IBM Support

"Class NoMatchingRecipient" server errors after rotating a server signing key



The <> fails with class NoMatchingRecipient. Multiple entries " class NoMatchingRecipient " errors are reported in the BESRelay.log

Resolving The Problem

Let's assume <<besadmin.exe /rotateserversigningkey>> results in

and that there are multiple " /data/ldap-directories (5048) - class NoMatchingRecipient " in BESRelay.log.

( As an example, consider besadmin.exe /rotateserversigningkey is one of the steps required by to fix LDAP user account login errors. )

The following procedure fixes the noMatchingRecipient error:

1. UPDATE LDAP_Settings SET EncryptedPassword = NULL (this SQL statement
deletes the EncryptedPassword column of the LDAP_Settings table, BFEnterprise Database )
2. Open a command prompt and cd to the BES Server directory (or wherever BESAdmin is).
3. Run <<BESAdmin.exe /resignSecurityData>>
4. Log in as local MO.
5. Go to the LDAP Directories tree item.
6. Edit each LDAP Directory with the appropriate password.

IEM 9.0 Patch 1 will prevent this issue.

[{"Product":{"code":"SSBQVS","label":"IBM BigFix family"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"--","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.1;8.2;9.0","Edition":""}]

Document Information

Modified date:
24 April 2019