Management
Reply
Contributor
PauloMV
Posts: 25
Registered: ‎12-12-2007
0
Accepted Solution

Fail to delete Policy

Hi all,

 

I'm running NSM 2010.2 and despite the client being a memory hog, it is working fine.

This NSM is only managing the security policy of a cluster of SRX5800.

Since this Firewall is working as a Core router and there are lots of changes on the Device outside NSM, I'm constantly importing the device and sometimes a new Policy is created.

After having lots of policy versions, I delete obsolete ones to keep the GUI clean.

I have been able to delete all Policies I wanted except six of them.

The GUI confirms that these policies are not referenced on any device but when I click the Finish button to delete them I get the message "Failed to delete object. Please see error log for details".

 

I checked the errorlog  guiDaemon.0 and found the following:

 

 

[09/02/2010 15:03:43.707] [Error] [30868368-XmlContainerImpl.cpp:922] deleteObject failed because object (&1.rb_firewall.14) has following referrers:
nsmpolicy/1.16.65520
[09/02/2010 15:03:43.709] [Error] [30868368-nsSetDbXDb.cpp:1015] XdbException: Exception [4294967295]: Operation failed because this object (&1.rb_firewall.14) is currently referenced by other objects
StackTrace:
        136444853: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN9ExceptionC2ERKSsi+0xa5) [0x821fbb5]
        135503324: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN5Utils17throwXdbExceptionEPKcz+0x7c) [0x8139ddc]
        135920449: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN16XmlContainerImpl13deleteObject_ERN5DbXml14XmlTransactionEtjR17RefCountedAutoPtrI16XdbUpdateContextEbb+0xc01) [0x819fb41]
        136214848: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN12XdbContainer12deleteObjectEtj17RefCountedAutoPtrI16XdbUpdateContextES0_I14XdbTransactionEjbb+0x1a0) [0x81e7940]
        137245018: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(setDbDeleteXdbSetObj+0xda) [0x82e315a]
        137146429: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager [0x82cb03d]
        137685706: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(bbHashForEach+0x8a) [0x834eaca]
        137156464: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager [0x82cd770]
        137161191: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModify+0x87) [0x82ce9e7]
        137162628: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModifyWithSet+0x494) [0x82cef84]
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:5477] setDbDeleteXdbSetObj failed: domain(global), category(rb_firewall), id(14)
[09/02/2010 15:03:43.710] [Error] [30868368-bbHash.c:760] bbHashForEachFunc() failed due to application error.
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:4582] bbHashForEach failed
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:2094] processDelete failed
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:1319] nsSetDbMgrModify failed
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgrUtils.c:151] Error executing 'modify' request: NS_SETDBMGR_QUERYCALLBACK_FAILED

 

Where can I find this "nsmpolicy/1.16.65520" which is said to being referencing this policy?

 

Thanks in advance

 

Paulo Vasconcelos

Regular Visitor
TonyP
Posts: 1
Registered: ‎10-05-2010

Re: Fail to delete Policy

Hello Paulo I also experienced this problem, I was unable to delete some policies although they were no longer assigned to any device. I found, in my case, that this was due to objects contained in earlier versions of the policy. By restoring the oldest version of the problematic policy I was then able to delete it. I hope this helps Regards Tony
Contributor
chistery
Posts: 14
Registered: ‎01-30-2009
0

Re: Fail to delete Policy

Thanks Tony, that worked a treat, been trying to solve that one for ages! :robotvery-happy:

Contributor
PauloMV
Posts: 25
Registered: ‎12-12-2007
0

Re: Fail to delete Policy

Thanks Tony! I'll give it a try!

 

Cheers

Boo
New User
Boo
Posts: 1
Registered: ‎10-15-2010
0

Re: Fail to delete Policy

Hi

 

I have the same issue, I could not delete the policies even after devices and objects are deleted. In fact I have 3 old polices. 

 

I simply logout and login to NSM and deleted the very first policy. Now it is deleted. Tried the next one soon, but failed.

Again logout and login to NSM and can able to delete the next one.

 

I am not sure, but to delete the plocies I used to logout and login everytime.  Pls try.

 

Reg

Boopathy

 

 

Contributor
PauloMV
Posts: 25
Registered: ‎12-12-2007
0

Re: Fail to delete Policy

Tony's solution worked like a charm to me.

Just restored the policies I couldn't delete to their original version and it worked flawlessly.

 

Thanks again Tony.

 

Cheers

Contributor
mbrandt
Posts: 17
Registered: ‎10-30-2008
0

Re: Fail to delete Policy

Hi, I had the same issue with NSM 2010.3 and this solution works fine for me. Thank you!
Visitor
billk@cptech.com
Posts: 1
Registered: ‎10-26-2010
0

Re: Fail to delete Policy

Hi All, I had the same issue however there was no earlier version to restore.  But, I created a version, then went back in and restored the version prior to the one I created.  Once restored I was able to remove the policy.  Odd, but it worked.

Contributor
PauloMV
Posts: 25
Registered: ‎12-12-2007
0

Re: Fail to delete Policy

I'm becoming more and more accostumed and less impressed to stuff like this as my time using Juniper products grows.... :smileyhappy:

Visitor
tanyc@digisafe.com
Posts: 2
Registered: ‎01-18-2011
0

Re: Fail to delete Policy

Hi, I got the same problem too. I am using 2010.3

 

May I know how do i restore the policy to the original version?

 

I am not quite sure about the version thingy. May i know where can i see the version?

 

Thanks

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.