1. Confirm the steps from
https://comm.support.ca.com/kb/rdp-application-access-stopped-at-the-transparent-login/kb000014284
2. make sure that also the Terminal Server from the new box has been configured to present its sessions using a certificate from a CA which is also configured in CA PAM accordingly
3. In PAM you need to upload the root certificate from this CA in the "CA Bundles" store.
4. Also upload the root certificate to the PAM Client's certificate store.
5. Have the PAM's system certificate generated by this CA and set accordingly in PAM.
These steps are basically described here:
https://comm.support.ca.com/kb/how-to-use-ms-pki-to-sign-the-certificate-request-issued-by-xsuite/kb000042197
6. Configure in the IE you have disabled the Revocation checking
How to configure the new Terminal Server to use its signing certificate issued by this same CA is e.g. explained here: https://www.youtube.com/watch?v=_YhHuTiCciQ
(note this is an URL outside the CA portal, hence we cannot confirm the integrity of the content)