In this article, I will show you how to resolve SCCM task sequence error code 0X80091007. The error 0X80091007 occurs during operating system deployment when a task sequence step fails to execute correctly.
One of the SCCM engineers working at a remote site reported that the task sequence had failed. The task sequence failed with error code 0X80091007, and this happened while imaging a new laptop. The task sequence wasn’t modified by anyone, and all the TS steps were working fine.
The site engineer reported that error code 0X80091007 was observed during the application installation step of the task sequence. One of the applications that was a part of the task sequence failed to install and this resulted in task sequence error 0X80091007. In another instance, the task sequence failed during apply operating system step.
Before you read further, here are some troubleshooting guides for task sequence failures:
- SCCM Task Sequence Failed with error code 0x000001B6
- SCCM Task Sequence Failed with Error Code 0x800702C2
- Fix SCCM Task Sequence Failed with Error Code 0x80070002
- Failed to Resolve Task Sequence Dependencies 0X80040102
- Fix Task sequence has failed with the error code 0x800700A1
Review SMSTS.log file for Error 0X80091007
Whenever the task sequence fails during OSD, make a note of the error code, and review the SCCM log files. The smsts.log file is an important log file that records the OSD process. The location of smsts.log file changes as the OSD progresses. Take a look at location of smsts.log file during SCCM OSD.
After reviewing the Configuration Manager OSD log files, I found that task sequence failed during installation of Microsoft Office 2013. However, I was confident that the Office 2013 package was not corrupt, and the same package got deployed on the computers without any issues.
The below log snippet reveals that task sequence fails with error 0x80091007 and the reason being the hash value is not correct. At this point, you may want to consider recreating the package only if you determine the package is corrupt. Otherwise, please try the solutions that I have mentioned in the next section to resolve the error 0X80091007.
Failed to run the action: Error in the task sequence.
Task Sequence Error Running: Install Microsoft Office 2013 Professional.
Install Microsoft Office 2013 Professional has failed with the error code (0x80091007).
The hash value is not correct. (Error: 80091007; Source: Windows)
For more information, please contact your system administrator or help-desk operator.
Let’s understand more about the error 0X80091007 responsible for task sequence failure. The error code 0X80091007 translates to “The hash value is not correct“. The error 0X80091007 occurs when an application, package associated with task sequence is corrupt, system memory is faulty or the content is distributed to distribution points correctly.
The below screenshot shows an example of task sequence error 0X80091007, and we see the following details:
Task Sequence: Windows 10 Enterprise x64 has failed with the error code (0x80091007). For more information, contact your system administrator or helpdesk operator.
When you encounter task sequence failures, you can translate SCCM error codes to error messages using multiple ConfigMgr error lookup tools. Using an SCCM error lookup tool, if you translate error 0X80091007, you get “The has value is not correct” message.
Solutions to Fix Task Sequence Error Code 0X80091007
We will now look at multiple unique solutions to resolve the task sequence error 0X80091007.
Solution 1: Redistribute the package to distribution point
If the task sequence is failing with error 0X80091007 on a specific application install step, it means the content is either corrupt or not fully distributed to the DP. You can recreate the package in SCCM and associate it with task sequence or redistribute the content to the distribution points.
Take a look at this guide to redistribute the packages in SCCM. You can also update the content to the distribution points, with this action, you send the entire content to the distribution points.
Another solution that you can try is remove the content from the DP and distribute back the same content. This will send a fresh copy of the content (application, package) to the distribution point.
Solution 2: Check if the RAM (System Memory) is bad or corrupt
This is interesting !! If your system memory (RAM module) is corrupt or bad, you may encounter task sequence error code 0X80091007. Swapping the corrupt RAM/memory has helped many admins to resolve the error 0X80091007. You can read the post comments to find out how this trick has helped so many users.
Solution 3: Turn off binary differential replication
Configuration Manager uses binary differential replication (BDR) to update content that you previously distributed to other sites or to remote distribution points. When you enable BDR, it resends only the new or changed content instead of sending the entire set of content source files each time you change those files.
To resolve the error 0X80091007, ensure you turn off the binary differential replication on the package that is failing in the task sequence. It is observed that some users got the hash mismatch error resolved by turning off binary differential replication and redistributing the package to DP.
Prajwal Desai is a Microsoft MVP in Enterprise Mobility. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.
