Accessing DoD Enterprise Email, AKO, And Other DoD .
2y ago
72 Views
1 Downloads
1.25 MB
27 Pages
Report/dmca
Download PDF

Transcription

Accessing DoD Enterprise Email,AKO, and other DoD websites withInternet Explorer & Edge on yourWindows computerPresented by: Michael J. DanberryLast Revision / review: 03 May 2021Performing these fixes “should” fix most accessproblems.Personnel utilizing this guide without a CAC should only skip the pages marked: “Thispage is CAC Specific.” CAC holders need to follow ALL slides.The most up to date version of this presentation can be found at:https://milcac.us/tweaks1

To successfully access Department ofDefense (DoD) websites, you MUST installthe DoD certificatesDownload links and installation instructions for theInstallRoot file can be found on:https://militarycac.com/dodcerts.htmIf after installation of the DoD certs you [still] see “There is a problem withthis website’s security certificate”or you see red certificate errors,follow this guide: https://militarycac.com/files/dodrootca2.pdf2

Open Internet Explorer (IE)[Make sure the page you are having problemsaccessing is NOT open in any tabs or another IEbrowser], Select the gearYou may also click the “Alt & T” keys on your computer keyboard3

Windows 8 / 8.1 users need to use theInternet Explorer on the Desktoptaskbar (bottom of screen)NOT the one from the Start tilesWindows 10 users go to slide 54

Select Internet Options after clicking the ‘gear’Windows 10 users [using Edge instead of IE] need to type“Internet Options” in the “Type here to search” box andselect Internet Options Control Panel. You may now skip toslide 7 to continue5

You can also select Tools, Internet Options6

When using Edge in Windows 10, youmay select (Settings and More), thenOpen with Internet ExplorerMore7

Check the Delete browsing history on exit (box),click Delete NOTE: “A few” IE 11users have experiencedproblems whenchecking this box.8

Check the top 4 boxes, leave the rest unchecked,click Delete9

Click Settings10

Change this number to 50, click OKNOTE: This is mypersonalrecommended size.Making it smaller willmake your browserlook for an updatedpage more often. Thelarger it is, the moreweb sites are beingstored on yourcomputer.11

Click the Security (tab)(1), Trusted sites (greencheckmark)(2), then Sites (button)(3)21312

Remove all websites* that end in .mil from theWebsites: (box) by clicking the listed website,selecting Remove, then clicking CloseNOTE: Most Governmentowned computers will notlet you make changes tothis area. Your onlyoption is to skip this step.This is the Websites: box*-NOTE3: As of 13 APR17, if you need the abilityto send and receiveencrypted email in OWA,you’ll need to addhttps://*.mail.mil , moreinformation can be readin the URL here ----------- NOTE2: Some people willargue that AKO “shouldbe” in the trusted sites.Here’s what I’ve beenable to deduce: it WASneeded with IE 6 & 7,however, if using IE 11,AKO users will be“recycled” to the AKOhome page. So, IE 11users REMOVE it.https://milcac.us/files/win10smime.pdf then come back to thisguide13

Click the Content (tab), Certificates (button)Click:Clear SSLstate14

Most people will see 3-4 DOD certificates (2 with EMAILand 1-2 without) under the Personal (tab) Issued By(column). CACs issued between 25 FEB 2018 and 28 FEB2021 may see 4 certificates on their card. Cards issuedafter 1 MAR 2021 will see 3 in this view, 1 on websites.This page is CAC Specific15

Click the Intermediate Certification Authorities (tab). First, verify youhave DOD EMAIL CA-33 through DOD SW CA-61 under the Issued To(column) (if you don’t, go back to slide #2 and install or rerun theDoD Root Certificates again). Second, scroll down to below the DODID SW CA-48 and look for all of the listed certificates on the nextpage.IF you see any of thecertificates shown on the nextslide, select it, and clickRemove.- Cross Cert remover Automated file (you mayneed to run as administrator) to removecertificates Listed above (Does not always work)Download from MilitaryCAC (24 OCT 19 version)Download from Cyber.mil (24 OCT 19 version)Another way to remove the certificates utilizingcertmgr.msc This guide can be used if the methodabove doesn’t work for you.16Information about the Cross Cert Remover

These are the known “bad certs” thatneed to be removed from IntermediateCertification Authorities (tab) [if found]:Issued ToDoD Interoperability Root CA1DoD Interoperability Root CA2DoD Interoperability Root CA2DoD Interoperability Root CA2DoD Root CA 2DoD Root CA 3Federal Bridge CA 2016 or 2013Federal Bridge CA G4 or G6SHA-1 Federal Root CA G2US DoD CCEB Interoperability Root CA 1Issued BySHA-1 Federal Root CA G2Federal Bridge CA 2013Federal Bridge CA 2016Federal Bridge CA G4DoD Interoperability Root CA 1DoD InteroperabilityFederal Common Policy CAFederal Common PolicyFederal Common PolicyNOTE: If you don’t see any of these,select Close on this window andcontinue with this guide17

