Transcription
Accessing Army365 / O365webmail, DoD Enterprise Email,and other DoD websites with Edgeon your Windows computerPresented by: Michael J. DanberryLast Revision / review: 08 February 2022Performing these fixes “should” fix most accessproblems.Personnel utilizing this guide without a CAC should only skip the pages marked: “Thispage is CAC Specific.” CAC holders need to follow ALL slides.The most up to date version of this presentation can be found at:https://milcac.us/tweaks1
To successfully access Department ofDefense (DoD) websites, you MUST installthe DoD certificatesDownload links and installation instructions for theInstallRoot file can be found on:https://militarycac.com/dodcerts.htmIf after installation of the DoD certs you [still] see “There is a problem withthis website’s security certificate”or you see red certificate errors,follow this guide: https://militarycac.com/files/dodrootca2.pdf2
Type “Internet Options” in the “Typehere to search” box (or magnifying glass)and select Internet Options ControlPanel.Windows 10Windows 113
Check the Delete browsing history on exit (box),click Delete 4
Check the top 4 boxes, leave the rest unchecked,click Delete5
Click Settings6
Change this number to 50, click OKNOTE: This is mypersonalrecommended size.Making it smaller willmake your browserlook for an updatedpage more often. Thelarger it is, the moreweb sites are beingstored on yourcomputer.7
Click the Security (tab)(1), Trusted sites (greencheckmark)(2), then Sites (button)(3)2138
Remove all websites* that end in .mil from theWebsites: (box) by clicking the listed website,selecting Remove, then clicking CloseNOTE: Most Governmentowned computers will notlet you make changes tothis area. Your onlyoption is to skip this step.This is the Websites: box9
Click the Content (tab), Certificates (button)Click:Clear SSLstate10
Most people will see 3-4 DOD certificates (2 with EMAILand 1-2 without) under the Personal (tab) Issued By(column). CACs issued between 25 FEB 2018 and 28 FEB2021 may see 4 certificates on their card. Cards issuedafter 1 MAR 2021 will see 3 in this view, 1 on websites.This page is CAC Specific11
Click the Intermediate Certification Authorities (tab). First, verify youhave DOD DERILITY CA-1 through DOD SW CA-69 under the Issued To(column) (if you don’t, go back to slide #2 and install or rerun theDoD Root Certificates again). Second, scroll down to below the DODID SW CA-48 and look for all of the listed certificates on the nextpage.IF you see any of thecertificates shown on the nextslide, select it, and clickRemove.- Cross Cert remover Automated file (you mayneed to run as administrator) to removecertificates Listed above (Does not always work)Download from MilitaryCAC (24 OCT 19 version)Download from Cyber.mil (24 OCT 19 version)Another way to remove the certificates utilizingcertmgr.msc This guide can be used if the methodabove doesn’t work for you.12Information about the Cross Cert Remover
These are the known “bad certs” thatneed to be removed from IntermediateCertification Authorities (tab) [if found]:Issued ToDoD Interoperability Root CA1DoD Interoperability Root CA2DoD Interoperability Root CA2DoD Interoperability Root CA2DoD Root CA 2DoD Root CA 3Federal Bridge CA 2016 or 2013Federal Bridge CA G4 or G6SHA-1 Federal Root CA G2US DoD CCEB Interoperability Root CA 1Issued BySHA-1 Federal Root CA G2Federal Bridge CA 2013Federal Bridge CA 2016Federal Bridge CA G4DoD Interoperability Root CA 1DoD InteroperabilityFederal Common Policy CAFederal Common PolicyFederal Common PolicyNOTE: If you don’t see any of these,select Close on this window andcontinue with this guide13
Click the Advanced (tab), scroll to the bottom of thelist, make sure that only TLS 1.0, 1.1, & 1.2 arechecked. The SSL(s) should NOT be checkedNOTE: Windows 10 & 11users will not see UseSSL 2.0 or 3.014
If you are still having issues, uncheck "Enable Enhanced ProtectedMode*“ This is sometimes needed to sign evaluations on EES(Army’s OER / NCOER system). https://evaluations.hrc.army.milMore information available at https://MilitaryCAC.com/ees.htmTo try this option, ClickTools, Internet Options,Advanced (tab)INFORMATION: Running EnhancedProtected Mode* helps preventattackers from installing software ormodifying system settings if theymanage to run exploit code. It is anextra layer of protection that locksdown parts of your system that yourbrowser ordinarily doesn’t need touse.- Unfortunately it blocks access andfunctionality to / on some DoDwebsites like HRC’s EES.15
If the previous adjustments did not work, selectReset at the bottom of the Advanced (tab), ANDwhat you see on the next page16
You may need to Remove certificates (see slides 5 & 13for instructions on how to get to this location). Peoplewith 2 CACs may see up to 8 certs after they haveactivated their PIV certificates (4 certs per card).NOTE2: You willreceive a messagestating: You cannotdecrypt dataencrypted using thecertificates. Select:YesNOTE:Removing certsand your CAC,then reinsertyour CAC is away to test ifyour readerandmiddleware areworkingproperly.This page is CAC Specific17
Try these additional items if you are still havingissues:Your time on your computer may be off by more than theserver’s 5 minute allowed limit. Check your clock and timezone.If all of the previous ideas did not work, please visit:https://militarycac.com/cacdrivers.htm to starttroubleshooting your CAC reader18
When checking your email on Windows 10 & 11,make sure you are selecting the correct certificate.Select More choices to see additional certificate(s)This page is CAC Specific19
When checking your email on Windows 11,make sure you are selecting the correctcertificate (WITHOUT EMAIL)This page is CAC Specific20
There have been DNS issues for some people,please try the ideas below if still having problemsHere’s how in Windows to manually configure the DNS settings.1. Right click on your Wireless / Ethernet connection (down by your clock)2. Select Open Network and Sharing Center3. Click Change Adapter Settings4. Right Click on your active internet connection, select Properties5. Under This connection uses the following items: scroll down and click on InternetProtocol Version 4 (TCP/IPv4), then click Properties6. Select the option Use the following DNS server addresses:. This is where youmanually configure your DNS servers:NOTE: It is up to you if you want to use Open DNS, Quad 9, or Cloudflare. You might tryeach of them separately.Quad 9 - enter 9.9.9.9 for Preferred DNS server, and leave alternate DNS serverblank. Click OK, then click CloseorCloudflare – enter 1.1.1.1 for Preferred DNS server, and 1.0.0.1 for Alternate DNS, ClickOK, then click Close21
Presentation created and maintained by:Michael J. .org (DoD Computers)If you still have questions, /militarycac.org/questions.htm (DoD Computers)22
Click the Intermediate Certification Authorities (tab). First, verify you have DOD DERILITY CA-1 through DOD SW CA-69 under the Issued To (column) (if you don't, go back to slide #2 and install or rerun the
