Search this page:

Or use <Ctrl> <F> on your keyboard

 

Site Map

 

top

           MilitaryCAC.com logo

.com | .us | .ml  | .mobi | .net | .org

 

The Definitive Source for Everything CAC

Common Access Card help for your

Personal Computer

 

 

Make a Donation button image

 

 

 

 

SOME PROBLEMS YOU MAY RECEIVE WHILE SETTING UP YOUR CAC READER & SOFTWARE

 

NOTE:  This page lists all known problems and Solutions (that I and others have come across).  I hope one of these will answer whatever problem you are having.  Please don't email me telling me my Solutions don't work.  Everyone of these have worked on several other computers.  If your particular problem is not on this page, please feel free to contact me and we will figure it out together. 

 

Disclaimer:  These fixes are for Home Users Only.  Do not attempt these on your Government Computer (unless otherwise noted)

 

 

THE TOP 18 CURRENT PROBLEMS [with SOLUTIONS] BEING EXPERIENCED

 

1.  Most DoD website access problems [for Windows computers using Internet Explorer] can be fixed by following these adjustments to your web browser.

 

1a.  Cannot send email in Windows 10 using Internet Explorer since Microsoft patch Tuesday around 14 March 2017. 

.

2.  To use your CAC with your Mac, use the  Mac Notes page.  Please verify in step 6 which CAC enablers will with work with your version of Mac OS.  See how to make DTS work by following guidance on the DTS support page.

 

3.  All Army Knowledge Online (AKO) users who have a CAC should now be migrated to DoD Enterprise Email (DEE) and will no longer be able to access their AKO email with username and password.  DEE is only accessible via CAC, so, please look at this page for information you will need to access your email.

 

4.  If you have a "GEMALTO TOP DL GX4 144", "GEMALTO DLGX4-A 144", "Oberthur ID One 128 v5.5 Dual", "Oberthur ID One 128 v5.5a D", or "G&D FIPS 201 SCE 3.2" CAC, are using Windows 10, 8.1, 8, or 7, you "might" be able to use your CAC without installing ActivClient.

 

5.  If you have the "Oberthur ID One 128 v5.5 Dual" CAC and it does not work with your Windows [7 or below] computer you need to install ActivClient 6.2.0.50, AND then update it

5a. Windows 10 users, install ActivClient 7.1

 

6.  Mac users who have purchased the IO Gear GSR-202, GSR-202V, or GSR-203 CAC readers may have problems. 

 

7.  Windows 10 information is on this page.

 

8.  Windows 8 and 8.1 information is on this page

 

9.  Created retiring page dedicated to providing information for people getting ready to retire (or separate) from the Army.

 

10.  Internet Explorer 11 on Windows 10, 8.1, 8, and 7 needs some assistance to work.  Look here for the needed fixes.

 

11.  Receiving "Error 500" when visiting your webmail.  Follow these possible solutions

 

12.  If you are having problems accessing CAC enabled websites, try disabling your Antivirus / web protection, if this works.. Sometimes it takes an uninstall to get it to work

Avast users do this:  Add *mail.mil* [and any other websites you can't access] to the Exclusions section of Main Settings, see image.  More information about what Avast is doing can be read here.

AVG users follow their guidance by adding https://*.mail.mil to the exceptions list

Bitdefender disable Encrypted web scan by opening Bitdefender, selecting the Protection option (on the left), then select Settings under ONLINE THREAT PREVENTION, click the white checkmark in the blue oval to make it turn gray. 

-You can also manually add an exception for each website you are having problems accessing by selecting the Protection option (on the left), then select ONLINE THREAT PREVENTION, followed by exceptions.  From here manually type in the webmail server addresse(s).

- You may also uninstall the program and find a different Antivirus program.

Covenant Eyes can cause issues for some people.  Only fix we could find is to uninstall it.  Please call 877-479-1119, they can help troubleshoot the issue.  One person I spoke with had an outdated version.  Once the new version was installed, it worked again

ESET users can try adding the site(s) not working to the exclusion list, or uninstall the program 

Kaspersky users follow their guidance by adding https://*.mail.mil to the exceptions list.  Another person had to turn off the Parental controls.

-Another Kaspersky fix is to turn off "Inject script into web traffic to interact with web pages" located under Settings, Additional, Network.  Uncheck Inject script into web traffic to interact with web pages (under Traffic Processing), Select Continue

-Yet another Kaspersky fix is to change the "Encrypted connections scanning" option to "Do not scan encrypted connections" located under Settings, Additional, Network settings.

McAfee users follow their guidance to add https://*.mail.mil

Qustodio Parental Control Software causes problems, uninstall it to use your CAC on your computer.

New imageTotal Defense users need to turn off Scan Secured Websites located in the gear shield,  Web Protection

Windows Defender users rarely have a problem, but this may help.  Go to Internet Options, Advanced (tab), deselect Enable Windows Defender SmartScreen.

.

