Let’s try to figure out how to fix an RDP connection error This computer can’t connect to the remote computer. It occurs when you try to connect to a remote Windows computer or Windows Server host running Remote Desktop Services [RDS] role using the built-in Windows RDP client [mstsc.exe].
The problem looks like this: when you try to connect to a remote Windows server/desktop via RDP, the mstsc.exe client freezes for a minute, and a window with the following RDP error appears:
Remote Desktop Connection
This computer can’t connect to the remote computer.
Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
First of all, check if the remote computer is accessible from your device over the network, and the default Remote Desktop port [TCP 3389] is responding [and not blocked by firewalls].
Make sure the DNS address of the remote RDP host is correctly resolved from your computer. Use the following commands:
nslookup rdp_server_name1ping rdp_server_name1
If the DNS name is not resolved properly, check your DNS settings or try connecting to a remote host using its IP address.
Hint. Be sure to check the contents of the local hosts file. It should not contain static entries for the name or IP address of your remote server. Remove extra entries from the hosts file. You can list the contents of the hosts file using PowerShell:
Get-Content $env:SystemRoot\System32\Drivers\etc\hosts
You can check the RDP port availability on a remote server from a client workstation using:
The Telnet client:
telnet rdp_server_name1 3389PowerShell 4.0 and higher:
Test-NetConnection rdp_server_name1 -Port 3389 -InformationLevel QuietNote. If this command returned True, then the RDP port responds on the server and it’s not blocked.
PowerShell all versions:
New-Object System.Net.Sockets.TcpClient].Connect[‘rdp_server_name1’, 3389]If port 3389 is unavailable, you should check if the Remote Connection is enabled on the remote server [right-click on Start button > Settings > System > Remote Desktop > Enable Remote Desktop].
You can remotely enable Remote Desktop on a Windows computer by changing the fDenyTSConnections registry.
If Remote Desktop is enabled, next you should check the setting, which determines the maximum number of simultaneous users’ connections to a Remote Desktop. Open tsadmin.msc mmc snap-in [Administrative tools > Remote Desktop Services > Remote desktop Session Host Configuration]. Click on RDP-TCP properties, and check the value of the Maximum connections property in Network Adapter tab.
The tsadmin.msc is missing in modern Windows versions [like Windows 10 or Windows Server 2016], so you should set the RDP service settings using Group Policies.
- Open the local GPO editor on the remote host: Win + R > gpedit.msc;
- Navigate to the following GPO section: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections;
- Enable the policy parameter named Allow users to connect remotely using Remote Desktop Services [if this policy is disabled, the remote user will not be able to connect to this computer using Remote Desktop Services];
- Also, check if the Remote Desktop Services do not limit the number of simultaneous connections to the server. A maximum number of RDP connections can be specified in the section Connections using the policy Limit number of connections. Set unlimited connections by specifying 999999 in the option RD Maximum Connections allowed;
Use the netstat command to verify if TCP port 3389 is in the Listening state. Open a command prompt as administrator, and execute the command:
netstat -a -o|find "LIST"As you can see, in our example, port 3389 is listening.
TCP 0.0.0.0:3389 DESKTOP-JOPF9:0 LISTENING 1096Try to restart the Remote Desktop Services service. You can perform this action using the services.msc console or with the following command in the elevated PowerShell prompt:
get-service TermService| Restart-Service -force -VerboseCheck RDP Port and Windows Firewall Settings
In some cases, the administrator can change the RDP port number from default 3389 to something else [although Microsoft does not recommend this]. To check the current port on which the Remote Desktop service is listening on the computer, open the registry editor [regedit.exe], and go to the registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Note the value of the PortNumber REG_DWORD parameter. It indicates the current TCP port assigned to the RDP service. In our example, this is 3389 [d3d hexadecimal value]. If you have a different port, you can change it to 3389 [in decimal], and restart the computer.
You can check the current Remote Desktop listening port number using PowerShell:
Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"In order to check the RDP port on a remote computer, use the Invoke-Command command:
Invoke-Command -ComputerName computername1 {Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp -Name PortNumber | select PortNumber}If a non-standard port is configured for Remote Desktop on a remote computer, you must specify the port number separated by a colon when connecting to the computer through the Remote Desktop Connection client. For example, rdp_server_name1:3320.
Also, check that the rule which allows incoming RDP connections is enabled in the Windows Defender Firewall settings.
- To do this, go to the Control Panel > System and Security > Windows Defender Firewall;
- Press the “Allow an app or feature through Windows Defender Firewall” > Change Settings;
- Find the Remote Desktop rule, and make sure it is enabled for Private and Public networks.
Hint. You can enable the built-in firewall rule for the Remote Desktop Service running on port TCP/3389 using PowerShell:
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
If this built-in firewall rule is missing, you can create a new one:
New-NetFirewallRule -DisplayName "AllowRDP_connection" -Direction Inbound -Protocol TCP –LocalPort 3389 -Action AllowCheck your network connection profile. You may encounter various RDP connection errors if a Public profile is configured for your network location. Try changing it to Private.
