NSX Federation Local Sites showing "Error: Search Index is out of sync for 'group'"
search cancel

NSX Federation Local Sites showing "Error: Search Index is out of sync for 'group'"

book

Article ID: 428217

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

In NSX Federation setup, a standalone NSX site was added to Global Manager. The standalone site has some security groups under "Inventory", "Groups". 

After the local site onboarded to NSX Global Manager, the local site may start to see errors similar to the following:

  • "Error: failed to fetch inventory details. Please contact the administrator. Error: Search index is out of sync for 'group'. Run the 'start search resync all' CLI command on the NSX appliance to resync.......(Error code: 513002)"
  • "Error: Index is currently out of sync for 'Group', system is trying to recover. (Error code: 60515)".

The "start search resync all" command is executed on all three local NSX managers, however, this issue persisted. 

In addition, the LM UI may show the following errors and the LM manager UI is unusable: 

In NSX manager logs, you may see the following:

search-manager.log:
53109:2026-01-14T21:14:36.298Z ERROR UfoIndexer-BatchExecutor-search_policy-4 UfoGenericConverter 87783 - [nsx@6876 comp="nsx-manager" errorCode="MP60511" level="ERROR" subcomp="manager"] [Indexing: DtoConversion] Could not convert UFO object to Dto by DTO converter UfoObject{operationType=CREATE, descriptor=IndexingTypeDescriptor{tableName='Group', streamTag=POLICY}, identifier=string_id: "/global-infra/domains/<domain-name>/groups/<group-name>"

A note here, the <group-name> may not be the same that appears in NSX UI, to fetch the correct name of the group showing in the UI, please use API call to the LM: GET https://NSX-LM-IP/policy/api/v1/global-infra/domains/<domain-name>/groups/<group-name>

Example API output:

{
    "expression": [
        {
            "paths": [
                "/global-infra/domains/<domain-name>/groups/<sub-group-name1>",
                "/global-infra/domains/<domain-name>/groups/<sub-group-name2>"
            ],
           ......
        },
        ....
    "extended_expression": [],
    "reference": true,
    "resource_type": "Group",
    "id": "<group-name>",
    "display_name": "<group-display-name-in-UI>",                                                         <================ This is the display name in UI
    "description": "",
    "path": "/global-infra/domains/<domain-name>/groups/<group-name>",
     ......
}

Environment

VMware NSX Federation

Cause

This issue is caused by Federation data sync.

Resolution

Workaround:

This issue may be resolved by either or a combination of following workarounds (To be executed from GM UI):

  • Update description of the problem group and save (dummy update)
  • Create a new dummy parent group and add the problem group to it as a member

Both workarounds require the "start search resync all" command to be run on all three problem LM site afterwards.

 

Additional Information

If you are contacting Broadcom support about this issue, please provide the following:

  • NSX Manager log bundles from both GM and LM sites
  • Text of any error messages seen in NSX GUI or command lines pertinent to the investigation
  • Handling Log Bundles for offline review with Broadcom support

Collect Support Bundles for Troubleshooting NSX-T
Uploading files to cases on the Broadcom Support Portal
Creating and managing Broadcom support cases

Powered by Wolken Software