: The Remote Desktop Service generates its own self-signed Transport Layer Security (TLS) certificate to secure the session. If this certificate expires or fails to automatically renew, the client drops the handshake immediately due to security invalidation.
: Navigate downstream through the policy tree: Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security
If issues persist, use gpedit.msc to set the security layer for RDP connections to "RDP" in Group Policy. Alternatively, consider temporarily disabling Network Level Authentication (NLA) to test connectivity. : The Remote Desktop Service generates its own
On the remote machine (via out-of-band management or console):
folder might be corrupt, preventing certificate generation. Renaming the folder C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys MachineKeys_old and rebooting can fix this. www.remoteaccesspcdesktop.com Alternative Workarounds Microsoft Store App Remote Desktop app and given their hexadecimal format
Windows maintains a cache of RDP licenses in the registry. If this cache becomes corrupted—often due to abrupt shutdowns, virtual machine snapshots being reverted, or changes in the network adapter—the client presents a "dirty" license. The server sees this invalid token, fails to validate it (0x904), and in its frustration, resets the connection (0x7) to clear the state.
Signals that the network connection is unstable, packets are being lost, or the Virtual Private Network (VPN) is too slow or improperly configured. packets are being lost
On client: Open → Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Connection Client Set Turn Off UDP On Client to Enabled .
Upgrading to newer operating systems (such as Windows 11 or Windows Server 2022) introduces stricter encryption standards. If the client and host cannot agree on mutually supported Network Level Authentication (NLA) rules, code 0x904 is thrown.
Without a specific definition for these error codes in public documentation, and given their hexadecimal format, they could relate to a variety of issues, including but not limited to:
Scroll down and verify that and Remote Desktop (WebSocket) are allowed on both Private and Public networks.