Approaching the troubleshooting of the missing or inconsistent Citrix Polices in Citrix Director largely depends on troubleshooting the Citrix Group Policies on the VDA or in the Group Policy Management Console. The Console can be Citrix Studio or Active Directory Group Policy Management Console (AD CGPM). 

It is important to know that the Citrix Director will only show the information that the VDA will provide, and in rare instances, Citrix Director will not correctly read provided policy output from the VDAs.

Instructions

To better understand the process of how the polices are shown in Citrix Director we will focus on following diagram:

Based on the diagram, we will start the troubleshooting on a VDA level and slowly progress to the rest of the possible components that can make impact.

1. Confirm how the VDA agent was installed. If the installation was performed using command line, make sure that the Citrix group Policy component was not excluded.

2. Perform quick test by creating new policy. Apply the same to a VDA and establish new ICA session. In Citrix Director, confirm if the new policy was applied.

3. Make sure that the missing policy is enabled, in Citrix Studio. Open the Policies console and locate the policy to check if it is enabled:
   

4. Confirm that there are no conflicting policies. For example, check if same policy exists in Citrix Studio and in AD CGPM. Another example can be that same specific policy is part of two policies configurations in Citrix Studio or AD CGPM. One assigned to Delivery Group and the other to OU, and one of them is disabled. One of the configured polices will need to be removed for the conflict of the polices to be resolved.

5. The next step will be to confirm that the policies are actually written on the VDA. This is two-step process:

   1. First step is to determine if the CitrixCseCache is updating the policies on the VDA when new session is established. To do this navigate to “C:ProgramData\CitrixCseCache” and observe the date for the “UserPolicy” and “ComputerPolicy” gpf files:
      
      If the files are update, they should reflect the date and time when the session was started, and the size should not be “0 KB”:

   2. Navigate to “C:\ProgramData\Citrix\GroupPolicy” and confirm the date, time and size of the “Rsop.gpf”. 
      

   3. We also must confirm the “Rsop.gpf” for the VDA session. In Citrix Director shows session ID for this user session is 2.
      
      On the VDA we can navigate to session ID “C:\ProgramData\Citrix\GroupPolicy\2” and confirm the “Rsop.gpf” date, time and size
      

   4. Then confirm the date, time and the size of the “Rsop.gpf” for the user that is missing the polices in Citrix Director. Navigate to “C:\Users\%username%\ Citrix\GroupPolicy”.
      
      If the polices are not updating on the VDA, please delete the corresponding “gpf” files, and logon to the session again so we can allow “CSE” engine to recreate corresponding files.

6. Additionally, Registry Editor on the VDA can provide information if the Citrix polies are being applied to the session. Polices can be located under “Computer\HKLM\Software\Wow6432node\Polices\Citrix” or “Computer\HKLM\Software\Polices\Citrix”.

7. The policy existence can be confirmed in the WMI repository, by using Command Line and running:
   “C:\> wmic /namespace:\\root\rsop CLASS CitrixRsopProviderClass CALL GetRsopRawDataForSession sessionId=<windows session Id>” The output is not in human readable format, but will tell us if the WMI providers on the OS are performing as expected, or will need to be rebuild.

8. Using CDF trace, it can be confirmed if the polices are being applied on the VDA during the user logon process. This step will tell us if the Citrix Polices configured on the Delivery Controller or the AD GPMC are delivered and applied on the VDA.
   Example of one possible error in the Citrix Director CDF trace: "Dmc.Service error System.Xml.XmlException: Data at the root level is invalid……"
   This error tells us that there is issue with the polices on the VDA/root level, with the WMI root providers.

9. On the VDA, Process Monitor logs during the user logon, can provide information if the polices are written in the corresponded Rsop.gpf files. Another Process Monitor log, obtained while reproducing the issue in Citrix Director, will show if the Citrix Director calls have permissions to obtain the policy information from WMI providers.

After it has been confirmed that there are no conflicting polices, and all the policies on the VDA, for the session and for the user, are up to date and are not showing size of “0 KB”, we should be able to see the polices in Citrix Director.

There are few other conditions that can case for the Citrix Policies not to show in Citrix Director:

1. If everything so far has been confirmed as working, there is a possibility that that Citrix Director is not able to properly read the policy information received from the VDA. We can troubleshoot this using DebugView:

   1. Download the DebugView from https://technet.microsoft.com/en-us/sysinternals/debugview.aspx;
   2. After extracting the downloaded file launch the DebugView as an administrator;
   3. From the "Capture" menu select "Capture Global Win32";
   4. Reproduce the issue in Citrix Director, by navigating to a session that will fail to show the policies under the Details;
   5. Stop the DebugView tracing by clicking on the magnifier glass;
   6. Save the trace to file.
   7. In the captured file, we should be able to see the polices that are applied on the VDA.

2. If using Citrix Profile Manager and customizing the “"Folders to be Synchronized" Citrix Group Policy.To resolve this issue, perform following:
   Add the "%USERPROFILE%\Citrix\GroupPolicy" folder to the "Folders to be Synchronized" Citrix GPO setting to allow the "%USERPROFILE%\Citrix\GroupPolicy\Rsop.gpf" to be retained at logoff. Recreate the folders in the user's profiles as they are not re-created automatically by the Citrix Profile Manager.

3. There is a possibility that Machine based policy setting that disables the RSOP processing on the VDAs has been configured. To resolve the issue, enable the RSOP processing on the VDAs.