Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer

Similar documents
Accessing DoD Enterprise , AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer

Making DoD Enterprise , AKO, and other DoD websites work with Internet Explorer on your Windows computer.

SOF U OUTLOOK WEB ACCESS (OWA) AND SSL VPN HOME USERS MANUAL

Services Directorate Dual Persona User Guide for DoD Enterprise Portal Service Military Sealift Command Version September 8, 2016

Web CCaR Login Troubleshooting Guide

3. Close the window and all open Internet Explorer windows, then run the session again. Page 1 of 6. Downloaded from

Sub Rosa for ios. User Guide. Copyright Thursby Software Systems, Inc.

Wireless for Windows 7

How to Update your Information in the DoD Enterprise (DEE), Global Address List (GAL). Army users know it as Enterprise

Securewireless Windows 7 Setup Guide

Adobe Reader (AR) and Internet Explorer (IE) Browser Settings. Adobe Reader and Internet Explorer Browser settings

Managed Access Gateway Third-Party Credential User Guide August 2017

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

Republicbank.com Supported Browsers and Settings (Updated 03/12/13)

Wireless Installation Instructions for Windows Vista

How to Update your Information in the DoD Enterprise (DEE), Army users know it as mail.mil Global Address List (GAL)

Windows 8.1 and Windows 10 a) Connect to wireless network Click on the wireless icon in taskbar. Select detnsw and click on Connect.

Procedures and Steps for Receiving a New CAC at the Detroit Arsenal

DoD PKI Automatic Key Recovery

Microsoft Windows Encrypting File System (EFS) Certificate Migration from XP to VISTA (also works with Windows 7) Instruction Guide

The Ip address / Name value should be: srvvcenter-cis

TxEIS on Internet Explorer 8

Help Desk New Users Requester Guide

UMMS My Remote VPN Access Windows User Guide. In order to successfully use My Remote for VPN access, you will need the following:

Sophos UTM Web Application Firewall For: Microsoft Exchange Services

Rating Chain Tool. User s Guide. Version 4.2

Information Technology

Table of Content. Last updated: June 16th, 2015

Application Virtualization Hosting Environment

User Manual. Copyright Thursby Software Systems, Inc. February 2015 Revision 4

Instructions for Configuring Your Browser Settings and Online Security FAQ s

Web Browser Application Troubleshooting Guide. Table of Contents

Guardium UI Login using a Smart card

RNDC / NDC MicroStrategy Supplier Web Troubleshooting Guide

TxEIS System Requirements

Configuring Internet Explorer for CareLogic

Connection Manager Table of Contents

Introduction to Windows

Instructions For Configuring Your Browser Settings and Online Banking FAQ's

Lineup Configuration Guide

Learning Center Computer and Security Settings

FBCA Cross-Certificate Remover 1.11 User Guide

Mortgage Cadence System Minimum Requirements and Troubleshooting

Lobby Troubleshooting

Using Workspace ONE PIV-D Manager. VMware Workspace ONE UEM 1811 VMware Workspace ONE PIV-D Manager

This document describes the configuration of Secure Sockets Layer (SSL) decryption on the FirePOWER Module using ASDM (On-Box Management).

Centrify Infrastructure Services

How to Enable Images to display in various client programs

Learners Guide. Overview. Introduction. How do I log in to ecooper University? Welcome to the ecooper University Learners Guide!

BROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017

Adding and Applying a Digital Signature block in Word or Excel 2013

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Public Key Enabling Oracle Weblogic Server

Using Devices with Microsoft HealthVault

Step-by-step installation guide for monitoring untrusted servers using Operations Manager

bbc Migrating and Sharing Secuity Settings: Using Security Settings Import/Export and FDF Files Acrobat and Adobe Reader PDF Creation Date:

Browser Guide for PeopleSoft

Aventail Connect Client with Smart Tunneling

Cisco Unified Serviceability

Reference Card: How to connect Windows 7 to UniWireless

1) Use either Chrome of Firefox to access the VMware vsphere web Client.

ADmitMac PKI Executive Summary. 2010, Thursby Software Systems, Inc.

DoD Wireless Smartphone Security Requirements Matrix Version January 2011

Client Installation Guide

Wavecrest Certificate SHA-512

Internet Explorer 11 Settings

Palo Alto Networks PAN-OS

Blue Coat ProxySG First Steps Solution for Controlling HTTPS SGOS 6.7

Seagate Manager. User Guide. For Use With Your FreeAgent TM Drive. Seagate Manager User Guide 1

GroupWise Messenger 18 Installation Guide. November 2017

Enterprise Access Gateway Management for Exostar s IAM Platform June 2018

Content and Purpose of This Guide... 1 User Management... 2

The manufacturer has released new improved firmware which upgrades your O2 USB Modem. To install it follow the instructions below.

