You attempt to apply a security policy to a suspended GVM because it is still in the protected list and encounter an error as a result.

"The Gvm {1234.EN_US} operation cannot be performed while in the state of offline" is displayed on trying to initiate a scan on the suspended GVM.  The expected behavior is that a GVM be automatically moved to the un-protected list when it is suspended.

This is caused because a suspended GVM remains in the protected list after becoming unavailable.  It is no longer being actively protected, but the Data Center Security manager is not aware of it. 

The workaround is to wait for the machine to be moved to the unprotected list through timeout.  After approximately five (5) minutes, the manager will automatically update the status of the GVM to appropriately reflect the unprotected status.  At this point, any new policies applied to the NSX Security Group will not result in the error.  There are no immediately plans to change the behavior of the manager but this has been identified as a possible area for future improvement.

Applies To

This applies to a GVM in an NSX environment where the virtual machines are being suspended within the vSphere environment.