ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Getting error: The owner of Item (GUID) is invalid, it does not map to a valid trustee

book

Article ID: 161156

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Getting error when in log viewer when working in Security Roles. The error is:
The owner of Item <GUID> is invalid, it does not map to a valid trustee. 

 The owner of Item <GUID> is invalid, it does not map to a valid trustee. 

Cause

The root of the problem seems to have been caused by the fact that the original account used as the logon account (Application Identity) was replaced by another account, and then the original account was deleted from the domain.

 

When the tree is rendered, starting at the 'Security Roles' folder the builder seems to try to validate the the owner of the folder. In this case the OwnerGuid of the folder was no longer even found in the SecurityTrustee table. As a result the attempt to render the security role tree is abandoned.

Resolution

NOTE: There are two versions of each SQL query. One for versions prior to 8.0, and a second for versions 8.0 and later.

 

Run the following query to identify the objects with no valid owner:

-- version 7.5 and 7.6

-- Count of objects with no valid owner

select distinct i.Name as Owner,se.OwnerGuid, COUNT(*) [Owned Items]
from SecurityEntity se
left join Item i on i.Guid = se.OwnerGuid
where i.Guid is null
group by i.Name, se.OwnerGuid
order by i.Name


-- version 8.0 and later

-- Count of objects with no valid owner

select distinct i.Name as Owner,se.OwnerGuid, COUNT(*) [Owned Items]
from sec_EntityDesc se
left join Item i on i.Guid = se.OwnerGuid
where i.Guid is null and OwnerGuid <> '0FFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF'
group by i.Name, se.OwnerGuid
order by i.Name


Run the following query in order to re-associate those objects to the Symantec Administrators role:

-- Versions 7.5 and 7.6

-- Reassign owner to objects that have no valid owner

declare @newOwnerGuid uniqueidentifier
set @newOwnerGuid = '2E1F478A-4986-4223-9D1E-B5920A63AB41' -- Symantec Administrators

update SecurityEntity set OwnerGuid = @newOwnerGuid
where OwnerGuid in (
select se.OwnerGuid
from SecurityEntity se
left join Item i on i.Guid = se.OwnerGuid
where i.Guid is null
)


-- version 8.0 and later

-- Reassign owner to objects that have no valid owner

declare @newOwnerGuid uniqueidentifier
set @newOwnerGuid = '2E1F478A-4986-4223-9D1E-B5920A63AB41' -- Symantec Administrators

update sec_EntityDesc set OwnerGuid = @newOwnerGuid
where OwnerGuid in (
select se.OwnerGuid
from SecurityEntity se
left join Item i on i.Guid = se.OwnerGuid
where i.Guid is null and OwnerGuid <> '0FFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF'
)