Remote Desktop Connection Error Code 0x904 Extended Error Code 0x7 Now

NLA requires the client to authenticate before a full RDP session is created. If the client OS (e.g., Windows 7, older Windows 10 build) or RDP client (Microsoft Remote Desktop for Mac) does not support the NLA version required by the host, error 0x904 + 0x7 appears.

Remote Desktop Protocol (RDP) is a core Windows feature for administering and accessing machines remotely. Users sometimes encounter connection failures identified by numeric error codes; one such combination is “error code 0x904” with an extended error code “0x7.” This essay explains probable causes, diagnostic steps, and practical remedies for that error pair, and offers guidance to prevent recurrence.

| Symptom | Likely Cause | Quick Fix | |---------|--------------|------------| | Error 0x904 + 0x7, but network/firewall OK | NLA mismatch | Disable NLA on host temporarily | | After Windows updates | CredSSP Oracle patch | Update client or adjust registry on host | | Works for other users | Corrupted user profile | Delete RDP temporary profile | | Works locally but not remotely | Account logon rights | Check Local Policies → User Rights Assignment | | Intermittent with Mac/Linux client | Client RDP version | Update or switch to FreeRDP |

By methodically working through the above phases, you should resolve error 0x904 with extended code 0x7 in the vast majority of cases. The core issue is almost always authentication and session lifecycle management, not the network itself.

Remote Desktop error 0x904 (Extended Error 0x7) typically indicates a network-level connection failure often caused by expired certificates, firewall blocks, or unstable network conditions.  Quick Fixes 

Connect via IP Address: Windows 11 hostname resolution can sometimes trigger this error. Try entering the IP address (e.g., 192.168.1.50) instead of the computer name.

Use the Modern Client: If the classic "Remote Desktop Connection" fails, try the Microsoft Remote Desktop app from the Microsoft Store.

Verify Port 3389: Use PowerShell to check if the remote port is reachable:Test-NetConnection [RemoteIP] -Port 3389.  Detailed Troubleshooting Guide  1. Fix Expired RDP Certificates (Most Common) 

RDP uses self-signed certificates that don't always auto-renew, causing connections to fail silently.  Access the remote server (via console or another method). Press Win + R, type certlm.msc, and hit Enter. Go to Remote Desktop > Certificates.

Check for an expired certificate. If expired, right-click and Delete it.

Restart the service to generate a new one: Open Command Prompt as Admin and run:net stop termservice then net start termservice.  2. Resolve Azure VM Certificate Corruption 

If you are using an Azure Virtual Machine, a corrupt MachineKeys folder can prevent RDP from functioning. 

In the Azure Portal, go to your VM and select Run command > RunPowerShellScript.

Run this command:Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old". Reboot the VM from the portal.  3. Configure Firewall & Antivirus Exceptions 

Firewalls often block the specific RDP executable even if the general rule is enabled. 

On both the client and host, go to Allow an app through Windows Firewall.

Click Change settings and ensure both Remote Desktop and Remote Desktop (WebSocket) are checked for Private and Public.

Click Allow another app, browse to C:\Windows\System32\mstsc.exe, and add it.

Antivirus Check: Ensure third-party security software (like Bitdefender) isn't blocking rdp.exe.  4. Increase Maximum Outstanding Connections 

If the error occurs due to too many pending requests, adjust the registry.  Open Command Prompt (Admin) on the host computer.

Run: REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536. Restart the computer.  5. Adjust Security Layers (Legacy Support) 

If there is an encryption cipher mismatch, lowering the security requirement can restore the connection.  Open gpedit.msc on the host.

Navigate to Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.

Enable Require use of specific security layer for remote (RDP) connections and set the Security Layer to RDP.

Disable Require user authentication... using Network Level Authentication (NLA). 

Are you connecting through a VPN or a local network when this error occurs?  Fix Remote Desktop Error Code 0x904: 4 Working Solutions

Remote Desktop Connection (RDC) is a cornerstone of modern digital workflows, enabling users to access computers and servers from afar. However, this convenience is occasionally disrupted by network and protocol errors. One of the more specific and frustrating issues users encounter is the combination of Error Code 0x904 and Extended Error Code 0x7.

