lk.budget.gov.ru/udu-webcenter- if you have landed on this page, it means that you tried to log in to your personal account of the Electronic Budget, but could not do it.
Why? Let's try to answer the question.
1. First of all, we check whether you also have the Jinn and TLS Continent programs installed (At the time of this writing, version 1.0.920.0 was installed). I advise you to immediately switch to
2. - The main reason why you could not enter the Electronic Budget when all the programs necessary for work are installed is not a configured browser (Mozilla Firefox, Internet Explorer, Google Chrome, Opera). Let's look at the example of popular browsers for working in EB.
Browser settings for working in the E-Budget after switching to the TLS 2.0 Continent are not required!!!
I advise you to set everything to Internet Explorer!!!
a) Internet Explorer
1. Open the properties of the web browser.
2. Go to the "Connections" tab.
3. Press the "Network settings" button.
4. In the "Proxy server" section, set the fields Address: 127.0.0.1, Port: 8080.
5. Press the OK button.
6. Go to the "Security" tab.
7. Select a zone for setting "Trusted Sites".
8. Press the "Sites" button.
9. In the "Trusted Sites" window, uncheck the box "All sites in this zone require server verification (https:)".
10. In the "Add the next node to the zone" field, set the value "http://lk.budget.gov.ru" and click the "Add" button.
11. In the "Trusted Sites" window, click the "Close" button.
12. In the "Internet Options" window, click the "OK" button.
b) Google Chrome
1. Open web browser settings.
2. Go down the settings window and activate the link "Show advanced settings".
3. Click the "Change proxy server settings" button.
4. Repeat steps 4-12 of section "a) Internet Explorer".
c) Mozilla Firefox
1. Open the "Tools" menu and select "Settings".
2. Go to the "Additional" section on the "Network" tab.
3. In the “Connection” settings section, click the “Configure…” button.
4. In the connection parameters window that opens, set the "Manual proxy service configuration" value.
5. Set the values of the HTTP proxy fields: 127.0.0.1; Port: 8080.
6. Press the OK button.
7. In the "Settings" window, click the "OK" button.
d) Opera
1. Open the Settings\General settings menu.
2. Go to the "Advanced" tab, select the "Network" settings section.
3. Click the "Proxy servers..." button.
4. In the connection parameters window that opens, set the value "Manually configure proxy server".
5. For the HTTP protocol, set the values of the proxy server fields: 127.0.0.1; Port: 8080.
6. Set the value to "Use a proxy server for all protocols".
A new series of exciting adventures with your favorite EDMS budget.gov.ru. Validation failed or not avaliable yet error. When signing a document, when choosing a signature, signatures in the TLS Continent or Jinn-Client are not visible. But they are in Windows certificates and when you select them, EB shows you hieroglyphs and laughs in your face, and the jinn client goes into an endless loop when signing.
On the flash drive does not see at all. 
Jinn-Client writes bad things about you in hieroglyphs.
Did you think the problems were finally over? And they have just begun. You have switched to set up the TLS continent and CryptoPro and are already going to your personal account at lk2012.budget.gov.ru.
Let's start with - validation failed or not avaliable yet.
The error is quite simple and does not always happen, it concerns a stray called eXtended Container. It seems to be bundled with Continent TLS client 2.0.14, but not in the form expected by Jinn-Client. We go to the installation and removal of programs, we find eXtanded Container 1.0.2.2 or similar. We put eXtanded Container 1.0.2.2 from the set of the client Jin that you have, there should be a key in the same place.
If there is no key, this one will probably pass. Klats.
license key E6FV-00BC-CLDE-00BC-0A49-0000-0009
In programs and components there will be something like XC. Then the validation failed or not avaliable yet error might disappear.
Jinn-Client shows hieroglyphs when signing and hangs or there are no signatures in the list on the flash drive.
This problem only affects GOST 2012 signatures and occurs in lk2012.budget.gov.ru . As far as I understand, this is connected with the fact that the Treasury issued signatures according to GOST 2012, but not quite the same. Maybe the problem won't show up next time.
By the way, do you know where to look for what GOST your signature has?
This is how the signature with GOST2012 looks like, obviously for 2001 this section will have GOST 2001 But now something must be done. Decisively download the converter for signatures there are instructions. If we do not trust me, we go to the site, read, download. You don't need to put anything. Unpack the archive, run the .exe file. If cryptopro signatures are set correctly in the window that appears, there will be a choice of all signatures with notes of who is which guest (if there are problems with CryptoPRO, I recommend).
It is important that when converting you will be asked to set a password even if it was not there. You can’t refuse, at least a gap will do. Click next and choose which flash drive to bury the signature on. Two files named TE.cer and TEcont.p15 will appear. You can’t rename them and, as a result, you can’t cram two signatures into one flash. If anyone knows how to do this, I will be grateful for the answer in the comments.
