Highlighted
Contributor
Contributor

Workspace One Access and Horizon

Hi, 

we are evaluating Horizon Enterprise and I'm trying to setup the integration with Workspace One Access but I'm having errors syncing Virtual Apps Collections.

I'm connecting:
- Horizon 8 (2006)
- Workspace One access appliance (20.01.0.0 Build 15509389)
- VMware Identity Manager Connector 19.03.0.1

I'm able to sync AD users and Horizon desktop pools but when the system tries to sync the entitlements i get an error:
"Entitlement results not found for profileId : 2 and timeStamp : 11/17/20 9:38 PM "
I had a look in the tomcat connector log from IDM connector and i see the error:

 

2020-11-17T21:38:33,059 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/entitlements/definitions/catalogitems/ec005f9c-1410-4cba-9d5b-7d1ea714a825, ..., application/vnd.vmware.horizon.manager.entitlements.definition.catalogitem+json, PUT, null, ...)
2020-11-17T21:38:33,131 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/entitlements/definitions/catalogitems/ec005f9c-1410-4cba-9d5b-7d1ea714a825, ..., application/vnd.vmware.horizon.manager.entitlements.definition.catalogitem+json, PUT, null, ...)
2020-11-17T21:38:33,132 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.client.entitlement.EntitlementPushClient - Entitlement Sync result: {"code":400,"body":"Unrecognized field \"negative\" (class com.vmware.horizon.entitlement.model.CatalogItemEntitlementDefinitionTO), not marked as ignorable (2 known properties: \"activationPolicy\", \"subjectId\"])\n at [Source: (org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream); line: 6, column: 23] (through reference chain: com.vmware.horizon.entitlement.rest.media.CatalogItemEntitlementDefinition[\"groups\"]->java.util.ArrayList[0]->com.vmware.horizon.entitlement.model.CatalogItemEntitlementDefinitionTO[\"negative\"])"}
2020-11-17T21:38:33,132 ERROR (Timer-3) [;;;] com.vmware.horizon.connector.client.entitlement.EntitlementPushClient - Error parsing json while pushing Entitlements to horizon
com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'Unrecognized': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
 at [Source: (String)"Unrecognized field "negative" (class com.vmware.horizon.entitlement.model.CatalogItemEntitlementDefinitionTO), not marked as ignorable (2 known properties: "activationPolicy", "subjectId"])
 at [Source: (org.glassfish.jersey.message.internal.ReaderInterceptorExecutor$UnCloseableInputStream); line: 6, column: 23] (through reference chain: com.vmware.horizon.entitlement.rest.media.CatalogItemEntitlementDefinition["groups"]->java.util.ArrayList[0]->com.vmware.horizon.entitlement.model.CatalogItemEn"[truncated 34 chars]; line: 1, column: 13]
	at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:1840) ~[jackson-core-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:722) ~[jackson-core-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._reportInvalidToken(ReaderBasedJsonParser.java:2868) ~[jackson-core-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser._handleOddValue(ReaderBasedJsonParser.java:1914) ~[jackson-core-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.core.json.ReaderBasedJsonParser.nextToken(ReaderBasedJsonParser.java:773) ~[jackson-core-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.databind.ObjectMapper._initForReading(ObjectMapper.java:4340) ~[jackson-databind-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4189) ~[jackson-databind-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3205) ~[jackson-databind-2.10.2.jar:2.10.2]
	at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3173) ~[jackson-databind-2.10.2.jar:2.10.2]
	at com.vmware.horizon.connector.client.entitlement.EntitlementPushClient.processFailureResponse(EntitlementPushClient.java:88) [connector-service-api-0.1.jar:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.client.entitlement.EntitlementPushClient.parseObjectsFromSearchResultsJson(EntitlementPushClient.java:77) [connector-service-api-0.1.jar:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.client.entitlement.EntitlementPushClient.syncEntitlements(EntitlementPushClient.java:59) [connector-service-api-0.1.jar:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.view.ViewService.syncViewEntitlements(ViewService.java:608) [classes/:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.view.impl.ViewSyncScheduleService.syncIfAppropriate(ViewSyncScheduleService.java:157) [classes/:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.admin.ScheduleService$1.run(ScheduleService.java:99) [classes/:19.03.0.1 Build 17035019]
	at java.util.TimerThread.mainLoop(Unknown Source) [?:1.8.0_251]
	at java.util.TimerThread.run(Unknown Source) [?:1.8.0_251]
2020-11-17T21:38:33,132 ERROR (Timer-3) [;;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - Could not sync entitlements to Identity Manager
com.vmware.horizon.connector.exception.PushEngineException: Could not sync entitlements to Identity Manager
	at com.vmware.horizon.connector.client.entitlement.EntitlementPushClient.syncEntitlements(EntitlementPushClient.java:62) ~[connector-service-api-0.1.jar:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.view.ViewService.syncViewEntitlements(ViewService.java:608) ~[classes/:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.view.impl.ViewSyncScheduleService.syncIfAppropriate(ViewSyncScheduleService.java:157) [classes/:19.03.0.1 Build 17035019]
