search cancel

After upgrading to 8.5 + RU1 when opening "Home > First Time Setup" no data is displayed at all

book

Article ID: 174153

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

After upgrading to 8.5 + RU1 when opening "Home > First Time Setup" no data is displayed at all. The console user is a member of theSymantec Administrators security role.

 

Cause

The console user was a member of 40+ security roles. The majority of those roles came in via AD Import.  

While profiling the problem (Altiris Profiler) it showed that the process called spGetTrusteeMembership, which returned 41 security role GUIDs.

After returning the 40+ role Guids, it then passed those on to sp_SetupGetComputers into the @Trustee variable..


sp_SetupGetComputers only accepts a max of 255 character into its @Trustee variable.


The following is an excerpt of a Profiler trace showing sp_SetupGetComputers being called and passed many security roles. When run against the database it returned no rows

    
EXECUTE sp_SetupGetComputers @CreatedDate='1753-01-01 00:00:00.000', @Trustee=N'{0273009F-FD6A-4894-B2C3-8F15673C6BA0},{03B132E6-3F46-4A8C-A046-57B6F02A8B42},{055D6676-68F3-4895-BA0B-433133864F23},{0A44C119-0D32-434B-BE6A-9EECA1195755},{0C07FE9C-1168-4EE3-B625-E0B40BFA602C},{0EDB0783-7D21-4FCC-8940-B1F278B51AC4},{101FF15E-4D52-43D8-B155-A8A40996A592},{1575704E-C1D3-4464-AD74-A0301A651A4D},{21660635-40D1-457E-A6B5-ADFC7F9AC4B7},{2E1F478A-4986-4223-9D1E-B5920A63AB41},{31ACF5C9-E5EA-47D7-B0C6-3C40A8BAB679},{3F47EE91-02CC-44AC-8C93-F11AD9679E2F},{4002962C-F19A-461B-AED6-1FA7575798A1},{4F8C59EA-5FBF-46B3-B9B9-201CC5F93D5A},{520DB54A-E5E5-4D2E-93CA-08C7E0E7A631},{538019B3-D6FC-415D-9A2D-C05946429919},{582029E2-FC5B-4717-8808-B80D6EF0FD67},{609D65F0-F5A5-4B07-9F39-52D49F46C4DE},{633C90E6-4D33-4492-9A82-D7BFBAC74CC1},{6962180A-0790-410F-90FC-D206337E3427},{6995576F-03CF-457E-AD12-5B2E04A74A89},{6DA404E4-AC95-4DB0-826E-E9ADE67DBA80},{7584B677-B867-4085-A75E-63E3F8269A85},{769EA32A-C105-4045-95E5-D5E51B3FFE7D},{78590FB3-56A7-4E63-A7FB-34564CF48A29},{7BFF2228-7D18-4350-BEA8-FF8C9D5AC257},{803D3C5F-97AF-4FDE-9127-58E562B8D60E},{82014C6E-5730-4A4A-AA6B-44B11A466FC9},{824D0CAB-8418-47D8-A594-359570022EE2},{883B0DA1-4480-4F02-B2AA-281A863C942F},{8DEF07E0-9FDE-4A6C-8054-69C1CD8EFA3B},{8F90B21F-68A6-4867-AD0B-BF19C8C35F8E},{9965F326-B126-46AF-84B9-C3779A2A37B6},{9C68AEE0-8232-4376-8ED8-00DC576AA4A7},{9FDD9007-0136-4F75-946B-71D73A6F40AA},{B0432E97-5B1E-4FD6-B57D-DB7700D72155},{B0776CFD-213F-4CE8-B528-E9CE0990C597},{B232C8A6-B2E0-4D00-9CD7-BA165C2F241F},{B35F447D-D316-49CD-8B68-13920954151F},{B431902E-37E8-4C84-874D-39B766B6F713},{B760E9A9-E4DB-404C-A93F-AEA51754AA4F},{B829F50C-2B5F-4280-A801-833D203DC649},{B88B2E56-2764-471C-B271-E9665D5DD71C},{BD4252E6-E088-4E9F-9718-EE1DB12DC284},{C595045E-7E73-410C-905A-35772C537C0E},{CC86BEB0-4F37-49E7-A2E9-982B0AD2A0BE},{CEC406AE-7F1A-4954-866E-F3636D73D0DD},{E2C7E422-D3CB-4879-AA55-11F09920FA39},{F023DA8B-BEE7-417E-A7DE-CB3FD16E88F5},{F2B12341-AF7B-45E5-B485-7CC6320F43E1},{F2FB3D36-C681-49C5-8B17-7603FE423BB6},{F4D6F268-802B-48B4-8055-B043FB8C27D4},{FBBA7A89-A317-49E5-ACE1-F2388F0A851C}'

 

Symantec Administrators (2E1F478A-4986-4223-9D1E-B5920A63AB41) doesn't appear in this string until character 353+ which means that it was cut off before any role membership with any permissions could be evaluated against computers the console user can see.

This is a minor defect that has been reported.

Environment

Management Platform 8.5 RU1

Resolution

This issue has been reported to the Symantec Development team. A fix has been included under the ITMS 8.5 RU2 release.

In the meantime as workaround:

Two options got around the problem.

  1. Removed the user from all roles but Symantec Administrators. However, if the user is a member of security groups in AD, and those groups are imported via an import rule, then the membership dillemma will come back.

 
 OR
 

  1.  ALTER sp_SetupGetComputers to allow @Trustee to accept (max) (run SQL query from attached file "Alter sp_SetupGetComputers.sql" against the database.) 
  2. Added a section to spGetTrusteeMembership which tested for membership of Symantec Administrators and, if membership existed, it returned the following three role GUIDs only (run SQL from attached file "Alter spGetTrusteeMembership" against the database)

 
2E1F478A-4986-4223-9D1E-B5920A63AB41
B760E9A9-E4DB-404c-A93F-AEA51754AA4F
582029E2-FC5B-4717-8808-B80D6EF0FD67

 

Attachments

Alter sp_SetupGetComputers.sql get_app
Alter spGetTrusteeMembership.sql get_app