The first day
On Windows 7 x64, Virtual Box (versions 4 and 5) with the Extension Pack and CryptoPro CSP (CryptoPro CSP 3.6 R4 for Windows) were installed together.
When launching a virtual machine through Virtual Box, the system crashed into a blue screen. The reason is that CryptoPro CSP and Virtual Box cannot work together.
To avoid a blue screen when starting a virtual machine, VirtualBox removed CryptoPro CSP and rebooted the computer. The solution is temporary, I could not figure out how to make the two products friends, and VirtualBox was more needed than CryptoPro.
Helped to contact VirtualBox + CryptoPro \u003d\u003d BSOD message on the forum:
There is also a discussion on the Crypto Pro forum:
Reports from blueScreenView program:
| Bug Check String | SYSTEM_SERVICE_EXCEPTION |
| Bug Check Code | 0x0000003b |
| Parameter 1 | 00000000`c0000005 |
| Parameter 2 | fffff800`032735af |
| Parameter 3 | fffff880`0412eb90 |
| Parameter 4 | 00000000`00000000 |
| Caused By Driver | ntoskrnl.exe |
| Caused By Address | ntoskrnl.exe + 73c40 |
| File Description | NT Kernel & System |
| File Version | |
| Major Version | 15 |
| Minor Version | 7601 |
================
Second day
I connected a second monitor to the first monitor using USB 3.0 VGA Adapter. The device model is Fresco Logic FL200 USB Display Adapter. If you connect the adapter before turning on the virtual machine, then the order. And if you connect the adapter while the Virtual Box virtual machine is running, the blue screen will appear again.
| Bug Check String | IRQL_NOT_LESS_OR_EQUAL |
| Bug Check Code | 0x0000000a |
| Parameter 1 | 00000000`00000088 |
| Parameter 2 | 00000000`00000002 |
| Parameter 3 | 00000000`00000001 |
| Parameter 4 | fffff800`032579e6 |
| Caused By Driver | ntoskrnl.exe |
| Caused By Address | ntoskrnl.exe + 73c00 |
| File Description | NT Kernel & System |
| File Version | 6.1.7601.19110 (win7sp1_gdr.151230-0600) |
| Major Version | 15 |
| Minor Version | 7601 |
A problem has been detected and Windows has been shut down to prevent damage to your computer. The problem seems to be caused by the following file: ntoskrnl.exe IRQL_NOT_LESS_OR_EQUAL Technical Information: *** STOP: 0x0000000a (0x0000000000000088, 0x0000000000000002, 0x0000000000000001, 0xfffff800032579e6) *** ntoskrnl.exe - Address 0xcrnl.exe - Address 0xcfffff8000 - Address 0xcfffff8000 - Address 0xcfffff8000
From what can be seen before the error, the Device Manager (HAL) reports that a new USB 2.0 device is connected, and then the system crashes. The device manager is wrong because a USB 3.0 device is connected to a USB 3.0 port.
Perhaps just a coincidence, two BSODs in a row. And the reason for the BSOD is in the implementation of drivers for the Fresco Logic FL200 USB Display Adapter.
But there is an assumption that the reason for the errors in the implementation of USB 2.0 / USB 3.0 support in VirtualBox. And special USB support comes with the Oracle VM VirtualBox Extension Pack installation.
I would not like to uninstall VirtualBox, sometimes it is necessary. And I can easily remove the Extension Pack. Hopefully after uninstalling VirtualBox Extension Pack there will be no more blue screens. And it will be possible to reinstall CryptoPro CSP 3.6 R4 for Windows and use two monitors.
Good day!. The last two days I had an interesting task of finding a solution to this situation, there is a physical or virtual server, on which the well-known CryptoPRO is probably installed on it. The server is connected which is used to sign documents for VTB24 DBO... Locally on Windows 10 everything works, but on the server platform Windows Server 2016 and 2012 R2, CryptoPro does not see the JaCarta key... Let's figure out what the problem is and how to fix it.
Description of the environment
There is a virtual machine on Vmware ESXi 6.5, Windows Server 2012 R2 is installed as the operating system. The server has CryptoPRO 4.0.9944, the latest version at the moment. A JaCarta dongle is connected from a network USB hub using USB over ip technology. Key in the system seen, but not in CryptoPRO.