- Remove From My Forums
-
Question
-
When deploying the OSD to a laptop model the TS is failing, see below from Status Message Viewer:
The task sequence execution engine failed executing the action (Apply E6220 Driver Package) in the group (PostInstall) with the error code 2148077575
Action output: urce, sSourceDirectory, dwFlags, hUserToken, pszUserName, pszUserPassword), HRESULT=80091007 (e:nts_sccm_releasesmsframeworktscoreresolvesource.cpp,3217)
ResolveSource(pszSource, sSourceDirectory, dwFlags, 0, 0, 0), HRESULT=80091007 (e:nts_sccm_releasesmsframeworktscoreresolvesource.cpp,3122)
TS::Utility::ResolveSource( pszPackageId, sSource ), HRESULT=80091007 (e:nts_sccm_releasesmsclientosdeploymentosddriverclientdriverinstaller.cpp,472)
pDriverInstaller->InstallDriverPackage( sPackageId, pBootCriticalInfo ), HRESULT=80091007 (e:nts_sccm_releasesmsclientosdeploymentosddriverclientosddriverclient.cpp,380)
Exiting with return code 0x80091007
Hash could not be matched for the downloded content. Original ContentHash = EB2A940227C7043DDDCE0985EB37CBB650245F47F12ACD48C936521F5CECAFED, Downloaded ContentHash = 6F4ED0BD9ECC46712E6160BF681ED3785097D95A43652424FB97E12EB1EAF8E3
Failed to determine the driver source location. Code 0x80091007
Failed to provision driver. Code 0x80091007. The operating system reported error 2148077575: The hash value is not correct.I have redistributed the Driver packages to the DP’s but still no luck — does anyone have any idea’s?
Thanks
MCTS | MCITP | MCSA
-
Moved by
Thursday, May 2, 2013 12:18 PM
moved to OSD subforum
-
Moved by
Answers
-
-
Marked as answer by
Toffeenose81
Friday, July 12, 2013 10:33 AM
-
Marked as answer by
Redistribute the problematic package to reset the process
by Claire Moraa
Claire likes to think she’s got a knack for solving problems and improving the quality of life for those around her. Driven by the forces of rationality, curiosity,… read more
Updated on April 18, 2023
Reviewed by
Alex Serban
After moving away from the corporate work-style, Alex has found rewards in a lifestyle of constant analysis, team coordination and pestering his colleagues. Holding an MCSA Windows Server… read more
- SCCM task sequence error code 0X80091007 is a common error that occurs during an OS or app installation.
- The SCCM task sequence script fails to run or stops responding midway through the process.
XINSTALL BY CLICKING THE DOWNLOAD FILE
Fortect is a system repair tool that can scan your complete system for damaged or missing OS files and replace them with working versions from its repository automatically.
Boost your PC performance in three easy steps:
- Download and Install Fortect on your PC.
- Launch the tool and Start scanning
- Right-click on Repair, and fix it within a few minutes
- 0 readers have already downloaded Fortect so far this month
The SCCM task sequence error code 0X80091007 occurs when the user selects a task sequence for a Windows deployment in Configuration Manager, but the task sequence does not start.
When translated, it can be interpreted as error 0x80091007, where the hash value is incorrect. It is possible that the SCCM client could be trying to connect to an old version of the site server, leading to this error. Let’s now delve into possible solutions.
Why does the 0x80091007 error occur?
A task sequence error is an unexpected condition that occurs during the execution of a task. It could be an app deployment or installation. The task sequence can be used to install software, configure settings, and more.
In Configuration Manager, a task sequence error is triggered when the processed content does not match the expected content.
This error code indicates that there has been a problem with the installation source. If you try to install an application and see this error, it could be caused by:
- Server issues – It is possible that the SCCM client could not connect to the site server because of network connectivity issues.
- Incorrect configurations – If there is some issue with the SCCM client configuration, it may be preventing it from connecting to the site server.
- Missing or corrupted files – If you have a package with multiple source files and one is missing, this will cause an error in your task sequence. This is because the remaining file cannot be processed correctly.
- Inconsistent content location – If the content location specified in the task sequence doesn’t match up with where the content exists on your server or distribution points, the task may be interrupted midway.
- Problem with distribution point – If the distribution point is unavailable, client computers will be unable to install applications or software updates and may fail any task sequence steps.
How do I fix error 0x80091007?
Before any in-depth solutions, try the following first:
- Check network connectivity between the client and the distribution point.
- Perform a disk check on your hard drive using the CHKDSK command.
1. Redistribute package to the distribution point
- Launch your SCCM console and navigate to the following location:
Monitoring/Overview/Distribution Status/Content Status
- Navigate to the Failed column and select a package displaying the error 0x80091007.
- Click on the Error tab, select all distribution points under Asset details, right-click on it, and select Redistribute.
The Distribution Point is an SCCM component that stores packages and programs to be sent to client computers.
Some PC issues are hard to tackle, especially when it comes to corrupted repositories or missing Windows files. If you are having troubles fixing an error, your system may be partially broken.
We recommend installing Restoro, a tool that will scan your machine and identify what the fault is.
Click here to download and start repairing.
