The message does not match XML format Encryption.
Contact the developer software, on which the data was encrypted.
Provide the following information: Missing EncryptedData class element ru.ibs.cryptopro.jcp.crypt.CryptoException
Causes:
Incorrect settings of the AWP of the medical facility in terms of signing;
Incorrect encryption provider settings;
Certificate, private key, or license expiration CryptoPro CSP.
What to do:
1. Configure AWP LPU
Attention! Support for the GOST 2012 algorithm in the automated workplace of the medical facility was added in version 2.0.21. If you have more early version, update it to the current one.
In the Administration - Configuring Signatures for Services menu, set the "Encrypt message" flag. After that, you need to specify the Name of the FSS certificate and the Type of container. This certificate can be downloaded from the website https://lk.fss.ru/eln.html (if you are setting up services for testing, then you need to download the FSS TEST certificate). After downloading, install it on your computer.
Please note that MO Certificates (must have a private key) and FSS must be installed in the "Personal" storage, respectively, the container type is "Personal". The entire chain of upstream certificates to the "Trusted Root Certification Authorities" folder. All certificates must be current and not revoked.
2. Check the encryption provider settings
When using a cryptographic provider Vipnet CSP
the working version is 4.4.
When using a cryptographic provider CryptoPro CSP the working version is 4.0 and higher. Build 4.0.9963 is recommended.
Through the "Control Panel" in CryptoPro CSP, go to the "Service" tab, click the "Delete remembered passwords ..." button. In the "Delete remembered passwords" window, select "Delete all remembered passwords of private keys: User".
If signing certificates according to GOST 2012 are used, check the settings on the Algorithms tab. Select GOST R 34.10-2012 from the "Select CSP Type" drop-down list. The following parameters must be set:
Below is a sample of settings in CryptoPro CSP 5.0
If you cannot change the parameters on the "Algorithms" tab (even by running CryptoPro CSP on behalf of the administrator), you must do the following:
Open the HKEY_LOCAL_MACHINE \ SOFTWARE \ WOW6432Node \ Crypto Pro \ Cryptography \ CurrentVersion \ Parameters key in the Windows registry and change the EnableOIDModify value to 1. After that you need to reboot.
After changing the settings of the encryption provider, it is necessary to restart the AWP of the LPU.
3. Check certificates and licenses
By using system utility certmgr.msc (Start - Run (Find programs and files)) open your certificate. The certificate must not expire.
Launch CryptoPro CSP. On the "General" tab, check the validity period of the encryption provider license.
Open the "Tools" tab and click the "Test" button. Select the container for the private key of your certificate. In the testing window that opens, there should be no errors, no messages about the expiration of the key, etc.
2. ORA-20015: Unable to determine ELN status:
To switch to the "Extended" status, you must add a period of incapacity for work;
To switch to the "Closed" status, you must fill in the fields: "Start working on: date" or "Other: code";
To switch to the status "Referral to ITU", you must fill in the field "Date of referral to the ITU Bureau"
Cause:
1. There is an ELN in the system with the same number and the same data that you send (data duplication);
2. The data sent to ELN does not correspond to the stage of registration (filling) of ELN:
- insufficient data to determine the state of ELN;
- the entered data refer to different stages of registration (filling) ELN.
What to do:
3. ORA-20013: Failed to update data. The record being updated has lost its relevance
Cause:
You are trying to change an ELN that was previously changed by someone.
What to do:
1. Request the current state of the ELN from the system, thereby you will exclude resend the same data;
2. Perform the necessary further operation with the ELN in accordance with the order 624n:
- extension (add a new period of incapacity for work);
- closing (add information about closing);
- referral to ITU (add referral information to ITU).
