NSX-T Federation sites are reporting: "Found 0 security policies and X groups on Global Manager for Local Manager at site"
search cancel

NSX-T Federation sites are reporting: "Found 0 security policies and X groups on Global Manager for Local Manager at site"

book

Article ID: 324388

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:

  • Navigate to the Location Manager from the Global Manager UI and you can see the following alert on one or more sites: "Found X security policies and X groups on Global Manager for Local Manager at site <site_name>"
  • The same can be seen in the /var/log/gmanager/gmanager.log 
2021-01-10T13:27:06.202Z INFO http-nio-127.0.0.1-64440-exec-80 GmOnboardingConverter - POLICY [nsx@6876 comp="global-manager" level="INFO" reqId="########-####-####-####-########3ebb" subcomp="global-manager" username="admin"] toConfigOnboardingStatusDto: ConfigOnboardingStatus : ConfigOnboardingStatus [siteOnboardingStatus=SiteOnboardingStatus [siteId=Amsterdam, status=BLOCKED_CONFIG_CONFLICT_CHECK, siteBackupReference=, stateTransitions=[ALLOWED:1600800824441, BLOCKED_CONFIG_CONFLICT_CHECK:1610378826202, {cnt=2}]], ignoreStatus=false, supportedFeatures=null, unsupportedFeatures=null, importProgress=null, rollbackProgress=null, errors=[com.vmware.nsx.management.gm.onboarding.exceptions.ConfigOnboardingException: Found 0 security policies and 7 groups on Global Manager for Local Manager at site London. Please try again after removing site specific security policies and groups.]]
  • The following API is failing in "BLOCKED_CONFIG_CONFLICT_CHECK" status.
GET "global-manager/api/v1/global-infra/sites/Amsterdam/onboarding/status"
{
  "site_id" : "London",
  "status" : "BLOCKED_CONFIG_CONFLICT_CHECK",
  "details" : {
    "error_messages" : [ {
      "error_code" : 40013,
      "error_message" : "Found 0 security policies and 7 groups on Global Manager for Local Manager at site London. Please try again after removing site specific security policies and groups."
}



Resolution

Currently there is no resolution.

Workaround:

Considering the alert impacted sites is already onboarding the following workaround can be used:

GET https://{{ GM IP }}/global-manager/api/v1/global-infra/sites/London/onboarding/preferences

{
    "site_id": "London",
    "ignore_import": true,
    "resource_type": "SiteOnboardingPreference",
    "id": "/global-infra/sites/London/onboarding-preferences/default",
    "display_name": "/global-infra/sites/London/onboarding-preferences/default"
}

Change the "ignore_import" from true to false.

PUT https://{{ GM IP }}/global-manager/api/v1/global-infra/sites/London/onboarding/preferences

{
    "site_id": "London",
    "ignore_import": false,
    "resource_type": "SiteOnboardingPreference",
    "id": "/global-infra/sites/London/onboarding-preferences/default",
    "display_name": "/global-infra/sites/London/onboarding-preferences/default"
}

 


Additional Information

Impact/Risks:
There is no impact.

Powered by Wolken Software