Remote Desktop Protocol (RDP) is a critical infrastructure tool for IT administrators and remote workers alike. However, encountering cryptic error codes can halt productivity instantly. One such elusive error is Code 0x904.
While less common than errors like 0x204 or licensing issues, 0x904 typically indicates a failure in the Remote Desktop Gateway handshake or a resource allocation interruption. When this error appears during an "install" scenario—whether you are trying to install an application via RDP or deploying RDP capabilities themselves—it points to a breakdown in the transport layer or security policy enforcement.
This article provides a "deep" analysis of the causes and a step-by-step resolution guide.
When this error occurs, users often experience the following:
Run these as Administrator:
:: Check for read-only System32 attrib %WinDir%\System32\mstsc.exe:: Check registry writeability reg query HKLM\SOFTWARE\Microsoft\Terminal Server Client /ve
:: Verify write protection on volume fsutil volume query C:
:: Test writing temp file echo test > %Temp%\rdp_test.txt
:: Check for locked MSLicensing key reg load HKLM\TempMSLicensing %WinDir%\System32\config\software
Unlike many RDP errors that relate to network connectivity or firewalls, error 0x904 is specifically a session limitation issue. It commonly occurs in the following scenarios: i remote desktop connection error code 0x904 install
The RDP client installation uses Windows servicing stack (DISM / CBS). If the component store (%WinDir%\WinSxS) is corrupted or locked by another process, writing new RDP binaries fails with generic error 0x904.
The "i remote desktop connection error code 0x904 install" is a solvable Windows corruption issue. To recap the most effective fixes:
Do not reinstall Windows from scratch until you have attempted the In-Place Upgrade method. It preserves all your data while completely rebuilding the Remote Desktop infrastructure. Once resolved, avoid third-party registry cleaners, and you will likely never see error 0x904 again.
Need further assistance? Check the Microsoft Q&A forum for 0x904 or use the Get-WindowsErrorReporting PowerShell cmdlet to generate a detailed crash log.
Remote Desktop error code is often described by IT professionals as a "
silent ghost" error because it frequently appears on servers that have worked perfectly for months, only to suddenly block access without any prior warning or obvious configuration change www.remoteaccesspcdesktop.com The "Silent" Root Causes
Experts and system administrators have identified that this specific error rarely stems from a single setting but is usually triggered by one of the following "invisible" issues: Expired RDP Certificates
: This is the most common culprit discovered by admins in troubleshooting communities. Windows creates self-signed certificates for Remote Desktop that do not always renew automatically. When they expire, the connection fails with 0x904. Network Instability
: Unlike other codes that signal a complete block, 0x904 often points to "dodgy" or unstable network paths, such as insufficient VPN bandwidth, packet loss, or mismatched encryption ciphers. Windows 11 Compatibility Quirks
: In builds 22H2 and later, some users found that hostname resolution specifically for RDP is buggy, causing 0x904 unless an IP address is used instead. www.remoteaccesspcdesktop.com Top Recommended "Reviewer" Fixes Based on successful documentation from IT forums like Microsoft Q&A , these are the most effective solutions: Renew the Self-Signed Certificate certlm.msc on the host machine. Navigate to Remote Desktop > Certificates Delete the expired certificate and restart the Remote Desktop Services (TermService) to force Windows to generate a fresh one. Bypass DNS with IP Addresses Remote Desktop Protocol (RDP) is a critical infrastructure
: If you are on Windows 11, try connecting using the remote machine's internal IP address (e.g., 192.168.1.50) rather than its computer name. Switch to the Microsoft Store App : Many professionals recommend using the Microsoft Remote Desktop app from the Store rather than the built-in
, as the Store version uses a more resilient networking stack that often bypasses the 0x904 error. The Azure "MachineKeys" Fix
: For Azure Virtual Machines, 0x904 is often caused by a corrupt certificate store. Admins have fixed this by renaming the C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and rebooting the server. www.remoteaccesspcdesktop.com Are you attempting to connect to a local workstation cloud-hosted server like Azure?
The Remote Desktop error code 0x904 (often accompanied by extended error 0x7) is a common hurdle for IT admins and remote workers. It typically signals a communication breakdown between your computer and the remote host, often due to expired security certificates or network instability.
Here is a short story of how an admin might encounter and solve this issue: The "Silent Expiration" Mystery
Imagine a Tuesday morning where everything seems normal until you try to log into a critical Windows Server. Instead of the familiar desktop, you're hit with a popup: "This computer can't connect to the remote computer. Error code: 0x904".
You check the server—it’s online. You check other servers on the same subnet, and they work perfectly. This "random" behavior is the first clue. As documented by experts at TheITBros.com, this error often stems from unstable network paths or VPN bottlenecks, but when it's specific to just one machine, the culprit is usually deeper. The Investigation
After digging through Reddit, you realize the issue might be an expired self-signed certificate. RDP uses these certificates to secure the "tunnel" between machines. If the certificate expires—which happens silently without warning—the connection simply drops.
To resolve this, you might follow these steps used by seasoned sysadmins:
Renew the Certificate: Log in locally (or via another remote tool) and open the Certificates manager (certlm.msc). Under Remote Desktop > Certificates, you find the expired one, delete it, and restart the Remote Desktop Services. Windows then automatically generates a fresh, valid certificate. When this error occurs, users often experience the
Firewall Check: Sometimes, a simple rule change is needed. As suggested by users on Spiceworks Community, you verify that both "Remote Desktop" and "Remote Desktop (WebSocket)" are allowed through the Windows Firewall on both ends.
The Windows 11 Workaround: If you are on Windows 11 and still stuck, a known fix discussed on the Devolutions Forum is to connect using the server's IP address instead of its hostname, or to switch to the Microsoft Store version of the Remote Desktop app.
Once the new certificate is in place and the network path is clear, the connection is restored, and the 0x904 error vanishes as quickly as it appeared. Unable to RDP into some Windows Servers - Error code: 0x904
This guide explains what causes error 0x904 and provides step-by-step instructions to resolve it.
The most common root cause of 0x904 after an installation is a CredSSP version mismatch. In 2018, Microsoft released patches for a critical vulnerability (CVE-2018-0886) nicknamed “CredSSP Remote Code Execution.” These patches introduced three encryption levels: Vulnerable, Mitigated, and Force Updated. If your client machine received a post-patch update, but the remote server did not (or vice versa), the encryption handshake fails. Error 0x904 is often the silent flag raised by the client when the server refuses the newer, more secure encryption level.
When a fresh Windows installation or a major update occurs, the default group policy for CredSSP may revert to a stricter setting. Consequently, a previously functional RDP connection breaks, returning 0x904.
Because mstsc.exe runs as a child process of explorer.exe, a buggy shell extension can cause the RDP client to fail with code 0x904. The primary culprits are NVIDIA Display Container LS and Intel Graphics Shell Extension.
Temporary fix (to test):
Permanent fix: Use Autoruns from Microsoft Sysinternals to disable all non-Microsoft shell extensions.