Symptom:
After enabled "RDP over SSL" to secure the tunnel between the clients and the PSM servers, when trying to connect to a target machine via RemoteApp, you can't establish connection because there is a certificate error.
Cause:
After installing certificate on the RDS server, you need to install the certificate on the RD Connection Broker role to apply the secure tunneling using RemoteApp.
Solution:
After installing the certificate at the Certificate Management Console (mmc.exe), you will need to export .pfx certificate with a password (just simple password)
to be able to install it at the Remote Desktop Connection Broker role (RDCB) . To install the certificate you need to do the following steps:
- Open server manager (start>run> servermanager.exe)
- Under DEPLOYMENT OVERVIEW go to TASKS>Edit Deployment Properties
- Go to 'Certificates' section and select "RD Connection Broker - Enable Single Sign On"
- Click on the option "Select existing certificate..."
- Check "Choose a different certificate" and then use the 'Browse' option to choose the .pfx certificate
- Enter the certificate password and check the "Allow the certificate to be added to the Trusted Root Certificate Authority certificate store on the destination machine"
- Click 'OK' and again 'OK'.
Now try to connect a target machine using the RemoteApp option and make sure that you don't get the certificate error.
Applies to: Windows server 2012 R2