1) All Session Hosts had remote apps published which were set to display in RD Web Access
2) On each Session Host, the local 'TS Web Access Computers' group had the RD Web Access server listed
3) On the Connection Broker server, the farm name was listed under RemoteApp sources
My issue was that 'TS Web Access Computers' was missing in the WMI security settings
WMI is used to communicate with the RD Session Host server. Various issues can cause WMI to deny access or return error codes. Here's a few things you can try:
1. Check if the "TS Web Access Computers" security group on the RD Session Host server has incorrect permissions in DCOM and/or WMI:
For checking DCOM security settings:
1. Start the Component Services MMC snapin
2. Navigate to Component Services -> Computers -> My Computer
3. Right-click on My Computer and select properties
4. Go to the COM Security tab
5. Under Access Permissions, click the Edit Limits button
6. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
7. Under Launch and Activation Permissions, click the Edit Limits button
8. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
For checking WMI security settings:
1. Start the WMI Control MMC snapin
2. Right-click the WMI Control node and select properties
3. Go to the Security tab
4. Navigate to Root->CIMV2->TerminalServices
5. With TerminalServices selected, click the Security button
6. Ensure that TS Web Access Computers is in the list with Execute Methods, Enable Account, and Remote Enable set to "allow"
2. Verify the RD Session Host server's firewall allows WMI calls.
3. Verify that the RD Connection Broker hasn't lost its trust relationship with the domain