• In NSX UI at “System” > “General System Settings” > “Manager Objects Promotion” > “Manager to Policy Objects Promotion” section
• After starting an objects’ promotion, the process fails with the error:

  Object Promotion failed. Please cancel the promotion and contact VMware support.

  

• Clicking Failed Objects shows the error:
  
  

  Resource type: DFW_Section is dependent on resource type: LogicalPort with id: <UUID>. Please make sure that the dependent objects are promoted first or are not created by policy.

   

• In NSX Manager logs at /var/log/syslog you see messages such as:
  
  

  syslog:2025-01-01T18:20:45.500Z server.example.com NSX 1266070 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="migration-coordinator"] addFeedBackToCache : FeedBackData{error_list='[MpPolicyPromotionFeedBackDataError{error_id='30542', error_desc='Resource type: DFW_SECTION is dependent on resource type: LogicalPort with id: <UUID1>. Please make sure that the dependent objects are promoted first or are not created by policy.'}]', mp_Id='<UUID2>', mp_display_name='firewall', type='DFW_SECTION', timestamp='1738002045500'}
  

Refer to the following Document for additional context: Promote Manager Objects to Policy Objects and Troubleshooting Manager to Policy Objects Promotion

VMware NSX

This error means that a policy-created object, in this case a DFW_SECTION, is dependent on a LogicalPort that no longer exists. The Bridge Firewall Object remains in the database and cannot be identified based on searches for the LogicalPort UUID. This missing object prevents the promotion of the DFW/Bridge Firewall object.

This will be fixed in a future version of NSX.

Each UUID is referring to a different, though connected, object. The first are LogicalPort UUID's, the latter are the Bridge Firewall Object UUID.

To identify the correct object UUIDs, take the error as described in the Issue/Introduction section above and identify the LogicalPort and mp_ID:

syslog:2025-01-01T18:20:45.500Z server.example.com NSX 1266070 SYSTEM [nsx@6876 comp="nsx-manager" level="INFO" subcomp="migration-coordinator"] addFeedBackToCache : FeedBackData{error_list='[MpPolicyPromotionFeedBackDataError{error_id='30542', error_desc='Resource type: DFW_SECTION is dependent on resource type: LogicalPort with id: <UUID1>. Please make sure that the dependent objects are promoted first or are not created by policy.'}]', mp_Id='<UUID2>', mp_display_name='firewall', type='DFW_SECTION', timestamp='1738002045500'}

Example:

root@nsxmgr01:~# grep -E <UUID1 | UUID2> /var/log/syslog

• <UUID1> matches the Error message in the NSX UI.
• <UUID2> is the Bridge Firewall Object UUID needed for step 2 below.

Using the UUIDs extract from the log entry, create two API calls to identify the objects and delete them:

1. Use GET on Firewall Section objects to confirm that these objects are the correct BFW section (“enforced_on”: “BRIDGEENDPOINT”, is_default”:false)

GET https://{{nsx_mgr_ip}}/api/v1/firewall/sections/<<UUID2>>

2. Once confirmed that these are the appropriate BFW sections based on the results of step 1, delete them using following API:

DELETE https://{{nsx_mgr_ip}}/api/v1/firewall/sections/<<UUID2>>

If you think you’re experiencing this symptom and are opening a case with Broadcom Support, please collect the following information

• Collect Support Bundles for Troubleshooting NSX-T
• Uploading Diagnostic information for VMware through the Secure FTP & Broadcom portal
• Creating and managing Broadcom support cases