Blue Coat Security First Steps Solution for Controlling HTTPS

About This Document 3. Overview 3. System Requirements 3. Installation & Setup 4

Citrix Workspace app for ios

OPERA V5 11G Workstation setup guide L A S T U P D A T E S E P T E M B E R

Learning Management System (LMS) Student Instructions

OASIS Mobile Installation Guide

Contents. Edited: July

Windows 10 Creators Edition Tips & Tricks. These New Hidden Features Will Save You Time and Money

TSS-7/TSS-10 7" and 10.1" Room Scheduling Touch Screens

Adding Pages. Adding pages to your website is simple and powerful! In just a few minutes you can create a page that: Highlights a special event

Learn Center LMS Student Instructions

North Carolina Amend Instructions:

Manually Configuring Windows 8 for Wireless PittNet

Cisco Secure ACS for Windows v3.2 With PEAP MS CHAPv2 Machine Authentication

Lab - Configure Browser Settings in Windows 8

VMware Horizon Client for Chrome OS User Guide. 04 JAN 2018 VMware Horizon Client for Chrome OS 4.7

The Ip address / Name value should be: srvvcenter-cis

KNOXPLANS for New Users

Massachusetts Amend Instructions:

Troubleshooting. Participants List Displays Multiple Entries for the Same User

Windows 10 - Starter Guide

Adding Pages. Adding pages to your website is simple and powerful! In just a few minutes you can create a page that: Highlights a special event

But where'd that extra "s" come from, and what does it mean?

Troubleshooting. Participants List Displays Multiple Entries for the Same User

Data Warehouse: User Computer Configuration Guide

San Luis Diagnostic Center McKesson Radiology Station Lite 12.0 PACS Installation Instructions

Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

Transcription:

Accessing DoD Enterprise Email, AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer Presented by: Michael J. Danberry Last Revision / review: 17 September 2017 Performing these fixes should fix most access problems. Personnel utilizing this guide without a CAC should only skip the pages marked: This page is CAC Specific. CAC holders need to follow ALL slides. The most up to date version of this presentation can be found at: http://milcac.us/tweaks 1

To successfully access Department of Defense (DoD) websites, you MUST install the DoD certificates Download links and installation instructions for the InstallRoot file can be found on: https://militarycac.com/dodcerts.htm If after installation of DoD certs you see There is a problem with this website s security certificate or see red certificate errors, follow this guide: https://militarycac.com/files/dodrootca2.pdf http://militarycac.org/files/dodrootca2.pdf (DoD computers) 2

Open Internet Explorer (IE) [Make sure the page you are having problems accessing is NOT open in any tabs or another IE browser], Select the gear You may also click the Alt & T keys on your computer keyboard 3

Windows 8 / 8.1 users need to use the Internet Explorer on the Desktop taskbar (bottom of screen) NOT the one from the Start tiles Windows 10 users go to slide 5 4

Select Internet Options after clicking the gear Windows 10 users [using Edge instead of IE] need to Right click the Windows logo in the lower left corner of screen, click Control Panel and select Internet Options (or Network and Internet, Internet Options). You may now skip to slide 7 to continue 5

You can also select Tools, Internet Options 6

Check the Delete browsing history on exit (box), click Delete NOTE: A few IE 11 users have experienced problems when checking this box. 7

Check the top 4 boxes, leave the rest unchecked, click Delete 8

Click Settings 9

Change this number to 50, click OK NOTE: This is my personal recommended size. Making it smaller will make your browser look for an updated page more often. The larger it is, the more web sites are being stored on your computer. 10

Click the Security (tab)(1), Trusted sites (green checkmark)(2), then Sites (button)(3) 2 1 3 11

Remove all websites that end in.mil from the Websites: (box) by clicking the listed website, selecting Remove, then clicking Close NOTE: Most Government owned computers will not let you make changes to this area. Your only option is to skip this step. This is the Websites: box *-NOTE3: As of 13 APR 17, if you need the ability to send and receive encrypted email in OWA, you ll need to add https://*.mail.mil to the websites box NOTE2: Some people will argue that AKO should be in the trusted sites. Here s what I ve been able to deduce: it WAS needed with IE 6 & 7, however, if using: IE 8, 9, 10, or 11 AKO users will be recycled to the AKO home page. So, IE 8, 9, 10, and 11 users REMOVE it. Read more about this issue at http://milcac.us/files/win10smime.pdf 12

Click the Content (tab), Certificates (button) Click: Clear SSL state 13

Most people will see 3 DOD certificates (2 with EMAIL and 1 without) under the Personal (tab) Issued By (column). If you see more than 3, go to slide 24 for further instructions. Personnel with 2 CACs will see a 4th certificate once their PIV is activated on their card. This page is CAC Specific 14

