you're reading...
Blogging, Domino

Public Key Mismatch on Renames

The Public Key Mismatch occurs when a rename has been issued to a user and the user is never prompted to accept the new name.

The issue at hand has to do with public key mismatches between the user’s ID File and the user’s entry in the public address book. The following are the steps to correct this:
1. The user’s must be selected from the people view of the Public address book (preferably on the administration server).
2. Then click on Actions/Rename Selected People.
3. You will be presented with a dialog box from which you should choose Request Move to New Certifier.
4. This will prompt you with a dialog box to choose the certifier (current) and then enter the current certifier password. This will be the new certifier and password.
5. The next dialog box will be to enter the new certifier to move them to. It must be in the address book.
6. Once this is successful, you need to open the Administration Requests database (admin4.nsf) in the old domain and open the Name Move Requests view. Select the appropriate users (will be the new name) and then click on Actions/Complete move for selected entries.

This will push the name back to the old name.

The next step is to harvest the public key from the ID file. To to do this there are two methods. One involves the Admin Client, the other involves the Notes Client. It is recommended to use the Admin Client if you are doing more than one of these at a time.

Admin Client:
1. From the Domino Administrator, click the Configuration tab and choose ID Properties.
2. Select the ID and enter the password.
3. Click More Options, and then click Copy Public Key to copy the key to the system clipboard.
4. Save the contents of the clipboard to a file.
5. Open the User’s person document in the Domino Directory and put it into edit mode.
6. Go to the Certificates tab and paste key over top of the current entry.

This will synchronize the keys between the ID file and the address book.

Next is to clean up the entries in the Administration Requests database as well as in the CMT for Domains database.

In the Administration Requests database, find all entries for the user rename, both to the new and the old names and remove them. It is best found by using the All requests by Name view. Also check the Name Move Requests view. Then rename the user again and move forward.


About pwhiltz

I am a Domino Administrator and Developer who has been working with IBM Domino solutions since 1997. I work for an Enterprise Email Migration company and am delving into the realm of Microsoft Exchange now.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: