I'm having something screwy going on, and I'm not having much luck googling up an answer here. Let me explain the situation.
I recently renewed the SSL wildcard certificate for our domain through GoDaddy. It's already up and going on several Linux boxes, as well as our Exchange 2007 server.
The only real strangeness with importing the certificate (a .crt file) into the server's personal certificate store was that it didn't link properly to the private key, so after I ran through the Certificates snap-in I had to run certutil -repairstore my"THUMBNAIL" to get it to show up properly with the little key symbol so I could use it. That's been done on the server that uses the TS gateway, so as near as I can tell it's a perfectly functional SSL cert.
After the cert is imported, I went into the TS gateway manager and clicked on the server name. There's a message at the top that reads "SERVERNAME is not configured as a TS Gateway server. To access the settings required to complete TS Gateway configuration, click the link provided." So I go into there, which takes me to the SSL Certificate tab of the server's properties. I select "Select an existing SSL certificate for SSL encryption", then browse certificates. I pick the right cert and click Install, and things seem fine - no errors at all.
However, when I click Refresh, it immediately reverts to the same message, like I didn't just select the cert in question.
This error is described in the KB article here: http://support.microsoft.com/kb/959120
I went through those steps and verified that the bindings are set to All Unassigned - they were set like that before I went in to IIS Manager, so this doesn't seem to be the cause of my problem.
In the Event Viewer, I have a critical error 103 cropping up under Applications and Services Logs/Microsoft/Windows/TerminalServices-Gateway/Operational whenever I go through and set the cert and refresh. This error reads "The Terminal Services Gateway service does not have sufficient permissions to access the Secure Sockets Layer (SSL) certificate that is required to accept connections. To resolve this issue, bind (map) a valid SSL certificate by using TS Gateway Manager. For more information, see "Obtain a certificate for the TS Gateway server" in the TS Gateway Help. The following error occurred: "2148073494"."
Just to make sure, I went into the Certificates snap-in and verified that the NETWORK SERVICE user had Read access to the certificate, per this Technet article: http://technet.microsoft.com/en-us/library/cc775286%28WS.10%29.aspx. Just to check, I tried it with read/write access; didn't change anything, same error.
I've rebooted the server several times, made sure I had the latest updates... any ideas about what to do next? I'd rather not reinstall the TS role, since I had it configured exactly how I want it - everything was working fine with last year's cert, and I'm not sure why it's having such problems.
Any thoughts?