360 likes | 2.34k Vues
Making DoD Enterprise Email , AKO, and other DoD websites work with Internet Explorer on your Windows computer. Presented by: Michael J. Danberry. Last Revision / review : 28 February 2014. Performing these fixes in your Internet Explorer web browser “should” fix access problems.
E N D
Making DoD Enterprise Email, AKO, and other DoD websites work with Internet Explorer on your Windows computer. Presented by: Michael J. Danberry Last Revision / review: 28 February 2014 Performing these fixes in your Internet Explorer web browser “should” fix access problems. Video versionNOTE: (Doesn’t go into as much detail as this presentation) Personnel following this guide without CACs should only skip the pages marked: “This page is CAC Specific.” CAC holders need to follow ALL slides. The most up to date version of this presentation can be found at: http://milcac.us/tweaks
To successfully access DoD websites, you need to have the latest Department of Defense (DoD) certificates installed. Download links to the latest InstallRoot file can be found on: https://militarycac.com/dodcerts.htm Note: It will not harm your computer to run this file more than once.
Open Internet Explorer (IE) 9 - 11 (32 bit);Make sure the page you are having problems accessing is NOT open in any tabs or another IE browser, Select Tools You can also click the “Alt & T” keys on your computer keyboard Image from Internet Explorer 9, 10, or 11
Open Internet Explorer (IE) 6-8 (32 bit);Make sure the page you are having problems accessing is NOT open in any tabs or another IE browser, Select Tools You may also click the “Alt & T” keys on your computer keyboard Image from Internet Explorer 8
Select Internet Options in IE 9 - 11 after clicking the ‘gear’
Check the Delete browsing history on exit (box)and then click the Delete… (button)
Change this number to 50, then click OK NOTE: This is just my personal recommendation for the size. Making it smaller will make your browser look for an updated page more often. The larger it is, the more web sites are being stored on your computer.
Click the Security (tab)(1), Trusted sites (green checkmark)(2), then Sites (button)(3) 2 1 3
Remove all websites that end in .milfrom the Websites: box by clicking the link, select Remove, then click Close NOTE: Some people will argue that AKO “should be” in the trusted sites. Here’s what I’ve been able to deduce: it IS needed with IE 6 & 7, however, if used with: IE 8, 9, 10, or 11 you will be “recycled” to the AKO home page. So, IE 8, 9, 10, and 11 users REMOVE it. This is the Websites: box NOTE-1: Some Government owned computers will not let you access this area to remove the sites. Simply move on to the next slide.
Click the Content (tab), then Certificates (button) Sometimes you may need to click: Clear SSL state (it will not hurt your system to click this)
You “should” only see 3 DOD certificates (2 with EMAIL and 1 without) under the Personal (tab). If you see more than 3, look at slide 23 for further instructions. Dual CAC holders will also see a 4th certificate after activating their PIV. This page is CAC Specific
Click the Intermediate Certification Authorities (tab) and look for the certificates shown in the left graph below. IF you see any of these on your computer, click it, then click Remove If the above certificates return, run both of the files below - Cross Cert remover Automated file (you may need to run as administrator) to remove certificates Listed above: Download from MilitaryCAC (23 OCT 13 version) Download from DISA (23 OCT 13 version) - This registry edit can help fix some certificate problemsas well. Download from MilitaryCAC (19 OCT 11 version) Download from AKO (19 OCT 11 version) Information about the Cross Cert Remover
Click the Connections (tab)(1), LAN settings (button)(2), make sure none of the boxes are checked(3) (Personal Computers only), then click OK 1 3 2
Click the Advanced (tab), scroll to the bottom of the list, check Empty Temporary Internet… and make sure that onlySSL 3.0 & TLS 1.0 are checked. SSL 2.0, TLS 1.1 & 1.2 areNOTchecked NOTE: If you are receiving the error: “Error 107 (net::ERR SSL PROTOCOL ERROR): SSL protocol error” or Unknown error you may need to leave SSL 2 checked. NOTE: “Some” computers seem to refuse to leave TLS 1.0 checked and SSL 2.0 unchecked. If this happens, click the Reset… (button). NOTE: Windows XP and Vista users will not see TLS 1.1 & 1.2, as they are only seen on Windows 7 & 8
Close Internet Explorer, reopen it and try logging into a DoD CAC enabled website now • If it still does not work, close the browser and reopen it one more time, then go to the next slide.