When you deploy an application, it will first be copied to the DP and then sent out to the clients. Redistribution refreshes the content and sends new updates and deployments.
2. Disable Binary differential replication
- Launch the Configuration Manager console and navigate to the following location:
Software LibraryOverviewApplication ManagementPackages
- Click on the problematic package and select Properties.
- Navigate to the Data Source tab and uncheck the Enable binary differential replication option.
- Click on Apply and OK to save the changes.
- 0x87d01107 Error Code: How to Fix This SCCM Issue
- Faulting Module Name KernelBase.dll Crashing Apps [Fix]
Binary differential replication is a method of deploying software updates to clients. When you use this method, SCCM sends only the changed data in an update package instead of sending the entire contents of the package.
This feature aims to speed up the process of patching clients by only sending changes since the last update. In addition, it’s also great for bandwidth savings.
It is particularly useful when deploying large applications but only needs to update a small portion of the binaries. The issue crops up when you have deployed a package, but there are two different versions of this package in your hierarchy.
Another solution that seemed to work for a handful of users was switching out their RAM sticks. If your memory allocation is insufficient or you somehow end up with corrupt RAM, swap out the system memory with another one and try to run the task sequence again.
Other task sequence errors you may encounter include the 0x8007000f, but we’ve already covered its fixes in our expert guide.
Share with us in the comment section which solution worked for you. We’d also love to hear of other solutions we have not pinpointed.
Still experiencing issues?
SPONSORED
If the above suggestions have not solved your problem, your computer may experience more severe Windows troubles. We suggest choosing an all-in-one solution like Fortect to fix problems efficiently. After installation, just click the View&Fix button and then press Start Repair.
Let’s see how you can FIX SCCM Task Sequence Error code 0x80091007. This error code prompt when task sequence failed to execute steps during operating system deployment with Configuration Manager. The error 0x80091007 Translate SCCM Error Codes to Error Messages “The hash value is not correct.”
This usually happens when the associated Packages, Applications to the task sequence have not been properly distributed to the distribution point or groups. In this scenario, After applying the operating system image, deployment fails to install an associated package with the task sequence Error code 0x80091007.
However, you could easily see the steps from the task sequence prompt. It’s always recommended to examine the SMSTS log for task sequence failure issues to help you get the inside about the failure prompt to troubleshoot the task sequence error 0x80091007.
Issue Summary
This error appears at the initial stage when you have started the deployment. Task Sequence fails with the following error message –
Task Sequence: Deploy Windows 10 has failed with the error code (0x80091007). For more information, please contact your system administrator or help-desk operator.
In this scenario, Task Sequence terminated after the installation of the operating system. You will collect the logs C:WindowsCCMLogsSmstslogsmsts.log. To get the command prompt window, you have to press the F8 key. More you can explore SCCM OSD Task Sequence Troubleshooting Steps by Step Ultimate Guide SMSTS.log.
Let’s check the possible solutions to FIX SCCM Task Sequence Error code 0x80091007
- In the Configuration Manager console, navigate to the Software Library workspace, expand Application Management, and select the Applications node.
- Select an application or package from the appeared list, Right-click on the package and select Update Distribution Points.
- Before proceding to redistribution for packages, check the option Enable binary differential replication Here’s how you can Enable binary differential replication for existing packages. Applications always use binary differential replication.
- If required, You can remove the package from distribution point and proceed to distribute the package. Ensure the package is sucessfully distributed to DPs. Let’s check how to Redistribute package or application content to Distribution Point.
Verify the content distribution – In the summary tab, under Content status. If the content distribution were successful, it would appear under the Success tab.
Once you are done with the above steps, restart the target machine and reinitiate the task sequence deployment, It should continue without any errors.
About Author -> Jitesh has over 5 years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus area is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.
Resources
- SCCM OSD SMSTS Log File Reading Tips | ConfigMgr | MEMCM
- SCCM Logs Files | 5 Log File Reading Tips | ConfigMgr
- HTMD Blog #2 SCCM Archieve
After running a task sequence in the SCCM client, error 0x80091007 may occur:
Task Sequence Error
Running: Install <software title / os title>
Task sequence: Install <software title / os title> has failed with the error code (0x80091007). For more information, please contact your system administrator or helpdesk operator
This error code stands for the message that “the hash value is not correct”.
To resolve this issue, one of the following things should be done:
- update the distribution point with the latest version of the package. Right-click on the package and choose Update Distribution Points. Please note that this could take a while, depending on the total size of your packages. 20 minutes is not exceptional.
- modify the advertisement to not download the files locally but access the files directly from the DP. To do this, double click the advertisement, go to the tab Distribution Point and choose “Access content directly from a distribution point when needed by the running task sequence”
Error — 0x80091007 during Task Sequence
I am having issues with our Task Sequence. It gets past the ‘Applying Operating System’ portion and gets to the ‘Applying Driver Package’ portion. During this time, it gives the 0x80091007 error and restarts.
