This error can occur after a NSX upgrade in NSX 4.2.x.

This error can also occur while connected to a Global Manager or after the Local Manager has been offloaded from the Global Manager.

If the Local Manager is still connected to a Global Manager

•  This situation is caused by the Local Sites thumbprint not matching with the Global manager and needs to be updated.

If the Local Manager has been offloaded from the Global Manager

• This situation is caused by a stale enforcement point in the Local Manager.
• The error will show in /var/log/proton/nsxapi.log and will have an enforcement point that begins with "global-infra"  instead of just "infra"

https://<local-manager>/policy/api/v1/infra/domains/default/security-policies/<policy-name>/rules/<rule-name>/statistics?enforcement_point_path=/global-infra/sites/<site-name>/enforcement-points/default

Local Manager has been offloaded from the Global Manager or not using a NSX Federation:

• Find the name of the stale enforcement point by using one of the following methods:
  • Locate the error message in /var/log/proton/nsxapi.log  It will contain a URL with the enforcement point 
    • https://<local-manager>/policy/api/v1/infra/domains/default/security-policies/<policy-name>/rules/<rule-name>/statistics?enforcement_point_path=/global-infra/sites/<site-name>/enforcement-points/default
  • Dump the enforcement point corfu table and find the enforcement point 

/opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t EnforcementPoint > EnforcementPoint.txt

grep "stringId" EnforcementPoint.txt 
  "stringId": "/global-infra/sites/<site-name>/enforcement-points/default"

• Run the following API to clean up the stale enforcement point

POST  https://<local-manager>/policy/api/v1/troubleshooting/infra/tree/realization?action=cleanup 

Payload:
{
 "paths": [
    "/global-infra/sites/<NSX-site-name|Default>/enforcement-points/default"
  ]
}