Accessing DoD Enterprise Email, AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer



Similar documents
Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge (Windows 10) on your Windows computer

Presented by: Michael J. Danberry. Last Revision / review: 07 October ActivClient download locations:


AKO Shutdown Quick Reference Guide

Use of Common Access Cards (CACs) from Home on Windows 7 without Middleware

Tactics, Techniques, & Procedures (TTP) Dual Persona Personal Identity Verification (PIV) Authorization Certificate

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

Accessing CAC-Restricted Sites From Home

HRC Advanced Citrix Troubleshooting Guide. Remove all Citrix Instances from the Registry

CONNECT-TO-CHOP USER GUIDE

ATTENTION: End users should take note that Main Line Health has not verified within a Citrix

Optimal Browser Settings for Internet Explorer Running on Microsoft Windows

SENDING AND RECEIVING PROTECTED INFORMATION VIA ELECTRONIC MAIL. Naval Medical Center Portsmouth IMD Training Division

Outlook Web Access 2003 Remote User Guide

Help Desk. M S C o E Lifelong Learning Center. BlackBoard Quick Start Guide (877)

Internet Explorer 10/11 Settings

isupplier PORTAL ACCESS SYSTEM REQUIREMENTS

Passport Installation. Windows XP + Internet Explorer 8

Frequently Asked Questions for logging in to Online Banking

Wireless Network Configuration Guide

Authorware Install Directions for IE in Windows Vista, Windows 7, and Windows 8

Citrix Web Client Installation and CAC Registration Guide

Lab: Data Backup and Recovery in Windows XP

RAPIDS Self Service User Guide

Defense Logistics Agency. Virtual Desktop: User Guide

CITRIX TROUBLESHOOTING TIPS

DMDC Learning Site. DMDC LMS User Guide. November 2012

Microsoft Windows Installation and Troubleshooting Guide

PC Troubleshooting Steps

Passport Installation. Windows 8 + Internet Explorer 10

Lab - Data Backup and Recovery in Windows XP

Internet Explorer Browser Clean-up

Welcome to ncrypted Cloud!... 4 Getting Started Register for ncrypted Cloud Getting Started Download ncrypted Cloud...

LIW PORTAL FREQUENTLY ASKED QUESTIONS (FAQs)

Select Correct USB Driver

Cloud Web Portal User Guide Version 2.0

XCM Internet Explorer Settings

How to Update your Information in the DoD Enterprise (DEE), Global Address List (GAL). Army users know it as Enterprise

FileBound: Internet Settings & Requirements

User Registration Tutorial

Citrix Client Installation

Seagate Manager. User Guide. For Use With Your FreeAgent TM Drive. Seagate Manager User Guide for Use With Your FreeAgent Drive 1

MEDIA SHARE Set Up Guide for PCs with Windows XP

Windows XP Pro: Basics 1

For paid computer support call

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

Connecting to an ASU computer with Remote Desktop

Internet Explorer 7 and Internet Explorer 8 Browser Security Settings

Virtual Office Remote Installation Guide

Montefiore Portal Quick Reference Guide

DIGITAL CERTIFICATE INSTALLATION MANUAL

Mac OS X User Manual Version 2.0

RBackup Server Installation and Setup Instructions and Worksheet. Read and comply with Installation Prerequisites (In this document)

Connecting to HomeRun over the Web

Cognos 10 Getting Started with Internet Explorer and Windows 7

EMMA Application v. 4.9 User Manual

Generating an Apple Push Notification Service Certificate for use with GO!Enterprise MDM. This guide provides information on...

Welcome to ncrypted Cloud!

