Windows servers including 2012 R2 allow up to two simultaneous remote desktop administrative sessions without installing the Remote Desktop Services role.
Unfortunately the old GUI tool for managing Remote Desktop TCP connectivity has been removed in 2012 R2 and administrators are directed by Microsoft to use WMI command-line tools to change the RDP TCP certificate if needed.
While investigating an RDP certificate issue (likely caused by group policy or faulty windows updates) – I discovered that the auto-generated RDP certificate is stored not in the computer personal store, but in the computer “remote desktop” cert folder (mmc – certificates – local computer – remote desktop). The good news is that certificates you create in the “Personal” computer certificate store are available to be assigned to the RDP TCP listener.
To change the RDP TCP connection certificate, use the instructions provided by Microsoft in the article: “Remote Desktop listener certificate configurations in Windows Server 2012 R2 and Windows Server 2012.”