Well, when signing the document, do not forget to set your password in the Jinn Client in the field - Password of the cryptocontainer. As for the “remember” checkbox, I’m not sure, because the devil knows where to press it later if anything.
Here they are, below.
Actually, that's all, on this Jinn Client should stop showing you hieroglyphs. We are enjoying life and waiting for new setups from Major Payne.
Another federal hemorrhoids crept up as planned, and as always... The instruction sent by e-mail (with a request "incognito") will be taken as the basis, supplemented by my lyrics and notes. Because we've got it all working. By analogy with purchases in ⇒ Cloud threw in everything you might need.
Lyrics and additions are also important, read from cover to cover.
introductory . We have everything set up to work through Internet Explorer version 11 and the KES 10 antivirus is installed. After the ransomware epidemic, we had to disable the Firewall and now we work through the Windows Firewall. No settings were made in the "fire wall", EB-2012 works without problems. But I will show the settings for KES 10 later. Internet Explorer 11 can be downloaded from ⇒ Yandex.
So let's go...
Item #1
. Remove all versions of Jinn-Client and Continent TLS (if installed before). Reboot.
Lyrics. If you do not need any "self-written" departmental software, I recommend that you also run the registry with the utility ccleaner. And clean until it gives out "No Errors". If there is VirtualBox - there will be errors only from it. Reboot.
Item #2 . Remove Extended Container (if installed before). Reboot.
Lyrics. I did not figure out how to remove it, it remained in the system - this did not affect the final result. In extreme cases, you can simply then put a fresh one on top. Here we may need the Microsoft Visual C ++ libraries (which I put in a separate folder).
Information. Our Treasury was silent this time, and I searched for all the software on my own and installed it according to instructions from the forums. Ultimately, Extended Container is not from the "official" distribution, but version 1.0.2.2 (folder "eXtendedContainer" in the Cloud).
Item #3 . Install Mozilla Firefox 63.0.1 (32-bit) browser, you can upgrade over the old version.
Lyrics. Item completed, but it did not work, but configured through Firefox SUFD flew off. Got extra hemorrhoids. Internet Explorer 11- our everything! There's still a problem here. Firefox and Chrome are constantly updated, but the final security requirements have not been formed, .. and extensions crash and turn off ... Firefox ESR is also undergoing a stage of global changes ... In short, it's better not to touch it.
Item #4 . Install CRL for GOST-2012 (from admin to Trusted Roots on Local Computer). You can download fresh ones from crl.roskazna.ru.
For information. Different E-Budget certificates have different paths: crl.roskazna.ru and crl.roskazna.ru/crl/ . If suddenly the list turns out to be overdue, then you can try from a different address. Suddenly it leaks.
Lyrics. It was not necessary, because we already did all this crap with an unsuccessful attempt to install Continent-AP 3.7.7.651 (the computer was built on server hardware). I don’t know about the rest, but we rolled back to Continent-AP 3.6.90.4 and continue to work without problems (Continents ⇒ ). We are waiting for the normal version of Continent-AP 4.0.
But with GOST-2001 in the "Electronic budget" there were problems. And this paragraph will be useful both for general development and for solving the problem ... How can I find out where to get the CRL (aka "Certificate Revocation List")?
Click twice in Explorer on the problematic certificate. Go to the "Composition" tab and select the line "Revocation List Distribution Points (CRL)". Getting addresses... We launch any Internet browser and drive in the URL. If "empty" at all addresses, well, stillborn... :(
What we downloaded needs to be forced into the system. And so every time the list is no longer relevant... In the same Explorer, double-click on the downloaded file and select "Install ...":
And the most interesting thing is that the download paths are registered in TLS 2.0, but this c[puppy's mother]a writes that there is nothing at the specified address.
And for information: It turns out that certificates and private key containers are independent in terms of lifetime from each other. Those. the certificate may be up to date, but the document can no longer be signed...
Item #5 . We install the user's personal certificate through CryptoPro.
Item #6 . Log in to CryptoPro and set the checkboxes "Do not check the server certificate for revocation" and "Do not check the purpose of your own certificate" on the "TLS Settings" tab.
Item #7 . Install Continent TLS Client 2.0.1440. Reboot.
Lyrics. During the installation process, an access error may occur ... We have already gone through this before. You need to unlock the registry branch (right during the installation process), change the rights to change it. By default, the owner of the branch is "system", and the software is installed on behalf of the user. Since on computers of this level, users must be in "Administrators" (verified by practice), then we give access accordingly:
If the question arose, "What is shown in the picture above?" ... It's better not to go in yourself, but ask a person who knows what the "Windows Registry" is and how to work with it.
Item #8 . We are setting up the TLS Continent (see the manual on the site roskazna.ru, section "GIS-Electronic budget").
