none
Signing cannot be completed due to problems applying the required timestamp. Check your network connection.

    Question

  • We presently use an internal PKI (ADCS) to issue user certificates so that internally we can sign word and pdf documents. We mostly have Office 2010. Users have been able to digitally sign documents for about 2 years but recently some of the users are not able to sign word documents anymore. I have narrowed the problem to Office 2010 (not 2013 or O365

    Users continually get "A timestamp cannot be added to your Signature because the timestamp server is not available. Please check your your network connection and try again." or "Signing cannot be completed due to problems applying the required timestamp. Check your network connection.". Which version of the error I get depends on mimimum XAdES

    We do use a proxy, however Office 2013/O365 users are using the same timeservers and working fine.

    I use group policy to push out the below settings:

    [HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Signatures]
    "XAdESLevel"=dword:00000002
    "TSALocation"="http://sha256timestamp.ws.symantec.com/sha256/timestamp"
    "MinXAdESLevel"=dword:00000002
    "timestamphashalg"="sha256"
    "signaturehashalg"="sha256"

    I have had users switch to a computer with Office 2013 on it and it works perfect.I also switched the timestamp server and it did not help. Uninstalling 2010 and putting 2013 on it results in success. 

    Duplicate post:

    https://answers.microsoft.com/en-us/msoffice/forum/all/office-2010-digital-signature-timestamp/20013acb-d703-400a-8cdd-1da2c3ea8dc2

    Friday, January 11, 2019 7:52 PM

Answers

  • Ok, So I figured it out.  Someone removed the double http:// (see below pic) part in the Group Policy, and even thought I had tried manually changing the registy setting from sha256timestamp.ws.symantec.com/sha256/timestamp to http://sha256timestamp.ws.symantec.com/sha256/timestamp, it must have needed a restart to actually apply the setting.  Upon restarting the group policy would reapply and I would end up with sha256timestamp.ws.symantec.com/sha256/timestamp (without the http:// again.)

    • Marked as answer by BHeshka Tuesday, January 15, 2019 6:02 PM
    Tuesday, January 15, 2019 6:02 PM

All replies

  • Hi BHeshka,

    Based on the error description, it seems that there is some problems for your time stamp server. Please check if there is any group policy settings for the time stamp server. To check it, please go to the following registry path:

    HKEY_CURRENT_USER\software\policies\microsoft\office\14.0\common\signatures

    Check the TSALocation settings. Make sure it is an available time stamp server in your environment.


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact: tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Office 2019.

    • Marked as answer by BHeshka Tuesday, January 15, 2019 6:02 PM
    • Unmarked as answer by BHeshka Tuesday, January 15, 2019 6:02 PM
    Monday, January 14, 2019 10:55 AM
    Moderator
  • Ok, So I figured it out.  Someone removed the double http:// (see below pic) part in the Group Policy, and even thought I had tried manually changing the registy setting from sha256timestamp.ws.symantec.com/sha256/timestamp to http://sha256timestamp.ws.symantec.com/sha256/timestamp, it must have needed a restart to actually apply the setting.  Upon restarting the group policy would reapply and I would end up with sha256timestamp.ws.symantec.com/sha256/timestamp (without the http:// again.)

    • Marked as answer by BHeshka Tuesday, January 15, 2019 6:02 PM
    Tuesday, January 15, 2019 6:02 PM