RDP error: This computer can’t connect to the remote computer

922

Let’s try to figure out how to fix an RDP connection error This computer can’t connect to the remote computer. It occurs when you try to connect to a remote Windows computer or Windows Server host running the Remote Desktop Services (RDS) role using the built-in Windows RDP client (mstsc.exe).

The problem looks like this: when you try to connect to a remote Windows server/desktop via Remote Desktop, the mstsc.exe client freezes for a minute, and a window with the following RDP error appears:

Remote Desktop Connection

This computer can’t connect to the remote computer.

Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

Check the RDP Network Connectivity from a Client Windows Device

First of all, check if the remote computer is accessible from your device over the network, and the default Remote Desktop port (TCP 3389) is responding (and not blocked by firewalls).

Make sure the DNS address of the remote RDP host is correctly resolved from your computer. Use the following commands:

nslookup rdp_server_name1

ping rdp_server_name1

If the DNS name is not resolved properly, check your DNS settings or try connecting to a remote host using its IP address.

Hint. Be sure to check the contents of the local hosts file. It should not contain static entries for the name or IP address of your remote server. Remove extra entries from the hosts file. You can list the contents of the hosts file using PowerShell:

Get-Content $env:SystemRoot\System32\Drivers\etc\hosts

You can use PowerShell to check the availability of the RDP port on a remote server from a client workstation:

Test-NetConnection rdp_server_name1 -Port 3389 -InformationLevel Quiet

Note. If this command returned True, then the RDP port on the server is responsive and not blocked.

Check the Remote Desktop Configuration on the RDP/RDS Host

In case all clients are facing a problem with connecting to the RD host, you need to check the settings of the remote server you are trying to connect to.

Configure RDP Service Settings on the Remote Computer

If port 3389 is unavailable, you should check if the Remote Connection is enabled on the remote host (right-click on Start button > Settings > System > Remote Desktop > Enable Remote Desktop).

You can remotely enable RDP on a Windows computer by changing the fDenyTSConnections value in the registry.

Note. Another common RDP error is An internal error has occurred.

Then check your Remote Desktop settings in your Local Group Policy:

1. Open the local GPO editor on the remote host: Win + R > gpedit.msc;
2. Navigate to the following GPO section: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections;
3. Check that the policy parameter Allow users to connect remotely using Remote Desktop Services is enabled or not set (if this policy is disabled, the remote user will not be able to connect to this computer using Remote Desktop Services);
   

A high level of security not supported by older versions of the RDP client is another possible cause of the RDP error. If you get an RDP connection error when you try to connect from a computer running an earlier version of Windows (Windows XP, 7, 8, or 8.1) to a modern RDP host, you can try changing the remote desktop security layer on a target RDP host from the default Negotiate to a less secure RDP Security Layer.

1. Navigate to the following GPO section: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security;
2. Enable the policy Require user of specific security layer for remote (RDP) connections. Select the RDP in Security Level drop-down list. This changes the Remote Desktop security level from the default Negotiate to less secure mode.

Save the changes, update local GPO settings using the “gpupdate /force” command, and restart the Remote Desktop Service:

net stop TermService && net start TermService

Check RDP Host Network and Firewall Settings

In some cases, the administrator can change the RDP port number from the default TCP/3389 to another for security reasons. To check the current port on which the Remote Desktop service is listening on the computer, open the registry editor (regedit.exe), and go to the registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

Note the value of the PortNumber REG_DWORD parameter. It indicates the current TCP port number assigned to the RDP service. In our example, this is 3389 (d3d hexadecimal value).

You can check the current Remote Desktop listening port number using PowerShell:

Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"

In order to check the RDP port on a remote computer, use the Invoke-Command command:

Invoke-Command -ComputerName computername1 {Get-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp -Name PortNumber | select PortNumber}

Use the netstat command to verify if TCP port 3389 is in the Listening state. Open a command prompt as administrator, and execute the command:

netstat -a -o|find "LIST"

As you can see, in our example, port 3389 is listening.

TCP 0.0.0.0:3389 DESKTOP-JOPF9:0 LISTENING 1096

Try to restart the Remote Desktop Services service. You can perform this action using the services.msc console or with the following command in the elevated PowerShell prompt:

get-service TermService| Restart-Service -force -Verbose

Note. You can also check our guide on what to do if Remote Desktop can’t find the computer.

If a non-standard port number is configured for Remote Desktop service on a remote computer, you must specify the port number separated by a colon, when you connect to the computer using the Remote Desktop Connection client. For example:

rdp_server_name1:3320.

Also, check that the Windows Defender Firewall rule allowing incoming RDP connections is enabled.

1. To do this, go to the Control Panel > System and Security > Windows Defender Firewall;
2. Press the “Allow an app or feature through Windows Defender Firewall” > Change Settings;
3. Find the Remote Desktop rule, and make sure it is enabled for Private and Public networks.

Hint. You can enable the built-in firewall rule for the Remote Desktop Service running on port TCP/3389 using PowerShell:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

If this built-in firewall rule is missing, you can create a new one:

New-NetFirewallRule -DisplayName "AllowRDP_connection" -Direction Inbound -Protocol TCP –LocalPort 3389 -Action Allow

Check your network connection profile. You may encounter various RDP connection errors if a Public profile is configured for your network location. Try changing it to Private.

You can change the network location using the Control Panel (Settings > Network & Internet > Status > Network status > Change connection properties), or with PowerShell.

Get current network profile:

Get-NetConnectionProfile

Change network connection profile to Private:

Set-NetConnectionProfile -InterfaceIndex 14 -NetworkCategory Private

If you use a third-party firewall or antivirus, make sure it does not block incoming RDP connections. You can temporarily disable your antivirus software.

