If a Citrix-published application or desktop does not contain valid users, sync to VMware Identity Manager does not work.

Problem

All Citrix-published applications and desktops in a Site must contain valid users. If a user or group is deleted and that user or group is not removed from a Citrix-published resource, the Citrix application or desktop shows an orphaned SID. This stops the sync to VMware Identity Manager from working.

You can use the following API to check the issue:

http://CitrixBrokerFQDN:80/IB/API/RestServiceImpl.svc/hznxenapp/admin/entitlements?computerName=IBFQDN&xenappversion=VersionNumber&appName=applicationName

The resulting file contains empty resources. Example output:

"[{\"IncludedUsers\":\"DomainName\\\\USERNAME:User$S-1-5-21-1097426297-1557994628-1672037986-53944:Group\"}]"

Cause

Some published applications or desktops in the Site do not contain valid users.

Solution

Ensure that all Citrix-published applications and desktops within a Site contain valid users.