NSX 3.2.1, after delete AD group, the status stays "In Progress"
search cancel

NSX 3.2.1, after delete AD group, the status stays "In Progress"

book

Article ID: 389908

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • The group was created in 3.1.x.
  • The group was defined with AD groups.
  • NSX upgrade from 3.1.x to 3.2.1. 
  • After deleting group, on NSX UI the status is "In Progress"

Environment

VMware NSX-T Data Center 3.x

Cause

In NSX-T 3.2.x the enforcement point has changed from:

/infra/realized-state/enforcement-points/default/groups/nsgroups/identity/

To:

/infra/realized-state/enforcement-points/default/groups/nsgroups/

Notice the new path no longer contains the keyword "identity".

 

The cleanup task is deriving the realization path as:

/infra/realized-state/enforcement-points/default/groups/nsgroups/xxxx-group-name

Where as from corfu table GenericPolicyRealizedResource we can see that the realization path is:

Key:
{
  "stringId": "/infra/realized-state/enforcement-points/default/groups/nsgroups/identity/xxxx-group-name"
}

The extra "/identity/" in the path is causing the current behavior.

The deletion logic is skipping the deletion of the resources as the GPRR(Generic Policy Realized Resource) without "/identity/" in the path is not found.

Resolution

This issue is resolved in NSX-T 3.2.2.

Powered by Wolken Software