Understanding this error requires dissecting what these specific codes mean, identifying their root causes, and applying targeted troubleshooting steps to restore connectivity. 🔍 Decoding the Error Codes

When the Remote Desktop client fails to establish a session, it generates a numeric code to help administrators diagnose the failure.

Error Code 0x904: This is a broad connection failure code. It typically indicates that the client initiated a connection attempt, but the session was abruptly terminated or could not be completed at the protocol level.

Extended Error Code 0x7: This specific sub-code points directly to a Gateway or Network Layer issue. In Microsoft's Remote Desktop Protocol (RDP) documentation, an extended error of 0x7 usually translates to "The connection was lost due to a network error" or a failure to authenticate through a Remote Desktop Gateway.

Combined, these codes signal that the client cannot reach the target machine because the communication path—often managed by a gateway or firewall—has been severed or blocked. ⚡ Common Causes

The appearance of Error 0x904 (0x7) rarely stems from a single definitive source. Instead, it is usually triggered by one of the following infrastructure issues:

Remote Desktop Gateway Failures: If your organization uses an RD Gateway to secure external connections, server-side glitches or misconfigured resource authorization policies (RAPs) will trigger this error.

Firewall and Security Software Blocks: Overzealous local firewalls, corporate firewalls, or antivirus software may flag the RDP traffic as suspicious and terminate the connection.

Network Instability: Packet loss, high latency, or brief drops in internet connectivity can cause the RDP session to time out during the initial handshake.

MTU Size Mismatch: If the Maximum Transmission Unit (MTU) size on the network router is improperly configured, large RDP packets may be fragmented and dropped, resulting in a lost connection.

Outdated RDP Clients: Older versions of the Remote Desktop app may lack support for newer encryption protocols required by the host server. 🛠️ Step-by-Step Troubleshooting

Resolving this error requires a systematic approach, moving from basic local checks to advanced network configurations. 1. Verify Basic Network Connectivity

Before diving into complex settings, ensure the physical and local network layers are stable. Restart your local router and modem.

Switch from a Wi-Fi connection to a hardwired Ethernet cable to eliminate wireless interference.

Ping the remote server's IP address to check for packet loss. 2. Check Remote Desktop Gateway Settings NLA requires the client to authenticate before a

If you are connecting to a corporate network, the RD Gateway is the most likely culprit. Open the Remote Desktop Connection window. Click Show Options and navigate to the Advanced tab. Click Settings under "Connect from anywhere."

Ensure the gateway server address is correct. If you are on the local network, try changing the setting to "Automatically detect RD Gateway server settings" or bypassing the gateway entirely. 3. Adjust MTU Settings

If the error is caused by packet fragmentation, adjusting the MTU size on your network adapter can resolve it. Open the Command Prompt as an Administrator.

Type netsh interface ipv4 show subinterfaces to see your current MTU (usually 1500).

If fragmentation is suspected, reduce the MTU by typing: netsh interface ipv4 set subinterface "Ethernet" mtu=1400 store=persistent (replace "Ethernet" with your actual network adapter name). 4. Update the Remote Desktop Client

Ensure your client software can handle the security protocols of the host.

If using Windows, ensure your OS is fully updated via Windows Update.

If using the Microsoft Remote Desktop app from the Microsoft Store, check for available updates.

Mac, iOS, and Android users should update their respective apps through their device's app store. 5. Review Firewall and Antivirus Rules

Ensure that port 3389 (the default port for RDP) and port 443 (if using an RD Gateway) are allowed.

Temporarily disable your third-party antivirus or firewall to see if the connection goes through.

If it does, create an explicit inbound and outbound rule in your security software to allow the Remote Desktop application. 📌 Conclusion

The Remote Desktop Connection error 0x904 with extended error 0x7 is a classic symptom of a broken communication bridge between the client and the host. While it looks intimidating, it almost always points to a gateway misconfiguration, a strict firewall, or packet fragmentation on the network. By methodically checking the gateway settings, updating software, and ensuring network stability, users can successfully bypass this roadblock and restore their remote access.