Algorithm for solving problems with JaCarta
CryptoPRO very often causes various errors in Windows, a simple example (Windows installer service could not be accessed). This is how the situation looks when the CryptoPRO utility does not see the certificate in the container.
As you can see in the UTN Manager utility, the key is connected, it is seen in the system in smart cards as a Microsoft Usbccid (WUDF) device, but CryptoPRO does not detect this container and you have no way to install a certificate. The token was connected locally, everything was the same. They began to think what to do.
Possible reasons with container definition
- Firstly, this is a problem with the drivers, for example, in Windows Server 2012 R2, JaCarta should ideally be defined in the smart card list as JaCarta Usbccid Smartcard, not Microsoft Usbccid (WUDF)
- Secondly, if the device is seen as Microsoft Usbccid (WUDF), then the driver version may be outdated, and because of which your utilities will not detect the protected USB drive.
- Obsolete version of CryptoPRO
How to solve the problem that the cryptopro does not see the USB key?
We created a new virtual machine and began to install the software all sequentially.
Before installing any software that works with USB media containing certificates and private keys. Need to MANDATORY disable the token, if stuck locally, then disable it, if over the network, terminate the session
- First of all, we update your operating system with all available updates, since Microsoft fixes many errors and bugs, including drivers.
- The second point is, in the case of a physical server, install all the latest drivers on the motherboard and all peripheral equipment.
- Next, install the JaCarta Unified Client.
- Install the latest version of CryptoPRO
JaCarta PKI Single Client Installation
JaCarta Single Client is a special utility from the "Aladdin" company for the correct work with JaCarta tokens. You can download the latest version of this software product from the official website, or from my cloud, if suddenly it does not work out from the manufacturer's website.
Then you unpack the resulting archive and run the installation file for your Windows architecture, I have it 64-bit. Let's start installing the Jacarta driver. The single Jacarta client is very simple to install (REMINDER your token at the time of installation must be disabled). On the first window of the installation wizard, just click next.
We accept the license agreement and click "Next"
For the JaCarta token drivers to work correctly, you just need to perform a standard installation.
If you choose "Custom installation", then be sure to check the boxes:
- JaCarta Drivers
- Support modules
- Support module for CryptoPRO
After a couple of seconds, Jacarta Unified Client is successfully installed.
Be sure to reboot the server or computer so that the system can see the latest drivers.
After installing JaCarta PKI, you need to install CryptoPRO, for this go to the official website.
https://www.cryptopro.ru/downloads
At the moment, the latest version of CryptoPro CSP is 4.0.9944. Run the installer, leave the "Install root certificates" checkbox and click "Install (Recommended)"
Installation of CryptoPRO will be performed in the background, after which you will see an offer to restart your browser, but I advise you to completely reboot.
After rebooting, plug in your JaCarta USB token. My connection is via the network, from the DIGI device, via. In the Anywhere View client, my Jacarta USB drive is successfully identified, but as Microsoft Usbccid (WUDF), and ideally should be identified as JaCarta Usbccid Smartcard, but you need to check anyway, since everything can work like that.
Opening the "Jacarta PKI Single Client" utility, the connected token was not found, so something is wrong with the drivers.
Microsoft Usbccid (WUDF) is a standard Microsoft driver that installs on various tokens by default, and it happens that everything works, but not always. The operating system is Windows by default, puts them in view of its architecture and settings, I personally don't need this at the moment. What we do is we need to uninstall the Microsoft Usbccid (WUDF) drivers and install the Jacarta media drivers.
Open Windows Device Manager, locate Smart Card Readers, click Microsoft Usbccid (WUDF) and select Properties. Go to the "Drivers" tab and click Uninstall
Agree to uninstall the Microsoft Usbccid (WUDF) driver.
You will be notified that a system reboot is required for the changes to take effect, we will definitely agree.
After rebooting the system, you can see the ARDS Jacarta device and drivers installed.
Open the device manager, you should see that now your device is defined as JaCarta Usbccid Smartcar and if you go into its properties, you will see that the jacarta smart card now uses the driver version 6.1.7601 from ALADDIN RDZAO, so it should be ...