- lk2012.budget.gov.ru
- lk.budget.gov.ru
TLS settings:
Item #9 . Register TLS Continent.
- Win+R and type %PUBLIC%\\ContinentTLSClient\\
- Find PublicConfig.json file
- Open notepad for editing
- In the SerialNumber parameter, insert the value " in quotes test-50000"
- Restart TLS Continent.
Item #10 . We uninstall the Extended Container program through "Programs and Features" in the Control Panel. Reboot.
Lyrics. I did not complete this item. I did not understand why it should be removed, it does not interfere at all.
Item #11 . Install Jinn Client 1.0.3050 (serial number required). Reboot.
Lyrics. The Treasury issued version 1.0.1130.0 to us, this did not affect the performance in any way. We take the serial from the old version of the previously issued distribution.
Item #12 . Install Extended Container from the distribution with Jinn Client (requires a separate serial number).
Lyrics. I have no idea what serial number you are talking about. It didn't exist before. Perhaps it means the issued number in the fresh distribution. Unlike Jinn, there are no restrictions on the number of installations. The new Extended (version 1.0.2.2) was installed earlier in an attempt to solve the problem on its own.
Item #13 . We go to C:\Program Files\Secure Code\CSP\ and find the file csp_uninstal.exe. We launch it and remove the crypto provider from the Security Code. Reboot.
Item #14 . We go Install JinnSignExtensionProvider(for interoperability with Chrome and Firefox browsers).
Lyrics. I also missed this point, because we have Internet Explorer 11. I did not try it on Chrome, but Firefox did not work.
Item #15 . Install CadesPlugin (aka CryptoPro EDS Browser Plug-in).
Lyrics. You can download ⇒. Downloading the latest version. We register the site "http://lk2012.budget.gov.ru" in the plugin settings:
Item #16 . Setting up browsers:
- Internet Explorer: add to Trusted Sites - http://lk2012.budget.gov.ru And https://lk2012.budget.gov.ru
- Firefox: add the extension JinnSignExtension.xpi and disable the old proxy setting in the network settings (set to "No proxy")
- Chrome: add the JinnSignExtension extension (drag the folder with the extension to the extension installation window)
FURTHER something that was not in the instructions.
Create shortcuts on the desktop for both options (GOST-2001 and GOST-2012) by writing lines in the objects:
- "C:\Program Files\Internet Explorer\iexplore.exe" http://lk.budget.gov.ru/udu-webcenter
- "C:\Program Files\Internet Explorer\iexplore.exe" http://lk2012.budget.gov.ru/udu-webcenter
This is necessary so that the browser does not jump to the HTTPS protocol during operation.
Setting up Antivirus. The network recommends disabling the antivirus completely. Great joke, especially on a money management computer. Suggest settings for Kaspersky Endpoint Security 10. On other antiviruses, you need to create similar rules.
First, turn off traffic checking:
Then we add both versions (x86 and x64) of Internet Explorer to the program control exceptions:
Of course, this is not correct, but it is the lesser evil of all possible.
Keys will have to be converted. Downloading Private key converter and there is a file in the archive Readme.doc with installation instructions. For conversion, an additional flash drive is not needed, we do everything on the same one, we just add files with a new key format. The carrier will become universal. Both new keys and old ones are converted without problems.
User change has become much easier. Now you do not need to restart the service, just change the certificate in the "Default User Certificate" line in the TLS Continent settings.
Good luck in your difficult fight against federal portals!
When submitting reports in the Electronic Budget system, errors often occur. The experts of the journal Accounting in an institution have prepared a large memo with errors in the Electronic Budget and their step-by-step solution.
The memo is divided into several sections:
- Creation and editing of reporting forms;
- Import;
- Signing;
- Input and editing.
Creating and editing reporting forms
Most often, problems in GIIS Electronic budget arise with the creation and editing of reporting forms. In you will learn what to do with the following errors:
- When entering your personal account, the list form of documents is not displayed;
- When entering your personal account, button icons are not displayed;
- After the 1st day of the month reports in list form disappeared;
- The system displays an error: when creating or importing reports according to Instruction No. 33n, the chapter code was not filled;
- Unable to save report after making changes;
- Unable to load the text part of the explanatory note;
- Unable to repopulate reporting forms based on other reports;
- You must enter a filter to find the desired value;
- Compiled a form with zero indicators, the document is assigned a status
"Indicators are missing." The report does not change the status to "Submitted"; - The system gives an error: “The personal account was not found in the report f. 0503779";
- The form is in the "Control failed" status. You cannot edit the report. What to do with him?
- How to return a report with the status "Canceled"?
