On the server (via console or remote PowerShell if possible):

Open gpedit.msc → Computer Configuration → Admin Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security → Require use of specific security layer for remote (RDP) connections → Set to Negotiate or RDP.

Then restart TermService:

net stop TermService & net start TermService

This specific error is rarely due to network outages or firewalls. It is almost always a configuration or credential policy mismatch between the client and host.

If the profile is correct, the specific RDP rule may be disabled in Windows Defender Firewall.

While Error Code 0x904 is a generic connection failure, the Extended Error Code 0x7 helps narrow down the issue to a few specific scenarios:

Between client and server, ensure no device corrupts the TLS stream:

  • DNS or name-resolution failures
  • Firewall or port blocking
  • Remote Desktop service configuration
  • TLS/Encryption or certificate issues
  • Network Level Authentication (NLA) mismatch
  • Intermediate devices (VPNs, proxies, load balancers)
  • Local client configuration or corrupted cache