All Citrix-published applications and desktops in a Site must contain valid users. If a user or group is deleted and that user or group is not removed from a Citrix-published resource, the Citrix application or desktop shows an orphaned SID. This stops the sync to VMware Identity Manager from working.

You can use the following API to check the issue:

http://CitrixBrokerFQDN:80/IB/API/RestServiceImpl.svc/hznxenapp/admin/entitlements?computerName=IBFQDN&xenappversion=VersionNumber&appName=applicationName

The resulting file contains empty resources. Example output:

"[{\"IncludedUsers\":\"DomainName\\\\USERNAME:User$S-1-5-21-1097426297-1557994628-1672037986-53944:Group\"}]"