SBS 2011 Certificate problems Remote Desktop

This information came from: http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/d87e7b67-e057-471b-9015-8afac51008ec

And was written by Justin Davidow

I linked to the first document in my original post, I was wary of it's use:  SBS is a small business product that people constantly mention NOT to do anything without using the SBS console. 

I've never been impressed with SBS,  this whole "the role is installed.. but.. we didn't install any of the management tools.." sounds like a hack.    I'm sorry,  hack != production. 

For those interested in the procedure of implementing a wildcard certificate to allow RDP connections via Remote Web Workplace (in my case it was a Comodo EssentialSSL Wildcard certificate)  

As of 8/17/2012,  for SBS 2011 Service Pack 1 - the procedure is:

1. CLOSE the SBS console
2. Start -> Administrative Tools -> IIS Manager (not the v6 manager)
3. Connections -> servername -> Server Certificates
4. "Create Certificate Request" in the actions menu on the right hand side
5. "Common Name"  must be " *.domainname.tld "
6. Submit the CSR file/text to your CA (this process will vary based on the CA)
7. When you receive the response, (this may be 3 minutes, this may be days later) Return to the Server Certificates menu (via step 2+3 above)
8. Select "Complete Certificate Request" under the actions menu. 
9. Complete the wizard which installs the certificate in the personal store. (the name is misleading,  don't worry about it!)
10. Bind the certificate to the default website: under Connections -> Servername -> Sites -> Default Web Site, select "edit bindings" on the actions menu on the right
11. Select the first HTTPS entry and click "edit" 
12. Select your new SSL certificate and press OK
13. Repeat these steps for the other HTTPS entries in the list
14. Restart IIS by selecting "Restart" under the actions menu in IIS
15. Close IIS
16. Open an Administrative Command prompt, (start-> All Programs-> Accessories->right-click Command Prompt and select "run as administrator")
17. Execute the following command (without quotations): "dism /online /Enable-Feature:Gateway-UI"
18. Open Remote Desktop Gateway Manager,  start->run-> "mmc" -> ok, File -> Add/remove Snap-in -> click "Remote Desktop Gateway Manager" and hit "add"  then OK
19. When you click on RD Gateway manager,  it will pop up and inform you that there's a problem.  CLICK NO. DO NOT CLICK YES. 
20. Expand the RD gateway manager,  saying NO to any questions it asks you, right click on your servername, and select properties.
21. Again,  ALWAYS ANSWER NO TO ANY QUESTIONS IS ASKS YOU!
22. On the SSL certificate Tab, click the "import certificate" button (again, technically badly named.  it means "select certificate",  It copies the  certificate from the personal store to the Remote Desktop store)
23. Select the certificate you purchased.   Hit OK
24. Ensure that the details correctly populate the "Issued to" and "Issued by" fields,  then hit OK.
25. Close the MMC console window (do not save the window,  in fact do not open the RD gateway manager again.  almost anything you change in SBS will break things, including your ability to RDP to the machine!)
26. Go to a remote computer and try connecting.   Your connection to "remote.yourdomain.tld" should now work, if you attempt to RDP to an internal machine,  it should now work.  On the first run you will still get an error about the RDP connection being signed by an unknown publisher,  this will still allow you to connect. 

You're done!  congratulations!