Management
Management

Error during deleting old vsys from NSM

[ Edited ]
‎01-27-2017 06:43 AM

Hi,

 

I need to delete vsys, which is not assigned to any device from NSM. There is no reference object, but I see only:

'failed to delete object. See error logs'

 

[01/27/2017 14:29:59.626] [Notice] [39703440-soConfigDbDeviceFuncs.c:7712] device list for domain retrieved
 (1
        :515 (abc123
                :type (vsys-cluster)
                :header ()
                :startup (
                        :devicefamily (screenos)
                )
        )
)

[01/27/2017 14:29:59.669] [Error] [39703440-XmlContainerImpl.cpp:922] deleteObject failed because object (&8.deviceobj.515) has following referrers:
rb_firewall/8.2010.65520
[01/27/2017 14:29:59.671] [Error] [39703440-nsSetDbXDb.cpp:1016] XdbException: Exception [4294967295]: Operation failed because this object (&8.deviceobj.515) is currently referenced by other objects

StackTrace:
        136774341: /usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN9ExceptionC1ERKSsi+0xd5) [0x82702c5]
        135868540: /usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN5Utils17throwXdbExceptionEPKcz+0x6c) [0x819307c]
        136265020: /usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN16XmlContainerImpl13deleteObject_ERN5DbXml14XmlTransactionEtjR17RefCountedAutoPtrI16XdbUpdateContextEbb+0x85c) [0x81f3d3c]
        136607904: /usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN12XdbContainer12deleteObjectEtj17RefCountedAutoPtrI16XdbUpdateContextES0_I14XdbTransactionEjbb+0x1f0) [0x82478a0]
        137565246: /usr/netscreen/GuiSvr/bin/.guiSvrManager(setDbDeleteXdbSetObj+0xce) [0x833143e]
        137444639: /usr/netscreen/GuiSvr/bin/.guiSvrManager [0x8313d1f]
        138014296: /usr/netscreen/GuiSvr/bin/.guiSvrManager(bbHashForEach+0x68) [0x839ee58]
        137458613: /usr/netscreen/GuiSvr/bin/.guiSvrManager [0x83173b5]
        137464174: /usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModify+0x8e) [0x831896e]
        137481724: /usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModifyWithSet+0x5bc) [0x831cdfc]

[01/27/2017 14:29:59.671] [Error] [39703440-nsSetDbMgr.c:5575] setDbDeleteXdbSetObj failed: domain(global.XYZ), category(deviceobj), id(515)
[01/27/2017 14:29:59.671] [Error] [39703440-bbHash.c:760] bbHashForEachFunc() failed due to application error.
[01/27/2017 14:29:59.671] [Error] [39703440-nsSetDbMgr.c:4680] bbHashForEach failed
[01/27/2017 14:29:59.671] [Error] [39703440-nsSetDbMgr.c:2110] processDelete failed
[01/27/2017 14:29:59.671] [Error] [39703440-nsSetDbMgr.c:1331] nsSetDbMgrModify failed
[01/27/2017 14:29:59.671] [Error] [39703440-soConfigDbDeviceFuncs.c:7796] nsSetDbMgrModifyWithSet failed
[01/27/2017 14:29:59.671] [Error] [39703440-soConfigDbDeviceFuncs.c:6612] deleteDeviceFromDb failed
[01/27/2017 14:29:59.671] [Error] [39703440-soConfigDbUtils.c:262] Error executing 'deleteDevice' request: SO_CONFIGDB_MISC_ERROR
[01/27/2017 14:29:59.740] [Error] [145384336-nsSetDbMgr.c:2992] bbHashFind(key=global.XYZ/deviceobj/515) failed - object is not is the hash
[01/27/2017 14:29:59.740] [Error] [145384336-nsSetDbMgr.c:4019] nsSetDbMgrCloseObjectEdit(domain=global.XYZ, category=deviceobj, objectId=515) failed: NS_SETDBMGR_ATTEMPT_CLOSE_NONOPENED_OBJECT
[01/27/2017 14:29:59.740] [Error] [145384336-bbHash.c:760] bbHashForEachFunc() failed due to application error.
[01/27/2017 14:29:59.740] [Error] [145384336-nsSetDbMgr.c:1741] bbHashForEach(nsSetDbMgrCloseEditCallback) failed: BB_HASH_APPLICATION_ERROR
[01/27/2017 14:29:59.740] [Error] [145384336-nsSetDbMgrUtils.c:151] Error executing 'closeObjectForEdit' request: NS_SETDBMGR_MISC_ERROR

 

I created new version, went to it and get back, but it has no sense since there is no device assigned to this vsys.

