I've been banging my head against this for the last few days. I have a server 2012 remote desktop setup as follows:
- 1 Gateway Server
- 1 RD Web Access Serve
- 1 Session Broker, which is also a session host
- 1 Additional Session host
I'm using remote app to publish applications rather than desktops. I've got a wildcard certificate for the external domain, which works fine for the gateway and web access server, the problem comes with the session hosts, which are giving me a certificate mismatch error because connections are made to the internal name (which is a .local address) which obviously does not match the external certificate.
I have a DNS zone for the external name setup on this domain, so that machines can be resolved by internal or external names.
I've made some progress by following the steps here, and things now work fine if I only have the session host that is also the broker enabled. Once I add the second session host, any requests that go to that get the certificate error. Connections to the first session host still work fine.
Does anyone know a way to have requests be made to the external name of the session host?
The only solution I've found to this is to configure Session Broker HA (even though we only have one broker) and set the DNS round robin name to a (external) hostname that you have in the certificate. Keep in mind that you need SQL for this and once it's activated you cannot go back to non HA mode.
What if you terminate the certificate to the broken and issue a second (local) certificate from the broker to hosts ? It's quite similar to the SSL problem with load balancers