The Remote Desktop error code 0x904 (extended error 0x7) typically indicates a network connection failure, often triggered by unstable connectivity, expired certificates, or firewall blocks. Core Troubleshooting Guide 1. Fix Expired RDP Certificates (Common Cause)

A common root cause is an expired self-signed certificate on the host machine. Open the Certificates MMC snap-in (certlm.msc) on the host.

Navigate to Remote Desktop > Certificates and delete any expired certificates.

Restart the Remote Desktop Services (via PowerShell: restart-service termserv -force) to regenerate a new certificate. 2. Adjust Security Layer Settings

If an encryption mismatch occurs, manually adjust the security layer.

In gpedit.msc, navigate to Remote Desktop Session Host > Security. Set Require use of specific security layer to RDP. Alternatively, disable Network Level Authentication (NLA). Restart the server to apply changes. 3. Verify Network and Firewall Configuration

Firewall: Ensure Remote Desktop is allowed in Windows Firewall.

Security Software: Check for third-party security software (like Bitdefender) blocking mstsc.exe.

IP Connection: Try connecting via IP address instead of the hostname to bypass DNS issues. VPN: Verify VPN stability and bandwidth. 4. Quick Client Fixes

Update: Use the latest Remote Desktop app from the Microsoft Store.

Reconnection: Enable Reconnect if the connection is dropped in the client settings.

Are you connecting to a personal PC or a Windows Server environment? Fix Remote Desktop Error Code 0x904: 4 Working Solutions

This error typically indicates an unstable network connection certificate mismatch between the host and client www.remoteaccesspcdesktop.com

. It often occurs over VPNs or when RDP certificates on the remote machine have expired or become corrupt www.remoteaccesspcdesktop.com 🛠️ Primary Fixes 1. Reset RDP Certificates (Most Common Fix)

If the self-signed certificate on the remote computer is expired or corrupt, the connection will fail immediately www.remoteaccesspcdesktop.com Locally access the remote machine (or use another remote tool). Certificates MMC snap-in certlm.msc www.remoteaccesspcdesktop.com Navigate to Remote Desktop > Certificates the existing certificate www.remoteaccesspcdesktop.com Restart the service : Open Command Prompt as Admin and run restart-service termserv -force www.remoteaccesspcdesktop.com . Windows will automatically generate a fresh certificate. 2. Resolve Certificate Store Corruption (Azure/Cloud VMs) If you are using an Azure VM and the above fails, the MachineKeys folder may be corrupt Run the following PowerShell command as Administrator:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server to regenerate the key store 3. Adjust Security Layer Settings

If the connection is unstable, lowering the required security layer can sometimes bypass the error Microsoft Learn Group Policy Editor gpedit.msc ) on the host.

Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security "Require use of specific security layer..." and select from the dropdown Microsoft Learn

"Require user authentication... using Network Level Authentication (NLA)" Microsoft Learn 🌐 Network & Environment Checks Use IP instead of Hostname:

Try connecting directly to the IP address to rule out DNS issues TheITBros.com VPN Stability:

If using a VPN, disconnect and reconnect. Low bandwidth or high packet loss frequently triggers TheITBros.com Firewall Exceptions:

is allowed through the Windows Firewall on both the client and host machines Third-party Security: Antivirus software like Bitdefender

has been known to block these connections; try adding an exception for RDP 🧩 Feature Request: RDP Connection Troubleshooter

Since you asked to "create a feature," here is a conceptual design for a built-in RDP diagnostic tool to prevent this error. Feature Name: RDP Health Check & Auto-Repair Pre-Connection Validation:

Before attempting a full handshake, the client pings the host specifically for certificate validity and MTU (Maximum Transmission Unit) size. One-Click Cert Renewal:

A button on the error dialog that allows an admin to remotely trigger a certificate flush and restart without needing full desktop access. Network Path Tracing: If a connection fails with

, the tool automatically runs a specialized trace to identify if the packet loss is occurring at the VPN gateway or the local ISP. Smart Fallback:

If NLA or High-Encryption fails due to a handshake mismatch, the client offers a "Secure Fallback" mode that temporarily negotiates a compatible security layer. To narrow this down, could you tell me: Are you connecting to a local server Azure/AWS VM physical PC Are you using a standard internet connection Has anything changed recently, like a Windows Update firewall change Fix Remote Desktop Error Code 0x904: 4 Working Solutions Title: The Long Night of Code 0x904 Log Entry: Dr