Updating the BIOS and BMC on the FreeNAS Mini

CLIENT PORTAL USER GUIDE

APNS Certificate generating and installation

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

IT Quick Reference Guides Using Windows 7

MED ACCESS USER INSTRUCTIONS FOR INSTALLING THE CITRIX RECEIVER FOR ACCESS TO ALBERTA NETCARE VIA PLB

XenApp/Citrix Program Neighborhood Installation

Phone: Fax: Box: 230

How to Borrow Library Books on your PC

USER MANUAL SlimComputer

...1 CITRIX REMOTE ACCESS WINDOWS TABLE OF CONTENTS...1 ADDING CITRIX.AKERMAN.COM AS A TRUSTED SITE TO INTERNET EXPLORER

Windows and MAC User Handbook Remote and Secure Connection Version /19/2013. User Handbook

SEZ SEZ Online Manual- DSC Signing with Java Applet. V Version 1.0 ersion 1.0

District 211 Technology. ipad Setup Instructions

Microsoft SQL Database

IMAP and SMTP Setup in Clients

Learning Management System (LMS) Quick Tips. Contents LMS REFERENCE GUIDE

Installation and Troubleshooting Guide for SSL-VPN CONNECTIONS Access

VPN User Guide. For Mac

Public Key Infrastructure (PKI) Technical Troubleshooting Guide

Instructions for Connecting to PACS outside of a Regional Facility

New Online Banking Guide for FIRST time Login

Mini Amazing Box Update for Windows XP with Microsoft Service Pack 2

Remote Access Enhancements

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

Installing VPN for PC v1.3

Downloading and Installing Interactive Reporting (Hyperion) Web Client

Intel Active Management Technology with System Defense Feature Quick Start Guide

Troubleshooting Sprint Mobile Broadband USB Modem by Novatel Wireless TM (Ovation TM U727)

Setting Up Your FTP Server

Below are the instructions for downloading the Dartfish Software Files from the website:

Mercy s Remote Access Instructions

How To Use A Pvpn On A Pc Or Mac Or Ipad (For Pc) With A Password Protected (For Mac) On A Network (For Windows) On Your Computer (For Ipad) On An Ipad Or Ipa

Q. The Phone Manager call banner disappears after being displayed for a couple of seconds...5 Q. The Phone Manager icon in the taskbar is blue and

VMware Horizon FLEX User Guide

Investment Management System. Connectivity Guide. IMS Connectivity Guide Page 1 of 11

Citrix Client Install Instructions

How To Configure An Activcard Smart Card With An Hp Powerbook On A Pc Or Ipa (Powerbook) On A Powerbook 2 (Powercard) On An Hpla 2 (Ahemos) Or Powerbook (Power Card

client configuration guide. Business

Secure Message Center User Guide

Transcription:

Accessing DoD Enterprise Email, AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer Presented by: Michael J. Danberry Last Revision / review: 10 August 2016 Performing these fixes should fix most access problems. Personnel utilizing this guide without CACs should only skip the pages marked: This page is CAC Specific. CAC holders need to follow ALL slides. The most up to date version of this presentation can be found at: http://milcac.us/tweaks 1

To successfully access DoD websites, you MUST install the Department of Defense (DoD) certificates Download links and installation instructions for the InstallRoot file can be found on: https://militarycac.com/dodcerts.htm It will not harm your computer to run this file more than once If after installation of DoD certs you see There is a problem with this website s security certificate or see red certificate errors, follow this guide: https://militarycac.com/files/dodrootca2.pdf 2

Open Internet Explorer (IE) Make sure the page you are having problems accessing is NOT open in any tabs or another IE browser, Select Tools, or the gear You may also click the Alt & T keys on your computer keyboard Image from Internet Explorer 9, 10, & 11 3

Windows 10 users go to slide 5 4 Windows 8 / 8.1 users need to use the Internet Explorer from the Desktop taskbar (bottom of screen) NOT the one from the Start tiles

Select Internet Options after clicking the gear Windows 10 users [using Edge instead of IE] need to Right click the Windows logo in the lower left corner of screen, click Control Panel and select Internet Options (or Network and Internet, Internet Options). Now go to slide 7 to continue 5

You can also select Tools, Internet Options 6

Check the Delete browsing history on exit (box) (IE 11 users, See note below) and then click the Delete (button) NOTE: IE 11 users may have problems if you check this box. 7