You can change the network location using the Control Panel [Network and Internet > Status > Connection Properties], or with PowerShell.
Get current network profile:
Get-NetConnectionProfileChange network connection profile to Private:
Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory PrivateIf you use a third-party firewall or antivirus, make sure it does not block incoming RDP connections. You can temporarily disable your antivirus software.
Next, check your network connection properties. Verify if the network connection status is set to Public. Change it from Private to Public if needed [Settings > Network & Internet > Status > Network status > Change connection properties].
In some cases, you need to try resetting the winsock and IP stack settings for the network adapter on the remote computer. Open a command prompt with administrator rights and run the commands:
netsh winsock resetnetsh int ip resetipconfig /releaseipconfig /renewipconfig /flushdns
In Windows 10, there is a special option to reset network settings in Settings > Network and Internet > Status > Network reset.
After resetting the network settings, you need to reboot Windows.
RDP This computer can’t connect to the remote computer: a possible cause
Another possible cause of the RDP error may be a high level of security, which is not supported by older versions of the RDP client.
In this case, open the General tab on the RDP-Tcp properties window, and change the Security layer from default Negotiate to less secure RDP Security Layer.
Tip. Snap-in tsadmin.msc and RDP-Tcp Properties dialog boxes are missing in Windows Server 2019/2016 and 2012 R2. But you can configure the Remote Desktop setting using the local Group Policy Editor [gpedit.msc]. The necessary policies are located in the following GPO section: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
RDP security level can be specified using the policy named Require user of specific security layer for remote [RDP] connections. Enable this policy, and in the dropdown menu select the RDP Security level. This will change the Remote Desktop security layer from the default Negotiate to the less secure RDP.
Save the changes, update local GPO settings using the “gpupdate /force” command, and restart the Remote Desktop Service:
net stop TermService && net start TermServiceIn some cases, when connecting with Windows 10 to a remote desktop on Remote Desktop Gateway on Windows 2012 R2, an error occurs:
RemoteApp Disconnected
Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.
To fix this problem, you need to perform the following steps on the RDP client:
- Open the Registry Editor [regedit.exe];
- Go to the registry key HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client;
- Create a DWORD parameter with the name RDGClientTransport and the value 1;
- Restart the computer.
The RDGClientTransport parameter forces the clients to use the RPC/HTTP connections instead of HTTP/UDP to connect to the server.
If the above solution didn’t fix the RDP connection error, try to change the collection settings on the RDSH server side. Open properties of your problematic application collection, go to the Security tab, and uncheck the option “Allow connections only from computers running Remote Desktop with Network Level Authentication”.
If the RemoteApp Disconnected error occurs on only a single not-domain joined computer, it is possible, that the different LAN Manager/NTLM policy settings are used on the RDSH host and the desktop computer. Often, this can cause authentication problems.
Check current Network Security: LAN Manager authentication level policy settings on RSDH using the command gpresult /r c:\tmp\gpreport.html [inspect html file] or using rsop.msc [this policy is located in the section Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options]. If LM and NTLMv1 protocols are disabled on your RDSH server [Send NTLMv2 Response only policy value], you must change the appropriate policy settings on the client side.
Fix: Can’t Connect to the Remote Desktop Gateway Server
There is another error related to Remote Desktop Gateway which is used to deliver RemoteApps to users:
RemoteApp Disconnected.
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.
This error looks like this:
Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.
If you are facing one of the errors above, then, most likely, the problem is that your computer can’t resolve the public FQDN name of your Remote Desktop Gateway server. In some cases, the public RDGW name can’t match the hostname.
To fix this problem:
- Open the Internet Information Services [IIS] Manager on the Remote Desktop Gateway server;
- Go to the IIS section Sites > Default Website > RDWeb > Pages > Application Settings;
- For the DefaultTSGateway value, enter the server’s FQDN public name of your RD Gateway server, and then restart the web services with the command:iisreset
Also, check your RDGW certificate. Your certificate must not be expired.
You can find your SSL certificate info by going to Server Manager > Remote Desktop Services > Collections > Your_Collection > Tasks > Edit Deployment Properties > Certificates > RD Gateway > View Details. Check the certificate expiration date.
Go back to your client’s PC, and try to start a new RDP session. The connection should be established successfully.
Remote Desktop Connection: Error Code 0x904, Extended Error Code: 0x7
In modern versions of Windows 10/11 and Windows Server 2016/2019/2022, you may encounter another common RDP connection error:
Remote Desktop Connection
This computer can’t connect to the remote computer.
Try connecting again.
Error Code: 0x904
Extended Error Code: 0x7
Most often, when connecting to RDP, an error 0x904 appears on an unstable network connection [not enough bandwidth, packages lost, mismatch encryption cyphers, etc.], or when your VPN connection to a corporate network is too slow. Try to reconnect to your VPN workspace or change your ISP.