13.  LENOVO laptop users having issues should uninstall "SUPERFISH INC VISUAL DISCOVERY"  Read this forum for more information.  Article from Kim Komando about this preinstalled adware.  How-To Geek article

 

14. If you are a Windows 10, 8.1, or 8 user and are having problems digitally signing PDFs, make sure you have Adobe Reader installed.  The built in PDF reader will not allow digital  signing.

.

15.  If you see:  f5  Your session could not be established.  Go through this guide, You might also need to expose your PIV cert if you are a Dual Persona user.

f5 error image

.

16.  If you have been issued a new CAC since 1 February 2016 and are having problems accessing CAC enabled websites, you may have a CA certificate above 33 and need to update your DoD certificates on your computer.   

.

17. When trying to sign a PDF with Windows 10 using Adobe Reader DC, receive "Error encountered while signing:  The Windows Cryptographic Service Provider reported an error:  Key does not exist.  Error Code: 2148073485"  Look here for a solution.

.

18. If you have encountered any CAC enabled websites that have been working, recently stop working, please try adjusting your DNS.  Some people are receiving an error message similar to this: "The DNS server might be having problems.  Error Code:  INET_E_RESOURCE_NOT_FOUND"  You may also be seeing:  "Contact your network administrator or Internet Service Provider"  "The DNS server may be experiencing problems. Windows Help and Support can provide more information about DNS."

 

Follow guidance here to change your DNS server.

.

19 Some websites that were once accessible from any CAC enabled computer are no longer.  This means the below websites are now only accessible from the NIPRnet.
-Army Reserve Account Maintenance and Provisioning (ARAMP) (https://aramp.usar.army.mil)

-Army Warrior Care and Transition System (AWCTS) (https://awcts.csd.disa.mil/soldier)
-ATRRS, Try https://faitas.army.mil/portals/logon.aspx
-GCSS-Army, https://www.gcss-army.army.mil
-JAGCNet Login

-MedPros,
-MOBCOP,
-MyArmyBenefits,
-My ERB (https://myerb.ahrs.army.mil/soldierLogin.do)
-Reserve Component Manpower System (RCMS) which includes access to: Commander's Strength Management System (CSMM), Electronic Soldier Record Brief (eSRB), Electronic Personnel Actions Tracker (ePAT), & Directors Personnel Readiness Overview (DPRO).-VIOS,

-US Army Signal Center (https://cs.signal.army.mil), and-Strategic Management SystemThis means no CAC access from a home computer.  You'll now need to access these sites from your unit, use your organizations Citrix connection (Army Reserve), or unit issued computer and use VPN

.

..

.

 

 

 

ACTIVCLIENT

back to top

Problem 1:  Receive "Parameter is incorrect" message (when logging onto computer).  This IS a fix for a Government Computer.

Solution 1-1:  Have another person logon to the computer with their CAC and update the DoD Certificates, instructions

 

Solution 1-2:  Have another person logon to the computer with their CAC.  Once logged in, Double click the ActivClient Client Agent button (down by the clock in the lower right corner of your screen).  Click on Tools, Advanced, select Forget State for all cards.  Log off, and have affected user sign back on.

 

Solution 1-3:  Go to:  https://www.dmdc.osd.mil/self_service , select Replace Certificate to avoid going to a RAPIDS ID card office.  Visual steps   NOTE: You will need internet access and 2 CAC readers on this particular computer for this to work.

 

Solution 1-4:  If the above Solutions don't work, you will need to visit a RAPIDS ID card office and have them update the certificates on your CAC. (You may walk out with a new ID card).

 

 

 

Problem 2:  Receive "The system could not log you on.  Your credentials could not be verified" message (when logging onto a computer).  This error message only affects Government Computers.

 

Solution 2-1:  Have another person logon to the computer with their CAC and update the DoD Certificates, instructions

 

Solution 2-2:  This error is mostly seen when a Soldier tries to logon to a computer that is part of a domain that his / her account has been deleted (or never had an account).  Contact your local Help Desk to verify whether your user account is still in the system.

 

Solution 2-3:  Verify that you have the network cable plugged into the computer and try it again. 

 

Solution 2-4:  The computer may have been removed from the network.  You may need to check with your IT department to verify this.  This happens when a computer is unplugged from the network for a certain period of time (45-60 days for most organizations)

 

Solution 2-5:  Unplug the network cable, logon (you will be logging on with cached credentials) then plug the cable back in.  NOTE:  This will only work if you were the last person to logon to this computer.

 

Solution 2-6:  If you are a dual CAC holder, and trying to access your computer when away from the office.  You will have to use the same CAC you used to logon to the computer the last you time you logged into it on the network.  This is due to the way your credentials are cached on the computer.

 

Solution 2-7:  Open ActivClient, double click My Certificates, then double click on any of the certificates.  Click the Advanced tab and scroll down to and select "Subject Alternative Name.You will see in the bottom window Principal Name=##########@mil.  This is your UPN (User Principle Name).  This must match what is in Active Directory for the account's LOGIN NAME.  An administrator can verify they are the same. 

