NSX-T after new Service creation, the status changes to 'Failed' with 'Realization failure'
book
Article ID: 322511
calendar_today
Updated On:
Products
VMware NSX Networking
Issue/Introduction
Symptoms:
You recently modified a default service using API calls.
Distributed Firewall page shows realization failures, if any new rules are deployed with a service.
Checking the NSX-T manager /var/log/policy/policy.log, you see messages similar to the below:
ERROR providerTaskExecutor-95 PolicyProviderUtil 13257 POLICY [nsx@6876 comp="nsx-manager" errorCode="MP500015" level="ERROR" subcomp="policy"] Unexpected exception received during provider invocation. com.vmware.nsx.management.policy.provider.ProviderNotReadyException: Realization failure, waiting for realization of resource type = ServiceEntry path=[{/infra/services/TCP_1234/service-entries/TCP_1234}], Realization will be reattempted in next cycle (max 5 minutes) ... com.vmware.nsx.management.policy.provider.common.RealizationFetchUtility.polling(RealizationFetchUtility.java:805) ~[libpolicy-framework-api.jar:?] ... com.vmware.nsx.management.policy.providers.ServiceGroupProviderNSXT.handlePolicyChange(ServiceGroupProviderNSXT.java:204) ~[libpolicy-framework-api.jar:?]
Environment
VMware NSX-T Data Center
Cause
The default service was modified by an API an call, these default services should not be modified and you are prevented from doing so in the UI. The ability to modify them using the API will be removed in a future release.
Resolution
This issue is resolved in NSX-T 4.0.1 available at VMware Downloads.
Workaround: Do not modify the system default service entries.