RDS 2012 R2 - RemoteApp - Certificate Mismatch

Similar Messages

• RDS 2012 R2 RemoteApp Server Name Mismatch

  Hi All,
  I wonder if someone can scratch my head on this.
  Brand new RDS 2012 R2 deployment.
  RDS01 with Connection Broker and Session Host Roles installed
  RDS02 with Web Access and Gateway roles installed
  one ssl certificate with one domain remote.mycompany.com 
  the certificate have been imported to all the servers via the Edit Deployment
  the local domain is mycompany.local
  the problem that i am having is that when i launch RemoteApp after login in the remote.mycompany.com externally, i get Certificate mismatch, because it is contact the local name of the Session host server RDS01.
  What i tried so far.
  Used the Set-PublishName (http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80) without success
  Try to configure RDS01 certificate via (http://ryanmangansitblog.wordpress.com/2013/03/10/configuring-rds-2012-certificates-and-sso/)
  Check Any resources ( http://social.technet.microsoft.com/Forums/en-US/d1b0ebe4-9e53-47ff-8c75-43fd91ff538a/windows-2012-rds-certificate-mismatch?forum=winserverTS)
  Has anybody out there could shade me some knowledge in how to rectify the mismatch name warning.
  Thanks
  Elton

  Hi -TP,
  Answering your queries.
  1_the Set-RDPublishedName was successful, restarted the servers, refreshed the RDWeb page externally, tried to connect unsuccessfully.
  2_I am using externally windows 8 and internally 7 fully updated
  3_it had the green successful message.
  After, set-rdpublishedname command, i get an erro when try to connecting saying, RemoteApp Disconnected.
  Error:
  Remote desktop cant connect to the computer "remote.mycompany.com"
  1)Your user account is not listed in the RD Gateway Permission ( not true, it was set for domain users and my test user is under that group)
  2)you might have specified the remote computer in netbios format or ip
  Do you reckon i am having this problem because the RDS01 with Connection Broker and Session Host Roles installed?
  Cheers
  Elton

• RDS 2012 R2 - RemoteApp Disconnected

  Hi RDS 2012 R2 Experts,
  I would like some guidance here if possible
  My setup is a follow.
  1x 2012r2 with the following role, Broker, Web access, Gateway and License called RDS01
  2x 2012r2 Session Host called RSH01 an RSH02
  1x wildcard cert
  I would like to my users to be able to either internal and external to use the same link, remote.mydomain.com since my internal domain is mydomain.local
  What i have done so far.
  Created a DNS Zone called remote.mydomain.com and added the following records there.
  REMOTE, it points to web access server IP 192.168.1.31 ( same server for Gateway and Broker )
  2x RDSFarm, one record points to RSH01 and the other to RSH02, 192.168.1.32 and 33
  Gateway, the record points to 192.168.1.31 ( same servers as broker and web access)
  Broker, the record points to 192.168.1.31 ( same servers as web access and gateway)
  i have set the gateway manager the following
  Edited the deployment RD Gateway to remote.mydomain.com
  Installed the wildcert for all the roles, *.mydomain.com in all 4 roles
  created Manage Local computer groups and added both RSH01 and 02, RDSFarm record, remote record, gateway record and broker record
  linked the allowed resources with the policy and users ( also tried allow users to connect to any resources )
  configure the gateway in the RD Gateway farm
  Configured the IIS to
  auto redirect
  and the DefaultTSGAteway under Pages to remote.mydomain.com
  Also I used the Set-PublishName (http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80) to change it to broker.mydomain.com
  Now, the issue I have is, when users either internally or externally try to launch a RemoteApp they get the error.
  RemoteApp Disconnected
  This computer cant connect to the remote computer.
  Try connecting again.
  To overcome this error I did the following:
  Set-PublishName to RDSFarm.mydomain.com ( it is using the round robin to get to the session host servers)
  There is two problem with this setup.
  I no longer can shadow the users under Connections in the broker ( it seems to be bypassed )
  I get certificate mismatch due the servers names
  What I would like to achieve is to fix both problems above.