Restart the Remote Desktop Services by opening Command Prompt as administrator and running: restart-service termserv -force. www.remoteaccesspcdesktop.com Fix Remote Desktop Error Code 0x904: 4 Working Solutions

The Remote Desktop connection error 0x904 (Extended Error 0x7)

typically points to network instability, expired security certificates, or firewall blocks

. This guide outlines how to troubleshoot and fix these issues to restore your connection. 1. Fix Expired RDP Certificates

The most common cause of this error on Windows Servers or Azure VMs is an expired self-signed certificate.

Log into the affected machine locally or via an alternative remote tool. Certificates MMC snap-in by pressing and typing certlm.msc Navigate to Remote Desktop Certificates

Check for an expired certificate. If it is past its date, right-click and Open Command Prompt as an administrator and run: net stop termservice && net start termservice

Windows will automatically generate a new certificate upon the service restart 2. Adjust Firewall and Antivirus Settings Security software like Bitdefender

or the built-in Windows Firewall can block the connection, especially after a Windows 11 upgrade. Whitelist the App Windows Security Firewall & network protection Allow an app through firewall Remote Desktop is checked for both Private and Public networks. Manual Exception C:\Windows\System32\mstsc.exe as an exception in your third-party antivirus. 3. Stabilize the Network Connection

Error 0x904 often triggers when the connection is "dodgy"—meaning it has high packet loss or insufficient bandwidth. Switch to IP Address : Try connecting using the server's IP address instead of its hostname to bypass potential DNS issues.

: If using a VPN, ensure it is not throttling your speed. Try reconnecting the VPN tunnel. Update the Client : Ensure you are using the latest version of the Microsoft Remote Desktop client from the Microsoft Store. 4. Configure Security Layers (Advanced)

If the above fails, you can force the server to use a specific security layer via the Group Policy Editor ( gpedit.msc Computer Configuration Administrative Templates Windows Components Remote Desktop Services Remote Desktop Session Host

Require use of specific security layer for remote (RDP) connections and select from the dropdown.

Require user authentication for remote connections by using Network Level Authentication (NLA) Are you connecting to a local server cloud-based virtual machine

? Knowing this can help pinpoint which certificate or network rule is likely failing. Fix Remote Desktop Error Code 0x904: 4 Working Solutions

Remote Desktop error code 0x904 (extended error 0x7) typically indicates an unstable network connection, expired certificates, or firewall misconfigurations www.remoteaccesspcdesktop.com 1. Renew Expired RDP Certificates

The most common cause for this specific error is an expired self-signed certificate on the remote server. www.remoteaccesspcdesktop.com Access the server locally or through an alternative remote tool. certlm.msc , and press Enter. Navigate to Certificates Remote Desktop Certificates Find the certificate used for Remote Desktop, check its expiration date , and delete it if expired. Open Command Prompt as Administrator and run: restart-service termserv -force (or restart the server).

Windows will automatically generate a new certificate upon restart. www.remoteaccesspcdesktop.com 2. Connect via IP Address

Windows 11 builds (22H2 and later) sometimes have hostname resolution bugs that trigger this error. www.remoteaccesspcdesktop.com Try connecting using the target machine’s IP address 192.168.1.100 ) instead of its hostname. Clear your DNS cache on the client machine by running ipconfig /flushdns in Command Prompt. TheITBros.com 3. Fix Certificate Store (Azure VMs only) If you are using an Azure Virtual Machine, a corrupt MachineKeys

folder often prevents new RDP certificates from being created. www.remoteaccesspcdesktop.com In the Azure Portal, go to your VM and select Run Command RunPowerShellScript Run the following command:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server from the portal. www.remoteaccesspcdesktop.com 4. Configure Firewall & Antivirus

Ensure that the Remote Desktop application and port 3389 are not being blocked. Microsoft Learn Allow an app through Windows Firewall on both machines. Remote Desktop Remote Desktop (WebSocket) are checked for both Private and Public networks. Verify that (located in C:\Windows\System32\ ) is explicitly allowed in your antivirus settings. 5. Increase Outstanding Connections

If the error occurs during high traffic or multiple simultaneous requests, you can increase the connection limit via the Registry: Microsoft Learn Run Command Prompt as Administrator.

