Promotion of Manager objects to Policy objects in NSX-T fails: Either use another path or wait for the purge cycle (max 5 minutes) for permanent removal of the object.
search cancel

Promotion of Manager objects to Policy objects in NSX-T fails: Either use another path or wait for the purge cycle (max 5 minutes) for permanent removal of the object.

book

Article ID: 322418

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • You are attempting to promote Management Plane (MP) objects to Policy objects.
  • The following error is displayed and can also be seen in the NSX-T manager logs /var/log/syslog and /var/log/proton/nsxapi.log:
SEGMENT_PORT promotion error. Manager id: xxxxxxxx-92bc-4306-85a1-xxxxxxxxxxxx, Error : policy_error_code : Policy:500157 policy_error_message : Error during creating objects of type:SegmentPort policy_error_code : Policy:500045 policy_error_message : An object with the same path=[/infra/segments/dvportgroup-xxxxxx/ports/default:xxxxxxxx-92bc-4306-85a1-xxxxxxxxxxxx] is marked for deletion. Either use another path or wait for the purge cycle (max 5 minutes) for permanent removal of the object.
  • The error is seen when doing the promotion from API or UI.

Environment

VMware NSX-T

Cause

This occurs due to a timing issue, whereby the discovered ports are deleted first, then they are recreated.
However during port recreation (using the same intent path), the process fails, as the original port still exists and is marked for delete.

Resolution

This is a known issue impacting VMware NSX.

Workaround:

  • Make sure an update to date backup is in place.
  • Cancel the MP to Policy promotion if it is still in progress.
  • Check if the port still exists or is marked for delete, using the intents indicated in the errors using the API:
    • GET https://{{ip}}/policy/api/v1/infra/realized-state/realized-entities?intent_path=<intent path>
    • Sample API: GET https://{{ip}}/policy/api/v1/infra/realized-state/realized-entities?intent_path=/infra/segments/<segment-name>/ports/default:xxxxxxxx-4670-495d-b5c4-xxxxxxxxxxxx
  • Delete the intents marked for delete using the following API call:
    • DELETE https://{{ip}}/policy/api/<intent path>
    • Sample API : DELETE https://{{ip}}/policy/api/v1/infra/segments/<segment-name>/ports/default:xxxxxxxx-4670-495d-b5c4-xxxxxxxxxxxx
  • Attempt the MP to Policy promotion again.

Note: NSX does a cleanup every 5 minutes, objects marked for delete should be cleaned during that time, with the initial GET you may find the object does not exist anymore, as it has been cleaned up during the cleanup period. 
Note: If above DELETE API's say, the entity (realized object or intent) doesn't exists, then they have already been deleted. So, please go ahead and attempt MP to policy promotion.

Powered by Wolken Software