I checked our farm yesterday and noticed that is Windows 2008... Yours is 2012. I'm sure there are big differences, but I hope my info helps.
Opening MMC -> Certificates -> Computer account I see 2 certificates in "personal/Certificates" folder:
- Selfsigned Certificate (same Issuer an Subject)
- Certificate issued by our Domain CA
The selfsigned shows an error in the details, has your certificate the same error?
To solve this error, just copy and paste the certificate from "personal/Certificates" subfolder to "Trusted Root Certification Authorities/Certificates". With that step the same certificate gives no error.
After that, there's only two places where you configure the certificate (in RDS Windows 2008) that I've found.
Our RemoteApp Manager shows:
The Digital Signature settings:
And in the 'RD Session Host Configuration, in the settings of the connection:
At the end, and if I remember correct, we solved it checking all options, the event viewer, making sure of no certificate errors, populating some local groups, giving them access by the Security Policy...
Good Luck.
---- Updated ----
Remember to import in the user profile, the Issuer CA or the certificate (if it's self signed) in the "Trusted Root Certification Authorities/Certificates" so the client didnt get any certificate error. This point was important in our system.
Best Answer
A certificate is issued for the lower of either:
ValidityPeriod
andValidityPeriodUnit
registry values, orAs the
Computer
template is version 1 schema, you cannot change its validity. However, it's considered wiser to copy the template and use the copy for enrollments. When you copy, you can set additional values and the schema will be upgraded accordingly. That is, you'll end up with a version 2, 3, or 4 schema template. That's not a problem unless you're using a really old version of Windows.