Under Network profile type , change the selection from Public to . 5. Repair Corrupted System Files
Windows automatically provisions a self-signed certificate to encrypt Remote Desktop Protocol (RDP) traffic. If this local certificate expires, or if the Network Service account loses access to its underlying private key, the TLS initialization fails, generating error 0x904. How to fix it: Unable to RDP into some Windows Servers - Error code: 0x904
Restart the Remote Desktop Services by opening Command Prompt as an admin and running: restart-service termserv -force . Windows will automatically generate a new, valid certificate. 2. Configure Firewall Exceptions
This is the most common resolution for persistent 0x904 errors on physical servers. www.remoteaccesspcdesktop.com
The built-in RDP client on Windows may cause problems. Installing the modern "Microsoft Remote Desktop" client from the Microsoft Store can resolve the 0x904 error. i remote desktop connection error code 0x904 install
By systematically addressing the TLS negotiation and User Account Control policies, Error 0x904 can typically be resolved, allowing for successful remote connection and software deployment.
Sometimes, DNS issues prevent the RDP client from resolving the remote computer's name correctly, leading to a 0x904 error.
NLA is a security feature that authenticates users before a full RDP session is established. If NLA is enforced on the server but your client (or the install script) does not support it, 0x904 can occur.
A misconfigured firewall can block the TLS handshake necessary for the connection. Under Network profile type , change the selection
Before diving into the solutions, it helps to understand why this error happens. The most common culprits include:
Create a brand new folder in that directory named MachineKeys .
Network connectivity is a frequent culprit:
You’re trying to remote into your work PC. You type in the IP, enter your credentials, and then — boom. A dialog box that makes your eye twitch: If this local certificate expires, or if the
Reboot the VM to allow it to recreate a healthy certificate store. 5. Alternative RDP Clients
Click , wait for completion, and Reboot the virtual server to auto-deploy clean cryptographic directories.
Even if Test-NetConnection succeeds, some sophisticated hardware firewalls (like Palo Alto) allow a ping or port test but still drop the application traffic if there isn't an exact application rule for RDP. Work with your network administrator to verify this.