RDP error: This computer can’t connect to the remote computer

2K

Let’s try to figure out how to fix an RDP connection error This computer can’t connect to the remote computer. This may happen if you are unable to establish a Remote Desktop connection to a remote computer using the built-in Windows RDP client (mstsc.exe).

After you typed the remote computer’s name (IP) address in the Remote Desktop Connection windows and clicked Connect, the following error appears:

This computer can’t connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

An RDP connection error can occur when connecting to both desktop versions of Windows 10/11 or Windows Server running the Remote Desktop Services (RDS) role. The simplest solution is to try connecting again a little later (if the TermService service is busy), or to reboot the remote computer.

Other common causes that can prevent you from connecting to the remote computer via RDP include:

• Network connectivity issues;
• Firewall restrictions;
• Incorrect settings on the RD host.

Note that this RDP error will occur only if you have specified the correct DNS name/IP address of the RD host. Another error is displayed if your computer cannot resolve the specified host name:

Remote Desktop can’t find the computer “computer_name”. This might mean that ” computer_name ” does not belong to the specified network. Verify the computer name and domain that you are trying to connect to.

Also, Remote Desktop host refuses the connection with the local user who has no password set (blank password). This is the default behavior configured by the local security policy “Accounts: Local accounts with blank passwords only allow console logins“.

In this case, it is recommended that you set a password for the RDP user or disable this security option.

Verify the Network Connectivity to Remote Desktop Host

First of all, check that the remote computer is accessible from your device and that Remote Desktop port (TCP 3389) responds (and is not blocked by a firewall).

You can use PowerShell to check the availability of the RDP port on a remote host:

Test-NetConnection rdp_server_name1 -Port 3389 -InformationLevel Quiet

Note. If this command returned True, then the RDP port on the server is responsive and not blocked.

If the default RDP port doesn’t respond, it may be blocked by a firewall or it may not be listening by the remote host. It is also possible that the remote computer is simply switched off or is in a sleep mode.

In modern versions of Windows 10/11 and Windows Server 2016/2019/2022, you may encounter another common RDP connection error:

Remote Desktop Connection

This computer can’t connect to the remote computer.

Try connecting again.

Error Code: 0x904

Extended Error Code: 0x7

RDP connection error 0x904 usually occurs on an unstable network connection (not enough bandwidth, packets loss, mismatch encryption cyphers, etc.), or when your VPN connection to a corporate network is too slow. Try to reconnect to your VPN workspace or change your ISP.

Checking Remote Desktop Configuration

If all clients are experiencing a problem with connecting to the RD host, you need to check the settings of the remote server you are trying to connect to.

Allow Remote Desktop Connection

Check if the RDP is enabled on the remote host (right-click on Start button > Settings > System > Remote Desktop > Enable Remote Desktop).

You can remotely enable RDP on a Windows computer by changing the fDenyTSConnections value in the registry.

Then check your Remote Desktop settings in your Local Group Policy:

1. Open the local GPO editor on the remote host: Win + R > gpedit.msc;
2. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections;
3. Check that the policy parameter Allow users to connect remotely using Remote Desktop Services is enabled or not set;
   

Check the RDP Security Layer Settings

Another possible cause of the RDP error is a high level of security that is not supported by older versions of the RDP client. You might get a ‘This computer can’t connect to the remote computer‘ error when you try to connect from a computer running an earlier version of Windows (for example, Windows 7 or 8.1) to a host running a newer Windows 10/11 build. In this case, you can change the security level of Remote Desktop from the default Negotiate to a less secure RDP layer.

1. Open the local GPO editor and go to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security;
2. Enable the policy Require user of specific security layer for remote (RDP) connections. Select the RDP in Security Layer drop-down list. In this case, less secure native RDP encryption will be used to secure communications between the client and RD Session Host server.

Save the changes, update the local GPO settings using the “gpupdate /force” command, and restart the Remote Desktop Services:

net stop TermService && net start TermService

Check the RDP Listener Port

By default, TCP port 3389 is used for RDP connections. The TermService service should listen on this port.

You can use the following commands to verify that Remote Desktop Services is listening on port 3389:

netstat -ano | find "3389"

tasklist /FI "PID eq 1400"

In this example, 1400 in the second command is the process PID listening on port 3389 (replace 1400 with the value that the first command returns on your computer).

If port 3389 is not listening, check if your administrator has not changed the default RDP port. The RDP port is set via the PortNumber type registry parameter under the keyHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.

In our example, this is 3389 (d3d hexadecimal value).

You can check the current Remote Desktop listening port number using PowerShell:

Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"

In order to check the RDP port on a remote computer, use the Invoke-Command command:

Invoke-Command -ComputerName computername1 {Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp -Name PortNumber | select PortNumber}

If a non-standard port number is configured for Remote Desktop service on a remote computer, you must specify the port number separated by a colon, when you connect to the computer using the Remote Desktop Connection client. For example:

rdp_server_name1:3320

Try to restart the Remote Desktop Services service. You can perform this action using the services.msc console or with the following command in the elevated PowerShell prompt:

get-service TermService| Restart-Service -force -Verbose

If a non-standard port number is configured for Remote Desktop service on a remote computer, you must specify the port number separated by a colon, when you connect to the computer using the Remote Desktop Connection client. For example:

rdp_server_name1:3320

Configure Windows Firewall to Allow RDP

Check that the Windows Defender Firewall rule allowing incoming RDP connections is enabled.

1. Go Control Panel > System and Security > Windows Defender Firewall (or run the command firewall.cpl);
2. Press the “Allow an app or feature through Windows Defender Firewall” > Change Settings;
3. Make sure the Remote Desktop rule is enabled for both private and public profiles.

