When using the RDP Gateway feature accessing a remote RDP server using the RDP Gateway feature, the following error may appear

“Your computer can’t connect to the remote computer because the Remote Desktop Gateway server address requested and the certificate subject name do not match.”

and the connection never takes place

CA PAM 4.2.X

This error indicates that the ‘gatewayhostname:s:<xxx>’ line in the RDP file does not match any of the Subject Alternate Names (SAN) values in the PAM certificate. The Windows-based Remote Desktop Connection application will not allow a connection if the gateway’s certificate does match the address or it is not included in the SAN field.

Ensure the Subject Alternate name field of the PAM certificate contains the PAM Gateway address and the certificate signer is trusted on the local host that is initiating the connection.

You can do that by opening the RDP file downloaded from PAM on initiating the connection, checking the value of gatewayhostname:s:<xxx> (e.g. gatewayhostname:s:myserver.example.com) and then generating a new self-signed certificate of submitting a new certification request by specifying in the Subject Alternate Name of the certificate request the value contained therein (in this example myserver.example.com).

To generate a certification request or a self-signed certificate please go to Configuration --> Security --> Certificates and follow the instructions as per the documentation. Please see

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/privileged-access-manager/4-2/configuring-your-server/configure-security-settings/secure-connections-using-ssl-certificates/create-a-self-signed-certificate.html

for more information about how to create and install self signed or third party issued certificates