I have a 2012 R2 RDS environment with 1 server holding the roles: RDWeb Access, Connection Broker, RD Gateway, and 3 session hosts.
I have a wildcard SSL cert configured in deployment properties for all roles. This works properly when users connect via RDWeb. They connect to RDWeb, and open their Remote Desktop session when goes through the broker, in to one of the 3 session hosts. They are not prompted with certificate errors.
I know that this is how 2012 RDS is supposed to work, through RDWeb. However, we have a large amount of older thin clients that do not support RDWeb access, so instead they are configured to RDP to an A record of thinclient.domain.local. I have round robin set up with three thinclient A records pointing to the 3 IPs of the session hosts. When a thin client connects they are presented with a prompt "The identity of the remote computer cannot be verified. Do you want to connect anyway?". It is presenting them with the local session host computer name cert, for example they connect via RDP to thinclient, and get a certificate prompt for RDS-SessionHost01.company.local. After clicking yes, they may be redirected to another session host and get the prompt again.
What is the best way to suppress these prompts? Is it possible to publish the wildcart to each session host? Or possible disable these prompts? Thanks in advance.