Hi,
So I have a working setup consisting of:
1 RD Gateway & Web Access combo server sitting in my DMZ talking back to the following on my LAN:
1 Session server
1 Broker Server
Everything works internally. I'm using split DNS to address the Gateway/Web server combo at: https://rds.mydomain.com, resolving it internally for my users and also publishing it in my external DNS for the users that will work remotely.
Accessing the https://rds.mydomain.com/rdweb remotely works fine and the test users can log in and see their collection. When they open up on of the web apps from non domain bound machines, they are greeted with the expected "do you trust this publisher"
warning which they can click through. They are then prompted to re-authenticate (I've not set it up for SSO yet), and then the actual fail:
"Your computer can't connect to the remote computer because the remote desktop gateway server address requested and the certificate subject name do not match..."
As far as certs go, I have my wildcard cert from LetsEncrypt on the gateway and in IIS for the RD Gateway/Web Access combo server. The Broker server is signing the apps with an internally issued cert via my CA. I have tried every combination of certificate
deployment and noe work.
Looking at the error, I can examine my cert from LetsEncrypt and although the Subject of it correct, when it is issued by https://rds.mydomain.com/rdweb, the subject line only shows my domain which I guess is where the error is coming from.
This error is causing the RemoteApps via the Windows RD client to also fail as you would expect.
I'm out of ideas of how to get this working externally so if anyone can point out what I'm missing, I'd appreciate it.
Thanks.