H.
We have a farm with two RD SH servers (2012 R2), with RD CB load balancing between them. Each RD SH also runs RD GW.
We are using an external DNS name that is different from the AD domain name. This name is used for both external access to the gateway, and also for the RDP connection inside the gateway. The cert for the external name is installed on all roles, including RD SH.
The problem I have is when RD CB makes a reconnect, because then it instructs the client to connect to the internal AD FQDN, which will not match the certificate on the server, causing a certificate warning to be showed.
Is it possible to configure RD CB to tell the client to connect to the external name, BUT with the IP address of the specific RD SH? I suppose it isn't but I'll ask anyway.
The only other solution I can see is to buy a new wildcard cert for the AD domain name, and use that for the SH servers, and change the RD connection to go to a name on the internal AD instead of the external name. The external name would still be used for gateway access.