Azure AD Proxy With RDS Gateway and WebClient - WebSockets Error

PCPackrat46573 after weeks of thrashing on this issue, I finally got it to work by creating an internal DNS zone on my DCs for the external URL so my internal and external URLs match. So my Azure AD proxy config has a public CNAME for app.company.com that points to app-company.msapproxy.net then the internal URL for the app proxy is configured for app.company.com. Then internally, I have a DNS zone for app.company.com with a default A-record that points to the internal IP address of the remoteapp server. So if you're on the company network, app.company.com goes directly to the server via the A-record. If you're external, app.company.com goes to the Azure AD proxy then the app proxy calls IIS using the public DNS name internally... if that makes sense. I believe root cause for all this was a certificate mismatch. I was testing different scenarios and found that when I had the wrong certificates installed, I'd get the same websockets 1006 error. So on a whim, I tried creating that internal DNS zone and it worked immediately. Some of the documentation says you *should* have matching internal/external DNS names but not that you *must*. So that was wrong. Maybe you only need matching internal/external names when websockets are in play. Such a huge weight off my shoulders to have this working. Hope others will find this when they run into the same.