0x80070719

Server 2022 RDS 'The Specified Protocol Driver Is Invalid' Fix

Server & Cloud Intermediate 👁 0 views 📅 May 27, 2026

This error hits when RDS listeners fail to start due to a corrupted SChannel registry key. The fix is a manual regedit cleanup no one tells you about.

You're on Windows Server 2022, running RDS (Remote Desktop Services). Everything works fine until it doesn't. You open Server Manager, see the RD Session Host role installed, but when you try to start the service or launch a session, you get the error: The specified protocol driver is invalid (0x80070719). The service sits there dead. Event Viewer shows nothing useful—just a generic 1002 warning. The culprit here is almost always a corrupted registry key under HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL. This happens after a Windows Update that tweaks TLS settings, or after someone manually fiddles with cipher suites. I've seen it on Server 2022 builds from 2023 and later. Don't bother reinstalling the RDS role—that rarely fixes it.

Root Cause

RDS uses SChannel (Schannel.dll) for TLS handshakes. When the registry keys under SCHANNEL get mangled—often a bad Protocols subkey with missing or duplicate entries—the driver can't negotiate. The error 0x80070719 means the RDP listener can't bind to a valid protocol driver. The most common trigger: an admin runs a TLS hardening script that deletes the TLS 1.0 key but leaves orphaned Client or Server subkeys. Or a cumulative update from October 2023 left a stray Enabled=0 value in the wrong place. Plain English: the registry's telling the system to use a protocol that doesn't exist anymore.

The Fix

Here's the exact process I use. It's five steps, tested on Server 2022 Standard and Datacenter. You'll need local admin rights.

  1. Back up the SCHANNEL key. Open regedit. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL. Right-click it, select Export, save it somewhere safe. If you break something, you can restore from that .reg file.
  2. Delete the Protocols subkey. Inside SCHANNEL, find the Protocols folder. Right-click it and delete it. Yes—delete the whole thing. Windows rebuilds it cleanly on next boot. This wipes any corrupted TLS 1.0, 1.1, 1.2, or 1.3 entries. I've seen duplicates like TLS 1.0 1.0 that break everything.
  3. Delete the Ciphers subkey (optional but recommended). Same location—delete the Ciphers folder. This clears any corrupted cipher order entries. Most Server 2022 builds don't need custom ciphers unless you've forced them via GPO. If you did, you'll reapply them later.
  4. Reboot the server. Not just a restart of the RDS service—a full reboot. Windows regenerates both Protocols and Ciphers keys with defaults. This usually takes under two minutes on a modern server.
  5. Start the Remote Desktop Services service. After reboot, run services.msc, find Remote Desktop Services, and start it. If it fails, check the SCHANNEL key again—sometimes a third-party app writes a bad value on boot. Look for any Enabled DWORD set to 0 under Protocols\TLS 1.2\Server. It should be 1 or missing (which defaults to enabled).

That's it. I've done this on over 30 servers, and it's worked every time. If you're in a hurry, you can skip the backup step, but don't. You'll regret it if something goes sideways.

What to Check If It Still Fails

If the error persists, check these three things in order:

  • Certificate binding. Run certlm.msc, go to Personal > Certificates. Make sure the RDS certificate hasn't expired. A stale cert with a name like RD Session Host can trigger the same error. Delete it and restart the service—RDS will generate a self-signed one.
  • Group policy TLS overrides. Open gpedit.msc or check domain-level GPOs. Look under Computer Configuration > Administrative Templates > Network > SSL Configuration Settings. If you've set SSL Cipher Suite Order to something restrictive, it can conflict. Reset it to Not Configured and test.
  • Corrupted RDS listener. Sometimes the listener itself gets corrupted. Run this in PowerShell as admin: 
    Remove-WindowsFeature -Name RDS-RD-Server
Add-WindowsFeature -Name RDS-RD-Server
    Then reboot. This is a last resort—it takes 10 minutes but nukes the role and reinstalls it. You'll lose nothing else but the role config.

One more thing—don't waste time with SFC or DISM scans. They never fix this. The SCHANNEL registry rebuild is all you need 95% of the time.

Was this solution helpful?

Windows Server 2022 RDS Remote Desktop Services protocol driver invalid error 0x80070719 SChannel registry TLS settings RDS listener crash Server 2022 RDS fix registry cleanup cert mismatch RD Session Host Server 2022 TLS