Check the top 4 boxes, leave the rest unchecked, click Delete 8

Click Settings 9

Change this number to 50, click OK NOTE: This is my personal recommended size. Making it smaller will make your browser look for an updated page more often. The larger it is, the more web sites are being stored on your computer. 10

Click the Security (tab)(1), Trusted sites (green checkmark)(2), then Sites (button)(3) 2 1 3 11

Remove all websites that end in.mil from the Websites: box by clicking the listed website, selecting Remove, then clicking Close Exception: If you have an Oberthur 5.5 (or G&D FIPS 201) CAC on Windows 8.1 / 8 (NOT Windows 10 or 7), you may need to add websites to the zone (see Examples below - left). Examples for Oberthur 5.5 & G&D FIPS 201 CAC holders, type in, then click Add: https://*.mail.mil (Mail.mil) https://*.osd.mil (DTS) https://*.apps.mil (DCS) https://*.navy.mil (Navy sites) This is the Websites: box NOTE: Most Government owned computers will not let you access this area to make changes. NOTE2: Some people will argue that AKO should be in the trusted sites. Here s what I ve been able to deduce: it WAS needed with IE 6 & 7, however, if using: IE 8, 9, 10, or 11 you will be recycled to the AKO home page. So, IE 8, 9, 10, and 11 users REMOVE it. EXCEPT for Exception 12 above.

Click the Content (tab), Certificates (button) Click: Clear SSL state 13

Most people will only see 3 DOD certificates (2 with EMAIL and 1 without) under the Personal (tab) Issued By (column). If you see more than 3, look at slide 23 for further instructions. Dual CAC holders will see a 4th certificate once their PIV is activated. This page is CAC Specific 14

Click the Intermediate Certification Authorities (tab). First, verify you have DOD CA-27 through DOD ID SW CA-48 under the Issued To (column) (if you don t, go back to slide #2 and install the DoD Root Certificates again). Second, scroll down to below the DOD ID SW CA-48 and look for any of the certificates in the Certificates image below and any shown in the blue box. IF you see any of these certificates, select it, and click Remove. If you don t see it, select Close on this window and continue with this guide Issued To Issued By Expiration Common Policy Entrust Entrust VeriSign Digital ID Certificate Common Policy Common Policy Entrust Date is Expired - Cross Cert remover Automated file (you may need to run as administrator) to remove certificates Listed above (same as slide 2): Download from MilitaryCAC (3 MAR 16 version) Download from DISA (3 MAR 16 version) Another way to remove the certificates utilizing certmgr.msc This guide can be used if the method above doesn t work for you. Information about the Cross Cert Remover 15

Click the Connections (tab)(1), LAN settings (button)(2), make sure none of the boxes are checked(3) (Personal Computers only), click OK 1 2 3 16

Click the Advanced (tab), scroll to the bottom of the list, make sure that only TLS 1.0, 1.1, & 1.2 (see NOTE2 below) are checked. SSL 2.0 & 3.0 are NOT checked NOTE: If you are receiving the error: Error 107 (net::err SSL PROTOCOL ERROR): SSL protocol error or Unknown error you might need to leave SSL 2 checked. Very rare now NOTE: Windows XP and Vista users will not see TLS 1.1 & 1.2, they are only seen on Windows 7 and above NOTE: Some computers refuse to leave TLS 1.0 checked and SSL 2.0 unchecked. If this happens, click the Reset (button). NOTE2: The Air Force AROWS, Navy NROWS, Army s MilSuite & ALMS Websites may need TLS 1.1 & 1.2 unchecked to be accessed. So, if you are having problems with some sites, uncheck these and try again. 17

When using Edge in Windows 10, select (More), then select Open with Internet Explorer More 18

