• During NSX Manager upgrade from NSX 3.2.4 to 4.x, the pre-upgrade checks fail with the following error:

 Pre-upgrade checks failed for MP: From 4.1.1 release onwards, NSX-T ALB integration with policy API and UI is deprecated. It is recommended to use ALB (Avi) Controller UI and APIs. 

• In the upgrade-coordinator logs, the following warning is observed:

[PUC] Pre-upgrade check InspectionTaskInfo[id=albPolicyDeactiveCheck] failed with result BasicInspectionTaskResult{status=FAILURE, ... InvalidPolicyPathException ...}

• Attempts to delete the ALB onboarding workflow using API return:

Cannot delete the enforcement point /infra/sites/default/enforcement-points/alb-endpoint dependant intent present in alb service

• The NSX Manager UI may still show stale Advanced Load Balancer (ALB) entries such as Virtual Services or Enforcement Points, even though ALB VIPs were previously deleted.

This issue blocks the NSX Manager upgrade from proceeding beyond the pre-check stage.

NSX-T 3.2.4 or earlier upgrading to NSX 4.1.x

From NSX 4.1.1 onwards, ALB (Avi) integration using Policy API and UI has been deprecated.
When upgrading from NSX 3.2.x to 4.x, stale ALB objects (enforcement points, endpoints, or virtual service references) can remain in the NSX Policy database if the ALB Deactivate API was not executed prior to upgrade.

These stale references cause Generic Policy Realized Resource (GPRR) indexing issues such as InvalidPolicyPathException, leading to the failure of the alb_policy_deactivate_check pre-upgrade validation.

VMware has identified and fixed this issue in NSX 4.1.2 and later releases, and it will also be resolved in upcoming 4.2.2 and 9.0 versions.

Step 1 – Verify ALB Integration

• Confirm with the ALB team that ALB is no longer managed by NSX Manager and the cloud type is vCenter.

• Ensure no active NSX-T ALB configuration is present under System → Advanced Load Balancer in NSX UI.

Step 2 – Attempt API Deletion (optional)

Try deleting the ALB onboarding workflow (if no dependencies exist):

DELETE  https://<nsx_manager_ip>/policy/api/v1/infra/alb-onboarding-workflow/LCM

If the above returns a dependency error, then please contact Broadcom Support for further assistance.
Additional cleanup steps may be required and must only be performed by Broadcom Support .

• The issue occurs when stale ALB Policy objects remain in the NSX-T DB after deprecation of Policy-based ALB integration.

• Future upgrades (4.1.2 and onwards) include an internal fix to automatically handle these entries.

• Related KB articles:

  • KB 87899 – NSX-T ALB Integration Deprecation Notice

• Affected path examples:
  /infra/sites/default/enforcement-points/alb-endpoint