RDWeb TS connection broken for some users post RemoteApp certificate change

certificate remote-desktop-services windows-terminal-services rdweb

Found this page after experiencing the same problem. For us the solution was to add port 3389 to loopback (aka Hairpin NAT) on our firewall.

Some additional detail:

Replacing the certificate was trickier than installing it the first time, but I think we did it correctly, and apps worked fine for a day or two. Users started getting errors on launch, and we wound up using the powershell script here https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80 to re-publish the FQDN of the server.

I think this script must have set the FQDN in a part of the config that had never been specified before, causing the RD Gateway to refer to itself by its FQDN to hand off requests. These requests failed as our edge firewall allowed only 80 and 443 for both incoming and loopback requests.

Adding port 3389 to the loopback rule on the firewall resolved the problem immediately.

Related

Postfix 3.3.1 on Centos 8 can't enable TLSv1 or TLSv1.1
Reverse IP Lookup to Find A Records at IP Address
log4j with timestamp per log entry
How to "safely" shutdown/restart a Galera cluster?
Are web-safe colors still relevant?
Find the first file that matches a pattern using PowerShell
Interesting 'takes exactly 1 argument (2 given)' Python error
C++ priority_queue with lambda comparator error
sql set variable using COUNT
how to run Eclipse -clean on a Mac?
Ubuntu 14.04: nvidia drivers cannot be installed
Evince performance (Hint: slow)