"Class NoMatchingRecipient" server errors after rotating a server signing key

Technote (troubleshooting)


The <<besadmin.exe /rotateserversigningkey>> fails with class NoMatchingRecipient.
Multiple entries " class NoMatchingRecipient " errors are reported in the BESRelay.log

Resolving the problem

Let's assume <<besadmin.exe /rotateserversigningkey>> results in

and that there are multiple " /data/ldap-directories (5048) - class NoMatchingRecipient " in BESRelay.log.

( As an example, consider besadmin.exe /rotateserversigningkey is one of the steps required by http://www-01.ibm.com/support/docview.wss?uid=swg21587799 to fix LDAP user account login errors. )

The following procedure fixes the noMatchingRecipient error:

1. UPDATE LDAP_Settings SET EncryptedPassword = NULL (this SQL statement
deletes the EncryptedPassword column of the LDAP_Settings table, BFEnterprise Database )
2. Open a command prompt and cd to the BES Server directory (or wherever BESAdmin is).
3. Run <<BESAdmin.exe /resignSecurityData>>
4. Log in as local MO.
5. Go to the LDAP Directories tree item.
6. Edit each LDAP Directory with the appropriate password.

IEM 9.0 Patch 1 will prevent this issue.

Document information

More support for:

IBM BigFix family

Software version:

8.1, 8.2, 9.0

Operating system(s):


Reference #:


Modified date:


Translate my page

Content navigation