1
RDP connection to Windows 10 client fails with code 0x904
I have a Win10 workstation to which I cannot RDP. I use the built-in RDP client from Win11. The connection fails with the following message (translated from German):
"Error code: 0x904
Extended error code: 0x7"
The workstation is fully set up and working fine otherwise. A lot of customization has been done by the main user. Would be a shame to have to do all this again. However, RDP is vital for the use case on this machine.
Unfortunately, I had trusted the main user with installing his own software. And for whatever reason he had been running Windows 7 Firewall Controll, and then later removed it. He contacted me when he found he cannot longer RDP.
What I have already tried:
- connecting via NetBios name as well as IPv4 address (both pingable)
- resetting the Windows firewall
- fully disabling Windows firewall
- resetting the complete network settings as per Win10
- uninstalling the network device from device manager (including driver software) and reinstalling it
- use a different NIC on this machine
- connect from a different guest (even Android)
- use Win10 Firewall Control portable to access the existing rules, but no avail (all has been deleted)
- use the Windows Store RDP app, it also fails to connect with this output (translated from German):
"Error code: 0x4
Extended Error code: 0x0
Activity ID: {98bd10a7-6d18-4103-9336-91673e6a0000}"
What I have checked:
- RDP related services are running
- RDP related firewall rules are set and enabled (plus disabling the firewall does not help)
- I can ping the machine
- I can access shared folders
- I can RDP into a different Windows 10 installation on the same machine (it's dual boot)
What else can I do?
"Error code: 0x904
Extended error code: 0x7"
The workstation is fully set up and working fine otherwise. A lot of customization has been done by the main user. Would be a shame to have to do all this again. However, RDP is vital for the use case on this machine.
Unfortunately, I had trusted the main user with installing his own software. And for whatever reason he had been running Windows 7 Firewall Controll, and then later removed it. He contacted me when he found he cannot longer RDP.
What I have already tried:
- connecting via NetBios name as well as IPv4 address (both pingable)
- resetting the Windows firewall
- fully disabling Windows firewall
- resetting the complete network settings as per Win10
- uninstalling the network device from device manager (including driver software) and reinstalling it
- use a different NIC on this machine
- connect from a different guest (even Android)
- use Win10 Firewall Control portable to access the existing rules, but no avail (all has been deleted)
- use the Windows Store RDP app, it also fails to connect with this output (translated from German):
"Error code: 0x4
Extended Error code: 0x0
Activity ID: {98bd10a7-6d18-4103-9336-91673e6a0000}"
What I have checked:
- RDP related services are running
- RDP related firewall rules are set and enabled (plus disabling the firewall does not help)
- I can ping the machine
- I can access shared folders
- I can RDP into a different Windows 10 installation on the same machine (it's dual boot)
What else can I do?
Auf Facebook teilen
Auf Twitter teilen
Auf Reddit teilen
Auf Linkedin teilenBitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 668888
Url: https://administrator.de/contentid/668888
Ausgedruckt am: 21.11.2024 um 19:11 Uhr
1 Kommentar
Figured it out myself. Turns out there was an issue with the TLS certificate used for RDP services. I had to delete the current one.
I found got a System error event in the logs relating to the source "Schannel" (id 36870) and the TLS server private key. I also got a security Audit failure event (id 5016) pointing me to the TSSecKeySet1, which apparently failed to open.
The solution was to delete the TSL certificate used by RDP service. I did this via the mmc and the snap-in "Certificates"., where there is a section for Remote Desktop. It seems you can just delete the RDP certificate and a new one gets created upon next connection.
This old article also pointed me in the right direction:
https://oli.new-lan.de/2017/11/probleme-mit-rdp-schannel-event-id-36870- ...
I found got a System error event in the logs relating to the source "Schannel" (id 36870) and the TLS server private key. I also got a security Audit failure event (id 5016) pointing me to the TSSecKeySet1, which apparently failed to open.
The solution was to delete the TSL certificate used by RDP service. I did this via the mmc and the snap-in "Certificates"., where there is a section for Remote Desktop. It seems you can just delete the RDP certificate and a new one gets created upon next connection.
This old article also pointed me in the right direction:
https://oli.new-lan.de/2017/11/probleme-mit-rdp-schannel-event-id-36870- ...
Log Name: System
Source: Schannel
Date: 20.10.2024 19:47:00
Event ID: 36870
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: xxx
Description:
A fatal error occurred when attempting to access the TLS server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1f678132-5938-4686-9fdc-c8ff68f15c85}" />
<EventID>36870</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2024-10-20T17:47:00.7027659Z" />
<EventRecordID>55148</EventRecordID>
<Correlation ActivityID="{faca067a-2310-0002-d506-cafa1023db01}" />
<Execution ProcessID="980" ThreadID="596" />
<Channel>System</Channel>
<Computer>xxx</Computer>
<Security UserID="xxx" />
</System>
<EventData>
<Data Name="Type">server</Data>
<Data Name="ErrorCode">0x8009030d</Data>
<Data Name="ErrorStatus">10001</Data>
</EventData>
</Event>Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 20.10.2024 19:47:00
Event ID: 5061
Task Category: System Integrity
Level: Information
Keywords: Audit Failure
User: N/A
Computer: xxx
Description:
Cryptographic operation.
Subject:
Security ID: NETWORK SERVICE
Account Name: xxx
Account Domain: xxx
Logon ID: 0x3E4
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: UNKNOWN
Key Name: TSSecKeySet1
Key Type: Machine key.
Cryptographic Operation:
Operation: Open Key.
Return Code: 0x80090016
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5061</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12290</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2024-10-20T17:47:00.7027575Z" />
<EventRecordID>259778</EventRecordID>
<Correlation ActivityID="{faca067a-2310-0002-d506-cafa1023db01}" />
<Execution ProcessID="980" ThreadID="596" />
<Channel>Security</Channel>
<Computer>xxx</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">xxx</Data>
<Data Name="SubjectUserName">xxx</Data>
<Data Name="SubjectDomainName">xxx</Data>
<Data Name="SubjectLogonId">0x3e4</Data>
<Data Name="ProviderName">Microsoft Software Key Storage Provider</Data>
<Data Name="AlgorithmName">UNKNOWN</Data>
<Data Name="KeyName">TSSecKeySet1</Data>
<Data Name="KeyType">%%2499</Data>
<Data Name="Operation">%%2480</Data>
<Data Name="ReturnCode">0x80090016</Data>
</EventData>
</Event>
2
