SSL error on RDP after migrate DC from Windows Server 2008 R2 to 2022

Question

I have troubles connecting to RDP clients (Windows 11 Pro) and a Terminal Server with RemoteApp (Win2019 STD).

Recently I migrated a DC Windows 2008 R2 to Windows Server 2022. Clean install, and transfer the roles. The Windows Server 2008 R2 DC was demoted.

This morning clients beginning to fail connecting to RemoteApp and Remote Desktop.

RDP client says password is wrong. Restarting or deleting saved credential hasn’t solved it.

I am suspecting that is something related to SSL or RDP security. If I force the RDP to use RDP security protocol instead SSL, it works.

If I connect using IP instead FQDN, also works due it use RDP protocol instead SSL.

Here are the logs (Sorry, some are in Spanish)

At TS-RemoteApp Server (Windows Server 2019 STD):

Nombre de registro:Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational
Origen:        Microsoft-Windows-RemoteDesktopServices-RdpCoreTS
Fecha:         09/11/2023 16:24:12
Id. del evento:226
Categoría de la tarea:Módulo RemoteFX
Nivel:         Advertencia
Palabras clave:
Usuario:       Servicio de red
Equipo:        my-server
Descripción:
RDP_TCP: error al realizar la transición de StateUnknown en respuesta a Event_Disconnect (código del error 0x80070040).
XML de evento:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-RemoteDesktopServices-RdpCoreTS" Guid="{1139c61b-b549-4251-8ed3-27250a1edec8}" />
    <EventID>226</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>4</Task>
    <Opcode>19</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2023-11-09T16:24:12.914820800Z" />
    <EventRecordID>2274647</EventRecordID>
    <Correlation ActivityID="{f420ee1b-2600-427b-9c44-d709f4cc0000}" />
    <Execution ProcessID="96" ThreadID="11440" />
    <Channel>Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational</Channel>
    <Computer> my-server </Computer>
    <Security UserID="S-1-5-20" />
  </System>
  <EventData>
    <Data Name="StateTransition">RDP_TCP</Data>
    <Data Name="PreviousState">23</Data>
    <Data Name="PreviousStateName">StateUnknown</Data>
    <Data Name="NewState">21</Data>
    <Data Name="NewStateName">StateDisconnected</Data>
    <Data Name="Event">43</Data>
    <Data Name="EventName">Event_Disconnect</Data>
    <Data Name="ErrorCode">0x80070040</Data>
  </EventData>
</Event>

Clients Win11 Pro:

Log Name:      Microsoft-Windows-RemoteApp and Desktop Connections/Operational
Source:        Microsoft-Windows-RemoteApp and Desktop Connections
Date:          09/11/2023 16:24:42
Event ID:      1041
Task Category: Connection
Level:         Warning
Keywords:      
User:          MyDomain\test
Computer:      my_computer_client
Description:
Remote application (Acceder a MyRemotaAPP) is launched on RemoteApp and Desktop connection (my TS-RemoteAPP server) but no stored credentials are used for single sign on. (Reason - RemoteApp and Desktop connection does not exist)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-RemoteApp and Desktop Connections" Guid="{1b8b402d-78dc-46fb-bf71-46e64aedf165}" />
    <EventID>1041</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>102</Task>
    <Opcode>0</Opcode>
    <Keywords>0x2000000000000000</Keywords>
    <TimeCreated SystemTime="2023-11-09T15:24:42.8982956Z" />
    <EventRecordID>13</EventRecordID>
    <Correlation />
    <Execution ProcessID="4716" ThreadID="8860" />
    <Channel>Microsoft-Windows-RemoteApp and Desktop Connections/Operational</Channel>
    <Computer> my_computer_client </Computer>
    <Security UserID="My_SID" />
  </System>
  <UserData>
    <EventXML xmlns="Event_NS">
      <RemoteAppName>Acceder a MyRemotaAPP </RemoteAppName>
      <ConnectionName> my TS-RemoteAPP server </ConnectionName>
      <Reason>RemoteApp and Desktop connection does not exist</Reason>
    </EventXML>
  </UserData>
</Event>

Log Name:      Microsoft-Windows-TerminalServices-RDPClient/Operational
Source:        Microsoft-Windows-TerminalServices-ClientActiveXCore
Date:          09/11/2023 16:24:49
Event ID:      226
Task Category: RDP State Transition
Level:         Warning
Keywords:      
User:          MyDomain\test
Computer:      my_computer_client
Description:
RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed (error code 0x80004005).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-TerminalServices-ClientActiveXCore" Guid="{28aa95bb-d444-4719-a36f-40462168127e}" />
    <EventID>226</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>104</Task>
    <Opcode>19</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2023-11-09T15:24:49.5400668Z" />
    <EventRecordID>139</EventRecordID>
    <Correlation ActivityID="{2fce8265-90dc-48fc-ad73-4c9f95660000}" />
    <Execution ProcessID="10484" ThreadID="1364" />
    <Channel>Microsoft-Windows-TerminalServices-RDPClient/Operational</Channel>
    <Computer> my_computer_client </Computer>
    <Security UserID=" My_SID " />
  </System>
  <EventData>
    <Data Name="StateTransitionName">RDPClient_SSL</Data>
    <Data Name="PreviousState">3</Data>
    <Data Name="PreviousStateName">TsSslStateHandshakeInProgress</Data>
    <Data Name="NewState">10</Data>
    <Data Name="NewStateName">TsSslStateDisconnecting</Data>
    <Data Name="Event">8</Data>
    <Data Name="EventName">TsSslEventHandshakeContinueFailed</Data>
    <Data Name="Error Code">2147500037</Data>
  </EventData>
</Event>

Error at RemoteAPP client: RDP Client Error

On DC’s I haven’t found any relevant log.

Do you have any clue? I don’t know where else to look for diagnose it (SSL related issue)

Cheers!