ITMS 7.x, 8.x

This problem is rare so it is not understood why/how this condition occurred; but it is believed to be related to timing in communications between the SMP and the database server during an upgrade.

Within that window, or some other event the following had occurred (one or both):

1.  The GUID (ResourceTargetGuid ) of the affected targets had their security owner changed to a user who no longer existed or the user/trustee who originally created the target no longer existed in the database and therefore could not be verified.

2.  The ResourceTargetGuid of the affected targets had been removed from the ResourceTargetOwnerTrustee table so that the owner trustee could not be verified.

The following query will return the names of the affected policies, and the count of targets per policy that are problematic:

select distinct p.Name as Policy, COUNT(*) as [Affected Targets]

from ItemAppliesTo iat

 join Item p on p.GUID = iat.ItemGuid

 join Item i on i.GUID = iat.ResourceTargetGuid

 left join ResourceTargetOwnerTrustees rot on rot.ResourceTargetGuid = iat.ResourceTargetGuid

 left join SecurityTrustee st on st.GUID = rot.TrusteeGuid

where rot.ResourceTargetGuid is null  or st.GUID is null

group by p.Name

order by p.Name

Run the SQL script attached to this article. The script will do the following two procedures:

1. Identify all targets whose security owner exists in ResourceTargetOwnerTrustee but cannot be verified. It will then change the security owner of all affected targets to be owned by "Symantec Administrators".
2. Identify all targets that have no representation in ResourceTargetOwnerTrustee, and insert them into the table - also setting Symantec Administrators as the owner trustee.

Note: It is good practice and highly recommended that before running any SQL script against a database a backup of the database should first be created.