Remote Desktop Connection “An internal error has occurred” – How to Fix

An internal error has occurred in Remote Desktop Connection.

When the Remote Desktop Connection is unable to connect with an RDP server, it will show the error message “An internal error has occurred”.

This usually happens because of configuration issues related to how you set up your Remote Desktop Connection or security issues.

This guide will help you fix the problem so you can successfully connect to your RDP server.

Ensure the remote connection is enabled

Sometimes, the remote connection can be disabled on your computer. Before anything else, you should check it and enable it if it’s turned off.

  1. Go to the Start menu > Settings.

    Open the Settings app.
    Open the Settings app.

  2. Scroll down and click Remote Desktop.

    Click Remote Desktop.
    Click Remote Desktop.

  3. Toggle the “Remote Desktop” button to On.

    Toggle the button to on.
    Toggle the button to on.

  4. Click Confirm to turn on the service.

    Click Confirm.
    Click Confirm.

Restart Remote Desktop Services

Remote Desktop Services allows you to connect to a remote computer and work with it as if you were sitting in front of it. If this service has a problem, you can’t establish a connection with an RDP server. A simple restart of the Remote Desktop Services service will often fix the problem.

  1. Right-click This PC from your desktop and select Manage.

    Select Manage.
    Select Manage.

  2. Click Services and Applications from the left panel.

    Click Services and Applications.
    Click Services and Applications.

  3. Press Services from the right panel.

    Press Services.
    Press Services.

  4. Scroll down and find Remote Desktop Services.

    locate Remote Desktop Services.
    Find Remote Desktop Services.

  5. Right-click the service and select Restart.

    Select Restart.
    Select Restart.

Disconnect and re-connect the domain

If you are connected to a domain in an organization (work or school), this domain can encounter problems that prevent you from connecting to an RDP server. Disconnecting and reconnecting the domain can fix this problem.

Note: You must have another account with administrator privileges to open your computer with it.

  1. Click the Windows key + I to open the Settings app.
  2. Go to Accounts > Access work or school.

    Go to Accounts > Access work or school.
    Go to Accounts > Access work or school.

  3. Highlight the domain you are connected to and click Disconnect.

    Click Disconnect.
    Click Disconnect.

  4. A prompt will appear asking if you want to leave the domain. Click Yes.

    Click Yes.
    Click Yes.

  5. Another confirmation message will appear, read it carefully then click Disconnect.

    Click Disconnect.
    Click Disconnect.

  6. Restart your computer to complete the process.
  7. Re-join the domain again.

Configure your Windows Firewall to connect to RDP

By default, Windows Firewall blocks all incoming connections not on the safe list. To allow RDP connections to your PC, you must add the Remote Desktop rule to Windows Firewall.

  1. Go to Start menu > Settings.

    Open the Settings app.
    Go to Settings.

  2. Go to Privacy & securityWindows Security.

    Head to Privacy & Security > Windows Security.
    Go to Privacy & security > Windows Security.

  3. Select Firewall & network protection.

    Press Firewall & network protection.
    Select Firewall & network protection.

  4. Click Allow an app through firewall.

    Click Allow an app through firewall.
    Click Allow an app through firewall.

  5. Click Change settings.

    Click Change settings.
    Click Change settings.

  6. Scroll down and check the Remote Desktop box and both the Public and Private boxes.

    Check the Remote Desktop box and both the Public and Private boxes.
    Check the Remote Desktop box and both the Public and Private boxes.

  7. Click OK to save the changes.

    Click OK.
    Click OK.

Disable Network Level Authentication

Network Level Authentication (NLA) is a security feature that requires users to authenticate themselves before they can establish a remote connection to an RDP server. Disabling this feature will allow you to connect to an RDP server even if the authentication fails for some reason. However, after troubleshooting this, it is recommended you leave NLA on for security purposes.

  1. Go to Start menu > Settings.

    Open the Settings app.
    Select Settings.

  2. Go to Privacy & security > For developers.

    Go to Privacy & security > For developers.
    Go to Privacy & security > For developers.

  3. Click Show settings next to Change settings to allow connections only from computers running Remote Desktop with Network Level Authentication.

    Click the Show settings button.
    Click the Show settings button.

  4. In the System Properties window, uncheck the box next to Allow connections only from computers running Remote Desktop with Network Level Authentication.

    Uncheck the box.
    Uncheck the box.

  5. Click OK and check if the problem is resolved.

    Click OK.
    Click OK.

Change the settings for your Remote Desktop connection

The normal TCP port for a Remote Desktop Host (RDH) is “3389.” So you need to run a simple command to check if this port is open and listening.

  1. Go to Start menu > search for “powershell” > right-click PowerShell > Run as Administrator.

    Run PowerShell as administrator.
    Run PowerShell as administrator.

  2. Enter the following command and hit Enter:
    Test-NetConnection WS16-DC1 –port 3389

    Check the RemotePort value and see if it’s equal to 3389.

    Check the RemotePort value.
    Check the RemotePort value.

  3. If the number is not equal to 3389, you need to change the value of the port. To do that, press Windows key + R to open the Run dialog box. Then, type “regedit” in the box and hit Enter.
  4. In the Registry Editor, go to the following key:
    HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp
  5. Locate the PortNumber and double-click it to open its properties.

    Locate the PortNumber.
    Locate the PortNumber.

  6. Change the Base to Decimal and type in 3389 in the Value data field.

    Change the Base to Decimal and type in 3389.
    Change the Base to Decimal and type in 3389.

  7. Click OK to save changes and restart your computer. After the restart, check if the problem is resolved.

    Click OK.
    Click OK.

Change the startup status of the RDP service to automatic

If your Remote Desktop Protocol (RDP) isn’t set to automatic, it will not automatically start when you open your computer. In this case, you will need to set it to automatic.