  Thanks for any advice in advance.
  N0tl3_Bouya

  Hi,
  Thank you for posting in Windows Server Forum.
  Initially check that you have applied external used FQDN of server under Server name in RD Gateway Deployment properties and used Bypass RD Gateway for local address. 
  Please try to perform the steps 
  •  Create a new DNS zone, .COM to allow split-brain DNS (so that internal clients can resolve external names internally)
  •  Create a relevant DNS entry in the aforementioned zone to point to the RDS environment’s internal IP address
  •  Create a relevant DNS entry in external DNS to point to the firewall which is publishing RDS’s external IP address
  •  Use the following script to change the FQDN of the RDP files provided by RD Web Access / RemoteApp and Desktop connection feed 
  Change published FQDN for Server 2012 or 2012 R2 RDS Deployment
  http://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
  In addition, for shadow related issue you can use the server in administrative mode use mstsc /shadow command and check the result. 
  Detailed walkthrough on Remote Control (Shadowing), reintroduced in Windows Server 2012 R2  
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• RDS 2012-PUBLISING REMOTEAPPS WITH VIRTUAL DESKTOP SESSION

  Hello,  I deployed a RDS 2012 VIRTUAL DESKTOP SESSION FARM.
  Is it possible publish a REMOTEAPPS with Virtual Desktop Session?, I only find information with Remote Desktop Session
  Thanks
  Regards

  Hi,
  Seems this is not the possible scenario for deployment, we need to have Session based deployment as both virtual desktop session and session based deployment differs from other.
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RDS 2012 R2 RemoteApp from NetShare

  Hello.
  We have a new RDS 2012 R2 Server.
  The Problem is our ERP Software has to be started from a network share. I find out that it is not possible to publish a Application with the Servermanager which is on a netShare
  So i want to try it with PowerShell, but evertime i try it i get the following error message
  New-RDRemoteApp -CollectionName COLL_NAME -DisplayName APPNAME -FilePath \\SERVER\APP.EXE -IconPath \\SERVER\APP.EXE
  New-RemoteApp : A Remote Desktop Services deployment does not exist on RDS2012SERVER This operation can be
  performed after creating a deployment. For information about creating a deployment, run "Get-Help Set-VDIDeployment" o
  r "Get-Help Set-RDSHDeployment".
  At line:1 char:1
  + New-RemoteApp
  + ~~~~~~~~~~~~~
  + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
  + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,New-RemoteApp
  Same with
  get-rdremoteapp -collectionname "COLL_NAME" -connectionbroker RDS2012SERVER | Format-List
  We just used a default Deployment with a Single Server.
  Anyone an idea?
  Thanks for the Help!

  use 
  Import-Module remotedesktopservices 
  then try the commands again
  also, when using -connectionbroker parameter, use FQDN for broker, not netbios name.
  also ensure powershell is opened as administrator and the user you log onto the machine has admin permissions on the broker.
  MCITP:SA:EA:EMA2010:VA2008R2

• RDS 2012 - No Wildcard Certificate

  Hi all,
  I will be using indivisual certificates per component so I will have a certificate for broker.domain.com, gateway.domain.com and [email protected] These will be used from within the RDS console to deploy the certificates to the componenets.
  My question is, do I need to do anything else for the RDS Session Host servers (or will the use the certificates above)? Will i need a certificate per server and if so does it need to be in the format SessionHost1.domain.com?
  Thanks.

  Hi,
  Thank you for posting in Windows Server Forum.
  As per my research, I can say that if you have less server than you can follow the same procedure of certificate and can use that. But personally if you have more server then suggest you to purchase wildcard certificate for your environment. Because with wildcard
  certificate you just need to purchase one certificate and can use for your installed roles.
  Please check below article for more details.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• RDS 2012 R2 RemoteApps ColorDepth

  Hello,
  Is it posible to change the maximum color depth per pixel for RemoteApps? or Collections?
  or do i have to use GPO to accomplish this for the whole Server? Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment
  Thanks for the answers!