Any suggestions?

 

thanks

7 REPLIES 7
Management

Re: Error during deleting old vsys from NSM

‎01-28-2017 08:25 AM

The vsys is referenced by something else in NSM.  Perhaps a policy is applied to the vsys and you would need to remove this from all the policy rule objects before it can be deleted.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Management

Re: Error during deleting old vsys from NSM

‎01-29-2017 06:36 PM

HI,

 

it has a policy assign to it, unassign the policy and try to delete it.

 

[01/27/2017 14:29:59.669] [Error] [39703440-XmlContainerImpl.cpp:922] deleteObject failed because object (&8.deviceobj.515) has following referrers:
rb_firewall/8.2010.65520

Management

Re: Error during deleting old vsys from NSM

‎02-16-2017 10:04 AM

No policy is assigned to this vsys.

In addition this vsys is already deleted from device. As for now I got same error.

I was able to delete another vsys from this NSM today succesfully.

Management

Re: Error during deleting old vsys from NSM

‎02-16-2017 10:37 PM

HI D.deny,

 

if you are still getting the same error then it needs to delete from database manually.

from the log mentioned here, you can follow below steps to delete LSYS, as somehow it is showing that policy is referred:

 

In HA environment, stop secondary server services first using : service haSvr stop

 

1. Take NSM DB backup using tech-support.sh db

2. Enter xdb using: 

[root@localhost ~]# /usr/netscreen/GuiSvr/utils/.xdbViewEdit.sh

Start XDB View Editor in read-only mode? [y]/n: n

 

3. go to 3 option (3. Display tuples in a category across all domains)

type: deviceobj

 

4. Search your device hostname

5. note down domain-id and object-id

 

 

Tuples for category deviceobj

domain-id       object-id            object-name     

_________       _________       -----------     

        1              16                     your_device_name

 

For example: here 1 and 16

 

6 . exit from this window using "q"

7. Enter to get previous menu

8. go to 7 option

9. Now use your domain-id and object-id      (here 1 and 16 as an expamle)

10. type 1.deviceobj.16                                 (as per your log it should be: 8.deviceobj.515 )

e.g:  Enter tuple-name in format domain-id.category.tuple-id: 1.deviceobj.16

 

11. search for :

rb_firewall/8.2010.65520

 

12. Press "i" to go into insert mode

13. delete "rb_firewall/8.2010.65520"  leave ""

14. save teh file using ESC+ :wq!

15. start the NSM services if it is not started.

 

Now you should be able to delete the device or there could be different references which you can check gui log.

 

Let me know the result.

 

--PL

Management

Re: Error during deleting old vsys from NSM

‎02-19-2017 05:39 AM

Another technique i have used with NSM being out of sync is to re-import the base hardware object.

 

This does erase any difference in NSM but not on the firewall.  So make sure you do a delta config first and confirm there is nothing you want to keep on the list for any of your settings on this cluster.

 

This might get you back in sync so the delete would work without having to manually touch the database.  I have generally only removed items in the database with a JTAC ticket and engineer on line to be able to quickly roll back and successfully identify the necssary records.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Management

Re: Error during deleting old vsys from NSM

4 weeks ago

Hi,

 

Can you please share the method/procedure(any document) on how to delete the vsys from NSM GUI normally.

 

Regrads,

Anurag Kashmiri

Management

Re: Error during deleting old vsys from NSM

4 weeks ago

The delete option is directly in the interface when you have the vsys selected.

 

The issue is there is no feed back as to why it cannot delete if dependencies are still in place.

 

But newer versions of screenOS will give you a reason on the cli if you run the unset command there

unset vsys name

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home