  1. Go to Start > Run and type “services.msc”.

    Type services.msc in the run dialog box.
    Type services.msc in the run dialog box.

  2. Double-click Remote Desktop Services.

    locate Remote Desktop Services.
    Double click Remote Desktop Services.

  3. Click Stop to stop the service.

    Click Stop.
    Click Stop.

  4. Go to the Startup section and select Automatic from the drop-down menu.

    Select Automatic.
    Select Automatic.

  5. Click OK to save the changes.

    Click OK.
    Click OK.

  6. Restart your computer.

Change the MTU value

The maximum transmission unit (MTU) is the largest size packet or frame, specified in octets (eight-bit bytes), that a network can transmit. A lower MTU can be useful when facing connection or latency issues.

  1. Click the Start menu and type “cmd”. Launch Command Prompt as administrator.

    Run cmd as administrator.
    Run cmd as administrator.

  2. Type the following command but replace “Ethernet” with your active network connection:
    netsh interface ipv4 set subinterface "Ethernet" mtu=1458

    Type the command.
    Run the command.

You can also use TCP Optimizer software that allows you to change your MTU value easily.

  1. Open TCP Optimizer as an administrator.
  2. At the bottom right of the main interface, click Custom.

    Click Custom.
    Click Custom.

  3. Set the MTU value to 1458 and click Apply changes.

    Set the MTU value to 1458.
    Set the MTU value to 1458.

Enable persistent bitmap caching

Persistent Bitmap Caching might be disabled on your computer. If this is the case, you need to enable it.

  1. Press Windows + R to open the Run dialog box. Type “mstsc” and hit Enter to launch the Remote Desktop Connection application.

    Type mstsc and hit Enter.
    Launch run, type mstsc, and press Enter.

  2. Click Show Options.

    Click Show Options.
    Click Show Options.

  3. Go to the Experience tab.

    Go to the Experience tab.
    Go to the Experience tab.

  4. Check the box next to Persistent bitmap caching, and click Connect.

    Check the Persistent bitmap caching option and click the Connect button.
    Check the box next to Persistent bitmap caching, then click Connect.

Change the RDP security settings

When the security settings for the RDP are not configured correctly, you will encounter the “An internal error has occurred” error. To fix this problem, you can use the Group Policy Editor.

  1. Click Windows + R to open the Run dialog box. Type “gpedit.msc” and hit Enter to launch the Local Group Policy Editor.

    Type gpedit.msc and press Enter.
    Type gpedit.msc and press Enter.

  2. Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
  3. Double-click Require use of specific security layer for remote (RDP) connections.

    Double-click the Require use of specific security layer for remote (RDP) connections option.
    Double-click the highlighted option.

  4. Select Enabled and ensure Security Layer is set to RDP.

    Select Enabled and make sure that the Security Layer is set to RDP.
    Select Enabled and set Security Layer to RDP.

  5. Click OK and restart your computer.

    Click OK.
    Click OK.

Turn off any VPN connections

If you have any VPN connections turned on, then this might be the problem. VPNs sometimes route all traffic through their servers rather than just web traffic. This can prevent your computer from establishing a connection to the RDP server. First, turn off any third-party VPNs you have open. You can also turn VPNs off from within Windows Settings:

  1. Open the Start menu and go to Settings.

    Open the Settings app.
    Open the Settings app.

  2. Click Network & internet and select VPN.

    select VPN.
    Select VPN.

  3. If you have any VPN connections, click Disconnect.

    Click Disconnect.
    Click Disconnect.

  4. Check if the issue persists.

Reconfigure the local security policy

Incorrect settings in the local security policy can cause the “An internal error has occurred” problem. To fix the issue, you can change local security policy settings.

  1. Press Windows + R to open the Run dialog box. Type “secpol.msc” and hit Enter to launch Local Security Policy.

    Type secpol.msc.
    Type secpol.msc in Rub.

  2. Go to Local Policies > Security Options.

    Head to Local Policies > Security Options.
    Go to Local Policies > Security Options.

  3. Scroll down and double-click System cryptography: Use FIPS compliant algorithms for encryption, having, and signing option.

    Double-click System cryptography: Use FIPS compliant algorithms for encryption, having, and signing option.
    Double-click the highlighted option.

  4. Select Enabled from the pop-up window, then click OK.

    Select Enabled and click OK.
    Select Enabled and click OK.

  5. Restart your computer.

Disable static IP address

If the server you are trying to connect to has network-layer restrictions, then the connection might fail. The network-layer restriction usually prevents the server from accepting any incoming connections routed through a static IP address. A possible solution is to switch from static to DHCP IP.

  1. Click Windows + R to launch the Run dialog box. Type “ncpa.cpl” and hit Enter to open the Network Connections window.

    Type ncpa.cpl.
    Launch ncpa.cpl in Run.

  2. Right-click your active network connection and select Properties.

    Select Properties.
    Select Properties.

  3. Switch to the Networking tab and double-click Internet Protocol Version 4 (TCP/IPv4) from the list.

    Double-click Internet Protocol Version 4 (TCP/IPv4).
    Double-click Internet Protocol Version 4 (TCP/IPv4).

  4. Select the Obtain an IP address automatically radio box and click OK to save changes.

    Check the Obtain an IP address automatically option and click OK.
    Select the highlighted option, then click OK.

  5. Restart your computer for changes to take effect.

Erik is a full-time product quality engineer at the IBM who has a passion for teaching others (and always learning) about technology. He has a Bachelor's degree in Computer Science and Engineering from Eindhoven University of Technology. Erik is the chief editor for Windows, Linux and coding tutorials.

Leave a Comment