The set is like that:
Server 2008 R2 Enterprise has 4 virtual servers installed:
1. Testing server
2. Engineering server
3. Domain Controller (not yet created)
4. TS Gateway
In a testing environment all worked well. TS Gateway had self-signed certificate and a copy of it was installed on client PCs. Connection was flawless.
On the day host server moved into client's domain environment all was good, too:
1. All servers were assigned proper IP addresses to fit present network.
2. Domain controller role was installed and added to present domain.
3. All servers including host and guests were added to domain.
After that the test connection via TS Gateway was done with external access to TS Gateway (dyndns.org name created and port 443 forwarded to TS Gateway server on the main router). All works as it should. But as soon as I try to connect from external client there comes a delay, then remote connection client window freezes and an error message pops up saying:
"Your computer can't connect to the remote computer because the Remote Desktop Gateway server's certificate has expired or has been revoked. Contact your network administrator for assistance"
External client used has windows 7 Ultimate. Before servers were moved into domain, connection from the same client but different certificate (to fit testing office's dyndns.org name) was used successfully.
The only changes that occurred on TS Gateway server are:
1. Changed for new self-created sertificate to match dyndns name.
2. Deleted server's certificate (created initially for server itself), but leaving newly created certificate only.
Just to mention - it doesn't matter the self-created certificate for now - we install it's copy in the root certificate authority folder on client's PC and it proved to work ok as a temporary solution.