- FAS was implemented in the environment 
- SSO was not working on selected virtual delivery agents
- App enumeration works fine
- Post enumeration when application or desktop was clicked, user was prompted:
  'Bad username or invalid password'.
- If user enter the credentials manually then they are able to login
 

Imported the Root CA certificate in the 'Trusted Root Certification Authorities' on the virtual delivery agent and it worked fine henceforth.

---

Problem Cause

- Certificate Revocation Check was failing for the virtual delivery agent.
- The certificate which the FAS issued we copied that manually on the VDA and ran: 'certutil -verify -urlfetch test.cer'
- Command gave error:

Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ----------------  Certificate AIA  ----------------
Revocation Check Failed "Certificate (0)" Time: 0[0.0]

- Upon further investigation found that the virtual delivery agent did not have the Root certificate present

- As the root certificate was not present on the machine's 'Trusted Root Certification Authorities' the authentication was failing.