  Hi,
  RDP 8.0/8.1 connections are always 32 bit color depth.  For old RDP client versions you may connect as low as 16 bit.
  For Server 2012 R2 it is preferred that you connect using a RDP 8.1 client.
  -TP

• Certificate Mismatch RDS Session Host

  I've been banging my head against this for the last few days. I have a server 2012 remote desktop setup as follows:
  1 Gateway Server
  1 RD Web Access Serve
  1 Session Broker, which is also a session host
  1 Additional Session host
  I'm using remote app to publish applications rather than desktops. I've got a wildcard certificate for the external domain, which works fine for the gateway and web access server, the problem comes with the session hosts, which are giving me a certificate mismatch
  error because connections are made to the internal name (which is a .local address) which obviously does not match the external certificate.
  I have a DNS zone for the external name setup on this domain, so that machines can be resolved by internal or external names.
  I've made some progress by following the steps here - http://serverfault.com/questions/524092/rds-rdweb-and-remoteapp-how-to-use-public-certificate-for-launching-apps-on-s, and things now work fine if I only have the session host that is also the broker
  enabled. Once I add the second session host, any requests that go to that get the certificate error. Connections to the first session host still work fine.
  Does anyone know a way to have requests be made to the external name of the session host?

  Hi,
  1. After making the DNS change, did you flush the DNS cache on the RD Gateway server?  Or even better restart the whole server?
  2. Do you have DNS round robin for any of the other servers in your deployment?  You should
  not.  Additionally, do you have any NLB or other hardware/software load balancing solution in place?
  3. To make sure I have the facts correct, please let me know if the following items are correct:
  a. You are launching a RemoteApp from within RD Web Access using IE running on a Windows 8 PC
  b. When you launch a RemoteApp, the prompt has the following on it (for Calculator in this example):
  Publisher: *.domain.com
  Type: RemoteApp program
  Path: calc
  Name: Calculator
  Remote computer: rdbroker.domain.com
  Gateway server: gateway.domain.com
  c. After clicking Connect it goes through several status messages and then you get a Certificate error saying essentially:
  Name mismatch
       Requested remote computer:
       rd02.domain.local
       Name in the certificate from the remote computer:
       *.domain.com
  Certificate errors
    The following errors were encountered while validating the remote
    computer's certificate:
       The server name on the certificate is incorrect.
  d. In Deployment Properties, RD Gateway tab, Bypass RD Gateway server for local addresses is
  unchecked.
  4. Do you have multiple configured network cards in each server, or just a single NIC that has an ip address?
  5. Have you modified the default firewall configuration of your servers?  In other words, can I assume they are on the same subnet and are able to communicate with each other in the default domain configuration, or have changes been made and/or is
  there a third-party firewall software or device in place that could be affecting things?  I ask because normally the broker will authenticate the destination server using Kerberos and if something interferes with this you can get unexpected errors.
  I believe you are close to solving this now.
  Thanks.
  -TP

• RDS VDI Certificate Mismatch

  Hi,
  I have a 2012 R2 RDS farm deployed and users are able to log onto the personal desktops successfully.  However, when the user launches the VDI from RDWEB, they receive a certificate mismatch.  The certificate being presented is self signed from
  the VDI.
  Is this normal behaviour for the VDI connection? Or am I missing something here?

  Hi,
  When running App\VDI from RD web we have to use the trusted certificate for proper connection. If you are receiving certificate mismatch error then there are certain reason to occur. When publishing RDS externally, you will see a certificate mismatch as the
  internal server FQDN’s/IP addresses will show externally during the connection process to RemoteApps or RemoteDesktops.
  There are certain solution to resolve this issue.
  • Can create a new DNS zone, .COM to allow split-brain DNS (so that internal clients can resolve external names internally)
  • Create a relevant DNS entry to point to the RDS environment’s internal IP address
  • Create a relevant DNS entry in external DNS to point to the firewall which is publishing RDS’s external IP address
  • Use the following script to change the FQDN of the RDP files provided by RD Web Access / RemoteApp and Desktop connection feed
     https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80
  You can also refer beneath article for information.
