Enforce users use PKI for Remote Desktop in Terminal Server 2012R2

I did those steps but not work for me : http://www.derekseaman.com/2013/01/creating-custom-remote-desktop-services.html

What you are trying to do and what provided in link are two different things

Users do not require certificate in order to connect to terminal server

You need to install SSL cert on server hosting terminal server role and need to assign same to RDP through wmic or PowerShell

The SSL certificate subject name must be match to FQDN you are using to connect to terminal server

We need a internal certificate that only users can request once via https://<servername>/certsrv/ and install it in their computers in order to connect with the terminal server .

You can have certificate requested to CA server with user login
If you are not enabling certificate Autoenrollment, user must request it manually

But this certificate has nothing to do with RDS \ terminal server

Check below post
http://ryanmangansitblog.com/2013/03/10/configuring-rds-2012-certificates-and-sso/

Mahesh

how to create the CA for Remote Desktop login? so that user need to install in order to connect in the TS

Something like this http://www.alkia.net/index.php/faqs/106-how-to-secure-remote-desktop-connections-using-tls-ssl-based-authentication but in 2012 R2

That's we need ..... The solution is certificate based computer authentication. If the computer cannot authenticate itself by presenting a valid certificate to the terminal server it is trying to connect to, then the RDP connection will be dropped before the user has a chance to attempt to log on.....