Management
Highlighted
Management

Fail to delete Policy

09.02.10   |  
‎09-02-2010 07:06 AM

Hi all,

 

I'm running NSM 2010.2 and despite the client being a memory hog, it is working fine.

This NSM is only managing the security policy of a cluster of SRX5800.

Since this Firewall is working as a Core router and there are lots of changes on the Device outside NSM, I'm constantly importing the device and sometimes a new Policy is created.

After having lots of policy versions, I delete obsolete ones to keep the GUI clean.

I have been able to delete all Policies I wanted except six of them.

The GUI confirms that these policies are not referenced on any device but when I click the Finish button to delete them I get the message "Failed to delete object. Please see error log for details".

 

I checked the errorlog  guiDaemon.0 and found the following:

 

 

[09/02/2010 15:03:43.707] [Error] [30868368-XmlContainerImpl.cpp:922] deleteObject failed because object (&1.rb_firewall.14) has following referrers:
nsmpolicy/1.16.65520
[09/02/2010 15:03:43.709] [Error] [30868368-nsSetDbXDb.cpp:1015] XdbException: Exception [4294967295]: Operation failed because this object (&1.rb_firewall.14) is currently referenced by other objects
StackTrace:
        136444853: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN9ExceptionC2ERKSsi+0xa5) [0x821fbb5]
        135503324: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN5Utils17throwXdbExceptionEPKcz+0x7c) [0x8139ddc]
        135920449: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN16XmlContainerImpl13deleteObject_ERN5DbXml14XmlTransactionEtjR17RefCountedAutoPtrI16XdbUpdateContextEbb+0xc01) [0x819fb41]
        136214848: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(_ZN12XdbContainer12deleteObjectEtj17RefCountedAutoPtrI16XdbUpdateContextES0_I14XdbTransactionEjbb+0x1a0) [0x81e7940]
        137245018: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(setDbDeleteXdbSetObj+0xda) [0x82e315a]
        137146429: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager [0x82cb03d]
        137685706: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(bbHashForEach+0x8a) [0x834eaca]
        137156464: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager [0x82cd770]
        137161191: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModify+0x87) [0x82ce9e7]
        137162628: /opt/usr/netscreen/GuiSvr/bin/.guiSvrManager(nsSetDbMgrModifyWithSet+0x494) [0x82cef84]
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:5477] setDbDeleteXdbSetObj failed: domain(global), category(rb_firewall), id(14)
[09/02/2010 15:03:43.710] [Error] [30868368-bbHash.c:760] bbHashForEachFunc() failed due to application error.
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:4582] bbHashForEach failed
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:2094] processDelete failed
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgr.c:1319] nsSetDbMgrModify failed
[09/02/2010 15:03:43.710] [Error] [30868368-nsSetDbMgrUtils.c:151] Error executing 'modify' request: NS_SETDBMGR_QUERYCALLBACK_FAILED

 

Where can I find this "nsmpolicy/1.16.65520" which is said to being referencing this policy?

 

Thanks in advance

 

Paulo Vasconcelos

JNCIP-ENT
JNCIS-SEC
11 REPLIES
Management

Re: Fail to delete Policy

10.05.10   |  
‎10-05-2010 02:09 AM
Hello Paulo I also experienced this problem, I was unable to delete some policies although they were no longer assigned to any device. I found, in my case, that this was due to objects contained in earlier versions of the policy. By restoring the oldest version of the problematic policy I was then able to delete it. I hope this helps Regards Tony
Management

Re: Fail to delete Policy

10.05.10   |  
‎10-05-2010 08:05 AM

Thanks Tony, that worked a treat, been trying to solve that one for ages! Robot Very Happy

Management

Re: Fail to delete Policy

10.06.10   |  
‎10-06-2010 01:26 AM

Thanks Tony! I'll give it a try!

 

Cheers

JNCIP-ENT
JNCIS-SEC
Management

Re: Fail to delete Policy

10.15.10   |  
‎10-15-2010 01:06 AM

Hi

 

I have the same issue, I could not delete the policies even after devices and objects are deleted. In fact I have 3 old polices. 

 

I simply logout and login to NSM and deleted the very first policy. Now it is deleted. Tried the next one soon, but failed.

Again logout and login to NSM and can able to delete the next one.

 

I am not sure, but to delete the plocies I used to logout and login everytime.  Pls try.

 

Reg

Boopathy

 

 

Management

Re: Fail to delete Policy

10.15.10   |  
‎10-15-2010 02:07 AM

Tony's solution worked like a charm to me.

Just restored the policies I couldn't delete to their original version and it worked flawlessly.

 

Thanks again Tony.

 

Cheers

JNCIP-ENT
JNCIS-SEC
Management

Re: Fail to delete Policy

10.25.10   |  
‎10-25-2010 01:48 AM
Hi, I had the same issue with NSM 2010.3 and this solution works fine for me. Thank you!
Management

Re: Fail to delete Policy

12.16.10   |  
‎12-16-2010 07:32 AM

Hi All, I had the same issue however there was no earlier version to restore.  But, I created a version, then went back in and restored the version prior to the one I created.  Once restored I was able to remove the policy.  Odd, but it worked.

Management

Re: Fail to delete Policy

12.16.10   |  
‎12-16-2010 07:51 AM

I'm becoming more and more accostumed and less impressed to stuff like this as my time using Juniper products grows.... Smiley Happy

JNCIP-ENT
JNCIS-SEC
Management

Re: Fail to delete Policy

01.18.11   |  
‎01-18-2011 03:49 AM

Hi, I got the same problem too. I am using 2010.3

 

May I know how do i restore the policy to the original version?

 

I am not quite sure about the version thingy. May i know where can i see the version?

 

Thanks

Management

Re: Fail to delete Policy

06.04.11   |  
‎06-04-2011 10:41 PM
  1.  right click on the policy you wanna delete.
  2. choose the last option " Show Versions".
  3. a new window will popup, there gonna be two lines; the first one tells you what is your current version & the second one tells you what is your inital version.
  4. click one the second one "initial version" & then click on restore.
  5. click next, next and then finish.
  6. right click on the policy you wanna delete & click delete, it should work now.
Management

Re: Fail to delete Policy

10.19.12   |  
‎10-19-2012 02:49 AM
Hello Najiyousif, Thanks for your post. Your suggested steps did the trick. And I was able to delete to old policies! Kind regards, Antoinette