Symptom:

After enabled "RDP over SSL" to secure the tunnel between the clients and the PSM servers, when trying to connect to a target machine via RemoteApp, you can't establish connection because there is a certificate error.


Cause:

After installing certificate on the RDS server, you need to install the certificate on the RD Connection Broker role to apply the secure tunneling using RemoteApp.


Solution:

After installing the certificate at the Certificate Management Console (mmc.exe), you will need to export .pfx certificate with a password (just simple password)

to be able to install it at the Remote Desktop Connection Broker role (RDCB) . To install the certificate you need to do the following steps:

  1. Open server manager (start>run> servermanager.exe)
  2. Under DEPLOYMENT OVERVIEW go to TASKS>Edit Deployment Properties
  3. Go to 'Certificates' section and select "RD Connection Broker - Enable Single Sign On"
  4. Click on the option "Select existing certificate..."
  5. Check "Choose a different certificate" and then use the 'Browse' option to choose the .pfx certificate
  6. Enter the certificate password and check the "Allow the certificate to be added to the Trusted Root Certificate Authority certificate store on the destination machine"
  7. Click 'OK' and again 'OK'.
Now try to connect a target machine using the RemoteApp option and make sure that you don't get the certificate error.



Applies to: Windows server 2012 R2