There is now more and more of a need to run IE 8 - 11 in Compatibility view to be able to access government websites like Web.mail.mil, OWA, NKO, DTS, and others Look for the little “torn paper” icon and click it (IE 8-10 only) Internet Explorer 11 users will not see the “torn paper.” You’ll need to Click Tools (or the “Alt” & “T” keys on your keyboard), Compatibility View Settings, and enter items like: “mail.mil”, “army.mil”, “osd.mil”, or “navy.mil” in the “Add this website:” box. Click Add, then Close The next slide shows images of how to do this Further information regarding this issue can be read on Microsoft.com http://support.microsoft.com/kb/2866064 Some users may have to remove IE 11 (only available to Windows 7 users)
Reasons to do this: -------- The website worked before but not now -------- Internet Explorer 11 is your browser -------- Add website to compatibility view 1 2 3 mail.mil Easiest way to add is to go to the website then open compatibility view. The correct website should be automatically inserted into the add location. DTS needs: osd.mil added DoD Enterprise Email needs: mail.mil added People using myForms in AKO need: army.mil added mail.mil osd.mil army.mil 4 IE 11 Compatibility View – Windows 7 & 8
If you are still having issues, you can also uncheck"Enable Enhanced Protected Mode*" To try this option, Click Tools, Internet Options, Advanced (tab) NOTE: If you are still having issues with Internet Explorer 11 (and you are using Windows 7), go to slide 29 to learn how to remove IE 11 from your computer. This is ONLY for Windows 7 users. Windows 8.1 are stuck with IE 11 with no way to go back to IE 10.
If the previous adjustments did not work, select Reset… at the bottom of the Advanced (tab), AND what you see on the next page
You may need to Click each of your certificates and select Remove (see slide 14 for instructions on how to get to this location). Remember, Dual persona personnel will have 4 certs here after they have their PIV certificate activated. NOTE: You will receive a message stating: You cannot decrypt data encrypted using the certificates. Select: Yes This page is CAC Specific
Your certificates “should” automatically be available to Windows when you remove and reinsert your CAC into the reader, however… • If you have ActivClient installed.. You can double click the ActivClient icon (by your clock in the lower right corner of your screen) go to slide 26 • If you don’t see it there: Click Start, All Programs, ActivIdentity, ActivClient, User Console. Now go to next slide • Windows 7 & 8 native users will not see an ActivClient icon, since you are not using it. This page is CAC Specific
Forget state for all cards in ActivClient 6.2.0.x, this especially helps Dual CAC holders • Click Tools, Advanced, Forget state for all cards (twice) DOE.JOHN.ANDREW.1111111111’s Make Certificates available to Windows... Forget state for all cards Go to next page to Make Certificates available to Windows This page is CAC Specific
How to make your certificates available to Windows when using ActivClient 6.2.0.x • Click Tools, Advanced, Make Certificates available to Windows DOE.JOHN.ANDREW.1111111111’s You should see this message Images used from DISAs JITC website This page is CAC Specific
Try these if you are still having issues: Try using the 32 bit version of Internet Explorer (if you’re currently using 64 bit Windows) Here’s how to try the 32 bit IE: Click Start, All Programs, Internet Explorer (NOT Internet Explorer (64-bit)). NOTE: When using Windows 8, this is “normally” the Internet Explorer in Desktop mode (NOT the one in the start tiles). In very rare occasions, your time on your computer may be off by more than the server’s limit of 5 minutes. Please check your time and time zone.
Try logging into a CAC enabled DoD website with your CAC, it “should” now work If all of the previous ideas did not work, please visit: https://militarycac.com/cacdrivers.htmto start troubleshooting your CAC reader Presentation created and maintained by: Michael J. Danberry https://MilitaryCAC.com If you still have questions, visit: https://militarycac.com/questions.htm
How to remove the IE 11 “update” from your Windows 7 computer (this will NOT work for Windows 8.1) Windows 7 version shown
1 2 3 If IE 11, go to next page. IE 10 Make sure the automatic update box is unchecked. ------ You are done. 4
1 2 3 IE 11 probably the cause of your mail.mil problems. ---------- Close all programs.
3 2 4 1
1 Wait until this completes 3 Select Internet Explorer 11 under Microsoft Windows listings 2
1 Wait 2 After computer restarts, Open IE 10 and uncheck the automatic upgrade box (page 2)
Try logging into a CAC enabled DoD website with your CAC, it “should” now work If all of the previous ideas did not work, please visit: https://militarycac.com/cacdrivers.htmto start troubleshooting your CAC reader Presentation created and maintained by: Michael J. Danberry https://MilitaryCAC.com If you still have questions, visit: https://militarycac.com/questions.htm