I have the following scenario:
Firewall
WebAccess (Internet/intranet) - WA.internal.net
Internal
Gateway - GW.internal.net
Connection Broker - CB.internal.net
Session Host - SH.internal.net
All the internal.net 2012 servers are on the AD Domain internal.net and have a *.internal.net certificate installed.
We would like all the users to go to WebAccess (WA) to logon to access resources on the SH.
We have configured Split-Brain DNS so outside users and inside users can access the URL held on the WA which is www.external.com
We purchased a certificate for www.external.com
I have applied this certificate to the server WA and GW. Via the: Deployment Properties - Certificates.
On logon I get two errors:
Internal logon: Your computer can't connect to the remote computer because the remote desktop gateway server address requested and the certificate subject name do not match.
Web logon:
A website is trying to run a RemoteApp Program... Publisher *.internal.net
Remote computer: CB.internal.net
Gateway Server: GW.internal.net
Click connect:
Your computer can't connect to the remote computer because the remote desktop gateway server is temporarily unavailable. Try reconnecting later or contact your network administrator for assistance.
I guess this is a problem with the www.external.com certificate?
Having read a little more it should be a wild card?
How could a *.external.com work on a domain internal.net?
What do I need to do to get this to work using single Sign on?