename the MachineKeys folder, which forces a rebuild of the certificate store upon restart. After Windows 11 Upgrade RDP Error 0x904 extended error 0x7