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v MaxOutstandingConnections /t REG_DWORD /d 65536 your computer. Microsoft Learn disable Network Level Authentication (NLA) as a temporary security workaround to test the connection? Fix Remote Desktop Error Code 0x904: 4 Working Solutions

The Remote Desktop Connection error code 0x904 (extended code 0x7) typically signals a breakdown in the communication handshake between your device and the remote host. This most often stems from unstable network conditions, security software interference, or corrupted RDP certificates. The Story of the Broken Connection

Imagine you're trying to walk through a secure door (the remote server) using a digital key. You reach for the handle, but before you can even turn it, the door vanishes or the lock jams.

The Unstable Path: Your "path" to the door (the network) might be too shaky. If your Wi-Fi drops packets or your VPN is lagging, the connection times out before the security handshake can finish.

The Invisible Guard: A firewall or antivirus (like Bitdefender) might be standing in the way, mistakenly flagging the Remote Desktop request as a threat and cutting the line instantly.

The Expired ID: On the server side, the "ID badge" (the self-signed RDP certificate) might have expired or become corrupted. When your computer asks to see it, the server can't provide a valid one, leading to an immediate 0x904 error. How to Fix It

If you are facing this "vanishing door" scenario, try these steps in order:

Switch to the IP Address: Instead of using the computer's name (e.g., "Work-PC"), try connecting directly using its local IP address (e.g., 192.168.1.50). This bypasses potential DNS issues.

Check Your Firewall: Ensure mstsc.exe (the Remote Desktop app) is allowed through the Windows Firewall on both your computer and the target machine.

Reset RDP Certificates (Azure/Servers): For Azure VMs or Windows Servers, corrupted certificates are a common culprit. You can often resolve this by renaming the MachineKeys folder and rebooting to force Windows to generate a new certificate.

Disable Network Level Authentication (NLA): As a temporary troubleshooting step, try disabling NLA in the Remote Desktop Session Host settings to see if it bypasses the handshake error.

Are you connecting to a local office computer or a cloud-based virtual machine (like Azure)? Unable to RDP into some Windows Servers - Error code: 0x904

Remote Desktop Error 0x904 (Extended Error 0x7) typically indicates a network connectivity failure often triggered by unstable connections, expired RDP certificates, or firewall interference Quick Fixes Connect via IP Address

: Instead of using the computer name (hostname), enter the target computer's internal IP address 192.168.1.100 Restart RDP Services

: On the remote machine, open Command Prompt as Administrator and run: restart-service termserv -force Use the Microsoft Store App : Users have reported that the Microsoft Remote Desktop app

from the Microsoft Store often works when the built-in Windows client fails. www.remoteaccesspcdesktop.com Primary Solutions 1. Renew Expired RDP Certificates

A common cause of 0x904 is an expired self-signed certificate that Windows failed to renew automatically. www.remoteaccesspcdesktop.com On the remote server, press certlm.msc , and hit Enter. Navigate to Remote Desktop Certificates Expiration Date . If expired, right-click and the old certificate.

Restart the Remote Desktop Service (using the command in Quick Fixes) to trigger Windows to generate a new certificate. www.remoteaccesspcdesktop.com 2. Fix Certificate Corruption (Azure VMs) For Azure Virtual Machines, a corrupt MachineKeys folder can prevent RDP from functioning. www.remoteaccesspcdesktop.com In the Azure Portal, go to your VM and select Run command RunPowerShellScript and enter: Check DNS:

Rename-Item -path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" -NewName "MachineKeys_old" the server from the portal. 3. Verify Firewall & Security Software

Antivirus or firewalls may block RDP traffic even if rules appear active. Unable to RDP into some Windows Servers - Error code: 0x904

Title: The Long Night of Code 0x904

Log Entry: Dr. Aris Thorne, Lead Systems Architect Time: 02:47 GMT Status: Critical

It started, as most digital catastrophes do, with a single popup window.