I’m not sure what to do past this point for troubleshooting as I can’t get access to the SMSTS.log. F8 no longer works during task sequence deployment even though I have it checked under the boot.wim and after this task sequence fails, I have no way of logging into Windows on the machine.
Any help would be greatly appreciated! I’m still pretty new to SCCM and have been doing my best to troubleshoot…
Reading time: 8 Minutes
Microsoft’s System Center Configuration Manager (SCCM) is a powerful tool designed for efficient change and configuration management on Windows platforms, including Windows 7, Vista, and XP. With SCCM, organizations can streamline the distribution of operating systems, applications, and updates to Windows users, ensuring a fast and cost-effective deployment process.
It can be used by an organization’s IT department or systems administrators to ensure that all employees or team members have access to the applications and security they require to complete tasks and perform assigned roles, regardless of whether they are using a company device or a personal device.
SCCM can also be used to install programs and deploy patches across a network of computers, but this can be problematic in some environments.
However, a lot of users have reported getting the SCCM error 0x80091007 due to task sequence failure. This error can happen randomly, which makes it difficult for users to pinpoint the cause and troubleshoot it successfully. If you’re one of the users suffering from the 0x80091007 error, then this guide should be able to shed some light on why this error is happening and what you can do to resolve it.
What is the SCCM 0x80091007 Error?
The error 0x80091007 may occur after running a task sequence in the SCCM client. When a task sequence fails to execute steps during operating system deployment with Configuration Manager, this error code appears.
The error message reads:
Task Sequence Error
Running: Install <software title / os title>
Task sequence: Install <software title / os title> has failed with the error code (0x80091007). For more information, please contact your system administrator or helpdesk operator
Here is another version of the error:
The task sequence execution engine failed executing the action (Apply Operating System) in the group (Build the Reference Machine) with the error code 2148077575
Action output: zSource, sSourceDirectory, dwFlags, hUserToken, pszUserName, pszUserPassword), HRESULT=80091007 (e:nts_sms_fresmsframeworktscoreresolvesource.cpp,3130)
ResolveSource(pszSource, sSourceDirectory, dwFlags, 0, 0, 0), HRESULT=80091007 (e:nts_sms_fresmsframeworktscoreresolvesource.cpp,3031)
TS::Utility::ResolveSource( this->packageID, this->packagePath, TS::Utility::ResolveSourceFlags::PersistContents ), HRESULT=80091007 (e:nts_sms_fresmsclientosdeploymentapplyosinstallscripted.cpp,160)
installer.install(), HRESULT=80091007 (e:nts_sms_fresmsclientosdeploymentapplyosinstallscripted.cpp,632)
Entering ReleaseSource() for C:_SMSTaskSequencePackagesWHATEVER
The user tries to release a source directory C:_SMSTaskSequencePackagesWHATEVER that is either already released or we have not connected to it
InstallScripted( g_InstallPackageID, g_ImageIndex, targetVolume, g_ConfigPackageID, g_ConfigFileName ), HRESULT=80091007 (e:nts_sms_fresmsclientosdeploymentapplyosapplyos.cpp,397). The operating system reported error 2148077575: The hash value is not correct.
This typically occurs when the task sequence’s associated Packages and Applications have not been properly distributed to the distribution point or groups. In this scenario, deployment fails to install an associated package after applying the operating system image, with the task sequence error code 0x80091007.
The steps, however, were easily visible from the task sequence prompt. Examining the SMSTS.log for task sequence failure issues is always recommended to help you get the inside scoop on the failure prompt to troubleshoot the task sequence error 0x80091007.
This error appears at the beginning of the deployment process. Task Sequence gets terminated after the installation of the operating system in this scenario. You can get the logs from C:WindowsCCMLogsSmstslogsmsts.log. To open the command prompt window, press the F8 key.
One of the following actions should be taken to resolve this issue:
- Update the distribution point with the most recent package version. Select Update Distribution Points from the context menu when you right-click on the package. Please keep in mind that depending on the total size of your packages, this may take some time. Twenty minutes is not unusual.
- Change the advertisement so that the files are not downloaded locally but are accessed directly from the DP. To do so, double-click the advertisement, navigate to the Distribution Point tab, and select “Access content directly from a distribution point when the running task sequence requires it.“
What Causes the 0x80091007 Error?
This error could occur for a variety of reasons, including:
- The CCMCACHE folder may be blocked by anti-virus software.
- The available disk space may be insufficient.
- It is possible that a valid package is not available at the Distribution point.
How to Deal With the Error Code 0x80091007
When you get this error, you don’t have to worry because there are solutions that have proven to work for this kind of scenario. Here’s a summary of the troubleshooting steps you need to take.
