NSX Federation: Deleted DFW Policies and NSgroups remain in UI
search cancel

NSX Federation: Deleted DFW Policies and NSgroups remain in UI

book

Article ID: 383322

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

  • When deleting firewall policies and NSGroups from the Global Manager NSX UI, the objects are not fully removed. After initiating the delete action, the policy or group becomes dimmed, displays a trash can icon, and can no longer be modified.

  • The following errors are seen in the Global Manager logs - /var/log/gmanager/gmanager.log:

2024-10-23T20:15:56.595Z  INFO ClientReceiverFlowHandler-1 AbstractSpanCalculationService 5789 POLICY [nsx@6876 comp="global-manager" level="INFO" subcomp="global-manager"] delete /global-infra/traceflow-observations/########-####-####-############ span is not persisted, calculated span on the fly []
2024-10-23T20:15:56.596Z  INFO ClientReceiverFlowHandler-1 AbstractSpanCalculationService 5789 POLICY [nsx@6876 comp="global-manager" level="INFO" subcomp="global-manager"] cleared all SpanPerThreadSpecifics
2024-10-23T20:15:56.596Z ERROR ClientReceiverFlowHandler-1 WorkQueueProducer 5789 POLICY [nsx@6876 comp="global-manager" errorCode="PM529001" level="ERROR" subcomp="global-manager"] Received exception in transaction interceptor
java.lang.NullPointerException: null

        at com.vmware.nsx.management.policy.policyframework.service.ops.traceflow.GmTraceflowListener.changeToOldTraceflowPath(GmTraceflowListener.java:58) ~[libgm-framework-api.jar:?]
        at com.vmware.nsx.management.policy.policyframework.service.span.SpanCalculationResultUtils.populateSpanCalculationResultForDeletedResource(SpanCalculationResultUtils.java:104) ~[libgm-common-framework.jar:?]
        at com.vmware.nsx.management.policy.policyframework.service.span.AbstractSpanCalculationService.handleCalculateSpanForDelete(AbstractSpanCalculationService.java:219) ~[libgm-common-framework.jar:?]
        at com.vmware.nsx.management.policy.policyframework.service.span.AbstractSpanCalculationService.calculateSpan_aroundBody4(AbstractSpanCalculationService.java:129) ~[libgm-common-framework.jar:?]
        at com.vmware.nsx.management.policy.policyframework.service.span.AbstractSpanCalculationService$AjcClosure5.run(AbstractSpanCalculationService.java:1) ~[libgm-common-framework.jar:?]

Environment

NSX 4.1.x

Cause

During traceflow cleanup on GM, the validation of the segment port gets identified incorrectly and causes this issue.

Resolution

  • Issue is resolved in NSX-T 4.2.0 and later
  • If you have the matched NSX-UI issue and the null ERROR for traceflow under cause, please open a support case with VMware by Broadcom and provide this KB article link. 
  • Please see the following KB for a similar issue also involving stuck traceflow observations - KB 414606
Powered by Wolken Software