4. ORA-20001: Access to ELN with No. _________, SNILS _________, status _________ - limited
Cause:
You are trying to get the data of an ELN, which is in a status that restricts your access. For example, the policyholder is trying to obtain data from an ELN that has not yet been closed medical organization... According to the process model, the policyholder can receive ELN data for editing only on status 030 - Closed. Another example - the ITU bureau cannot receive ELN data that is not sent to the ITU bureau (status 040 - Referral to ITU)
What to do:
1. Make sure that the ELN number, the data of which you want to receive, is entered correctly.
2. Wait for the ELN transition to the status, which will allow you to receive the ELN data.
5. Failed to call the data transfer / receive service. Failed to decrypt message.
Perhaps the message was encrypted on a key different from the key of the authorized person of the FSS.
Check the correctness and relevance of the key of the authorized person of the FSS.
Causes:
In the settings for signing and encryption in the software used by the user, an incorrect certificate is specified in the field "Certificate of an authorized person of the FSS";
A cryptographic provider Vipnet CSP of a certain assembly is used.
What to do:
Indicate the correct certificate of the authorized person of the FSS:
- Determine the direction of sending requests - test or productive;
- Download the certificate of an authorized person of the FSS in the ELN section on the Foundation's website;
Certificate for test send published on the website https://lk-test.fss.ru/cert.html
The certificate for the product is published on the website https://lk.fss.ru/cert.html; - Close the software you are using. Delete the installed FSS certificates from the "Personal" storage using the certmgr.msc system utility (Start - Run (Find programs and files)). Install the downloaded certificate on the computer in the "Personal" store for the current user;
- Specify this certificate in the corresponding settings of the software used.
When using the Vipnet CSP encryption provider, the working version is 4.4.
6. Failed to call the data transfer / receive service.
Message encryption error for recipient. Client received SOAP Fault from server: Fault occurred while processing. Please see the log to find more detail regarding exact cause of the failure.null
Cause:
You entered an invalid certificate for encrypting the message in the MO Certificate Name field: the specified certificate can only be used for signing, not encryption.
What to do:
Order and install a certificate that supports not only the signing operation, but also the encryption operation.
7. Error installing AWP LPU: Unable to build entity manager factory.
An error occurred while trying to load data from the database. Provide the administrator with the following information:
Unable to build entity manager factory.
Cause:
- The application was installed incorrectly (the database was installed incorrectly);
- The application database is installed but not available.
What to do:
1. Run the installation with administrator rights;
2. Install the program step by step (the path where the instruction is located: http://lk.fss.ru/eln.html).
If the application was installed in accordance with the instructions, but the error persists, you need to check:
- The postgresql-9.5 service is disabled on the computer. Right-click on the icon "My Computer" - Management - Services and Applications - Services, postgresql-9.5 should be started, start - automatically. To configure startup and operation windows services contact your system administrator;
- Incorrect password for fss user specified in database connection settings. Check that this password has not been changed in the database, the default password is fss;
- Check the PostgreSQL database installation directory, by default - C: \ postgresql \;
- Connection to the PostgreSQL database is carried out by default on port 5432. This port must be open and accessible. To check, contact your system administrator;
- The application on the client machine cannot communicate with the server. any network restriction is set. Check the settings of antiviruses, firewalls, and other network software; the client machine must have permission to connect to the server on port 5432.
8. An error occurred while trying to load data from the database.
An error occurred while trying to load data from the database.
Please provide the following information: org.hibernate.exception.SQLGrammarException: could not extract ResultSet.
Cause:
APM LPU application cannot get data from PostgreSQL database. This error occurs most often after installing an update, when the application is updated and the PostgreSQL database has not been updated for some reason.
What to do:
- If the application is installed on the user's computer, and the PostgreSQL database is on the server. It is necessary to start updating the application not only on the client, but also on the server machine;
- If both the application and the PostgreSQL database are installed on the same machine. Check the application installation directory. By default, the APM LPU application is placed in the C: \ FssTools directory, and the PostgreSQL database in the C: \ postgresql directory. If during the initial installation a different directory was selected for installing the application, then during the update you must specify this particular directory.