  Configuring RDS 2012 Certificates and SSO
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• RDS 2012 - Certificate Mistmatch

  I am getting the most annoying error with my RDS 2012 Setup.
  certificate mismatch and double password prompts when trying to connect to my RDS setup.
  I have tried all that's out there and have got no positive results.
  All roles are on identical on 2 servers. the RDCB is in HA Mode.
  I keep getting the Certificate mismatch error.
  Already have a public or external SAN certificate assigned to all roles.
  Ran the powershell and wmi query to ensure the correct url is used when connected to gateway but I still get the double prompt when launching the remoteapps.
  I even tried the approach by cleaning IE's history, data to get the RDPSHplugin and its not helped in my case.
  All servers run 2012.
  I need some urgent assistance, please and thank you
  I have also checked and rebooted the RDS environment multiple times.
  All certs show valid. the mismatch also goes to another cert in my environment which is utilized by OWA.
  Please help me.

  I downloaded the script to C:\ and tried running it - no luck
  PS C:\> .\Set-RDPublishedName.ps1 "remote.domain.com"
  Security warning
  Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
  computer. Do you want to run C:\Set-RDPublishedName.ps1?
  [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
  iwmi : Privilege not held.
  At C:\Set-RDPublishedName.ps1:9 char:11
  + $return = iwmi -class "Win32_RDMSDeploymentSettings" -namespace "root\CIMV2\rdms ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
      + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod
  I also tried it from the other HA RDCB server.
  PS C:\> .\Set-RDPublishedName.ps1 "remote.domain.com"
  Security warning
  Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm
  computer. Do you want to run C:\Set-RDPublishedName.ps1?
  [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
  Set-RDClientAccessName : A valid fully qualified domain name (FQDN) for the server was not specified.
  At C:\Set-RDPublishedName.ps1:22 char:1
  + Set-RDClientAccessName -ConnectionBroker $ConnectionBroker -ClientAccessName $Cl ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
      + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Set-RDClientAccessName
  I also tried is this way- 
  PS C:\Users\administrator.TBCL\Downloads> .\Set-RDPublishedName.ps1
  Security warning
  Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your
  computer. Do you want to run C:\Users\administrator.TBCL\Downloads\Set-RDPublishedName.ps1?
  [D] Do not run  [R] Run once  [S] Suspend  [?] Help (default is "D"): R
  cmdlet Set-RDPublishedName.ps1 at command pipeline position 1
  Supply values for the following parameters:
  (Type !? for Help.)
  ClientAccessName: remote.domain.com
  iwmi : Invalid namespace
  At C:\Users\administrator.TBCL\Downloads\Set-RDPublishedName.ps1:9 char:11
  + $return = iwmi -class "Win32_RDMSDeploymentSettings" -namespace "root\CIMV2\rdms ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
      + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

• RDS 2012 - Certificates

  Hi all,
  This is my setup :
  RDS 2012 R2
  Two connection brokers setup in HA:  FQDN = RDCB.Internaldomain.com
  Two Web Access servers for internal user setup with DSN Round Robin so I can have a basic HA: FQDN = InternalWA.internaldomain.com
  Two Gateway servers in HA:  FQDN:
   RemoteGW.InternalDomain.com
  Both Gateway server have RD Web Access installed and using DNS Round Robin to have a basic HA): FQDN 
  RemoteWA.ExternalDomain.com
  My company will not approve having a trusted wildcard certificate. So, in the “Edit Deployment Wizard”, I was thinking of deploying
  one public (and trusted) SAN certificate containing all the above FQDNs to all the Role Services (RD Connection Broker –Single Signon, RD Connection Broker -
   Publishing, RD Web Access and RD Gateway).
  Will this be ok or do I need to add other FQDNs to the certificate (for example the FQDN of all the Session Host servers)?
