Download the modern Remote Desktop app from the Microsoft Store. Many users find this version connects successfully when the legacy tool fails. 4. Disable UDP on the Client
TLS handshake packets can exceed the MTU of intermediate VPNs or tunnels. When fragmentation is mishandled, the client receives incomplete certificate chains, leading to a handshake timeout → 0x904.
The self-signed RDP certificate on the server is often the culprit, especially in Azure or virtualized environments. rdp 0x904
Troubleshooting Remote Desktop Error 0x904: A Guide to Restoring Connectivity
: Renewed the self-signed RDP certificate via wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="NewThumbprint" . Issue resolved. Download the modern Remote Desktop app from the
Post-CVE-2018-0886 patches enforce Encryption Oracle Remediation policies:
The (often accompanied by extended error 0x7 ) is a connection failure that occurs when a Microsoft Remote Desktop client cannot establish or maintain a stable session with a target computer. While typically categorized as a generic network issue, it is frequently triggered by expired SSL/TLS certificates or corrupted certificate stores on modern versions of Windows and Azure virtual machines. Primary Causes of Error 0x904 Disable UDP on the Client TLS handshake packets
Mixing a fully patched server with an unpatched client (or vice versa) can trigger 0x904 during the CredSSP phase, though it more often gives 0x507 or 0x80090352. However, edge cases produce 0x904 when combined with SSL offloading.
Open certlm.msc and find your RDP certificate under > Certificates .
If the server is forced to use SSL/TLS but the client requests Negotiate with incompatible settings, a handshake failure may produce 0x904.
The local RDP certificate on the host machine has reached its expiration date and failed to auto-renew.