Alarm "The object path cannot be deleted as either it has children or it is being referenced by other objects" when trying to delete a Segment (or other object) in NSX
search cancel

Alarm "The object path cannot be deleted as either it has children or it is being referenced by other objects" when trying to delete a Segment (or other object) in NSX

book

Article ID: 431699

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • After attempting to delete a Segment (or another NSX object), an alarm is present in NSX Manager like:
    The object path=[/<path>/groups/<Segment Name>] cannot be deleted as either it has children or it is being referenced by other objects path=[/<path>/groups/<Group Name>]


    ^Note the Location Name in this image would identify the specific NSX Manager node (it will be a Local NSX Manager even if the alarm was noted while logged into a Global NSX Manager).

  • The image above shows failure to delete a Segment that is still a member of a "Group" and is specific to a Federated Environment with a Global Manager presenting the Error. 

  • Note that similar alarms appear for failures to delete other kinds of objects besides Segments and/or when deletion fails due to the object being referenced by something other than a Group.

  • Similar alarms in non-federated environments will reference object paths that don't include global-infra

Cause

NSX prevents the deletion of objects that are currently in use by other policy configurations to maintain referential integrity. The "path=" section of the error message identifies the specific consumer (Group, Firewall Rule, Service Profile, etc.) that is blocking the deletion.

Resolution

 

  1. Record the blocking object path from the error message (e.g., /infra/domains/default/groups/coc_overlay_segments).

  2. Log in to the UI of the Local NSX Manager (or site) where the error is identified in the Alarm's "Locations"

  3. Navigate to the location of the blocking object.  Examples:

    • If the path contains /groups/, go to Inventory > Groups.

    • If the path contains /distributed-firewall/, go to Security > Distributed Firewall.

  4. Edit the blocking object and remove the segment (or target object) from its membership criteria or static members.

  5. Save the changes.

  6. The original deletion task will automatically resume once the reference count reaches zero.

 

Additional Information

If the alarm specifies the object "has children," check for:

  • Logical Ports: Ensure no VMs or containers are connected to the segment.

  • Profiles: Ensure no segment profiles are uniquely bound to the object.

Powered by Wolken Software