MicrosoftI was hoping for some input on our deployment...
we are not using internal PKI for the RDS farm. Our internal domain name suffix is .com, so for example, our AD forest is "acme.com". We have purchased a wildcard certificate for *.acme.com from a public CA which we should be able to use for machines on our internal domain. I have applied this wildcard certificate to the Deployment Properties of our RDS farm on all four role services: RD Connection Broker: enable SSO, RD Connection Broker: Publishing, RD Web Access, and RD Gateway. This set the Certificate Level as "trusted" with a status as "ok" for all four role services. Now, when I visit our deployment from an external host (https://rdp.acme.com/rdweb) and RDP to one of my host collections, I still receive a certificate error from the broker--it shows that "broker.acme.com" is still using a self-signed certificate. How do I fix this?
Furthermore, I have configured the deployment to use "rdp.acme.com" as the RD Gateway server name, yet when I log in to RDWeb and click on a collection, the RDP session lists the "remote computer" as "broker.acme.com" (correct) and the "gateway server" as "gateway.acme.com" (incorrect; this should be rdp.acme.com). I've been unable to correct this setting as well. Any advice?
