We have an existing 2008 R2 RemoteApp implementation with 10+ session hosts and a single server functioning as the terminal server gateway/connection broker/RDWeb host. Everything currently works, but we'd like to switch the RDWeb URL to use a domain that only exists in the public.
We have olddomain.com, which currently has a few public entries and is our primary Active Directory domain as well. Newdomain.com only exists internally as a naming scheme with DNS entries. We'd like to keep the TSG/connection broker/RDWeb host all on the same box to keep from burning another server license. We have a cert, *.olddomain.com, that is installed on all of our session hosts and on the TSG/connection broker/RDWeb host server. We can get a UCC cert for the TSG/connection broker/RDWeb host server that has both adcomputername.olddomain.com and remote.newdomain.com on the same cert, but I'm concerned that the TSG/connection broker/RDWeb host server might really need the wildcard *.olddomain.com cert present for the single sign on process to work correctly. If this is true, the UCC cert wouldn't be an option. We also want to use remote.newdomain.com as named server for all of the session hosts and rdweb clients (windows, itap, pocketcloudpro, etc.). Has someone else gotten this going before?