Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7

Troubleshooting Remote Desktop Error Code 0x904 (Extended Error 0x7): A Complete Guide

Published by: IT Support Desk
Reading time: 6 minutes

Registry Fix for RDP Session Lock Failure (0x904 specific)

On the RDP host, create or modify:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
DWORD: fDenyTSConnections = 0 (to allow RDP)
DWORD: AllowRemoteRPC = 1

Then:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
DWORD: UserAuthentication = 0 (disables NLA requirement – test only)

Reboot after changes.

Primary Causes of 0x904 + 0x7

This specific error is rarely due to network outages or firewalls. It is almost always a configuration or credential policy mismatch between the client and host. Reboot after changes

Troubleshooting Guide: Remote Desktop Error Code 0x904 (Extended Error 0x7)

Fixes (targeted actions)

  • If connectivity tests fail: resolve routing or ISP issues, coordinate with network administrators.
  • If DNS fails: flush DNS cache (ipconfig /flushdns), update DNS records, or use IP address to connect.
  • If port blocked: open TCP 3389 (or the custom port) on all relevant firewalls and NAT rules.
  • If service misconfigured: re-enable Remote Desktop on server (System Properties → Remote), ensure the service is running, restart the machine if necessary.
  • If NLA/TLS mismatch: temporarily disable NLA on server to test; update client or server to support compatible security protocols; renew or replace expired certificates.
  • If RD Gateway or NAT problem: ensure correct forwarding, TLS passthrough, or proper RD Gateway configuration and that certificate names match.
  • If client corruption: reinstall or update the RDP client, clear cached credentials, and recreate the .rdp file.
  • If intermittent packet loss: use a more reliable network path or fix network hardware causing loss.

5. Check Certificates (Less common for 0x7 but possible)

  • Corrupt or expired RDP self-signed certs can trigger 0x904/0x7.
    On the server, delete the existing RDP certificate:
certlm.msc

Navigate to Remote Desktop folder, delete all certs there.
Restart Remote Desktop Services – new cert auto-generates.

Phase 4: Reset or Repair RDP Session

If a previous session is stuck in a disconnected or locked state: Navigate to Remote Desktop folder

For Azure Virtual Desktop or RDS Gateway

Extended error 0x7 often indicates the Gateway SSL certificate does not match the connection FQDN:

  • Ensure the gateway’s public certificate includes the hostname users are connecting to.
  • Re-import the gateway certificate into the client’s Trusted Root CA store.