Set up:
Server2016 Hyper V Guest
Remote Desktop Gateway
Remote Desktop Licensing
RD Web Access
RD Connection Broker
Server2016 Hyper V Guest
RD Session host
Internal FQDN: Domain.Company.Local
External FQDN: company.ca
SSL Cert Wildcard: *.company.ca
DNS redirects remote.company.ca > external IP on firewall
Firewall port forwards RDP requests to Remote Desktop Gateway via custom port :9999 (443 was taken and my firewall didn't redirect through a WAF well with RDP so this worked)
Custom Port was set in transport options on remote desktop.
Initial setup worked fine, imported the SSL certs (which are now expired) then I updated the server to the HTML 5 client.
That worked until the certs expired, I replaced the certs first in the remote desktop gateway manager then in the Server Manager > Remote Desktop Gateway Overview > Collection Properties (selected the new cert for each, hit apply)
Checked IIS binding, its now the new cert. Did IIS reset, and rebooted server to make sure changes took.
The portal gets the new cert just fine back to secure padlock in browser. When launching an app though I get a certificate error:
Your session ended because an unexpected server authentication certificate was received from the remote PC. Ask your admin or tech support for help.Certificate information:
<THE CORRECT CERTIFICATE THUMBRPINT)
I verified the thumbprint against the cert and all was correct. I hadn't changed the FQDN from the setup before, and even tried rolling back the server and checking, as soon as I swap the cert out in any of the places it breaks the FQDN external being different from internal hoops I had to jump through originally.
Oddly if I go to /rdweb and use the non-html5 method the remote apps fire up and launch just fine.
What am I missing here?