9. An error occurred when trying to enter the signature settings in the workstation software.
When trying to enter the signature settings in the workstation software, the error "Internal error. Reason: java.lang.ExceptionInInitializerError" or
"Internal Error. Reason: java.lang.NoClassDefFoundError: Could not initialize class ru.ibs.fss.common.security.signature.COMCryptoAPIClient"
Cause:
The application was not installed correctly (the GostCryptography.dll library was not registered).
What to do:
1. Make sure that the bitness of the OS matches the bitness of the application installer.
2. Check if the components Microsoft.Net Framework version 4 and higher are installed on the system (by default, these components are installed in C: \ Windows \ Microsoft.NET \ Framework). These components can be downloaded from microsoft.com.
3. Check that the folder where the application is installed contains the GostCryptography.dll file (by default, this file is installed in C: \ FssTools). If of this file no, try reinstalling the app.
4. If everything is correct, in command line execute:
Cd C: \ FssTools - go to the folder where the GostCryptography.dll file is located
C: \ Windows \ Microsoft.NET \ Framework \ v4.0.30319 \ RegAsm.exe / registered GostCryptography.dll - with your installation address for Microsoft.NET components
5. Restart the application.
10. Error calling the data transfer / receive service. Invalid element in ru.ibs.fss.eln.ws.FileOperationsLn_wsdl.ROW - SERV1_DT1.
Error: "Error calling data transfer / receive service. Invalid element in ru.ibs.fss.eln.ws.FileOperationsLn_wsdl.ROW - SERV1_DT1"
Cause:
The field "SERV1_DT1" was excluded in the new specification 1.1 (version 14 and higher AWP LPU), the connection string was changed.
What to do:
Change the connection string in the settings.
In the Administration menu - FSS service settings - Connection string, specify the following service address:
- For work https://docs.fss.ru/WSLnCryptoV11/FileOperationsLnPort?WSDL
- For testing:
- In the settings of the AWS Signing and encryption, check that the specified encryption provider matches the one actually installed by the user;
- In the settings of the AWS Signing and encryption, check that the GOSTs of the signing certificate and the FSS certificate are the same and correspond to the selected encryption provider;
- If you are using an ES certificate in accordance with GOST 2012, open the certificate, the "Composition" tab, the "Tool electronic signature».
It is necessary to check that the ES tool corresponds to the encryption provider installed by the user; - If you use an ES certificate in accordance with GOST 2012 and a CryptoPro crypto provider, check the settings on the Algorithms tab. Select GOST R 34.10-2012 (256) from the drop-down list "Select CSP type". The following parameters must be set:
"Parameters of the encryption algorithm" - GOST 28147-89, parameters of the encryption algorithm TK26 Z
"Signature algorithm parameters" - GOST 34.10-2001, default parameters
"Parameters of the Diffie-Hellman algorithm" - GOST 34.10-2001, default exchange parameters
- The private key is missing from the certificate. Using the system utility certmgr.msc, open the certificate, on the "General" tab it should be written "There is a private key for this certificate";
- The crypto provider does not see the private key container for this certificate. In the CryptoPro CSP encryption provider, go to the "Service" tab and click "Delete remembered passwords" - for the user;
- The container may be damaged by third-party software. Reinstall the certificate again, with the obligatory indication of the container;
- Reinstall the crypto provider.
- Some forums link to a problem with windows defender (Windows Defender) - tried to disconnect, it does not help.
- A possible cause of the error is Avast antivirus. The user's antivirus was installed, removed completely, just in case, we went through the utility for complete removal antivirus (avastclear.exe)
- Microsoft has been completely reinstalled. NET Framework by disabling it as a Windows component.
- Tried cleaning the leftovers from the utilities:
- Naturally, we tried to install everything Latest updates on Windows 8.1.
- Checked completely with antivirus.
- It is necessary to delete the directory (folder) located in the following path C: \ Users \ YOUR USER \ AppData \ Roaming \ Microsoft \ Crypto \ RSA (meaning the RSA folder itself). After uninstallation - restart the computer, after restart, Windows must recreate this folder again. (the appdata folder can be hidden and you need to go to it by copying the entire path, or by checking the box to display hidden files in the explorer settings).
- You can try to create a new Windows 8 user and check if the installation works under the new user (the user must be in the Administrators group).
- Disconnect the token from the computer (at the moment of shutdown, the LED on the token should not blink).
- Open the menu "Start"> "Control Panel"> "Add or Remove Programs" (for operating Windows systems Vista and Windows Seven Start> Control Panel> Programs and Features.
- In the list, find the item "Rutoken Support Modules", "Rutoken Drivers" (or "Rutoken Drivers") and select "Remove".
- To restart a computer.
- Install new drivers and support module, as well as perform all other recommended actions using the diagnostic service.
- TIN and KPP of the organization;
- screenshot of the error that occurs;
- diagnostic number;
- If using a floppy disk or flash card, then report which files and folders are contained in the root of the media.
- If the key carrier is ruToken or ruToken Lite, then a screenshot of the ruToken properties window;
13. AWP for preparing calculations for the FSS, error "The set of keys is not defined"
Cause:
GOST of the FSS certificate does not match the encryption provider selected in the settings, or the encryption provider cannot receive the private key from the private key container for the selected certificate.
What to do:
Good afternoon friends!
Last week, a visitor contacted us with a strange problem. The user says: when trying to install any application in Windows 8.1,preinstalled on a laptop, he has an error occurred - n invalid registered keyset. Moreover, he tried to install the most common programs, for example iTunes, various games such as Sims, Need For Speed, and so on. In most cases, at the time of installation, an error occurred. incorrect registered keyset and distribution, (installer) completed its work. Sometimes an error crashed0x80070643, instead of that, for example, when installing the Microsoft Visual C ++ component.
When trying to google information on the Internet, the problem could not be solved. Most of the links lead to forums where issues related to crypto applications such as crypto pro are discussed. But this is not the point, no programs were used.
Incorrect registered keyset, error code 0x80070643. What did you find?
.Net framework cleanup tool
.Net framework repair tool
But unfortunately the effect did not happen either.
Solution:
We really hope that this article will help many to solve the problem (Invalid registered keyset, 0x80070643) with Windows 8.1 without reinstalling. If you have any questions, please ask them in the comments.
Creation of an electronic signature on the 1C platform using CryptoPro CSP can be performed both on the server side and on the client side. In both cases, a rather annoying error can appear:
Invalid keyset parameter.
Unpleasant given error the fact that it has many reasons, and in order to fix it, you need to carry out a whole range of measures.
Formulation of the problem
Let's say there is information base, with which the 1C platform works in a client-server version. We will create an electronic signature on the server side, in this case it is recommended to use certificates and keys stored in the store local computer as they will be available to anyone Windows user... And also available installed certificate in the storage of the local computer in the Personal section (see Figure 1) with binding to the private key (see Figure 2).When creating a digital signature, an exceptional error occurs, reporting an incorrect parameter of a set of keys.
Solution
The creation of an ES on the server side means that this operation will be performed on behalf of the 1C server user (USR1CV82 or USR1CV83, depending on the platform version). One of the reasons for the incorrect keyset parameter error is that the user does not have access to the private (secret) key of the certificate.What would the user endow necessary rights to work with the private key of the certificate, open the snap-in Certificates(connected automatically when installing CryptoPro CSP) and find the certificate that is used to create the digital signature. Click on right click mouse on it and select All tasks -> Management private keys
(see figure 3).
In the window that opens, add a user and set full access to the private key.
The error should be gone.
