VMware Workspace ONE Community
RuZw
Contributor
Contributor
Jump to solution

Cannot create Citrix virtual apps collection

Hello,

I am working on a POC with Vmware Workspace One UEM and IDM (both SAAS) trying to connect to a Citrix DDC. On Premise we have IDM Connector and Citrix Integration Broker trying to connect to Citrix 7.15 with only a Storefront server and no Netscaler.

When I create the Citrix virtual apps collection in the IDM I am getting an error and cannot go to the next step of assigning the virtual apps.

The error I get:

Virtual apps validation failed - Virtual app collection does not have valid idp id. Please check if the connector(s): xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are valid and associated with the same directory.

I have tested with the Citrix Validation Tool and succesfully tested with some Published Applications.

Logfiles don't seem to help me to find what connector is meant by this error message.

I have checked a dozen times all settings and prerequisites and trying to create the Citrix virtual apps collection.

Vmware support cannot help me, because they don't have any knowledge about this.

As seen in this forum, there are either less problems on this issue or we are quite alone.

Is there anyone who can help me?

regards

Ruud

1 Solution

Accepted Solutions
Homie3
Contributor
Contributor
Jump to solution

Hello everyone,

i did manage to solve the problem for myself!

We wanted to use the internal connector in "Outbound Only Mode(443)".
At the directory creation we marked:

auth.JPG

Because we don't want to use the connector as authenticator.
We used the Build-In Identity Provider as authenticator.
This is what our "Connectors" tab looked like:

connectors.JPG

Identity Providers were completely missing.

So we redeployed the connector and the active directory associated with it in the VMware Identity Manager.

It seems that you need an extra WorkspaceIDP(Identity Provider) for it to work.
After redeploying the connector we added the active directory with the authentication option above marked "Yes".
After that we configured the Built-in IdP to use the connector and Password(cloud deployment).

So at the end we could add our "Virtual App Collection" Horizon 7 onPremise without any error to VIDM.
YAY

After all our connector tab looks like this:

Connectors_End.JPG

And the identity providers tab like this:

IDPs.JPG

We still use the Built-in IdP to authenticate against active directory.
The WorkspaceIDP is unused, it just seems that its need to be configured for "Virtual App Collection".

Hope that helps Smiley Wink

View solution in original post

9 Replies
Homie3
Contributor
Contributor
Jump to solution

Hello Ruud,

did you manage to solve the problem?

We have exactly the same issue with Vmware Workspace One UEM on premise and Vmware Identity Manager on premise.
But we are trying to connect to our Vmware Horizon 7 view connection server on premise with the IDM Connector.

The error we get:
Virtual apps validation failed - Virtual app collection does not have valid idp id. Please check if the connector(s): xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx are valid and associated with the same directory.

The IDM connector lies in the same directory as the Vmware View connection server.

I couldn't find anything about this issue.

I hope anyone can help...

Best regards

Nick

Reply
0 Kudos
elgwhoppo
Hot Shot
Hot Shot
Jump to solution

I'm also getting this error message with WS1 Access SaaS and Horizon 7.10 on prem. I'm not really sure what to do here.

Virtual apps validation failed - Virtual app collection does not have valid idp id. Please check if the connector(s): bb0cb384-0f3f-413f-b710-09585f2a0a9d are valid and associated with the same directory.

VCDX-Desktop
Reply
0 Kudos
elgwhoppo
Hot Shot
Hot Shot
Jump to solution

Tried adding the checkOrigin=false to the locked.properties file in Horizon, no impact.

VCDX-Desktop
Reply
0 Kudos
elgwhoppo
Hot Shot
Hot Shot
Jump to solution

Going to try creating and joining another connector to vIDM and using that one here when adding the virtual connectors.

Also checked:

  • Time sync on the connector, it's good
  • Rebooted the connector
  • Rebooted all Connection servers
  • Ensured that there is a SAML authenticator configured in Horizon 7 with the proper idp URL of the WS1 access
VCDX-Desktop
Reply
0 Kudos
pbjork
VMware Employee
VMware Employee
Jump to solution

Hi all..

Not sure if you have tried this before and I'm guessing here.. But have you made sure the connector you are trying to activate for sync with Horizon/Citrix is the same that is syncing to the AD directory?

Reply
0 Kudos
Homie3
Contributor
Contributor
Jump to solution

Hello everyone,

i did manage to solve the problem for myself!

We wanted to use the internal connector in "Outbound Only Mode(443)".
At the directory creation we marked:

auth.JPG

Because we don't want to use the connector as authenticator.
We used the Build-In Identity Provider as authenticator.
This is what our "Connectors" tab looked like:

connectors.JPG

Identity Providers were completely missing.

So we redeployed the connector and the active directory associated with it in the VMware Identity Manager.

It seems that you need an extra WorkspaceIDP(Identity Provider) for it to work.
After redeploying the connector we added the active directory with the authentication option above marked "Yes".
After that we configured the Built-in IdP to use the connector and Password(cloud deployment).

So at the end we could add our "Virtual App Collection" Horizon 7 onPremise without any error to VIDM.
YAY

After all our connector tab looks like this:

Connectors_End.JPG

And the identity providers tab like this:

IDPs.JPG

We still use the Built-in IdP to authenticate against active directory.
The WorkspaceIDP is unused, it just seems that its need to be configured for "Virtual App Collection".

Hope that helps Smiley Wink

elgwhoppo
Hot Shot
Hot Shot
Jump to solution

Dude that totally fixed it for me. Added another connector and IDP and voila. Thanks so much Homie3​ and pbjork​ for jumping in!

VCDX-Desktop
pbjork
VMware Employee
VMware Employee
Jump to solution

Glad it's sorted.. The WorkspaceIDP_x that is tied to the AD is what tells Access which connectors can talk to the AD.. So your connector you use for Horizon sync must be listed there..

iforbes
Hot Shot
Hot Shot
Jump to solution

I'm using WS1 SAAS. Trying to configure Virtual Apps collection and keep getting 'Virtual apps validation failed -401'. My connector setting look exactly like yours. No idea what could be the issue.

pastedImage_0.png

Reply
0 Kudos