- If the error code 0X80091007 appears, remove the package from the distribution point and re-distribute it. This is simply to ensure that a valid package is available through the distribution point.
- Examine the RAM (memory) to see if it is bad or corrupt. This appears to be the most ridiculous solution. However, swapping the RAM has solved this problem for many people.
- Some people were able to resolve the hash mismatch error by disabling binary differential replication and redistributing the package to DP.
- Run a PC Repair Tool such as Outbyte PC Repair to make sure that all glitches are resolved and junk files are cleared out. This would not only resolve common errors but will improve your PC’s performance as well.
Now let’s look at these steps one by one.
Fix #1: Clear the CCM Cache.
Temporary files used in deployment can sometimes persist on networked devices, causing file bloat on client hard drives and a storage crisis on the deployment server itself. These files are kept in the CCM cache of Windows (also known as the CCMCache). This cache can be cleared either manually or with PowerShell command scripts.
If you have administrator privileges on a computer, you can manually clear the CCM cache via the Settings menus. To do so, open the Control Panel by clicking on it in the Start Menu or searching for it in the Windows Search bar. To display options as icons, use the menu at the top of the window, and then scroll to the “Configuration Manager” option. Choose it and then click the “Advanced” tab. Navigate to “Cache” and click “Configure Settings.” Confirm the action by clicking the “Delete Files” button that appears.
If you need to clear the CCMCache folder on multiple computers at once or remotely, you can use a PowerShell script. First, in the SCCM control panel, navigate to the computer you want to clear and right-click on it. Select “Right click tools,” then “Console Tools,” and finally “Interactive PowerShell prompt,” where you can enter a script command of your choice. There are numerous scripts available to clear the CCM Cache, each with a different level of complexity and intended for different network environments. However, in most systems, running the following code should clear the CCM cache:
- $resman= New-Object -ComObject “UIResource.UIResourceMgr”
- $cacheInfo=$resman.GetCacheInfo()
- $cacheinfo.GetCacheElements() | foreach {$cacheInfo.DeleteCacheElement($_.CacheElementID)}
After clearing the cache, see if the error has been resolved.
Fix #2: Redistribute the package to the distribution points.
Typically, you distribute content to distribution points so that clients can access it. When you use on-demand content distribution for a specific deployment, this behavior does not apply. Configuration Manager stores content files in a package and then distributes the package to the distribution point when you distribute content. The package’s content is retrieved from the site server’s content library.
Here’s how you can distribute the package to the DPs:
- Navigate to the Software Library workspace in the Configuration Manager console, expand Application Management, and select the Applications node.
- Choose an application or package from the list that appears, then right-click on the package and choose Update Distribution Points.
- Check the box Enable binary differential replication before proceeding with package redistribution. Binary differential replication is always used by applications.
- If necessary, you can remove the package from the distribution point and distribute it. Ascertain that the package is successfully distributed to DPs.
- Verify the distribution of content in the Summary tab, under Content status. If the content distribution was successful, it would be visible under the Success tab.
After completing the preceding steps, restart the target machine and restart the task sequence deployment. It should proceed without errors.
Fix #3: Refresh the package’s distribution point.
If updating the package’s distribution point did not work, you can try refreshing it instead. Here’s what you can do:
- Navigate to Site Management, then go to Computer Management.
- Click on Operating System Deployment > Operating System Install Packages, then hit on the PACKAGE_NAME.
- Select Distribution Points and right-click on the Distribution Point you are using.
- Hit the Refresh Distribution Point button.
If that doesn’t work, try removing and readding the distribution (you must WAIT for it to complete the removal before re-adding it, you can use the Package Status to make sure it was removed)
If everything else fails, go to Site Management –> Computer Management –> Software Distribution –> Advertisements. Right click on the task sequence advertisement you’re deploying and select Properties –> Distribution Points –> check Access content directly from a distribution point when the running task sequence requires it.
Fix #4: Disable your antivirus temporarily.
To temporarily disable third-party antivirus software on Windows 10/11, right-click the program icon on the right side of the Windows taskbar and select Disable or Exit. You can enable it again later by restarting your computer.
You can also try starting Windows 10/11 in Safe Mode, which will disable all antivirus software.
You can disable real-time Windows Defender antivirus protection by following these steps:
- Open Windows Settings by pressing Windows + I.
- Select Update and Security -> Windows Security -> Virus and threat protection.
- In the right window, navigate to the Virus & threat protection settings section and click Manage settings.
- Turn off this option: Real-time protection if turned off, leaving your device vulnerable.
