I Remote Desktop Connection Error Code 0x904 Better

On RDP server:

# Get a valid cert (internal CA or public) with Server Authentication EKU
# Then assign to RDP listener
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object  $_.Subject -like "*your_hostname*" 
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$($cert.Thumbprint)"

Or via GUI:

Before blindly applying registry hacks, let’s decode the error. Unlike generic “connection failed” messages, error 0x904 has specific roots in the RDP authentication and authorization pipeline.

In technical terms, 0x904 translates to:
SSL_ERR_NO_AUTH_CERT or a related certificate validation failure.
In plain English: The remote computer refused to establish a secure connection because it couldn’t verify the identity of the client or server—or because the encryption protocols don’t match. i remote desktop connection error code 0x904 better

Unlike error 0x204 (network issues) or 0x516 (licensing), 0x904 sits squarely in the domain of security, certificates, and TLS (Transport Layer Security). Common culprits include:

The keyword here is “better” — so let’s move beyond turning the firewall off and actually diagnose the root cause.

Are you trying to connect to an office PC? On RDP server: # Get a valid cert

Follow these troubleshooting steps in order, starting with the easiest fixes.

Ensure your local and remote systems are fully updated, especially KB patches related to CredSSP (CVE-2018-0886).

When you enable RDP on Windows, the system auto-generates a self-signed certificate. If corrupted or expired (often after a major update or cloning a VM), error 0x904 appears. Or via GUI: Before blindly applying registry hacks,

Steps to reset the certificate:

On the remote PC:

  • Start Remote Desktop Services again. Windows will generate a fresh certificate.
  • Test the connection from the client.
  • Reinstall from Store, or better yet, use the classic mstsc:

    • On RDP server:

    # Get a valid cert (internal CA or public) with Server Authentication EKU
# Then assign to RDP listener
$cert = Get-ChildItem Cert:\LocalMachine\My | Where-Object  $_.Subject -like "*your_hostname*" 
wmic /namespace:\\root\cimv2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="$($cert.Thumbprint)"

    Or via GUI:

    Before blindly applying registry hacks, let’s decode the error. Unlike generic “connection failed” messages, error 0x904 has specific roots in the RDP authentication and authorization pipeline.

    In technical terms, 0x904 translates to:
    SSL_ERR_NO_AUTH_CERT or a related certificate validation failure.
    In plain English: The remote computer refused to establish a secure connection because it couldn’t verify the identity of the client or server—or because the encryption protocols don’t match.

    Unlike error 0x204 (network issues) or 0x516 (licensing), 0x904 sits squarely in the domain of security, certificates, and TLS (Transport Layer Security). Common culprits include:

    The keyword here is “better” — so let’s move beyond turning the firewall off and actually diagnose the root cause.

    Are you trying to connect to an office PC?

    Follow these troubleshooting steps in order, starting with the easiest fixes.

    Ensure your local and remote systems are fully updated, especially KB patches related to CredSSP (CVE-2018-0886).

    When you enable RDP on Windows, the system auto-generates a self-signed certificate. If corrupted or expired (often after a major update or cloning a VM), error 0x904 appears.

    Steps to reset the certificate:

    On the remote PC:

  • Start Remote Desktop Services again. Windows will generate a fresh certificate.
  • Test the connection from the client.
  • Reinstall from Store, or better yet, use the classic mstsc: