diff --git a/nova/rootwrap/wrapper.py b/nova/rootwrap/wrapper.py
index 52e67c5d28be..5a9c06d523c7 100755
--- a/nova/rootwrap/wrapper.py
+++ b/nova/rootwrap/wrapper.py
@@ -47,13 +47,17 @@ def match_filter(filters, userargs):
     returns the first matching filter, or None is none matched.
     """
 
+    found_filter = None
+
     for f in filters:
         if f.match(userargs):
-            # Skip if executable is absent
+            # Try other filters if executable is absent
             if not os.access(f.exec_path, os.X_OK):
+                if not found_filter:
+                    found_filter = f
                 continue
             # Otherwise return matching filter for execution
             return f
 
-    # No filter matched
-    return None
+    # No filter matched or first missing executable
+    return found_filter
diff --git a/nova/tests/test_nova_rootwrap.py b/nova/tests/test_nova_rootwrap.py
index bb2ceeb6483a..ee687eacde4a 100644
--- a/nova/tests/test_nova_rootwrap.py
+++ b/nova/tests/test_nova_rootwrap.py
@@ -47,8 +47,11 @@ class RootwrapTestCase(test.TestCase):
         self.assertTrue(filtermatch is None)
 
     def test_missing_command(self):
-        usercmd = ["foo_bar_not_exist"]
-        filtermatch = wrapper.match_filter(self.filters, usercmd)
+        valid_but_missing = ["foo_bar_not_exist"]
+        invalid = ["foo_bar_not_exist_and_not_matched"]
+        filtermatch = wrapper.match_filter(self.filters, valid_but_missing)
+        self.assertTrue(filtermatch is not None)
+        filtermatch = wrapper.match_filter(self.filters, invalid)
         self.assertTrue(filtermatch is None)
 
     def test_DnsmasqFilter(self):