If you have configured RDP on Windows 2008, 7 to use an internal certificate for computer authentication, CRL will only work if the only published location is an HTTP endpoint. If you have multiple end point, the CRL checking will not work.
Alternative is force RDO to use legacy encryption by creating a RDP file with
enablecredsspsupport:i:0
authentication level:i:0