- Record control found an error that is valid;
- In form 0503769, the required account is not selected from the "Working Chart of Accounts" reference book;
- When you enter your personal account, there is no “Accounting and reporting” branch in the workplace;
- When you enter the menu "Formation and presentation of reports" in the list
there is no institution (AU or BU) of authority; - There is no "Approve" button for documents in the "Created with errors", "Created without errors" statuses.
Import
By importing in the memo you will find what to do with the following errors:
- The system gives errors when importing a report: “Document transformer not found”,
"Inconsistency in the number of fields in blocks TB=01, TB=02"; - The file is not loaded, and the system displays the message "Chapter code does not match";
- Unable to upload multiple reports on form 0503779 with different CFAs -
interferes with checking for uniqueness. When loading a new report with a different
KFO old is cancelled.
Signing
The memo also describes what to do with signing documents in different situations:
- The system gives an error when signing the reporting form "This user
cannot approve the document”;
in his absence? Reports have not yet been created;- The user signing the reports goes on vacation. How to sign reports
in his absence? The reports are already signed by one or more users.
Entering and editing
- The system gives an error when creating an entry in the directory "Settings
approval of reporting forms. When choosing a matching F.I.O
the user is absent or repeated several times; - The directory "Contractors" does not contain the required organization.
If you find an error in these lists that you encountered while working with the GIIS Electronic Budget, see and download the memo with the solution of these problems in
Setting up the E-budget workstation takes place in several stages, they are not complicated, but require care. We do everything according to the instructions for setting up an electronic budget. Short and to the point...
Electronic budget workplace setup
Root certificate e-budget
Create a key folder in My Documents to store downloaded certificates in this folder:
On the site http://roskazna.ru/gis/udostoveryayushhij-centr/kornevye-sertifikaty/ in the GIS menu -> Certification Authority -> Root certificates, you need to download " Root Certificate (Qualified)" (see figure), or if you received a flash drive with certificates, copy them from the Certificates folder.
Certificate Continent TLS VPN
The second certificate that you need to download is the TLS VPN Continent certificate, but I could not find it on the new roskazna website, so I put a link from my website. Download the Continent TLS VPN certificate to the key folder, we will need it later when we configure the Continent TLS client program.
Install the downloaded Root certificate (qualified) to work with the electronic budget.
In the START menu -> All Programs -> CRYPTO-PRO -> run the Certificates program.
Go to the Certificates item as shown in the figure below:
Go to the Action menu - All tasks - Import, the Certificate Import Wizard window will appear - Next - Overview - Find the downloaded Root certificate (qualified) in our case, it is located in My Documents in the key folder
If everything is done correctly, then the root certificate of the CA of the Federal Treasury will appear in the certificates folder.
Installation "Continent TLS Client" for working with electronic budget
Continent_tls_client_1.0.920.0 can be found on the internet.
Unpack the downloaded archive, go to the CD folder and run ContinentTLSSetup.exe
From the item, click on the Continent TLS Client KC2 and start the installation.
We accept the conditions
In the destination folder, leave by default
In the launch configurator window, check the box Run configurator after installation is complete.
During installation, the Service settings window will appear:
Address - specify lk.budget.gov.ru
Certificate - select the second certificate downloaded earlier in the key folder.
Click OK and complete the installation, Done.
Answer No to the prompt to restart the operating system.
Installing the electronic signature tool "Jinn-Client"
You can download the Jinn-Client program on the Internet.
Go to the folder Jinn-client - CD, run setup.exe
Click from the Jinn-Client list, the installation of the program starts
Ignore the error, click Continue, Next, accept the agreement and click Next.
Enter the issued license key
Set the default program, click Next
We complete the installation, answer the question about restarting the operating system No
Installing the module for working with the electronic signature "Cubesign"
If you need an archive with the program, write in the comments.
Run the installation file cubesign.msi
Setting up the Mozilla Firefox browser to work with the Electronic Budget.
1. Open the "Tools" menu and select "Settings".
2. Go to the "Advanced" section on the "Network" tab
3. In the “Connection” settings section, click the “Configure…” button.
4. In the connection parameters window that opens, set the value
"Manual configuration of the proxy service."
5. Set the values of the HTTP proxy fields: 127.0.0.1; Port: 8080.
6. Press the OK button.
7. In the "Settings" window, click the "OK" button.
Login to the personal account of the Electronic budget
A window will open with the choice of a certificate for entering the personal account of the Electronic Budget.
We select a certificate to enter the Personal Account of the Electronic Budget, if there is a password for the private part of the certificate, write and click OK, after which the Personal Account of the Electronic Budget will open.
ON Semiconductor Operational Amplifiers Imported Low Voltage Operational Amplifiers
Tips&Tricks in Adobe illustrator: Tricks in illustrator
Remove KGB spyware (KGB SPY) How to remove kgb spy if you forgot your password
The whole truth about multi-core processors
Tips&Tricks in Adobe illustrator: Tricks in illustrator