When attempting to launch desktop, Error message shows : "cannot start desktop".


Event ID 1 and 28 are logged on Storefront servers. (Application and service logs > Citrix delivery services ) =

Event ID:      1
Description:
The Federated Authentication Server at: <FAS Server FQDN> returned a server error: 1 for method AssertIdentity
System.ServiceModel.FaultException`1[[Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServerFault, Citrix.Authentication.UserCredentialServices, Version=7.20.0.1, Culture=neutral, PublicKeyToken=axxxxxxa]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=bxxxxxxx9
Access Denied (FAS server 'FAS Server FQDN' correlation: fxxx-4xxx-0xxxx)

Event ID:      28
Description:
Failed to launch the resource '<Application\Desktop Name>' using the Citrix XML Service at address '??'. An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider.Diagnostics.FasException, Citrix.DeliveryServices.FederatedAuthenticationService.VdaLogonDataProvider, Version=3.23.0.0, Culture=neutral, PublicKeyToken=null
An unknown error occurred interacting with the Federated Authentication Service. See the inner exception for more details.
System.ServiceModel.FaultException`1[[Citrix.Authentication.UserCredentialServices.FederatedAuthenticationServerFault, Citrix.Authentication.UserCredentialServices, Version=7.20.0.1, Culture=neutral, PublicKeyToken=axxxxx]], System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Access Denied (FAS server 'FAS Server FQDN' correlation: fxxx-4xxx-0xxxx)

1. Add the user explicitly in FAS* console > Rule Default’> restrictions > Manage user permissions > add user.
2. Set to "allowed" the Domain users for FAS user authentication in the FAS console.

Problem Cause

FAS is denying this user access to VDAs (“Assert Identity” denied).