• You tag a virtual machine via API to dynamically add it to an NSX security group.

• The virtual machine fails to populate into the assigned security group.

• The NSX UI confirms the required tag is present on the virtual machine object.

• Other virtual machines tagged simultaneously populate into the security group successfully.

VMware NSX

VMware Cloud Director

This issue occurs because an incorrect vcd.scope is assigned to the virtual machine within VMware Cloud Director. Dynamic group membership criteria rely on exact tag and scope combinations. The incorrect scope prevents the virtual machine from meeting the strict logical conditions required for inclusion in the NSX security group.

This is a condition that may occur in a VMware NSX environment.

To resolve this issue, correct the vcd.scope assignment for the virtual machine within VMware Cloud Director to ensure it matches the required scope defined in the NSX dynamic group criteria.