To resolve this issue, follow these steps:
1. Select "Start"> "Control Panel"> "CryptoPro CSP". Go to the "Service" tab and click on the "Delete remembered passwords" button. Mark the item "User" and click on the "OK" button.
2. In the window "Select a key container" put the radio button " Unique names»And repeat the selection of the container.
3. If the key medium is a floppy disk or flash card, you need to view its contents. At the root of the media, there should be a folder with six files with the extension .key.
4. If the key carrier is ruToken or ruToken Lite, then you should reinstall the drivers and the support module. This requires:
5. Make a copy of the key container and install the certificate from the duplicate (see How to copy a container with a certificate to another medium?).
If the proposed solution did not help to eliminate the error, then you need to contact the service technical support by the address [email protected] specifying the following data:
You must re-enter the diagnostics portal at https://help.kontur.ru, click on the "Start diagnostics" button. Once the verification process is over, the diagnostic number will be displayed on the screen. Specify the assigned reference number in the letter.
To open this window, go to "Start"> "Control Panel"> "Crypto Pro CSP"> "Hardware"> "Configure Media Types", select "Rutoken" (or "Rutoken lite")> "Properties"> "Information".
Thank you very much, Mikhail, we did everything promptly and the main thing is clear to me ... Since we have found a common language. I would like to continue the communication with you in the future. I look forward to fruitful cooperation.
Olesya Mikhailovna - general manager LLC "VKS"
On behalf of the State Unitary Enterprise "Sevastopol Aviation Enterprise" we express our gratitude for the professionalism and efficiency of your company! We wish your company continued prosperity!
Guskova Lilia Ivanovna - manager. SUE "SAP"
Thank you, Mikhail, very much for your help with the design. Very qualified employee +5!
Nadia Shamilevna - entrepreneur IP Anoshkina
On behalf of the company "AKB-Auto" and on my own behalf, I express my gratitude to you and all employees of your company for the productive and high-quality work, sensitive attitude to the client's requirements and efficiency in the execution of the ordered work.
Nasibullina Alfira - Senior Manager"AKB-Auto"
I would like to thank the consultant Mikhail for the excellent work, timely and complete consultations. He is very attentive to the client's problems and questions, prompt solution of the most difficult situations, it would seem to me. It's a pleasure to work with Mikhail !!! Now I will recommend your company to my clients and friends. And the technical support consultants are also very polite, attentive, helped to cope with the complex installation of the key. Thanks!!!
Olga Sevostyanova.
Acquiring a key turned out to be very easy and even enjoyable. Many thanks for the assistance to manager Mikhail. Explains complex and massive things to understand, succinctly, but very clearly. In addition, I called the hot toll free line and online, together with Mikhail, he left an application. I got a key made in 2 working days. In general, I recommend it if you save your time, but at the same time want to have an understanding of what you buy and what you pay for. Thanks.
Levitsky Alexander Konstantinovich Samara
Personal gratitude to the consultant Mikhail Vladimirovich for prompt advice and work on the accelerated receipt of the ES certificate. During the preliminary consultation, the optimal set of individual services is selected. Final result received immediately.
Stoyanova N.L. - Chief Accountant LLC "SITEKRIM"
Thank you for your prompt work and competent help! I was very pleased with the consultation!
Dmitry Fomin
Expert Sistema LLC would like to thank the consultant Mikhail for the prompt work! We wish your company growth and prosperity!
Sukhanova M.S. - AppraiserLLC "Expert System", Volgograd
Thanks to the consultant who introduced himself as Mikhail for his prompt work with clients.
Stepan Gennadievich Ponomarev
Many thanks to the consultant Mikhail for his assistance in obtaining an EDS. For operational work and advice on issues arising in the process of registration.
Leonid Nekrasov
The company, represented by its consultant Mikhail, does the impossible! Acceleration of accreditation in less than 1 hour! Payment upon delivery of the service. I thought it couldn't happen. With full responsibility, I can advise you to contact the Center for issuing electronic signatures.