• When attempting to use the Resolve Sync Errors workflow in NSX Manager to synchronize Node Settings (such as DNS Servers) between the NSX Manager and a Transport Node (Edge or ESXi Host), the operation fails with a permission error. 
  
  
  
• The UI displays the message: Error: Principal 'admin' with role ['enterprise_admin'] attempts to delete or modify an object of type nsx$EdgeTransportNode it doesn't own.
  
  
• The error payload includes createUser=nsx-t-superuser and allowOverwrite=null.

The Transport Node object is owned by a system-level Principal Identity (specifically nsx-t-superuser), which prevents the local admin user from modifying it through the standard UI workflow. The NSX Manager UI does not automatically apply the mandatory X-Allow-Overwrite: true header required to supersede this ownership protection.

To resolve the synchronization error, the configuration must be manually updated via the NSX API using the override header.

1. Retrieve the current configuration and revision: Run a GET request for the affected Edge node: GET https://<NSX-Manager-IP>/api/v1/transport-nodes/<Edge-UUID>

2. Perform a Force Update: Execute a PUT request to the same URL, ensuring the following header is included:

   • Header: X-Allow-Overwrite: true

   • Method: PUT

   • Body: Use the JSON response from Step 1, ensuring the dns_servers values are updated to match the desired state.

Refer also to (KB 391878) Unable to edit NSX Objects in NSX UI with error "You do not have permission to perform any operation on this object" and NSX-T API usage for information.