When an edge gateway associated with a VCD organisation is deleted before its application port profiles are removed, those port profiles are left in a stale state. Any subsequent attempt to delete the organisation through the UI will fail with the error above. This post walks through the complete resolution — verifying the target organisation, force-deleting it via the built-in API Explorer, and re-syncing NSX-T application port profiles to clear the stale entries.
VMware Cloud Director deletes edge gateways before their associated application port profiles during an organisation deletion. When the edge gateway is removed first — whether manually or as part of a prior cleanup — the port profiles lose their parent object but remain registered in VCD. The UI-based deletion then detects these orphaned profiles and refuses to proceed.
This is a confirmed bug in VMware Cloud Director 10.4.x and later, documented in
Broadcom KB 312277.
The workaround uses the force=true parameter on the delete API endpoint, available from VCD 10.3 onwards.
Log in to the VCD Provider UI and navigate to Cloud Resources → Organisations. Open the target organisation. The browser address bar will now show the organisation URN — copy it. It follows the format:
urn:vcloud:org:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxAccess the built-in API Explorer by clicking the ? icon in the top-right corner of the VCD Provider page and selecting API Explorer. Authenticate using your VCD administrator credentials.
Before deleting anything, confirm the URN maps to the correct organisation. Navigate to the Org → getOrg endpoint in the API Explorer:
Click Try it out, paste the org URN into the orgUrn field, and click Execute.
Check the response body — confirm the name field displays the correct organisation name.
In the API Explorer, locate the Org → deleteOrg endpoint:
Click Try it out and enter the following parameters:
Click Execute. A successful response returns HTTP 202 Accepted. The deletion runs as an
asynchronous VCD task — monitor the task list in the Provider UI to confirm completion before moving to the next step.
force=true? This flag instructs VCD to bypass the stale application port profiles
check and proceed with deletion. It is the documented workaround from Broadcom KB 312277 and is supported from VCD 10.3 onwards.
In the VCD Provider UI, navigate to Infrastructure Resources → NSX-T → NSX-T Managers. Open the relevant NSX-T Manager. Copy the UUID from the browser address bar. Construct the filter parameter as follows:
networkProviderId==urn:vcloud:nsxtmanager:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
In the API Explorer, locate applicationPortProfiles → syncApplicationPortProfiles:
Click Try it out, enter the filter string from Step 3.1 into the filter field, and click Execute. A successful response confirms VCD has re-synchronised the application port profiles for that NSX-T manager, removing any stale entries left behind by the deleted organisation.
networkProviderId== filter — the request will be rejected without it.
See the Broadcom OpenAPI documentation for full parameter reference.
Return to the VCD Provider UI and navigate to Cloud Resources → Organisations. Confirm the deleted organisation no longer appears in the list. If it is still visible, wait for the asynchronous VCD task to complete and refresh the page.
getOrg call with the same URN —
a 404 Not Found response confirms the deletion was successful.
getOrg API — confirmed correct before deletiondeleteOrg API with force=true and recursive=falsesyncApplicationPortProfiles API with networkProviderId== filterAffected versions: VMware Cloud Director 10.4.x, 10.5.x, 10.6.x · Resolution: force-delete via /cloudapi/1.0.0/orgs/{orgUrn}?force=true