BigFix Web Reports: “Report List” Gone with error “Could not find user” after admin account deletion
A former BigFix Admin who’s Acitve Directory (LDAP) account was tied to a WebReports admin account, was deleted from AD today (Unfortunately someone didn’t follow procedures to disable). Because of this, most users that login can no longer see anything when clicking on the “Report List” tab. Instead, when clicking on that tab the entire web page turns into the text error seen below:
Could not find user {E5396G95-1189-42A9-F48A-744E82F267AB} in the Active Directory global catalog
This is obviously the user that was just deleted. We’re working to restore the account from backup, but I want to figure out why this happened so we can keep it from happening again when his account is deleted again. Since my account still had access to everything (as an Admin), I did a test on one of the broken accounts, by assigning the admin role to that user. It allowed them to see everything. That’s obviously not an answer for all users, but trying to figure out what’s going on here. Still wondering if there could be issues with the existing roles if they were created by that Admin, though that would seem like a dumb design if the roles weren’t any good after the author is removed from the system (as employee’s come and go all the time). WebReports is running on an independent service account having nothing to do with that user. Not sure what the cause is. Still investigating on this end, but thought I’d throw this out there for anyone who may have seen it before.
all reports that the admin created (or any user for that matter) are tied to that user.
As an admin you should be able to see them and take them over, then make them public again so the other users can see them.
It is as design unfortunately, so open an RFE to have that altered in a future release.
Thanks Dave, Unfortunately it’s not just that users reports that are affected. Literally no reports by any user are displayed. I don’t think that’s normal.
So we worked with IBM and found no obvious cause. They agreed that this was unexpected behavior, and a problem. They were escalating to developers for a closer look.
The employee who left had around 150 WebReports. While we were waiting to hear back from the devs, we decided to save custom copies of many of those reports and republish. We also deleted a bunch of private reports that didn’t seem worth keeping, and recreated all the scheduled tasks connected to those reports that he had established. Throughout the process users continued to be unable to see the Report List. As we continued through that process this morning, it randomly started working again. We didn’t get through all of his reports. There are still about 15 or so public reports that are working fine.
I wish I could tell you what did it. Too many changes at once to narrow it down. My guess is either something to do with his private reports being deleted, or replacing his scheduled tasks. Anyway, an interesting case. We haven’t heard back from IBM yet, but I don’t expect much additional information from them without a broken system to test against.
identify from the USER_NAME table the ID of the LDAP/AD deleted user
reassign ( or even delete ) the reports created by the LDAP/AD deleted user to a different existing user.
The reassignment can be performed with the following command:
update WEBREPORTS set Creator = {NEW_EXISTING_USER_ID} where Creator = {DELETED_USER_ID}
otherwise, if these reports are no more useful, can think to delete them:
delete from WEBREPORTS where Creator = {DELETED_USER_ID}
Further stuff in the SCHEDULED_ACTIVITY, SAVED_FILTERS and FAVORITE_WEBREPORTS tables could be re-assigned or deleted as well, but have no impact on this problematic scenario, so that it can be done later without urgency.
This came in VERY handy for me when I couldn’t delete a user because “The operator cannot be deleted because have public filters assigned.”… despite even BESADMIN not seeing those “public” filters.
(Turns out they were filters for Roles that had been deleted.)
Reassigned those to me, and I could nuke that old user. Thanks!!
