Getting to where I HATE certs.
2 node 2016 RDS farm. Generated a SAN cert from my MS CA. It contains common name *.xxx.xxx. The SAN names are the Farm FQDN and the FQDN of both servers.
Imported this into the Server Manager RDS Deployment Properties successfully.
It WORKED properly after I imported those 2 certs that afternoon, several times.
Then, the next day, the 2nd server (not the first) decided it would use the Self-Signed RDS cert it has rather than the SAN cert assigned the previous day.
So, I have 1 server (which is a Gateway and session host) use the SAN cert, but the 2nd (session host only) uses a self-signed.
WHY? Any suggestions on how to fix?