You can temporarily disable antivirus on Windows 10/11 in this manner. If you want to re-enable real-time antivirus protection, restart your computer or perform the same operation described above. Once you have turned off the antivirus, try running the task sequence again or perform the action that triggered this 0x80091007 SCCM error.
Summary
The error code 0x80091007 is not a very common Windows error and there isn’t a lot of information about this issue. Most of the users who encountered this error have tried different ways to resolve it, and the above solutions are the most successful so far. If this error is impeding your productivity and you need to solve it as soon as possible, we suggest going through the steps methodically to find which solution works for you. If you have any questions, feel free to leave a comment below.
Give us some love and rate our post!
John Viszneveczky
John is a tech enthusiast who loves to explore and improve the latest technology. He shares his knowledge and opinions on the latest gadgets, apps, software, and games on Software Tested. With years of experience in writing about technology, John has a keen eye for identifying new and noteworthy products. His articles offer in-depth, opinionated insights for both tech enthusiasts and casual readers alike.
[ Иван Климентьев (разработчик) ]
>а ПКЗО не формирует и вадает ошибку
Это ошибка криптографической системы, а не ПКЗО.
Нужно иметь правильно подписанный файл.
1. Обратите внимание, что приказом Росреестра от 14.01.2011 N П/1 устанавливается требуемый формат подписи. В приложении 1 есть пункт 1.7, в котором сказано: «Используется формат отсоединенного файла ЭЦП, описываемый в пункте 5.2 документа RFC 2630». Отсоединенный файл означает то, что в sig-файле должна содержаться исключительно подпись, без подписываемого содержимого. Файл отдельно, подпись отдельно. При этом файл подписи должен иметь размер несколько килобайт и в большинстве случаев не быть больше размером, чем оригинальный подписываемый файл — это явно свидетельствует о неверности требуемого формата подписи. В Вашем случае — в sig-файле содержится не только подпись, но и подписываемый файл. Это видно по размерам файлов.
2. Также файл подписи должен быть в DER-кодировке, а не в BASE64.
Источник
Проблемы с подписанием PDF документа установленной подписью #6
pavenkostanislav commented Sep 6, 2017 •
Сможете помочь с самим подписанием?
Не выполняется строчка:
let sSignedMessage = yield oSignedData.SignCades(oSigner, CADESCOM_CADES_X_LONG_TYPE_1);
Ошибка неустановленного корневого сертификата, но он установлен аж в 3 директориив личные с «Доверенные корневые центры сертификации» и «Доверенные лица»
A certificate chain could not be built to a trusted root authority. (0x800B010A)
The text was updated successfully, but these errors were encountered:
splincode commented Sep 6, 2017
Посмотрю, что можно сделать
pavenkostanislav commented Sep 6, 2017
splincode commented Sep 7, 2017
Должны выполняться требования для сертификатов, которые участвуют в подписании (вашTSP и т.п.) — должны быть корневые сертификаты в доверенных корневых.
Посмотрите ответы здесь:
http://www.cryptopro.ru/forum2/default.aspx?g=posts&m=83361#post83361
Если используете тестовую службу: скачайте и установите тестовый корневой сертификат «Тестовый УЦ ООО «КРИПТО-ПРО»».
http://www.cryptopro.ru/forum2/default.aspx?g=posts&m=83398#post83398
pavenkostanislav commented Sep 7, 2017
Да спасибо. С тестовой службой подпись создалась, но теперь проблема в проверке её:
Сервер электронной подписи КриптоПро DSS
Результат проверки
Название документа spravka_soc_viplaty_09.08.2017.pdf.p7s
Подпись 1
Результат проверки
Подпись не действительна
Дополнительная информация
Не удалось проверить подпись CAdES-XLT1. Ошибка: [Неправильное значение хеша]. Код: [0x80091007].Сообщение содержит неверную подпись.
Дополнительная информация о подписи
Формат подписи CAdES
Подпись в формате XLT1
Время подписи, полученное из штампа
9/7/2017 10:21:14 AM
Время подписи
9/7/2017 10:21:02 AM
Информация о сертификате
Субъект
C=RU, S=Нижегородская Область, L=Нижний Новгород, O=»ООО «»КазАУП»»», OU=Отдел разработки, CN=Stanislav, E=pavenko_sv@mail.ru
Издатель
CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, E=support@cryptopro.ru
Срок действия
07.09.2017 09:43:43 — 07.12.2017 09:53:43
splincode commented Sep 7, 2017
В принципе, ответы оставляют на форуме сотрудники КриптоПро, если что пишите сюда решение
pavenkostanislav commented Sep 7, 2017 •
Пока нет ответа
но с начала переписки в приципе какая-то подпись создалась и ошибки нет больше.