Click the Intermediate Certification Authorities (tab). First, verify you have DOD CA-31 through DOD ID SW CA-48 under the Issued To (column) (if you don t, go back to slide #2 and install the DoD Root Certificates again). Second, scroll down to below the DOD ID SW CA- 48 and look for all of the listed certificates on the next page. IF you see any of the certificates, select it, and click Remove. - Cross Cert remover Automated file (you may need to run as administrator) to remove certificates Listed above (Does not always work) Download from MilitaryCAC (3 MAR 16 version) Download from DISA (3 MAR 16 version) Another way to remove the certificates utilizing certmgr.msc This guide can be used if the method above doesn t work for you. 15 Information about the Cross Cert Remover

These are the known bad certs that need to be removed from Intermediate Certification Authorities (tab) [if found]: Issued To Issued By DoD Interoperability Root CA1 SHA-1 Federal Root CA G2 DoD Interoperability Root CA2 Federal Bridge CA 2013 DoD Interoperability Root CA2 Federal Bridge CA 2016 DoD Root CA 2 DoD Interoperability Root CA 1 DoD Root CA 3 DoD Interoperability Federal Bridge CA 2016 or 2013 Federal Common Policy CA SHA-1 Federal Root CA G2 Federal Common Policy NOTE: If you don t see any of these, select Close on this window and continue with this guide 16

Click the Connections (tab)(1), LAN settings (button)(2), make sure none of the boxes are checked(3) (Personal Computers only), click OK 1 2 3 17

Click the Advanced (tab), scroll to the bottom of the list, make sure that only TLS 1.0, 1.1, & 1.2 are checked. The SSL(s) should NOT be checked NOTE: Latest update to Windows 10 removed Use SSL 2.0, so you won t see it. NOTE: Some computers refuse to leave TLS 1.0 checked and SSL 2.0 unchecked. If this happens, click the Reset (button). 18

When using Edge in Windows 10, select (More), then Open with Internet Explorer More 19

If you are still having issues, uncheck "Enable Enhanced Protected Mode* This is sometimes needed to sign evaluations on EES (Army s OER / NCOER system). https://evaluations.hrc.army.mil More information available at https://militarycac.com/ees.htm To try this option, Click Tools, Internet Options, Advanced (tab) INFORMATION: Running Enhanced Protected Mode* helps prevent attackers from installing software or modifying system settings if they manage to run exploit code. It is an extra layer of protection that locks down parts of your system that your browser ordinarily doesn t need to use. - Unfortunately it blocks access and functionality to / on some DoD websites like HRC s EES. 22

If the previous adjustments did not work, select Reset at the bottom of the Advanced (tab), AND what you see on the next page 23

You may need to Remove certificates (see slides 5 & 13 for instructions on how to get to this location). People with 2 CACs may see up to 8 certs after they have activated their PIV certificates (4 certs per card). NOTE2: You will receive a message stating: You cannot decrypt data encrypted using the certificates. Select: Yes NOTE: Removing certs and your CAC, then reinsert your CAC is a way to test if your reader and middleware are working properly. This page is CAC Specific 24

Your certificates should automatically be available to Windows when you remove and reinsert your CAC into the reader, however If you have ActivClient 6.2.0.x (Windows 7) installed.. You can double click the ActivClient icon (by your clock in the lower right corner of your screen) now go to slide 26 If you don t see it there: Windows 7 users can Click Start / Windows logo, All Programs, ActivIdentity, ActivClient, User Console. Now go to next slide Windows 7, 8 / 8.1, & 10 native users will not see an ActivClient icon, since you are not using it. ActivClient 7.0.x.x. & 7.1.x.x do not have the function of making available to windows, your only option is to remove the card and reinsert it. This page is CAC Specific 25

Resetting optimization cache in ActivClient 7.1.0.x Click Tools, Advanced, Reset optimization cache This page is CAC Specific 26

Forget state for all cards in ActivClient 6.2.0.x, this helps Dual CAC holders immediately after a PIV activation Click Tools, Advanced, Forget state for all cards (twice) DOE.JOHN.ANDREW.1111111111 s Make Certificates available to Windows... Forget state for all cards Go to next page to Make Certificates available to Windows This page is CAC Specific 27

How to make your certificates available to Windows when using ActivClient 6.2.0.x Click Tools, Advanced, Make Certificates available to Windows DOE.JOHN.ANDREW.1111111111 s You should see this message This page is CAC Specific 28

Try these additional items if you are still having issues: Your time on your computer may be off by more than the server s 5 minute allowed limit. Check your clock and time zone. If all of the previous ideas did not work, please visit: https://militarycac.com/cacdrivers.htm to start troubleshooting your CAC reader 29

When checking your email on Windows 10, make sure you are selecting the correct certificate. Select More choices to see additional certificate(s) This page is CAC Specific 32

Presentation created and maintained by: Michael J. Danberry https://militarycac.com http://militarycac.org (DoD Computers) If you still have questions, visit: https://militarycac.com/questions.htm http://militarycac.org (DoD Computers) 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback