Hello everybody,
I've been browsing through hundreds of topics on the dreaded "The RD Gateway server must be configured to use a valid SSL certificate" error using BPA (Windows Server 2008 R2 Std), but still haven't found a proper solution.
Here's the issue: RDGW not operating properly and sometime accepting connections, sometimes not.
I have an external domain example.com and internally, the domain is example.local. I have one server serving Exchange and RD, this is the server responding to mail.example.com and I have an StartSSL issued cert for mail.example.com, which is properly configured on the server (OWA is working properly with autodiscover etc.). SSL bindings seem alright, default site is using the mail.example.com SSL cert.
If I open the RDGW Manager and go to the SSL Certificate tab, the system looks happy by having the cert installed, everything looks fine. Sometimes I even manage to connect - connection is successful, I can normally connect to any of the servers or computers. On a second attempt, I just get the message, that the logon attempt had failed. If I run BPA on the server, I get the error of not having a proper SSL cert. If I select a self-signed cert, then also the BPA goes through, but then I have problems with connections since everybody would need this cert to have installed.
From what I read, my problems are related to the issue that the FQDN of my server is servername.example.local and the cert is issued to mail.example.com. How can I make the thing only to talk via the mail.example.com cert? I don't think I can get a cert that'd also contain a SAN of servername.example.local from the CA.
What can I do?