It's not the authorized.conf. ess_user, ess_admin, ess_analysts would have been additional roles associated with admin account or other users defined local to the splunk (i.e. if you are using LDAP, then only system accounts that should be defined would have been admin).
Look at the $SPLUNK_HOME/etc/passwd. remove the roles associated that is no-longer existing on that splunk instance. That should get rid of the errors in the log.
:admin:$$::Administrator:admin;ess_admin;ess_analyst:changeme@example.com::
In above example, remove the entries ';ess_admin;ess_analyst' and save. Restart splunk, and error will be gone.
... View more