When the Remote Desktop Connection is unable to connect with an RDP server, it will show the error message “An internal error has occurred”.
This usually happens because of configuration issues related to how you set up your Remote Desktop Connection or security issues.
This guide will help you fix the problem so you can successfully connect to your RDP server.
Ensure the remote connection is enabled
Sometimes, the remote connection can be disabled on your computer. Before anything else, you should check it and enable it if it’s turned off.
- Go to the Start menu > Settings.
- Scroll down and click Remote Desktop.
- Toggle the “Remote Desktop” button to On.
- Click Confirm to turn on the service.
Restart Remote Desktop Services
Remote Desktop Services allows you to connect to a remote computer and work with it as if you were sitting in front of it. If this service has a problem, you can’t establish a connection with an RDP server. A simple restart of the Remote Desktop Services service will often fix the problem.
- Right-click This PC from your desktop and select Manage.
- Click Services and Applications from the left panel.
- Press Services from the right panel.
- Scroll down and find Remote Desktop Services.
- Right-click the service and select Restart.
Disconnect and re-connect the domain
If you are connected to a domain in an organization (work or school), this domain can encounter problems that prevent you from connecting to an RDP server. Disconnecting and reconnecting the domain can fix this problem.
Note: You must have another account with administrator privileges to open your computer with it.
- Click the Windows key + I to open the Settings app.
- Go to Accounts > Access work or school.
- Highlight the domain you are connected to and click Disconnect.
- A prompt will appear asking if you want to leave the domain. Click Yes.
- Another confirmation message will appear, read it carefully then click Disconnect.
- Restart your computer to complete the process.
- Re-join the domain again.
Configure your Windows Firewall to connect to RDP
By default, Windows Firewall blocks all incoming connections not on the safe list. To allow RDP connections to your PC, you must add the Remote Desktop rule to Windows Firewall.
- Go to Start menu > Settings.
- Go to Privacy & security > Windows Security.
- Select Firewall & network protection.
- Click Allow an app through firewall.
- Click Change settings.
- Scroll down and check the Remote Desktop box and both the Public and Private boxes.
- Click OK to save the changes.
Disable Network Level Authentication
Network Level Authentication (NLA) is a security feature that requires users to authenticate themselves before they can establish a remote connection to an RDP server. Disabling this feature will allow you to connect to an RDP server even if the authentication fails for some reason. However, after troubleshooting this, it is recommended you leave NLA on for security purposes.
- Go to Start menu > Settings.
- Go to Privacy & security > For developers.
- Click Show settings next to Change settings to allow connections only from computers running Remote Desktop with Network Level Authentication.
- In the System Properties window, uncheck the box next to Allow connections only from computers running Remote Desktop with Network Level Authentication.
- Click OK and check if the problem is resolved.
Change the settings for your Remote Desktop connection
The normal TCP port for a Remote Desktop Host (RDH) is “3389.” So you need to run a simple command to check if this port is open and listening.
- Go to Start menu > search for “powershell” > right-click PowerShell > Run as Administrator.
- Enter the following command and hit Enter:
Test-NetConnection WS16-DC1 –port 3389
Check the RemotePort value and see if it’s equal to 3389.
- If the number is not equal to 3389, you need to change the value of the port. To do that, press Windows key + R to open the Run dialog box. Then, type “regedit” in the box and hit Enter.
- In the Registry Editor, go to the following key:
- Locate the PortNumber and double-click it to open its properties.
- Change the Base to Decimal and type in 3389 in the Value data field.
- Click OK to save changes and restart your computer. After the restart, check if the problem is resolved.
Change the startup status of the RDP service to automatic
If your Remote Desktop Protocol (RDP) isn’t set to automatic, it will not automatically start when you open your computer. In this case, you will need to set it to automatic.
- Go to Start > Run and type “services.msc”.
- Double-click Remote Desktop Services.
- Click Stop to stop the service.
- Go to the Startup section and select Automatic from the drop-down menu.
- Click OK to save the changes.
- Restart your computer.
Change the MTU value
The maximum transmission unit (MTU) is the largest size packet or frame, specified in octets (eight-bit bytes), that a network can transmit. A lower MTU can be useful when facing connection or latency issues.
- Click the Start menu and type “cmd”. Launch Command Prompt as administrator.
- Type the following command but replace “Ethernet” with your active network connection:
netsh interface ipv4 set subinterface "Ethernet" mtu=1458
You can also use TCP Optimizer software that allows you to change your MTU value easily.
- Open TCP Optimizer as an administrator.
- At the bottom right of the main interface, click Custom.
- Set the MTU value to 1458 and click Apply changes.
Enable persistent bitmap caching
Persistent Bitmap Caching might be disabled on your computer. If this is the case, you need to enable it.
- Press Windows + R to open the Run dialog box. Type “mstsc” and hit Enter to launch the Remote Desktop Connection application.
- Click Show Options.
- Go to the Experience tab.
- Check the box next to Persistent bitmap caching, and click Connect.
Change the RDP security settings
When the security settings for the RDP are not configured correctly, you will encounter the “An internal error has occurred” error. To fix this problem, you can use the Group Policy Editor.
- Click Windows + R to open the Run dialog box. Type “gpedit.msc” and hit Enter to launch the Local Group Policy Editor.
- Navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security.
- Double-click Require use of specific security layer for remote (RDP) connections.
- Select Enabled and ensure Security Layer is set to RDP.
- Click OK and restart your computer.
Turn off any VPN connections
If you have any VPN connections turned on, then this might be the problem. VPNs sometimes route all traffic through their servers rather than just web traffic. This can prevent your computer from establishing a connection to the RDP server. First, turn off any third-party VPNs you have open. You can also turn VPNs off from within Windows Settings:
- Open the Start menu and go to Settings.
- Click Network & internet and select VPN.
- If you have any VPN connections, click Disconnect.
- Check if the issue persists.
Reconfigure the local security policy
Incorrect settings in the local security policy can cause the “An internal error has occurred” problem. To fix the issue, you can change local security policy settings.
- Press Windows + R to open the Run dialog box. Type “secpol.msc” and hit Enter to launch Local Security Policy.
- Go to Local Policies > Security Options.
- Scroll down and double-click System cryptography: Use FIPS compliant algorithms for encryption, having, and signing option.
- Select Enabled from the pop-up window, then click OK.
- Restart your computer.
Disable static IP address
If the server you are trying to connect to has network-layer restrictions, then the connection might fail. The network-layer restriction usually prevents the server from accepting any incoming connections routed through a static IP address. A possible solution is to switch from static to DHCP IP.
- Click Windows + R to launch the Run dialog box. Type “ncpa.cpl” and hit Enter to open the Network Connections window.
- Right-click your active network connection and select Properties.
- Switch to the Networking tab and double-click Internet Protocol Version 4 (TCP/IPv4) from the list.
- Select the Obtain an IP address automatically radio box and click OK to save changes.
- Restart your computer for changes to take effect.
Back in 1966 when I was born, technology as we know it today was drastically different. In my lifetime, I witnessed the word of computing change from the giant ENIAC machine, to the supercomputers of today.
Since a young age, I have been obsessed with technology, and it was only natural that I continued my career path to study computer science. I graduated from NYU Computer Science in 1990.
I went on to work for IBM as a software engineer where our team pioneered a what would later become IBM Cloud. From 2001, I worked as an IT recruiter for one of the top tech firms.