Hi,
I have tested Remote Desktop Services with a self signed certificate. For testing the remote gateway over the internet, I have edited the host file from the client test machine so that the domain of my self signed certificate match the public IP address of the remote desktop gateway and remote web access.
Now I want to test in on a production environment. The DNS is working well on that address and when I go to the rd web access I get the certificate error as expected.
So I wanted to change the certificate by the wildcard I have. For that, I have made 2 changes from the server manager of my DC by clicking "Edit Deployment Properties" in theRemote Desktop Service section.
1. In the RD Gateway section, I have changed the server-name by the new one :
2. In the certificates section, for each item (role service), I have clicked "select existing certificate...", and then "Choose a different certificate", and entering the correct password. I also have checked the checkbox that "allow the certificate to be added to the Trusted Root Certification Authorities certificate store on the destination computers"
When I click "apply", I get the following warning message :
"Could not configure the certificate on one or more servers. Ensure that the servers are available on the network and apply the certificate again."
Then when I go back to the Deployment Properties the warning state is still there, but the correct certificate seems to have been applied. If I close and reopen this window the warning disappears, but the correct certificate is also there.
When I go to the Remote Web Access webpage, I still have this certificate error message, and when I check the certificate, I see that the old certificate (which doesn't match the new url) is still there, instead of the new one!
I have a wildcard certificate (.pfx with private key in my case). All my servers are running Windows Server 2016 TP5, and I have the following configuration : see picture :