Compatibility View is necessary when using IE 10-11 to access some government websites like: OWA / Webmail, NKO, DTS, Army Reserve Citrix / RAP, ALMS, and others Look for the torn paper icon and click it (IE 10 only) Internet Explorer 11 users will not see the torn paper. You need to Click Tools (or Alt & T keys on your keyboard), Compatibility View Settings, and enter: army.mil, osd.mil, navy.mil, and apps.mil in the Add this website: box. Click Add, then Close The next slide shows images how to do this Further information regarding this issue can be read on Microsoft.com http://support.microsoft.com/kb/2866064 19

Reasons to do this: -------- The website worked before, but not now -------- Internet Explorer 11 is your browser -------- Add website to compatibility view An easy way to add the site is to go to the website then click Compatibility View settings. The correct website should be automatically inserted into the Add this website (box). DoD Enterprise Email may need mail.mil added -DTS may need osd.mil added -Army Reserve Remote Access Portal (Citrix), ALMS, and some other Army websites need army.mil added -DCS (DCO replacement) needs apps.mil added -Navy personnel need navy.mil added -Air Force AROWS need af.mil added army.mil Mail.mil osd.mil army.mil apps.mil navy.mil af.mil Internet Explorer 11 Compatibility View with Windows 7, 8, 8.1, and 10 20

If you are still having issues, uncheck "Enable Enhanced Protected Mode* This is sometimes needed to sign evaluations on EES (Army s OER / NCOER system). https://evaluations.hrc.army.mil More information available at https://militarycac.com/ees.htm To try this option, Click Tools, Internet Options, Advanced (tab) INFORMATION: Running Enhanced Protected Mode* helps prevent attackers from installing software or modifying system settings if they manage to run exploit code. It is an extra layer of protection that locks down parts of your system that your browser ordinarily doesn t need to use. - Unfortunately it blocks access and functionality to / on some DoD websites like HRC s EES. 21

If the previous adjustments did not work, select Reset at the bottom of the Advanced (tab), AND what you see on the next page 22

You may need to Remove your certificates (see slide 14 for instructions on how to get to this location). Dual persona personnel will have 4 certs after they have activated their PIV certificate. NOTE2: You will receive a message stating: You cannot decrypt data encrypted using the certificates. Select: Yes This page is CAC Specific NOTE: Removing certs and your CAC, then reinserting CAC is a way to test if your reader and middleware are working properly. 23

Your certificates should automatically be available to Windows when you remove and reinsert your CAC into the reader, however If you have ActivClient 6.2.0.x installed.. You can double click the ActivClient icon (by your clock in the lower right corner of your screen) now go to slide 26 If you don t see it there: Windows Vista & 7 users can Click Start / Windows logo, All Programs, ActivIdentity, ActivClient, User Console. Now go to next slide Windows 7, 8 / 8.1, & 10 native users will not see an ActivClient icon, since you are not using it. This page is CAC Specific 24

Forget state for all cards in ActivClient 6.2.0.x, this helps Dual CAC holders immediately after a PIV activation Click Tools, Advanced, Forget state for all cards (twice) DOE.JOHN.ANDREW.1111111111 s Make Certificates available to Windows... Forget state for all cards Go to next page to Make Certificates available to Windows This page is CAC Specific 25

How to make your certificates available to Windows when using ActivClient 6.2.0.x Click Tools, Advanced, Make Certificates available to Windows DOE.JOHN.ANDREW.1111111111 s You should see this message This page is CAC Specific 26

Try these additional items if you are still having issues: Try using the 32 bit version of Internet Explorer (if you have 64 bit Windows) Please know that IE runs in 32 bit mode by default if you are using IE 10 or IE 11 in Windows 7, 8 / 8.1, & 10 NOTE: In some occasions, your time on your computer may be off by more than the server s 5 minute limit. Please check your clock and time zone. Try logging into a CAC enabled DoD website with your CAC, it should now work If all of the previous ideas did not work, please visit: https://militarycac.com/cacdrivers.htm to start troubleshooting your CAC reader 27

Presentation created and maintained by: Michael J. Danberry https://militarycac.com If you still have questions, visit: https://militarycac.com/questions.htm 28