When trying to add or remove a virtual machine (VM) from the Distributed Firewall (DFW) Exclusion List using the vSphere Web Client, the Exclusion List view freezes, it is not possible to interact with the user interface (UI) anymore and the part around the exclusion List view itself is greyed out, forcing to reload the vSphere Web Client.
This issue occurs when there is a VM with an empty scope is present in the DFW Exclusion List (this can sometimes occur with template or shell VMs).
On the above screen capture notice the empty scope for the virtual machine UPSA11.
This issue is resolved in VMware NSX Data Center for vSphere 6.4.7
To be able to interact normally with the DFW exclusion list using the vSphere Web Client again, it is necessary to identify and remove the VM with an empty scope present in the DFW Exclusion List by using the REST API.
GET https://{nsx-manager-ip}/api/2.1/app/excludelist
<member>
<objectId>vm-28</objectId>
<objectTypeName>VirtualMachine</objectTypeName>
<vsmUuid>422B734B-6FC9-####-####-############</vsmUuid>
<nodeId>37645b9f-9ebe-####-####-############
</nodeId>
<revision>11</revision>
<type>
<typeName>VirtualMachine</typeName>
</type>
<name>HQ-VCSA-01a</name>
<scope>
<id>resgroup-v83</id>
<objectTypeName>VirtualApp</objectTypeName>
<name>MGMT</name>
</scope>
<clientHandle></clientHandle>
<extendedAttributes/>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<isTemporal>false</isTemporal>
</member>
<member>
<objectId>vm-141</objectId>
<objectTypeName>VirtualMachine</objectTypeName>
<vsmUuid>422B734B-6FC9-####-####-############
</vsmUuid>
<nodeId>37645b9f-9ebe-####-####-############
</nodeId>
<revision>20</revision>
<type>
<typeName>VirtualMachine</typeName>
</type>
<name>UPSA11</name>
<clientHandle></clientHandle>
<extendedAttributes/>
<isUniversal>false</isUniversal>
<universalRevision>0</universalRevision>
<isTemporal>false</isTemporal>
</member>
DELETE https://{nsx-manager-ip}/api/2.1/app/excludelist/{memberID}