Вот только эта подпись не проходит проверку в Контуре.Крипто и даже в КриптоПро DSS
splincode commented Sep 7, 2017
Приложите документ и подпись
splincode commented Sep 7, 2017
pavenkostanislav commented Sep 7, 2017 •
sign.zip
Вот так лучше всего. не все форматы можно добавлять
pavenkostanislav commented Sep 7, 2017 •
Если код подписания выглядит так:
Ключевое отличие тут:
//let byteCharacters: string;
//if (this.crypto.isChromium) <
// byteCharacters = window.atob(b64Data);
//> else <
// byteCharacters = Base64.decode(b64Data);
//>
splincode commented Sep 7, 2017
Это рабочая версия? Надо будет добавить код в основной репозиторий, когда появится новая версия, я обязательно вам пришли, чтобы вы сделали pull request
pavenkostanislav commented Sep 7, 2017 •
Ну как рабочая. Сертификат проверку не проходит
вырезка из рабочего проекта тут pavenkostanislav/GetingCertificatesList можно посмотреть, но если честно я его не компилил.
splincode commented Sep 7, 2017
подпись не проходит проверку.
Хеш указанного файла:
CB AE CB 61 1C 3B F9 6A 8E B1 63 B3 CE E7 EA D5 05 1F A4 C1 9B EF 15 FB 98 64 1F 3D 0C BB 84 C3
а в p7s прохешировано было что-то «другое»:
64 D5 52 BF 80 B9 0E B1 C9 3D 29 83 5D 54 D5 57 0C F4 B0 45 9B 92 D9 79 D9 43 13 05 81 BB 2B FF
- ASN.1 анализатор выдал 1 предупреждение и 1 ошибку.
позиция:
3300 0: [0] Error: Object has zero length.
3302 15: GeneralizedTime 07/09/2017 07:21:15 GMT
Warning: Further data follows ASN.1 data at position 10798.
pavenkostanislav commented Sep 7, 2017 •
Ну для начала спасибо.
Но мне бы больше информации.
Я тем же путём создавал прикреплённую подпись — всё проходит проверку
Ещё ошибку пофиксил:
oSignedData.Content = dataToSign.replace(‘data:application/pdf;base64,’, »);
pavenkostanislav commented Sep 8, 2017 •
Доброе время суток, уже близок к усуществению отсоединённой подписи, присоединённая уже получается и проходит проверку на сайте Сервер электронной подписи КриптоПро DSS.
Возможно Вы сможете помочь с решением вопроса: «Отсоединённой подпись не проходит проверку, а присоединённая подпись проходит»
Вот этим кодом я делаю подпись:
Источник
Cades bes ошибка неправильное значение хеша код 0x80091007 сообщение содержит неверную подпись
Ошибки в работе КриптоПро браузер плагин
Что делать, если не работает КриптоПро ЭЦП Browser plug-in
При использовании КриптоПро ЭЦП Browser plug-in могут возникать ошибки, приводящие к тому, что плагин не работает или работает некорректно, из-за чего электронная подпись не создаётся. Рассмотрим наиболее распространённые варианты ошибок и разберёмся, как их устранить.
При проверке отображается статус «Плагин загружен», но нет информации о криптопровайдере
Это значит, что криптопровайдер КриптоПро CSP не установлен. Необходимо загрузить дистрибутив программы с сайта разработчика и установить её на компьютер. В настройках плагина в графу Список доверенных узлов также следует добавить адрес ресурса, с которым работаете (например, nalog. ru).
Не удаётся построить цепочку сертификатов для доверенного корневого центра. (0x800B010A)
При этой ошибке плагин не может сформировать запрос на создание ЭЦП. Она возникает, если по каким-то причинам нет возможности проверить статус сертификата. Например, если нет привязки к ключу или доступа к спискам отзыва. Также проблема может воспроизводиться, если не установлены корневые сертификаты.
Для устранения этой ошибки нужно привязать сертификат к закрытому ключу.
Сначала проверьте, строится ли цепочка доверия. Для этого нужно открыть файл сертификата, а затем вкладку Путь сертификации.
Если на значке сертификата отображается крест, это означает, что цепочка доверия не строится. В этом случае необходимо скачать и установить корневые и промежуточные сертификаты. Они должны быть доступны для загрузки на сайте удостоверяющего центра, который выпустил сертификат на ваше имя.
Для установки корневого сертификата необходимо:
Установка промежуточных сертификатов выполняется точно так же, как и установка корневых, за исключением того, что в процессе установки вместо пункта Доверенные корневые центры сертификации нужно выбрать пункт Промежуточные центры сертификации.
Если вы создаёте ЭЦП таких форматов, как CAdES-T или CAdES-X Long Type 1, ошибка может возникать из-за отсутствия доверия к сертификату оператора службы предоставления штампов времени. В этой ситуации нужно установить корневой сертификат УЦ в доверенные корневые центры.