In some cases, you may need to try resetting the winsock and IP stack settings for the network adapter on the remote computer. Open a command prompt as an administrator and run the commands:

netsh winsock reset

netsh int ip reset

ipconfig /release

ipconfig /renew

ipconfig /flushdns

In Windows 10 and 11, there is a special option to reset network settings in Settings > Network and Internet > Status > Network reset.

After resetting the network settings, you need to reboot Windows.

RemoteApp Disconnected: Can’t Connect to the Remote Computer

In some cases, you may receive an error when connecting from a Windows 10/11 device to an RDS host through a Remote Desktop Gateway running Windows Server 2012/2012R2:

RemoteApp Disconnected

Your computer can’t connect to the remote computer because an error occurred on the remote computer that you want to connect to. Contact your network administrator for assistance.

This can occur because modern versions of Windows use HTTP/UDP for RDP connections by default. A workaround is to force the client to use the older RPC HTTP protocol.

To fix this problem, you need to perform the following steps on the RDP client:

1. Open the Registry Editor (regedit.exe);
2. Go to the registry key HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client;
3. Create a DWORD parameter with the name RDGClientTransport and the value 1;
4. Restart the computer.

The RDGClientTransport parameter forces the clients to use the RPC/HTTP connections (also known as RDP security) instead of default negotiate NLA with TLS (RDGClientTransport=0) to connect to the server.

If the above solution didn’t fix the RDP connection error, try to change the collection settings on the RDSH server side. Open properties of your problematic application collection, go to the Security tab, and uncheck the option “Allow connections only from computers running Remote Desktop with Network Level Authentication”.

If the RemoteApp Disconnected error occurs on only a single not-domain joined computer, it is possible, that the different LAN Manager/NTLM policy settings are used on the RDSH host and the desktop computer. Often, this can cause authentication problems.

Check current Network Security: LAN Manager authentication level policy settings on RSDH using the command gpresult /r c:\tmp\gpreport.html (inspect html file) or using rsop.msc (this policy is located in the section Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options). If LM and NTLMv1 protocols are disabled on your RDSH server (Send NTLMv2 Response only policy value), you must change the appropriate policy settings on the client side.

1. To do this, open the local GPO editor (gpedit.msc);
2. Go to the GPO section above;
3. Enable the policy “Network Security: LAN Manager authentication level”, and set its value to Send NTLMv2 Response only;
4. Update the policies on the client with the gpupdate command;
5. Check your RemoteApp connection.

If you are using Remote Desktop Client version >= 8.0, you should note that the RD Gateway does not support Kerberos authentication, which is used by default in this client. In this case, missing channel bindings on the RDGW host can be ignored by using the EnforceChannelBinding=0 registry parameter:

REG add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\TerminalServerGateway\Config\Core" /v EnforceChannelBinding /t REG_DWORD /d 1 /f

Reboot the RDGW host to apply the changes.

Can’t Connect RDP through a Remote Desktop Gateway

There is another error related to Remote Desktop Gateway which is used to deliver RemoteApps to users:

RemoteApp Disconnected.

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address is unreachable or incorrect. Type a valid Remote Desktop Gateway server address.

This error can also look like this:

Your computer can’t connect to the remote computer because the Remote Desktop Gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.

If you are facing one of the errors above, then, most likely, the problem is that your computer can’t resolve the public FQDN name of your Remote Desktop Gateway server. In most cases in real life, the public name of the RDGW doesn’t match the hostname.

To fix this problem:

1. Open the Internet Information Services (IIS) Manager (Inetmgr.exe) on the Remote Desktop Gateway server;
2. Go to the IIS section Sites > Default Website > RDWeb > Pages > Application Settings;
3. In the DefaultTSGateway field, enter the server’s FQDN public name of your RD Gateway server, and then restart the web services with the command:

   iisreset

   Also, check your RDGW certificate. Your certificate must not be expired.
   You can find your SSL certificate info by going to Server Manager > Remote Desktop Services > Collections > Your_Collection > Tasks > Edit Deployment Properties > Certificates > RD Gateway > View Details. Check the certificate expiration date.
   

4. Go back to your client’s machine, and try to start a new RDP session. The connection should be established successfully.

RD Connection Error: The Two Computers Couldn’t Connect in the Amount of Time Allotted

If you are using session-based RDS deployment on Windows Server 2019/2016, you may receive an error when connecting to the host:

This computer can’t connect to the remote computer.
The two computers couldn’t connect in the amount of time allotted. Try connecting again. If the problem continues, contact your network administrator or technical support. 

Error code: 0x108 Extended error code: 0x0

Simply restart the RDS host to quickly resolve the problem.

If the problem occurs frequently:

1. Check if your Windows client devices and RDS Hosts have the latest Windows security updates installed;
2. Try to disable the use of the UDP protocol for RDP connections. On the client side, this can be done by using the fClientDisableUDP registry setting (reg add “HKLM\software\policies\microsoft\windows nt\Terminal Services\Client” /v fClientDisableUDP /d 1 /t REG_DWORD) or using GPO (Computer Configuration > Administrative Templates > Windows Components > Remoter Desktop Services > Remote Desktop Connection Client > Turn off UDP on Client = Enabled).
   

In modern versions of Windows 10/11 and Windows Server 2016/2019/2022, you may encounter another common RDP connection error:

Remote Desktop Connection

This computer can’t connect to the remote computer.

Try connecting again.

Error Code: 0x904

Extended Error Code: 0x7

RDP connection error 0x904 usually occurs on an unstable network connection (not enough bandwidth, packets loss, mismatch encryption cyphers, etc.), or when your VPN connection to a corporate network is too slow. Try to reconnect to your VPN workspace or change your ISP.