First, if the remote desktops are to connect successfully, the client computers must trust the certificate authority that issued the certificate. This is not typically a problem for organizations that purchase certificates from large, well-known authorities, but customers do not always trust certificates that an organization generates internally. Use a trusted certificate authority to ensure that clients establish remote desktop connectivity.

If you are using a certificate provided by an enterprise certificate authority, it is important to note that clients on your network do not automatically trust the certificate. You will need to download a copy of the root certificate from the certificate authority and add it to the client's certificate store in a way that allows you to trust the certificate authority associated with the certificate.

The client must also be able to verify the certificate that the server uses. The verification process can be broken if the certificate has expired or if the name on the certificate does not match the name of the server using it.

DNS problems
Many remote desktop connectivity problems can be traced to DNS problems. If an administrator changed the IP address of a host, clients might not be able to connect to the host until the client's DNS resolver cache expires. Enter the following command on the client computer to clear the cache and force DNS names to resolve recently: IPConfig / FlushDNS

Clients can also have trouble connecting to a host if they use an external DNS server that cannot resolve hosts on the organization's private network. The solution to this problem is to modify the client's IP address settings to use one of the organization's DNS servers instead of external DNS. Alternatively, you can connect to a remote system by specifying its IP address instead of a host name.

Authentication errors
Authentication issues can also arise when accessing a remote system through RDP. Most of the time, such errors occur because the user account does not have the required permissions.

Even if a user can log in locally to a system, that does not mean that they will be able to log in remotely. Windows maintains separate permissions for logging in locally and remotely. You need to ensure that users have the proper credentials associated with their remote desktop and not just their local desktop.

Read More: checkpoint admin