If you open a single Jacarta client, you will see your electronic signature, which means that the smart card was detected normally.
We open CryptoPRO, and we see that the cryptopro does not see the certificate in the container, although all the drivers have been identified as needed. There is one more feature.
- In the RDP session, you will not see your token, only locally, this is how the token works, or I did not find how to fix it. You can try the recommendations to resolve the "Unable to connect to the smart card management service" error.
- You need to remove one checkbox in CryptoPRO
ALWAYS uncheck "Do not use outdated cipher suites" and reboot.
After these manipulations, CryptoPRO saw a certificate and the jacarta smart card became working, you can sign documents.
You can also see your JaCarta device in devices and printers,
If you, like me, have the jacarta token installed in a virtual machine, then you will have to install the certificate through the console of the virtual machine, and also give the rights to the person in charge. If this is a physical server, then there you will have to give rights to the management port, which also has a virtual console.
When you have installed all the drivers for Jacarta tokens, you can see the following error message when connecting via RDP and opening the "Jacarta PKI Single Client" utility:
- The smart card service is not started on the local machine. The architecture of the RDP session, developed by Microsoft, does not provide for the use of key media connected to the remote computer, therefore, in the RDP session, the remote computer uses the smart card service of the local computer. From this it follows that starting the smart card service inside an RDP session is not enough for normal operation.
- The smart card management service on the local computer is running, but is not available to the program inside the RDP session due to the Windows and / or RDP client settings. \\
How to fix the error "Unable to connect to smart card management service".
- Start the smart card service on the local machine from which you are initiating a remote access session. Configure it to start automatically at computer startup.
- Allow the use of local devices and resources during the remote session (in particular, smart cards). To do this, in the "Remote Desktop Connection" dialog in the parameters, select the "Local resources" tab, then in the "Local devices and resources" group, click the "More ..." button, and in the opened dialog select the "Smart cards" item and click "OK", then "Connect".
- Make sure the RDP connection settings are saved. By default they are saved in the Default.rdp file in the "My Documents" directory. Make sure that this file contains the line "redirectsmartcards: i: 1".
- Make sure that the group policy is not activated on the remote computer to which you are making an RDP connection
- [Computer Configuration \\ Administrative Templates \\ Windows Components \\ Remote Desktop Services \\ Remote Desktop Session Host \\ Device and Resource Redirection \\ Do Not Allow Smart Card Reader Redirection]. If it is enabled (Enabled), then disable it, and restart the computer. - If you have Windows 7 SP1 or Windows 2008 R2 SP1 installed and you are using RDC 8.1 to connect to computers running Windows 8 and higher, then you need to install an update for the operating system https://support.microsoft.com/en-us/ kb / 2913751
Such was the troubleshooting for setting up the Jacarta token, CryptoPRO on the terminal server, for signing documents in VTB24 DBO. If you have any comments or corrections, then write them in the comments.
Stage 1. Passage of testing (interaction with the test contour of the GIS GMP) # The address of the GIS GMP test service:
gisgmp.wsdlLocation \u003d http: //213.59.255.182: 7777 / gateway / services / SID0003663? wsdl
gisgmp.wsdlLocation.endPoint \u003d http: //213.59.255.182: 7777 / gateway / services / SID0003663
This address is registered in the settings of the joint venture. Additionally, it is required to register in the logging settings file, specifying the value
After unloading, you need to check the status using the "Request processing status" action. Then the ED Details of the payment is transferred to the status "Accepted by GIS GMP" - ...
Given: MSG table (messages) with many entries.
CREATETABLEmsg (idINTEGERNOTNULLPRIMARYKEY, descriptionCHAR (50) NOTNULL, date_createDATE);
A task:
It is necessary to clear the table of data /
Decision: There are several ways to solve this problem. Below is a description and an example of each of them.
The easiest way ( first option) - execution of the record delete operator. When you execute it, you will see the result (how many records were deleted). A handy thing when you need to know exactly and understand whether the correct data has been deleted. BUT has disadvantages over other options for solving the problem.
DELETE FROMmsg; - Delete all rows in the table - Delete all lines with the creation date "2019.02.01" DELETE FROMmsg WHEREdate_create \u003d "2019.02.01";
Second option... Operator use
Wi-Fi
