"Class NoMatchingRecipient" server errors after rotating a server signing key
The <<besadmin.exe /rotateserversigningkey>> fails with class NoMatchingRecipient.
Multiple entries " class NoMatchingRecipient " errors are reported in the BESRelay.log
Resolving the problem
Let's assume <<besadmin.exe /rotateserversigningkey>> results in
and that there are multiple " /data/ldap-directories (5048) - class NoMatchingRecipient " in BESRelay.log.
( As an example, consider besadmin.exe /rotateserversigningkey is one of the steps required by http://www-01.ibm.com/support/docview.wss?uid=swg21587799 to fix LDAP user account login errors. )
The following procedure fixes the noMatchingRecipient error:
1. UPDATE LDAP_Settings SET EncryptedPassword = NULL (this SQL statement
deletes the EncryptedPassword column of the LDAP_Settings table, BFEnterprise Database )
2. Open a command prompt and cd to the BES Server directory (or wherever BESAdmin is).
3. Run <<BESAdmin.exe /resignSecurityData>>
4. Log in as local MO.
5. Go to the LDAP Directories tree item.
6. Edit each LDAP Directory with the appropriate password.
IEM 9.0 Patch 1 will prevent this issue.