The 0x904 error can occur if the Credential Manager contains a corrupted entry for the target remote computer.
Steps:
Error 0x904 during RDP installation is a low-level STATUS_MEDIA_WRITE_PROTECTED error, not a typical connectivity issue. It means the installer attempted to commit an RDP binary or registry key to a location that refused write access. The fix involves removing read-only attributes, clearing the licensing store, and re-running the component installation via DISM or manual CAB expansion. i remote desktop connection error code 0x904 install
If the error persists after all steps, use
procmon(Process Monitor) to filterResult = ACCESS_DENIEDorWRITE_PROTECTformstsc.exeordism.exeto find the exact offending file path.
Ensure the Remote Desktop server has a valid SSL certificate bound to the RDP listener. The 0x904 error can occur if the Credential
Before diving into registry edits and policy changes, perform these "low-hanging fruit" checks to rule out simple network issues.
The most common root cause of 0x904 after an installation is a CredSSP version mismatch. In 2018, Microsoft released patches for a critical vulnerability (CVE-2018-0886) nicknamed “CredSSP Remote Code Execution.” These patches introduced three encryption levels: Vulnerable, Mitigated, and Force Updated. If your client machine received a post-patch update, but the remote server did not (or vice versa), the encryption handshake fails. Error 0x904 is often the silent flag raised by the client when the server refuses the newer, more secure encryption level. If the error persists after all steps, use
When a fresh Windows installation or a major update occurs, the default group policy for CredSSP may revert to a stricter setting. Consequently, a previously functional RDP connection breaks, returning 0x904.
Error 0x904 is not a hardware failure or a simple mistyped IP address. It is a security dialect barrier. The “install” event that preceded it—whether a Windows update, a new RDP client version, or an RDS role deployment—changed the language of the negotiation table. One side now speaks only modern, patched CredSSP; the other clings to legacy encryption. By harmonizing the CredSSP settings or aligning licensing states, an administrator can silence the ghost of 0x904 and restore the remote session. In the end, this error serves as a reminder: in remote connectivity, compatibility is not a feature—it is a constantly negotiated treaty.
This guide explains what causes error 0x904 and provides step-by-step instructions to resolve it.
While standard RDP uses port 3389, RD Gateway uses 443 (HTTPS) and UDP 3391. If 0x904 appears during the handshake:
Don't worry, it happens to the best of us. Just enter your email address below, and we'll send you a link to reset your password.
If you have an account with that email address, we've just sent you a link to reset your password. Please take a moment to check your inbox (and spam folder).
If you still haven't received an email, please consider trying again or reaching out to our support team. We're always here for you!