  Best regards,
  Jesmat.

  Hello,
  In your FQDN  did you forget to add a "." as : RDCB.Internaldomain.com
  and RemoteWA.ExternalDomain.com
  are 2 different domain names
  The SAN option i thiink will not be liable here . Except if you use self signed for your internal connection  ans
  the san for the external one.
  refer to :http://en.wikipedia.org/wiki/Wildcard_certificate
  But i cannot confirm that the san certificate will be allowed on the gateways.
  Hope it helps 
  Fred

• Certificate setup RDS 2012 R2

  Hi,
  I have set up an RDS 2012 R2 deployment for internal use. I plan to add a gateway server cluster for external access later (RDGW). That cluster will be placed in DMZ and use a public wildcard cert. It will connect external users to the farm. Internal or
  Direct Access (DA) users will use the Web Access servers to connect internally in the corp. LAN.
  For now, i have the following setup. Web Access role on 2 servers with DNS RR (RDWA). 2 clustered Connection Broker servers (RDCB), two Session Hosts (RDSH) and one licesning server. So a total of 7 servers (+ 2 GRGW servers in DMZ that are not set up
  yet).
  So, the issue is; I need to set up certificates. We have a CA in an AD top domain (our site is a sub.domain.com). We do not have access to that CA and need to order certs. from our corp. HQ. Ok, but what do i ask for? I need 3
  DER encoded binary X.509
  certs. That's the info i have. How can create a cert. request? See pictures below.
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights

  Hi,
  Thank you for your posting in Windows Server Forum.
  Can you exactly let us know which certificate you want for your network (Self-signed or SSL)?
  As per my suggestion you can use wildcard or SAN certificate for your network which can be used for external network also. 
  If you want Self-signed certificate for internal use, you can create the certificate from Deployment properties of RDS page or IIS Manager as per below path.
  IIS Manager>Server Certificate>Create Self-Signed Certificate>Export the certificate on specified location then select the certificate in RDS installation process.
  But see that, the certificate is installed into computer’s “Personal” certificate store with its corresponding private key & it’s added under trusted root certificate authority.
  Please check below articles for detail.
  1. Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  2. Configuring RDS 2012 Certificates and SSO
  3. Minimum Certificate Requirements for Typical RDS implementation
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• RDS 2012 R2 best design possible with wildcard certificate

  Hi!
  I am looking for some guidance for my RDS 2012 R2 design flaw. 
  What I would like to achieve?
  *I would like my users either internal or external to be able to connect to RDWeb via one single webaddress ( remote.mydomain.com)
  What I have in place?
  1x Broker
  1x WebAccess
  1x Gateway (also license server)
  1x SessionHost
  1x Wildcard Certificate
  my internal domain is mydomain.local and external is mydomain.com
  I have tried ( http://msfreaks.wordpress.com/2013/12/23/windows-2012-r2-remote-desktop-services-part-2/) without success.
  Any guidence here will be very helpfull.
  cheers
  Elton

  Hi Elton
  I have a similar configuration working with 2012 R2. However, my config is slightly different, namely:
  2 x RDSH servers
  1 x all other roles (web, gateway etc).
  However, I am using a valid single URL cert on the gateway/web server, which is accessible using remote.domain.com. I did NOT replace the cert on the RDSH servers (using WMI), because you end up with 0x607authentication errors if the certificate is not fully
  valid - corrrect name, trusted, and recovation information available. If you have purchased a  commercial wildcard cert, this should work.
  I did some testing and concluded the following, may be of interest:
  If you are just using the farm for internal connections, you can use an internal CA, and create self signed certs for the gateway, and the RDSH servers. You could use individual
  certificates for the servers, wildcard or SAN certificates. Then you will have no errors when connecting from internal clients. This will not work from external clients however, even if you trust your root or issuing CA  manually on the external client,
  because the revocation information will not be available to clients outside the domain or network, and you will get 0x607 authentication errors.
