Adding the Active Directory tag as this is not an AD FS centric issue.
The error message format you have here looks like the content of an event id 4625 (please confirm). That's not an AD FS thing, that's Windows failing to authenticate the user. The error 0xC00002FD seem to map STATUS_KDC_UNKNOWN_ETYPE. Which looks like the issue is with a Kerberos authentication encryption type. Nothing to do with the AD FS relying party trust signature configuration.
As this point, there's not much we can investigate on the AD FS servers. You will need to look at the Kerberos oeverall configuration of your environment. It looks like a Kerberos Encryption Type issue.
Some element you can add to help us out...
- Give us the actual event id.
- Is the AD FS service account a gMSA account or a regular account?
- What is the version of your Active Directory domain controllers?
- Have you tried to test with a newly freshly created user on another machine? Maybe you have some restrictions on the Kerberos encryption type you can use with your account/machine.