Run this command: Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" . the VM from the portal. 3. Configure Firewall & Antivirus Exceptions
The most common cause of this error on Windows Servers or Azure VMs is an expired self-signed certificate.
Open gpedit.msc → Computer Configuration → Admin Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Security → → Set to Negotiate or RDP .
The server’s self-signed RDP certificate has expired or its private key is inaccessible.
If you want, I can turn this into a printable one-page checklist, a troubleshooting flowchart, or a sample PowerShell script to automate the diagnostic tests. Which would you prefer? Configure Firewall & Antivirus Exceptions The most common
Try using the host's IP address instead of its hostname. This bypasses potential DNS resolution issues that sometimes surface as 0x904, particularly on newer Windows 11 builds.
ipconfig /flushdns ipconfig /registerdns ipconfig /release ipconfig /renew netsh winsock reset Use code with caution. Restart your computer. Step 5: Check Network Level Authentication (NLA)
Remote Desktop error code typically indicates a general network connection failure . It most often occurs due to network instability, expired security certificates on the host machine, or firewall interference. Most Common Fixes
Quick targeted fixes by root cause
: If connecting via VPN, verify your bandwidth. A slow or dropping VPN tunnel is a frequent cause of the 0x7 extended error .
The most frequent cause of error 0x904 on Windows Server and Azure VMs is a corrupt MachineKeys repository or an expired RDP self-signed certificate. Clearing out old data forces Windows to regenerate clean keys. Press Win + R , type services.msc , and press Enter .
1. Rebuild Corrupt Cryptographic Keys and Reinitialize the RDP Certificate
Extended error 0x7 often points to a session conflict. If the user account has a disconnected session that failed to close properly, the server may reject the new connection. If you want, I can turn this into
The source IP was 127.0.0.1.
Under , ensure "Allow the computer to turn off this device to save power" is unchecked . Step 3: Configure Windows Firewall
If updating isn’t possible, adjust CredSSP settings on the :
Log into the host locally, open the Certificates MMC snap-in ( certlm.msc ), and navigate to Remote Desktop > Certificates . If the certificate is expired, delete it and restart the Remote Desktop Services ( termserv ) to force Windows to generate a new one. What Causes Error 0x904 (0x7)?
Here is a comprehensive guide to getting your connection back online. What Causes Error 0x904 (0x7)?