Aris Thorne, hunched over his kitchen table in a cabin three hundred miles from the nearest server farm, watched his screen flicker. He had been awake for thirty-one hours. The Mars rover Perseverance II was scheduled for a complex soil sample transfer in six hours, and the only terminal that could pre-run the atmospheric sequencing was the one in Lab 4—a lab he had left behind in the city.

He clicked "Connect."

The Remote Desktop Connection window bloomed. Then, instead of the familiar login chime, a red bar screamed across the top.

"Remote Desktop Connection Error Code 0x904"

"Fine," Aris muttered, rubbing his eyes. "A hiccup."

He ran the built-in diagnostic. A smaller, more ominous box appeared:

"Extended Error Code 0x7"

His stomach turned cold. Error 0x904 meant the connection was being actively rejected, not just lost. But 0x7? That was the ghost in the machine. In twenty years of engineering, he had only seen extended code 0x7 twice. Both times, it meant the session had been locked by an external process—something that was not a user, not an admin, and not a bug.

Something else.

He tried again. 0x904. Then again. 0x904. The logs showed the TLS handshake completed perfectly. CredSSP was fine. Network latency was 14ms. Everything was green. And yet, the server was saying: No. And also: 0x7.

Aris opened a secondary channel—a low-bandwidth telemetry feed straight from Lab 4’s hardware sensors. He saw the CPU of the target machine was running at 4%. Normal. Memory: 32GB free. Disk idle. Then he checked one specific sensor: the webcam activity light.

It was on.

Not the "in-use by security" light. The other one. The one labeled "Internal Only—Service Use." A light that, by design, should never turn on unless the machine’s root-level management daemon was running a manual override.

But there was no root-level daemon on that machine. Aris had removed it three years ago.

His hands moved faster now. He pulled up the RDP event log on his local machine. Buried under a mountain of generic "connection failed" entries was a single anomalous timestamp: 02:41:22.007.

A connection had been established to Lab 4. Not from Aris. Not from anyone on the access list.

The source IP was 127.0.0.1.

The machine had connected to itself.

Aris leaned back, his breath fogging the cold window of the cabin. Error 0x904: The connection was blocked by the remote machine due to a policy or state conflict. Extended 0x7: The session was locked by an internal process with administrative privilege.

His own workstation was trying to connect to Lab 4, but Lab 4 was already in a session. A session started by its own operating system. A ghost session.

On the telemetry feed, the webcam light blinked once. Then twice. Then a new line of text appeared in the Lab 4 terminal window—typed by no physical hand:

> Who is trying to connect?

Aris’s finger hovered over the disconnect button. But he didn’t press it. Instead, he typed a message into a backdoor diagnostic prompt—a command so old it predated RDP’s security model:

> /query session

The response came after a three-second delay. Three seconds of silence in the cabin, save for the wind outside.

SESSION: 0x7
STATE: Active
ORIGIN: Kernel (PID 0)
USER: SYSTEM
UPTIME: 34 years, 2 months, 11 days, 4 hours, 7 minutes

Aris blinked. That uptime was older than the machine itself. Older than the building that housed the lab. Older, in fact, than RDP.

The extended error code 0x7 wasn't an error at all. It was a signature. A timestamp. A seat number.

And the seat was already taken.

The webcam light went dark. The remote machine dropped its phantom session. Error 0x904 vanished. The RDP window suddenly prompted: "Enter your credentials."

Aris did not move.

On the screen, the extended error box changed. Just for a moment, before fading into the login prompt:

Extended Error Code 0x7
"Another user is logged on. Your connection has been queued. Please wait. Estimated wait time: 34 years, 2 months, 11 days, 4 hours, 7 minutes."

He reached over and unplugged the router. Then he sat in the dark, wondering who—or what—had been waiting in that empty lab, alone with the webcam on, for longer than he had been alive. And why, tonight of all nights, it had finally decided to answer the call.

If the host computer has its network connection set to Public, Windows Firewall will block RDP connections by default for security reasons.

If a previous session is stuck in a disconnected or locked state:

Most common cause: The Windows version on the client and server have different CredSSP update levels (e.g., one patched for CVE-2018-0886, the other not).