Hi there !
I am working on setting up an entire 2012 RDS system, with TMG Server as reverse proxy in back Firewall mode, 2 RDG, 2 Brokers HA attached to a 2012 SQL server holding the DB, and of course, collections with multiple RDSH servers. After some headaches, everything is working ok and I am about to be done.
I just have a little (last) issue with certificates. I have been able to handle most of them with the 2012 RDS cert manager through topologie builder but the problem is on the end of the chain, on the RDSH.
We bought a public domain wildcard cert *.externaldomain.com and applied it to RDGs and Brokers. Then I also applied it on RDSH servers, and I am having "Code: 0x607" issues from RDC8/Windows8 or simply still a mismatch prompt from older RDC, telling that I am trying to access RDS1.internaldomain.lan and the cert applied to the RDP-TCP connector (using powershell or WMI commands just fine) is *.externaldomain.com and of course, doesn't match.
I am 99% sure that changing the FQDN collection to farm1.externaldomain.com would fix the problem. On 2008 R2 it is something you can do pretty easy from the RDS properties of each RDSH servers, but not on 2012 anymore.
Is there a way to change the FQDN of a collection to be used by remoteApps? Do you think it is something 2012 R2 will bring ?
If no, is the only way to proceed is to buy a *.internaldomain.lan wildcard cert?
Note that when using a Full desktop connection with RDC (through the Gateway), with farm1.externaldomain.com as host, it works just fine and the certificate is approved. (I also managed externaldomain.com domain on my internal DNS serveur to resolv internal IPs)
I would really appreciate your advises on that one !
Thanks !
David