  If you are connecting from outside your network, you have 3 options:
  Use self signed certs created during the role installation, don't change any RDP certs on RDSH servers. Then manually place the gateway certificate in trusted root authorities on the external
  client.
  Purchase commercial certificates for the gateway, and optionally all of the RDSH servers. This will avoid any warnings. You could either use separate certs, wildcard or SAN. If you replace
  the certificates on the RDSH servers, they must be valid and match the names.
  Purchase just one certificate for the external URL for accessing the gateway, leaving the default self-signed certificates on the RDSH servers. This will mean that there is no warning
  when connecting to RDWeb, but there may be warnings when the connection establishes. I use this option with one free StartSSL certificate.
  To summarise, you can use either commercial or self signed for the RDWeb page. However, if you replace the certificate on the RDSH servers, this MUST be valid commercial for external clients to be able to connect. Otherwise
  just leave it as self signed.
  In my case, I can use remote.domain.com from either outside or inside the network. So, I configure the deployment to use the external URL, and that URL works from inside too. This is because it resolves to the external
  address, so requests go out to the firewall and then back in again. This way you do not have to worry about the internal connections not using a matching URL as on the certs. Or, create an internal DNS record, so that remote.domain.com points to your internal
  address of the RDweb server. This should work as well.

• RDS 2012 Certificates help

  Hi all,
  I am currently implementing a RDS 2012 infrastructure.
  1-2 RDS Host servers
  1 server which contains the gateway and web access role (sits in the DMZ network)
  1 licensing server
  So I have 4 RDS servers in total.
  I have a internal and a external domain so for example:
  test.com (external domain - public facing)
  internal.com (internal domain - lan users)
  1-2 RDS Host servers - INTERNAL
  1 Licensing server - INTERNAL
  1 Gateway and Web Acess server - PUBLIC
  Would purchasing a public san certificate work for my enviroment and applying to all four servers?
  If not, what would work?
  Thanks

  Hi,
  Thank you for posting in Windows Server Forum.
  You can use single SAN certificate to achieve your goal as it can serve for all server. Apart there is some basic requirement to have RDS certificate.
  Basic requirements for Remote Desktop certificates:
  1. The certificate is installed into computer’s “Personal” certificate store. 
  2. The certificate has a corresponding private key. 
  3. The "Enhanced Key Usage" extension has a value of either "Server Authentication" or "Remote Desktop Authentication" (1.3.6.1.4.1.311.54.1.2). Certificates with no "Enhanced Key Usage" extension can be used as well. 
  More information.
  Certificate Requirements for Windows 2008 R2 and Windows 2012 Remote Desktop Services
  http://blogs.technet.com/b/askperf/archive/2014/01/24/certificate-requirements-for-windows-2008-r2-and-windows-2012-remote-desktop-services.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• RDS 2012 RemoteApp - Passing Parameters

  Windows 2012 R2, RDS 2012, Single server configuration trying to get an remote application to accept the additional parameters to run at desktops.
  Here is the command line that is needed to be run:
  C:\infor\facts78\pvx\pxplus.exe *plus\cs\client –arg 192.168.110.12;10000 IN4WDX
  in the remote app I have entered the following:
  General:
  RemoteApp program location:
  C:\infor\facts\pvx\pxplus.exe
  Parameters:
  Always use the following command-line parameters:
  *plus\cs\client –arg 192.168.110.12;10000 IN4WDX
  The program starts on the remote computers, but the parameters are not being passed properly.  Am I missing something special to get these to pass through.  I have tried putting quotes around the parameters,
  but it made no difference.
  The software vendor demo's the software via an rdp desktop.  I was hoping to use the remote app feature instead of the virtual desktop.

  Hi Benny,
  Initially please confirm whether the software is compatible to use with RemoteApp. Also the provided command line seems to be little invalid, please provide with specified full location and verify. You can check the related article for information.
  http://blogs.technet.com/b/infratalks/archive/2013/02/06/publishing-remoteapps-and-remote-session-in-remote-desktop-services-2012.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]