- An attempt to launch a published resource using SAML is failing with the error "The user name or password is incorrect".
- EnrolServer.log contains the following errors:
- Certification Authority's "Revoked Certificates" list contains the certificates for a user who was attempting to launch an app.
The Event Viewer's Security log on the RDSH has the event 4685 recorded during the login attempt:
The certificate of the enrollment user account is revoked.
- On the Enrollment Server Agent open MMC via enrollment user account (right-click on MMC > Run as a different user) > File > Add/Remove Snap-in > Certificates > Add > My user account > Finish.
- Open the Personal Certificates Folder, locate the revoked certificate issued via PrlsEnrollmentAgent Template > right-click > Delete.
- Once the certificate deleted, issue a new PrlsEnrollmentAgent certificate to Enrollment Agent user
- Restart RAS Enrollment Agent service.