Hello, since you seem to be able to push a new policy to the device this probably due the fact the profiler DB is full and needs to be purged. This should happen by itself but my experience is that NSM does not always do this in a timely manner.
I usually end up deleting the profiler DB files under this catalog on the IDP itself:
/usr/idp/device/var/profile
delete all the DB files and then try to start the profiler again with NSM or the IDP CLI:
profiler.sh start
This could also be a problem with disk space on the IDP with /var/idp please check this first perhaps.
Regards
-John