Create a Custom URL for a Deployment

Requirements

1. You need to own the domain you want to use and be able to manage it through a DNS service provider (ex.: GoDaddy, AWS, etc.). The domain must match the deployment’s URL you want to use. In this case you must own the domain ‘mycomany.com’.
2. You must create a CNAME record in your domain that will point to the URL provided by MyCloudIT in this example you must create a CNAME record mydeployment.mycompany.com that points to mydeployment.autords.com. If you prefer you can point it to the Azure public IP DNS of your rdweb server (example: ‘mydeployment.southcentralus.cloudapp.azure.com’).
3. You need to own a certificate signed by a trusted root authority (GoDaddy, Symantec, RapidSSL, etc.). The certificate must either match the new public DNS mydeployment.mycompany.com or be a wildcard certificate like *.mycompany.com. Also, the certificate that will be imported into the deployment should be in PFX format. 
4. Please note that to eliminate the warning dialog that begins with “The identity of the remote computer cannot be verified.  Do you want to connect anyway?” you may need to add the FQDN of the RDSMGMT server to the SAN of your certificate.  It would look something like mcit-MSDC-001.internaldomain.local or RDSMGMT.internaldomain.local; where “internaldomain.local” is the AD domain name specified during the creation of your RDS deployment.

Once you have the domain and the certificate, you are ready to update the deployment settings.

Create a Custom URL

1. Log into the RDS broker server (usually MSDC-001 or RDSMgmt) with a domain admin  account.
2. Copy the PFX certificate to the server.
3. Open the Server Manager:
4. On the Dashboard select the option ‘Add other servers to manage’
5. Using the Active Directory option click ‘Find Now’ and add all the servers in the deployment
6. Go to Remote Desktop Services option at the end of the left pane.
7. On the Deployment Overview box, click on Tasks and select Edit Deployment Properties.
8. In the RD Gateway field, update the server name to your new deployment URL, in this exercise it would be ‘mydeployment.mycompany.com’. Leave the rest of the options as they are then click "Apply".
9. On the Certificates tab, you are going to have to update the certificate for all four  roles, (all the same certificate)
10. Select the first role and click ‘Select existing certificate…’
11. Select ‘Choose a different certificate’ browse to the location where copied the certificate to. Type the certificate password and "tick" the checkbox "Allow the certificate to be added..." and click OK.
12. After you have done that the role status will have changed to ‘Ready to Apply’, click on Apply and wait for the changes to take effect, DO NOT press the OK button yet.
13. Perform steps 11 and 12 again for the other 3 role services.
14. Important: Please contact My Cloud IT support so we can update the mapping in our database for you so you deployment will not be automatically updated with autords.com certificates on the future. 

If you have any other questions, please email us at support@mycloudit.com.

Appendix

Appendix A: RDS Webclient

If you use the RDS webclient you will also need to update the certificate on the RD Web Access server via: 
Import-Module -Name RDWebClientManagement
Import-RDWebClientBrokerCert C:\myCertExample.pfx -promptforpassword

For more details see: https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-admin

Appendix B: Powershell for updating RDS certificates

For experienced systesm admins out there you may wish to mass perform the certificate updates on deployments. Below is how to install the standard role RDS certs with powershell:
https://docs.microsoft.com/en-us/powershell/module/remotedesktop/set-rdcertificate?view=windowsserver2016-ps
(note you need to update all four roles)