Hint. You can use PowerShell to enable the built-in firewall rule for the Remote Desktop Service running on port TCP/3389:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

If this built-in firewall rule is missing, you can create a new one:

New-NetFirewallRule -DisplayName "AllowRDP_connection" -Direction Inbound -Protocol TCP –LocalPort 3389 -Action Allow

Check your network connection profile. You may encounter various RDP connection errors if a Public profile is configured for your network location. Try changing it to Private.

You can change the network location using the Control Panel (Settings > Network & Internet > Status > Network status > Change connection properties), or with PowerShell.

Get current network profile:

Get-NetConnectionProfile

Change network connection profile to Private:

Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory Private

If you use a third-party firewall or antivirus, make sure it does not block incoming RDP connections. You can temporarily disable your antivirus software.

In some cases, you may need to try resetting the winsock and IP stack settings for the network adapter on the remote computer. Open a command prompt as an administrator and run the commands:

netsh winsock reset

netsh int ip reset

ipconfig /release

ipconfig /renew

ipconfig /flushdns

In Windows 10 and 11, there is a special option to reset network settings in Settings > Network and Internet > Status > Network reset.

After resetting the network settings, you need to reboot Windows.

RemoteApp Disconnected: Can’t Connect to the Remote Computer

In some cases, you may receive an error when connecting to an RDS host through a Remote Desktop Gateway running Windows Server 2012/2012R2:

RemoteApp Disconnected

Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.

This can occur because modern versions of Windows use HTTP/UDP for RDP connections by default. A workaround is to force the client to use the older RPC HTTP protocol.

1. Open the Registry Editor on the client (regedit.exe);
2. Go to the registry key HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client;
3. Create a DWORD parameter with the name RDGClientTransport and the value 1;
4. Restart the computer.

You can create this registry parameter with the command:

reg.exe add "HKCU\Software\Microsoft\Terminal Server Client" /v "RDGClientTransport" /t REG_DWORD /d "1"

The RDGClientTransport parameter forces the clients to use the RPC/HTTP connections (also known as RDP security) instead of default negotiate NLA with TLS (RDGClientTransport=0) to connect to the server.

If the above solution didn’t fix the RDP connection error, try to change the collection settings on the RDSH server side. Open properties of your problematic application collection, go to the Security tab, and uncheck the option “Allow connections only from computers running Remote Desktop with Network Level Authentication”.

If the RemoteApp Disconnected error occurs on only a single not-domain joined computer, it is possible, that the different LAN Manager/NTLM policy settings are used on the RDSH host and the desktop computer. Often, this can cause authentication problems.

Check current Network Security: LAN Manager authentication level policy settings on RSDH using the command gpresult /r c:\tmp\gpreport.html (inspect html file) or using rsop.msc (this policy is located in the section Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options). If LM and NTLMv1 protocols are disabled on your RDSH server (Send NTLMv2 Response only policy value), you must change the appropriate policy settings on the client side.

1. Open the local GPO editor (gpedit.msc);
2. Go to the GPO section above;
3. Enable the policy “Network Security: LAN Manager authentication level”, and set its value to Send NTLMv2 Response only;
4. Update the policies on the client with the gpupdate command;
5. Check your RemoteApp connection.

If you are using Remote Desktop Client version >= 8.0, you should note that the RD Gateway does not support Kerberos authentication, which is used by default in this client. In this case, missing channel bindings on the RDGW host can be ignored by using the EnforceChannelBinding=0 registry parameter:

REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core" /v EnforceChannelBinding /t REG_DWORD /d 1 /f

Reboot the RDGW host to apply the changes.

Can’t Connect RDP through a Remote Desktop Gateway

There is another bug related to Remote Desktop Gateway which is used to deliver RemoteApps to users:

RemoteApp Disconnected.

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.

This error can also look like this:

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.

If you are facing one of the errors above, then, most likely, the problem is that your computer can’t resolve the public FQDN name of your Remote Desktop Gateway server. In most cases in real life, the public name of the RDGW doesn’t match the hostname.

To fix this problem:

1. Open the Internet Information Services (IIS) Manager (Inetmgr.exe) console on the Remote Desktop Gateway server;
2. Go to the Sites > Default Website > RDWeb > Pages > Application Settings;
3. In the DefaultTSGateway field, enter the server’s FQDN public name of your RD Gateway server, and then restart the web services with the command:

   iisreset

4. Also, check your RDGW certificate. Your certificate must not be expired. You can find your SSL certificate info by going to Server Manager > Remote Desktop Services > Collections > Your_Collection > Tasks > Edit Deployment Properties > Certificates > RD Gateway > View Details. Check the certificate expiration date.
   
5. Go back to your client’s machine, and try to start a new RDP session. The connection should be established successfully.

RD Connection Error: The Two Computers Couldn’t Connect in the Amount of Time Allotted

If you are using session-based RDS deployment on Windows Server 2019/2016, you may receive an error when connecting to the host:

This computer can’t connect to the remote computer.
The two computers couldn’t connect in the amount of time allotted. Try connecting again. If the problem continues, contact your network administrator or technical support.

Error code: 0x108 Extended error code: 0x0

Simply restart the RDS host to quickly resolve the problem.

If the problem occurs frequently:

1. Check if your Windows client devices and RDS Hosts have the latest Windows security updates installed;
2. Try to disable the use of the UDP protocol for RDP connections. On the client side, this can be done by using the fClientDisableUDP registry setting (reg add “HKLM\software\policies\microsoft\windows nt\Terminal Services\Client” /v fClientDisableUDP /d 1 /t REG_DWORD) or using GPO (Computer Configuration > Administrative Templates > Windows Components > Remoter Desktop Services > Remote Desktop Connection Client > Turn off UDP on Client = Enabled).