I have 3 2016 servers.
Server1.domain.local is the gateway/broker/rdweb server
Server2.domain.local is a rd session host
Server3.domain.local is a rd session host.
The problem is I have a wildcard cert, in dns the clients connect to rds2016.domain.com (which points to server1.domain.local/the gateway) but when the gateway redirects the cilents to either server 2 or 3 the .local name shows up and prompts them with cert errors.
I found this post that allowed me to change the certificate on the session host servers to the wild card cert using wmi
https://social.technet.microsoft.com/Forums/windowsserver/en-US/cfa7d283-4b1b-4da6-8589-82059b31d258/local-fqdn-shown-when-connecting-to-session-host-through-rdgateway?forum=winserverTS#d2db4606-ee08-4e8d-ad1f-44ba16b0eceb
Get certificate thumbprint using powershell:Get-Childitem Cert:\LocalMachine\My
Set new thumbprint on server:wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="Thumbprint"
But the problem after running that the rdweb published apps show an error 0x607 and the .local servername again when trying to connect. Since the wildcard cert does not match the .local name it won't let the client open the rdweb published app. Basically running the wmi command fixed the cert errors for the full remote desktop session but broke rdweb.
Anyway to change the name the session hosts are exposing to the clients from (ie from server2.domain.local to server2.domain.com)?