A little background. We have the following

Two pods (one at each datacenter)

Four Connection servers (two at each pod)

Round Robin DNS name (local) for users to connect to

Local users only

Remote users connect via VPN (no UAG)

This has been working well for us. However we are having more and more departments permanently working from home so those users are transitioning to VDI. Since those users are using non-domain joined thin client laptops, they do not trust the connection servers local CA signed cert. Management does not want user to connect with out VPN access so we aren’t using a UAG. We purchased a single hostname cert vdi.DOMAIN.COM. The plan was to simply replace the cert on all the servers with this and change the friendly name to vdm for this new cert. However this didn’t go as planned as we were getting SSL errors on the client. I then found this setting:

However in the information name, it says that the URL name must not be load balanced. I assume even a round robin would be considered load balanced so I’m not sure the correct way to proceed. Do we need to deploy a UAG even if it’s only accessible on the inside? Is there a better way of doing this or am I missing something?