IBM Support

"Class NoMatchingRecipient" server errors after rotating a server signing key

Technote (troubleshooting)


The <<besadmin.exe /rotateserversigningkey>> fails with class NoMatchingRecipient.
Multiple entries " class NoMatchingRecipient " errors are reported in the BESRelay.log

Resolving the problem

Let's assume <<besadmin.exe /rotateserversigningkey>> results in

and that there are multiple " /data/ldap-directories (5048) - class NoMatchingRecipient " in BESRelay.log.

( As an example, consider besadmin.exe /rotateserversigningkey is one of the steps required by to fix LDAP user account login errors. )

The following procedure fixes the noMatchingRecipient error:

1. UPDATE LDAP_Settings SET EncryptedPassword = NULL (this SQL statement
deletes the EncryptedPassword column of the LDAP_Settings table, BFEnterprise Database )
2. Open a command prompt and cd to the BES Server directory (or wherever BESAdmin is).
3. Run <<BESAdmin.exe /resignSecurityData>>
4. Log in as local MO.
5. Go to the LDAP Directories tree item.
6. Edit each LDAP Directory with the appropriate password.

IEM 9.0 Patch 1 will prevent this issue.

Document information

More support for: IBM BigFix family

Software version: 8.1, 8.2, 9.0

Operating system(s): Windows

Reference #: 1636691

Modified date: 14 April 2015

Translate this page: