Just installed Windows Server 2012 R2 and I'm starting to plan for deployment of Remote Deskop Services. There will be only this one single server that hosts all the needed roles for RDS. I have few applications that I want to publish for users via RemoteApp.

I have internal users (Windows 7 PC's) and external users (Android and iOS tablets). 

I have active directory domain named company.local and this RDS server is named rds01.company.local.

RDS installation seems to be quite easy, but I have some questions regarding to configuration.

I need certificate from public CA, but I'm unsure what names I need in this certificate. I'm planning to publish this RemoteApp service for outside users with name ra.company.com. Do I need some other names in the certificate? What are my options to deal with internal name of server because ad domain is named .local and that is causing problems with public CA certificate.

Hi, you can use pinpoint DNS zones with the names you want resolved on the .local network. That is on the DNS server hosting the .local zone , add new records with the ra.company.com FQDN so that internal users get to see the same RDS installation with the external users.

You would need a certificate for the connection broker as well as the RD Web and Gateway server. The connection broker cert would need to be a code signing cert as well, but you can get around that.

Hope this makes sence

Thanks! 

I was able to get everything up and running quite well. I now have single SSL cert ra.company.com. I configured my internal DNS as you suggested.

I still have one little problem. I tried to use this script to get rid of one last warning I'm getting when connecting to remoteapp:

https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

For some reason when I run the script (Set-RDPublishedName "ra.company.com") external users cannot run remoteapps anymore throught the rds gateway. RemoteApps work internally fine all the time. 

• Edited by jqx12 Friday, February 20, 2015 2:39 PM

Hi Sir,

Sorry for the delay .

>>I'm planning to publish this RemoteApp service for outside users with name ra.company.com.

Based on my understanding of different internal and public domain name , you may need to change the IIS setting.

Please configure beneath setting and check the difference.
IIS Manager> Sites> Default Web Site> RDWeb Pages> Application Settings> DefaultTSGateway
Enter the external name of your RDG server

Also try to uncheck the box Bypass RD Gateway for Local address under deployment properties of RD Gateway in logon method. 

>>I need certificate from public CA, but I'm unsure what names I need in this certificate.

Please refer to following link regarding Certificate reuqirements for RDS :

http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx

Best Regards,

Elton Ji