Windows Server: RD Web or RD Gateway Error - Cannot Connect Because the Gateway Server Address Does Not Match the Certificate

Issue:
Error message: Your computer cannot connect to the remote computer because the remote desktop gateway server address requested, and the certificate subject name do not match.

RDweb and RDgateway have several reasons why the names do not match.

​​​​​​

Cause:
The issues can be one or more of several items:

• The DNS zone does not have a split zone. This means that the domain is .local but the DNS cert name is .com.
• For this, you add a new Zone for domain.com and add a new record called remote. Put the IP address of remote to the RD gateway server.
• Make a new Primary zone for domain.com and place the record remote in this zone, with the IP of the RDGATEWAY. 

• The Public A record (godaddy) for the Remote A record has the wrong name. You have the Remote pointing to another record that then points to notremote or some other name.
• The Value for DefaultTSGateway is missing or the certificate bound to Inetmgr.msc is not the same. The Certificate name and the Cert used in IIS must be the same Thumbprint.
• There can be a name mismatch where the certificate has multiple names, but the needed name is not in the list, look under the alternative subject name field. 

If the name is not there, then the cert must be re-created with a new certificate request. DigiCert windows tool can be used to make the request file, then send the request to godaddy or some other provider. 

The intermediate cert goes to the intermediate store, and the other cert goes to the internal store.

Use the DigiCert tool to repair the certificate if needed (fix button).