🖥️ VMware Cloud Director

How to Delete a VMware Cloud Director Organisation When Application Port Profiles Block Deletion

📅 June 08, 2026 · ✍️ Ravindrakumar Narayanan · ⏱ ~6 min read

⚠️ Known Bug — Broadcom KB 312277: Affects VMware Cloud Director 10.4.x, 10.5.x, and 10.6.x. Deleting an organisation via the UI fails with: "You must delete this Organisation's Application Port Profiles before you can delete the organisation." The fix is to force-delete via the API and re-sync NSX-T application port profiles.

Overview

When an edge gateway associated with a VCD organisation is deleted before its application port profiles are removed, those port profiles are left in a stale state. Any subsequent attempt to delete the organisation through the UI will fail with the error above. This post walks through the complete resolution — verifying the target organisation, force-deleting it via the built-in API Explorer, and re-syncing NSX-T application port profiles to clear the stale entries.

!

Root Cause

Why Does This Happen?

VMware Cloud Director deletes edge gateways before their associated application port profiles during an organisation deletion. When the edge gateway is removed first — whether manually or as part of a prior cleanup — the port profiles lose their parent object but remain registered in VCD. The UI-based deletion then detects these orphaned profiles and refuses to proceed.

This is a confirmed bug in VMware Cloud Director 10.4.x and later, documented in Broadcom KB 312277. The workaround uses the force=true parameter on the delete API endpoint, available from VCD 10.3 onwards.

1

Identify and Verify the Target Organisation

Step 1.1 — Obtain the Organisation URN from the Provider UI

Log in to the VCD Provider UI and navigate to Cloud Resources → Organisations. Open the target organisation. The browser address bar will now show the organisation URN — copy it. It follows the format:

urn:vcloud:org:<ORG-UUID>
Example: urn:vcloud:org:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Keep this value to hand — it is required in every subsequent API call.

Step 1.2 — Open the API Explorer and Authenticate

Access the built-in API Explorer by clicking the ? icon in the top-right corner of the VCD Provider page and selecting API Explorer. Authenticate using your VCD administrator credentials.

Multi-site deployments: Use the API Explorer from the same VCD site as the target organisation. Refer to KB 320526 for API connection guidance if needed.

Step 1.3 — Verify the Organisation URN Matches the Target

Before deleting anything, confirm the URN maps to the correct organisation. Navigate to the Org → getOrg endpoint in the API Explorer:

GET /cloudapi/1.0.0/orgs/{orgUrn}

Click Try it out, paste the org URN into the orgUrn field, and click Execute. Check the response body — confirm the name field displays the correct organisation name.

⛔ Do not proceed until the API response confirms the correct organisation name. This verification step prevents accidental deletion of the wrong tenant.
2

Force-Delete the Organisation via the API

Step 2.1 — Navigate to deleteOrg in the API Explorer

In the API Explorer, locate the Org → deleteOrg endpoint:

DELETE /cloudapi/1.0.0/orgs/{orgUrn}?force=true

Step 2.2 — Set Parameters and Execute

Click Try it out and enter the following parameters:

orgUrn = urn:vcloud:org:<ORG-UUID>
force = true
recursive = false

Click Execute. A successful response returns HTTP 202 Accepted. The deletion runs as an asynchronous VCD task — monitor the task list in the Provider UI to confirm completion before moving to the next step.

Why force=true? This flag instructs VCD to bypass the stale application port profiles check and proceed with deletion. It is the documented workaround from Broadcom KB 312277 and is supported from VCD 10.3 onwards.
3

Re-Sync NSX-T Application Port Profiles

Step 3.1 — Get the NSX-T Manager ID

In the VCD Provider UI, navigate to Infrastructure Resources → NSX-T → NSX-T Managers. Open the relevant NSX-T Manager. Copy the UUID from the browser address bar. Construct the filter parameter as follows:

networkProviderId==urn:vcloud:nsxtmanager:<NSXT-MANAGER-UUID>
Example: networkProviderId==urn:vcloud:nsxtmanager:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Step 3.2 — Execute the Sync via the API Explorer

In the API Explorer, locate applicationPortProfiles → syncApplicationPortProfiles:

POST /cloudapi/1.0.0/applicationPortProfiles/sync

Click Try it out, enter the filter string from Step 3.1 into the filter field, and click Execute. A successful response confirms VCD has re-synchronised the application port profiles for that NSX-T manager, removing any stale entries left behind by the deleted organisation.

📌 Note: The POST request requires the networkProviderId== filter — the request will be rejected without it. See the Broadcom OpenAPI documentation for full parameter reference.
4

Post-Deletion Verification

Confirm the Organisation Has Been Removed

Return to the VCD Provider UI and navigate to Cloud Resources → Organisations. Confirm the deleted organisation no longer appears in the list. If it is still visible, wait for the asynchronous VCD task to complete and refresh the page.

Optional API check: Re-run the getOrg call with the same URN — a 404 Not Found response confirms the deletion was successful.

End-to-End Checklist

📘

Broadcom Knowledge Base — Referenced Article

KB 312277 — "You must delete this Organisation's Application Port Profiles before you can delete the organisation"

Affected versions: VMware Cloud Director 10.4.x, 10.5.x, 10.6.x  ·  Resolution: force-delete via /cloudapi/1.0.0/orgs/{orgUrn}?force=true