NSX UI reports search index is out of sync for 'Generic Policy Realized Resource' (Error code: 60516)
search cancel

NSX UI reports search index is out of sync for 'Generic Policy Realized Resource' (Error code: 60516)

book

Article ID: 434423

calendar_today

Updated On:

Products

VMware NSX VMware vDefend Firewall

Issue/Introduction

  • VMware NSX manager are running version 9.0.X
  • When attempting to list segments and gateways via the NSX UI, the following error is displayed and the UI does not load:

Search index is out of sync for 'Generic Policy Realized Resource'. Run the 'start search resync all' CLI command on the NSX appliance to resync. If the issue persists, contact Broadcom Support. (Error code: 60516)

  • Running the command 'start search resync all' does not resolve the issue.
  • Checking /var/log/search/search-manager.log on the NSX manager reports the following log lines:

2026-02-05T08:54:03.488Z ERROR http-nio-127.0.0.1-7440-exec-149 SearchSyncManagerImpl 79169 - [nsx@4413 comp="nsx-manager" errorCode="MP60516" level="ERROR" reqId="188dcc93-caca-41a3-b652-1816a53accd3" subcomp="manager" username="admin"] [QueryExecution: ConsistencyCheck] Search index is out of sync for GenericPolicyRealizedResource.

  • Similar errors are seen in /var/log/policy/nsxapi.log:

2026-01-21T15:39:59.355Z ERROR UfoIndexer-BatchExecutor-search_policy-2 PolicyPathUtil 5968 POLICY [nsx@4413 comp="nsx-manager" errorCode="PM500012" level="ERROR" subcomp="manager"] Invalid path /infra/realized-state/enforcement-points/default/domains/default/forwarding-section/bilanciatori-frontend_section

2026-01-20T23:00:03.960Z ERROR pool-795-thread-1 MetricsCollectionUtils 6078 POLICY [nsx@4413 comp="nsx-manager" errorCode="PM612501" level="ERROR" subcomp="manager"] Exception occurred in callSearchAndGetResultsWithFailSafe() while executing query : resource_type:TransitGateway exception : com.vmware.nsx.management.search.common.exceptions.SearchException: Search index is out of sync for 'resource_type:GenericPolicyRealizedResource'. Run the 'start search resync all' CLI command on the NSX appliance to resync. If the issue persists, contact Broadcom Support.

NOTE: The preceding log excerpts are only examples. Date, time and environmental variables may vary depending on your environment.

 

Environment

VMware NSX

VMware vDefend Firewall 

Cause

This error is due to stale GPRR entries after an unsuccessful clean-up.


The indexer cannot successfully process these entries (path is permanently invalid) and when the UI queries GPRR, the search framework throws error 60516

Resolution

The resolve this issue, run the below database gathering commands. Run these from root of an NSX manager CLI session. 

/opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t ForwardingPolicy > ForwardingPolicy.txt
/opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t ForwardingRule > ForwardingRule.txt
/opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t GenericPolicyRealizedResource > GenericPolicyRealizedResource.txt
/opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t PBRSection > PBRSection.txt
/opt/vmware/bin/corfu_tool_runner.py -o showTable -n nsx -t PBRRule > PBRRule.txt

After upgrading to version greater then 9.0.1, the ForwardingPolicy and ForwardingRule tables must be empty, and the GPRR table should not contain any entries with the string "forwarding-section" in the record key.

If you identify entries open a case with Broadcom Support with the NSX manager log bundle along with the below .txt files, making reference to this KB.

Powered by Wolken Software