Like this post here http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/Q_28110025.html
, I am also getting crazy and am not able to solve my problem.
On a TS 2012 R2, I have created from CA an internal certificate and assigned it to RD Server (see RDP-Certif.jpg).
So internal computers are not getting the "untrusted SSL certificate" error when accessing the RDWEB.
But when trying to launch an App, I am getting the error: "Publisher of this RemoteApp can't be identified"(see error-client.jpg) and this is annoying.
I have pushed by GPO the SH1 thumbprint without taking the first blank character (space). It is well pushed to client (see RDoP-client.jpg) but issue remains.
I have even typed the thumbprint manually and in capital letters of course, BUT NO SUCCESSSSSSS !!
I do not understand why the publisher is still blocked while I clearly see its thumbprint in the trusted publisher policy.
Would you have any idea ??