ЭЦП создаётся с ошибкой при проверке цепочки сертификатов
Данная проблема возникает из-за отсутствия доступа к спискам отозванных сертификатов. Списки должны быть доступны для загрузки на сайте удостоверяющего центра, который выпустил сертификат ЭЦП. Установка списков выполняется по той же схеме, что и установка промежуточного сертификата.
Ошибка несоответствия версии плагина
Появляется сообщение «Плагин недоступен»
Данная проблема может возникнуть, если ваш браузер не поддерживает установленную версию плагина. Попробуйте воспользоваться другим обозревателем.
Ошибки 0x8007064A и 0x8007065B
Ошибка возникает в связи с окончанием срока действия лицензий на КриптоПро CSP (КриптоПро TSP Client 2.0, Криптопро OCSP Client 2.0).
Чтобы создать электронную подпись с форматом CAdES-BES, необходима действующая лицензия на КриптоПро CSP. Создание ЭЦП с форматом CAdES-X Long Type 1 потребует наличия действующих лицензий:
После приобретения лицензии потребуется её активация.
Набор ключей не существует (0x80090016)
Возникает из-за того, что у браузера нет прав для выполнения операции. Для решения проблемы в настройках плагина добавьте сайт в Список доверенных узлов.
Отказано в доступе (0x80090010)
Возникает в связи с истечением срока действия закрытого ключа. Чтобы проверить срок действия, запустите Крипто-Про CSP, затем откройте вкладку Сервис. Далее необходимо выбрать пункт Протестировать и указать контейнер с закрытым ключом. Если в результатах тестирования вы увидите, что срок действия закрытого ключа истёк, необходимо получить новый ключ.
Ошибка: Invalid algorithm specified. (0x80090008)
Появление такой ошибки означает, что криптопровайдер не поддерживает алгоритм используемого сертификата. Рекомендуется проверить актуальность версии КриптоПро CSP.
Если предлагаемые выше способы устранения ошибок не помогут, рекомендуем обратиться в службу поддержки КриптоПро.
У вас ещё нет электронной подписи? Её можно заказать у нас на сайте. Выберите подходящий вариант ЭЦП: для участия в электронных торгах, работы с порталами или отчётности. Процедура оформления не займёт больше одного дня.
Подпись ошибка 0x80090010 отказано в доступе КриптоПро – решение
Сегодня разберем проблему с подписью в КриптоПро, а конкретнее строчку в отчете “ошибка 0x80090010 отказано в доступе”. Поговорим чем вызван этот сбой в СУФД, дадим общие рекомендации по обновлению программы. В конце статьи оставим инструкцию как же все такие подписать документы, если ключ просрочен, а отправить отчет нужно.
Ошибка подписи. CryptSignMessage: Отказано в доступе
Отправляясь тестировать контейнер первым делом получаем отчет с ошибкой вот такого содержания:
Ошибка 0x80090010 отказано в доступе
Для начала проверьте версию КриптоПРО CSP. Если версия стабильная и рабочая – оставляем, если помимо этого сбоя присутствую другие ошибки – версию программы лучше обновить на будущее.
Ошибка 0x80090010 отказано в доступе – означает что просрочена версия открытого или закрытого ключа. Создавая запрос на выдачу сертификата для генерации ключей, мы несём необходимые бумаги для выдачи подписи через несколько недель. Контроль будет осуществляться с даты создания запроса. Тут мы используем лайфхак, об этом ниже, а для начала мы протестируем контейнер.
Проверяем контейнер
Для проверки контейнера проделаем стандартные операции перечисленные ниже:
Проверка завершилась с ошибкой
Срок действия закрытого ключа истек
Срок действия закрытого ключа истек
Еще раз – ошибка подписи 0x80090010 всегда означает что истек срок действия закрытого ключа.
Как подписать документы?
Тут придется прибегнуть к маленькой хитрости, которая работала раньше во многих программах схожего типа – поменять системную дату на срок действия системного ключа:
Настройка даты и времени
После этого можно выдохнуть, заварить чашечку крепкого кофе… И начать готовить документы и оформлять заявку для оформления нового сертификата.
Заключение
Напишите нам в комментариях помогла ли вам данная инструкция побороть проблему отказа доступа в КриптоПро. Если статья была полезна – делитесь ссылками в соцсетях, так вы поможете другим пользователям с аналогичной проблемой. Задавайте другие вопросы о других программах, которые работают с ошибками или вызывают вопросы.
Евгений Загорский
IT специалист. Автор информационных статей на тему Андроид смартфонов и IOS смартфонов. Эксперт в области решения проблем с компьютерами и программами: установка, настройка, обзоры, советы по безопасности ваших устройств. В свободное время занимается дизайном и разработкой сайтов.
Источник
Adblock
detector