Inside of my network I have broker and two RD Session hosts: RDSH1 and RDSH2. When I connect to one of them, it says I should use farm name instead of host name. Ok, I added A record for my farm name that points to RDSH1 and RDSH2 using round-robin. It now works well: when I connect to one of them, it either lets me in or forwards me to another one.
The problem is that they use self-signed certificates, so there is a stupid warning because my PC doesn't trust them.
I use certificate template on my CA to issue certificate and use group policy to force this certificate to be used for RDP. They obtain correct certificates.
The problem is I can't set farm name in certificate template. I can only set it to server FQDN name. So, my RDSH1 and RDSH2 obtain certificates for their names, and when I connect to them using farm name, certificates are invalid because name doesn't match.
My question is: how can I use certificate template to issue certificate for farm name instead of RDSH name?
0 Answers