NSX-v DFW Exclusion List Freezes in vSphere Web Client
search cancel

NSX-v DFW Exclusion List Freezes in vSphere Web Client

book

Article ID: 325711

calendar_today

Updated On:

Products

VMware NSX for vSphere

Issue/Introduction

  • When accessing the NSX Manager DFW Exclusion List using the vSphere Web Client, the page does not load.
  • The screen may stay in a greyed out "loading" state as shown below.
  • All of other NSX-related pages load without issue. 

Environment

VMware NSX for vSphere 6.4.x

Cause

This issue occurs when VM templates have been added to the Exclusion list.
The templates may not be visible from the Web Client, but the NSX Manager list the templates as a part of its Exclusion List.

Resolution

Since you cannot view the Exclusion List in vCenter, you will need to verify the configuration from the NSX Manager API.

Run the following to see the NSX Manager Exclusion List configuration:

GET https://nsx-manager-ip/api/2.1/app/excludelist

You may see that additional objects are included in the output (that you cannot see in the Web Client). Check if these additional objects are templates:

        <excludeMember>
            <member>
                <objectId>vm-##</objectId>
                <objectTypeName>VirtualMachine</objectTypeName>
                <vsmUuid><UUID></vsmUuid>
                <nodeId><ID></nodeId>
                <revision>20</revision>
                <type>
                    <typeName>VirtualMachine</typeName>
                </type>
                <name>Windows Server 2016 Template</name>
                <scope>
                    <id>domain-##</id>
                    <objectTypeName>ClusterComputeResource</objectTypeName>
                    <name><Cluster name></name>
                </scope>
                <clientHandle></clientHandle>
                <extendedAttributes/>
                <isUniversal>false</isUniversal>
                <universalRevision>0</universalRevision>
            </member>
            <systemResource>false</systemResource>
        </excludeMember>


Once you determine that the some of the objects listed are "template" VMs and not actual VMs, remove the templates from the Exclusion List.

Remove objects from the exclusion list with the following API. You get the member ID from the GET output above:

DELETE   https://nsx-manager-ip/api/2.1/app/excludelist/{memberID}

Once the templates have been successfully removed from the Exclusion List, run a force sync on the firewall for the affected cluster.
 
Then, refresh the browser or log out/log back into vCenter.

Powered by Wolken Software