MicrosoftWe also use a wildcard cert for our environment (Win 2016 Server RDS). We have a GW, CB, and 3 SH servers. The DNS A Record we use I'm assuming is our farm name (one name pointed to all the SH's IP addresses).
So when using MSTSC.EXE on the outside, we get prompted about the certificate. The obvious problem is that it's saying we're logging into "ext-gwname.domain.com" and "int-shname.domain.com". And because of this, it's giving a unknown computer as the cert being presented is an internal cert, not the public cert and DNS we are using.
There's no problem when connecting via RD Web Access. However, this is a problem because we have terminal clients connecting (so they act more like a Windows PC using MSTSC.EXE). Troubleshooting why our external terminal clients aren't working (Axel terminals), we tried using a Windows PC via MSTSC.EXE to connect and that's how I found out the weird "unknown computer" warnings, where the SH server is presenting it's internal name and internal cert rather than using the farm name and using our wildcard cert (that's publicly signed).
