I checked our farm yesterday and noticed that is Windows 2008... Yours is 2012. I'm sure there are big differences, but I hope my info helps.
Opening MMC -> Certificates -> Computer account I see 2 certificates in "personal/Certificates" folder:
- Selfsigned Certificate (same Issuer an Subject)
- Certificate issued by our Domain CA
The selfsigned shows an error in the details, has your certificate the same error?
To solve this error, just copy and paste the certificate from "personal/Certificates" subfolder to "Trusted Root Certification Authorities/Certificates". With that step the same certificate gives no error.
After that, there's only two places where you configure the certificate (in RDS Windows 2008) that I've found.
Our RemoteApp Manager shows:
The Digital Signature settings:
And in the 'RD Session Host Configuration, in the settings of the connection:
At the end, and if I remember correct, we solved it checking all options, the event viewer, making sure of no certificate errors, populating some local groups, giving them access by the Security Policy...
Good Luck.
---- Updated ----
Remember to import in the user profile, the Issuer CA or the certificate (if it's self signed) in the "Trusted Root Certification Authorities/Certificates" so the client didnt get any certificate error. This point was important in our system.
I am getting similar issues and here is what I think:
With Server 2008 R2 , you could set the Internet Facing IP as the Remote Session Host (rather than the internal server name which is not being resolved from the internet), but this feature seems to be gone in 2012 R2...
Best Answer
Is this the connection broker or the session host? If it's the connection broker, that sucks but isnt that bad to rebuild depending on your environment. If it is the rdsh, great! You dont need to rebuild the entire server, only need to remove what bit of role for remote desktop is left installed, reboot and then reinstall the role. You should be able to point it to the connect broker easily with powershell and it will be as good as new.