• Event's 107 - Citrix.Authentication.Identity.Assertion - Identity Assertion Logon failed, in the VDAs
• No errors are seen in FAS servers 
• Enabling Kerberos events on the VDA we see this error "0x7 - KDC_ERR_S_PRINCIPAL_UNKNOWN"

Add below Registry on all the Domain controllers.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Kdc
Data Type: REZ_DWORD
PerformTicketSignature
Data: 2 

Data =1 Enables Deployment mode, Data =2 Enables Enforcement mode, Data =0 Not recommended. Disables Kerberos service ticket signatures

Problem Cause

Microsoft has increased the security with December patches(4592440) and changed the way of Performing Ticket Signatures hence it is failing.

For more information visit https://support.microsoft.com/en-au/topic/kb4598347-managing-deployment-of-kerberos-s4u-changes-for-cve-2020-17049-569d60b7-3267-e2b0-7d9b-e46d770332ab