	at com.vmware.horizon.connector.admin.ScheduleService$1.run(ScheduleService.java:99) [classes/:19.03.0.1 Build 17035019]
	at java.util.TimerThread.mainLoop(Unknown Source) [?:1.8.0_251]
	at java.util.TimerThread.run(Unknown Source) [?:1.8.0_251]
2020-11-17T21:38:33,133 ERROR (Timer-3) [;;;] com.vmware.horizon.connector.mvc.UIAlerts - messages.couldNotSyncEntitlements
2020-11-17T21:38:33,133 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.admin.StateService - Saving config for 3002@HORIZONIDM to file C:\VMware\VMwareIdentityManager\Connector\usr\local\horizon\conf\states\HORIZONIDM\3002\config-state.json
2020-11-17T21:38:33,155 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.admin.StateService - Saving state config to disk DONE.
2020-11-17T21:38:33,155 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - View sync completed in: 00:00:01.351 at timestamp(ms): 2020-11-17 21:38:33.155(1605645513155)
2020-11-17T21:38:33,164 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/sync/results, ..., application/vnd.vmware.horizon.manager.connector.management.resourcesync.profile.sync.status+json, POST, null, ...)
2020-11-17T21:38:33,236 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/sync/results, ..., application/vnd.vmware.horizon.manager.connector.management.resourcesync.profile.sync.status+json, POST, null, ...)
2020-11-17T21:38:33,237 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.common.VirtualAppCollectionSyncAuditor - Auditing sync data for Virtual app collection with profileId 2 and timestamp 1605645513155 has started 
2020-11-17T21:38:33,237 INFO  (Timer-3) [;;;] com.vmware.horizon.connector.view.impl.ViewSyncScheduleService - View sync completed with status : message.viewSync.failure
2020-11-17T21:38:33,237 INFO  (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.connector.connectormanagement.ResourceSyncAlertPushEngine - Started storing ResourceAlert in audit for profile id 2 and timestamp 1605645513155
2020-11-17T21:38:33,240 INFO  (resourceSyncTaskExecutor-2) [;;;] com.vmware.horizon.connector.connectormanagement.ResourceSyncResultSummaryPushEngine - Started storing ResourceSyncResultSummary in audit for profile id 2 and timestamp 1605645513155
2020-11-17T21:38:33,240 INFO  (resourceSyncTaskExecutor-4) [;;;] com.vmware.horizon.connector.connectormanagement.ResourceSyncEntitlementResultPushEngine - Started storing EntitlementSyncResult in audit for profile id 2 and timestamp 1605645513155
2020-11-17T21:38:33,244 INFO  (resourceSyncTaskExecutor-1) [;;;] com.vmware.horizon.connector.connectormanagement.ResourceSyncEntitlementResultPushEngine - Started storing EntitlementSyncResult in audit for profile id 2 and timestamp 1605645513155
2020-11-17T21:38:33,254 INFO  (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/syncalerts, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.sync.alert+json, POST, null, ...)
2020-11-17T21:38:33,255 INFO  (resourceSyncTaskExecutor-1) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/entitlementresults, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.entitlement.sync.result+json, POST, null, ...)
2020-11-17T21:38:33,255 INFO  (resourceSyncTaskExecutor-2) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/syncresultssummary, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.sync.result.summary+json, POST, null, ...)
2020-11-17T21:38:33,280 INFO  (resourceSyncTaskExecutor-4) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/entitlementresults, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.entitlement.sync.result+json, POST, null, ...)
2020-11-17T21:38:33,366 INFO  (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/syncalerts, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.sync.alert+json, POST, null, ...)
2020-11-17T21:38:33,366 INFO  (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.connector.connectormanagement.ResourceSyncEntitlementResultPushEngine - Started storing EntitlementSyncResult in audit for profile id 2 and timestamp 1605645513155
2020-11-17T21:38:33,366 INFO  (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.connector.utils.RestClient - BEGIN sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/entitlementresults, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.entitlement.sync.result+json, POST, null, ...)
2020-11-17T21:38:33,382 INFO  (resourceSyncTaskExecutor-1) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/entitlementresults, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.entitlement.sync.result+json, POST, null, ...)
2020-11-17T21:38:33,397 INFO  (resourceSyncTaskExecutor-2) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/syncresultssummary, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.sync.result.summary+json, POST, null, ...)
2020-11-17T21:38:33,428 INFO  (resourceSyncTaskExecutor-4) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/entitlementresults, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.entitlement.sync.result+json, POST, null, ...)
2020-11-17T21:38:33,444 INFO  (resourceSyncTaskExecutor-3) [;;;] com.vmware.horizon.connector.utils.RestClient - END   sendRequestBase (https://horizonidm.horizonad.local/SAAS/t/HORIZONIDM/jersey/manager/api/resourcesync/profiles/2/entitlementresults, ..., application/vnd.vmware.horizon.manager.connector.resourcesyncprofile.entitlement.sync.result+json, POST, null, ...)