Click the Connections (tab)(1), LAN settings(button)(2), make sure none of the boxes arechecked(3) (Personal Computers only), click OK13218

Click the Advanced (tab), scroll to the bottom of thelist, make sure that only TLS 1.0, 1.1, & 1.2 arechecked. The SSL(s) should NOT be checkedNOTE: Windows 10users will not see UseSSL 2.0Another NOTE: If youare getting an errormessage regarding“Cannot connectsecurely to this page” tryUNChecking Use TLS 1.0NOTE: “Some” computersrefuse to leave TLS 1.0checked and SSL 2.0unchecked. If thishappens, click the Reset (button).19

If you are still having issues, uncheck "Enable Enhanced ProtectedMode*“ This is sometimes needed to sign evaluations on EES(Army’s OER / NCOER system). https://evaluations.hrc.army.milMore information available at https://MilitaryCAC.com/ees.htmTo try this option, ClickTools, Internet Options,Advanced (tab)INFORMATION: Running EnhancedProtected Mode* helps preventattackers from installing software ormodifying system settings if theymanage to run exploit code. It is anextra layer of protection that locksdown parts of your system that yourbrowser ordinarily doesn’t need touse.- Unfortunately it blocks access andfunctionality to / on some DoDwebsites like HRC’s EES.20

If the previous adjustments did not work, selectReset at the bottom of the Advanced (tab), ANDwhat you see on the next page21

You may need to Remove certificates (see slides 5 & 13for instructions on how to get to this location). Peoplewith 2 CACs may see up to 8 certs after they haveactivated their PIV certificates (4 certs per card).NOTE2: You willreceive a messagestating: You cannotdecrypt dataencrypted using thecertificates. Select:YesNOTE:Removing certsand your CAC,then reinsertyour CAC is away to test ifyour readerandmiddleware areworkingproperly.This page is CAC Specific22

Resetting optimization cache in ActivClient7.1.0.x & 7.2.0.x Click Tools, Advanced, Reset optimization cacheThis page is CAC Specific24

Try these additional items if you are still havingissues:Your time on your computer may be off by more than theserver’s 5 minute allowed limit. Check your clock and timezone.If all of the previous ideas did not work, please visit:https://militarycac.com/cacdrivers.htm to starttroubleshooting your CAC reader27

When checking your email on Windows 10, makesure you are selecting the correct certificate. SelectMore choices to see additional certificate(s)This page is CAC Specific28

There have been DNS issues for some people,please try the ideas below if still having problemsHere’s how in Windows to manually configure the DNS settings.1. Right click on your Wireless / Ethernet connection (down by your clock)2. Select Open Network and Sharing Center3. Click Change Adapter Settings4. Right Click on your active internet connection, select Properties5. Under This connection uses the following items: scroll down and click on InternetProtocol Version 4 (TCP/IPv4), then click Properties6. Select the option Use the following DNS server addresses:. This is where youmanually configure your DNS servers:NOTE: It is up to you if you want to use Open DNS, Quad 9, or Cloudflare. You might tryeach of them separately.Quad 9 - enter 9.9.9.9 for Preferred DNS server, and leave alternate DNS serverblank. Click OK, then click CloseorCloudflare – enter 1.1.1.1 for Preferred DNS server, and 1.0.0.1 for Alternate DNS, ClickOK, then click Close29

Presentation created and maintained by:Michael J. .org (DoD Computers)If you still have questions, /militarycac.org/questions.htm (DoD Computers)32

Accessing DoD Enterprise Email, AKO, and other DoD websites with Internet Explorer & Edge on your Windows computer Performing these fixes “should” fix most access problems. Last Revision / review: 03 May 2021 Presented by: Michael J. Danberry. Personnel utilizing this guide without a CAC should .

Related Books

How to Update your Information in the DoD Enterprise Email .

How to Update your Information in the DoD Enterprise Email .

DoD Enterprise Email (DEE) Contact Information Updates .

DoD Enterprise Email (DEE) Contact Information Updates .

AKO Account Registration and ISOPREP Instructions

AKO Account Registration and ISOPREP Instructions

Email Marketing Best Practices - LISTSERV email list .

Email Marketing Best Practices - LISTSERV email list .

Forged Email Detection (FED) With Cisco Email Security

Forged Email Detection (FED) With Cisco Email Security

Department of Defense (DoD) Information Enterprise .

Department of Defense (DoD) Information Enterprise .

Accessing the Blackboard Portal - centralgatech.edu

Accessing the Blackboard Portal - centralgatech.edu

Accessing Blackboard Learn Blackboard Learn Course Issues

Accessing Blackboard Learn Blackboard Learn Course Issues

ACCESSING YOUR E-MAIL ON A MOBILE DEVICE

ACCESSING YOUR E-MAIL ON A MOBILE DEVICE

Accessing DB2 Data with SAS 9

Accessing DB2 Data with SAS 9

Accessing my weekly paycheck stubs and annual W2 iSolved

Accessing my weekly paycheck stubs and annual W2 iSolved

Accessing DODD MyLearning For Online Training

Accessing DODD MyLearning For Online Training

PopularTags

Recent Views