Checked the VDA and could see that the LSA protection was enabled as per the below registry setting:

Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Name: RunAsPPL
Type: Reg_Dword
Value: 1

With LSA protection enabled, custom Security Support Providers and Authentication Packages are not allowed to be loaded into LSASS. This is the reason CtxAuth.dll fails to load into lsass.exe and the authentication fails during to failure of credentials getting passed through.

LINKS TO THIRD PARTY SITES: This Web Site may contain links to web sites controlled by parties other than Citrix. Citrix is not responsible for and does not endorse or accept any responsibility for the contents or use of these third party web sites. Citrix is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement by Citrix of the linked web site. It is your responsibility to take precautions to ensure that whatever third party content you use is free of viruses or other items of a destructive nature.

With LSA protection enabled, custom Security Support Providers and Authentication Packages are not allowed to be loaded into LSASS. This is the reason CtxAuth.dll fails to load into lsass.exe and the authentication fails during to failure of credentials getting passed through.

Credentials fail to pass-through via FAS while launching an application or desktop as below:

• The progress bar window disappers and the application launch fails without any error.
• The desktop launches the window and prompt for username and password.

A valid certificate gets generated from FAS reaches the VDA, however the authentication fails. Below is the error observed from the CDF traces on the VDA side:

LsaLookupAuthenticationPackage(ctxauth) failed (status = c00000fe)