 

 
Has anyone had the same problem or has any idea of how I can sync the entitlements?

Thanks

Giuseppe

0 Kudos
6 Replies
Highlighted
Enthusiast
Enthusiast

Hi Giuseppe,

I have the same error, "Entitlement results not found for profileId : XX and timeStamp : <date> "

The only difference in my infrastructure is Horizon 7.12. I think the issue is on the Connector that doesn't enable to properly map the profile to the WS1. I have an SR open with VMware, as soon I have the answer I update you.

Best Regards

LM

0 Kudos
Highlighted
Enthusiast
Enthusiast

1) I assume you’re not using Domain Users? Is the entitled group properly sync’d?

2) What happens if you assign an individual account and sync? Does it work correctly? 

3) Is your service account used for Horizon syncs configured as a read-only admin in Horizon at the root? 

0 Kudos
Highlighted
Enthusiast
Enthusiast

Hi nburtonn935

in my case:

1) I'm using Domain Users and the groups are properly synced ..

2) This is what I tried, but the result doesn't change, same error

3) My account service used for sync Horizon is and Administrator (full) with permission at the root level. 

0 Kudos
Highlighted
Contributor
Contributor

Hi nburtonn935

Same as lmoglie here:

1) I'm using Domain Users and the groups are properly synced.

2) This is what I tried, but the result doesn't change, same error

3) My account service used for sync Horizon is Administrator. 

0 Kudos
Highlighted
Enthusiast
Enthusiast

Can you try to test a different group besides Domain Users to test and entitle that group in Horizon? Make sure that group is underneath the Base DN for sync.

Have you successfully setup WSO Access as the SAML authenticator on the Horizon side?

0 Kudos
Highlighted
Enthusiast
Enthusiast

Hi nburton935,

I solved after a nice chat with John of the support we were able to find the problem (configuration was fine).... due to a mismatch of valid combinations of service and connector.

Right combination is:

- 19.03 connector with 19.03, 20.01 and 20.10 service (WS1)

- 19.03.01 connector with 20.10 service only.

0 Kudos