 

Solution 2-8:  If you have a 3rd party DAR (Data at Rest) called Credent installed, it seems to encrypt something in the user's profile that will not allow them to logon cached.  If you have your administrator's help, you can decrypt all of your user data, then be able to logon to the computer again.  The exact file causing this is not known.

 

Solution 2-9:  Verify if your Smart Card service is started look here for instructions.

 

Solution 2-10:  You may be trying to login to your computer with your FASC-N (16 digit) certificate rather than your EDI-PI (10 digit) certificate,  select the certificate that is only 10 digits long instead of 16 digits.

 

Solution 20-11:  If you have received a new CAC after 11 June 2016, and trying to use the DoD visitor access, you won't be able to.  DISA has not figured out a way yet to authenticate the CACs with the newer Root certifications of Root CA3 and Root CA4.  You will need to request a regular account for the DoD organization.

 

 

 

Problem 3:  When installing ActivClient, receive "This application has failed to start because MOZCRT19.dll was not found.  Re-installing the application may fix this problem."

 

Solution 3-1:  Once ActivClient installs, search your computer for "MOZCRT19.dll" (another user found it in the Internet Explorer folder).  Copy it into  C:\Program Files\ActivIdentity\ActivClient\.  Now go to Add / Remove programs in Control Panel (XP), or Programs and Features in Vista, or Uninstall a Program in Windows 7 or 8.  Highlight the ActivClient and select Change.  Select Repair and the install should work.

 

Solution 3-2:  Uninstall Firefox, restart computer, reinstall ActivClient again, then reinstall Firefox again.

 

 

 

Problem 4:  While attempting the above fix you receive "The Call to DllRegisterServer Failed with Error Code 0×80004005" on Windows Vista

 

Solution 4:  You need to run 3 [above] as an administrator or turn off User Access Control in the Users option in Control Panel

 

 

 

 

Problem 5:  When attempting to extract ActivClient 6.1, the icon is not a folder with a zipper on it, or a different program opens up.  Somehow your file association was changed on your computer. 

 

Solution 5:  This can be fixed by re-associating .zip files to the Windows Compressed Folder.

 

Vista / 7 / 8 fix: Press the following keys on your keyboard <Windows> < R>, this will open up your Run line.  Type in CMD, once in the DOS screen: type in  assoc .zip=CompressedFolder   (there is a space in between assoc & .zip)  [You may need to run the CMD prompt as an administrator]

 

Vista / 7 / 8 fix (alternate):   Right click the file, Select Properties, Click the Change button.  When the Open With box opens up, select Browse and navigate to C:\Windows\ and click on explorer.  It should be immediately below the folders.  Select Open, OK, OK, OK.

 

XP fix: Double click My Computer, Select Tools, Folder Options, File Types, Scroll down to (and select) ZIP,  Click the Change button, Select Compressed (zipped) Folders under Recommended Programs, select OK.

 

Now try right clicking your zip folder again and select Extract All.

 

 

 

Problem 6:  You are not receiving the standard "Insert Card, or press Ctrl Alt Del" message when using  Windows Vista or Windows 7 on a Government Computer.

 

Solution 6:  Press <Ctrl> <Alt> <Del>, it will then ask you for your Smart Card.  If it comes up to a username and password screen, select "Switch user" button and you should see the option for Smart card.

 

 

 

Problem 7:  When trying to install ActivClient, it states "Error 1500, another installation in progress, you must complete installation before continuing this one."

 

Solution 7:  Look here for a remedy

 

 

 

 

Problem 8:  When installing ActivClient, it stalls during installation and receive a message stating:  "Your administrator will not allow this to happen."

 

Solution 8-1:  Make sure you are running the installation as an administrator

 

Solution 8-2:  Disable your Antivirus software, as it may be blocking the installation.  McAfee is famous for making installs difficult.

 

 

Problem 9:  You have ActivClient installed on your computer, but do not use your CAC reader that often AND you are tired of the annoying message that pops up telling you you do not have a CAC reader plugged in. 

Solution 9:  Follow the guidance in this guide to disable the message.

 

Problem 10:  After installing ActivClient, you are still unable to access DoD CAC enabled websites.

Solution 10-1:  Internet Explorer users:  Follow this guide

Solution 10-2:  Firefox users:  Follow instructions here

 

Problem 11:  Received "Error 2738.  Could not access VBScript run time for custom action" while installing ActivClient.

Solution 11:  Look here for a solution

 

Problem 12:  When opening ActivClient with the Oberthur ID One 128 v5.5 Dual CAC and you do not see anything in the large white section, you probably only have ActivClient 6.2.0.50 installed

Solution 12:  Update your ActivClient

 

Problem 13:  You want a way to remove CAC certificates automatically from Internet Explorer when removing your CAC.

Solution 13:  Open ActivClient (Only works in AC 6.2.0.x), Click Tools, Advanced, Configuration ..., Certificate Availability, Change the No to a Yes at the Remove certificates from Windows on smart card removal option  (A restart of your computer will be required).

RemoveCACCertsAutomatically image 

 

 

 

AKO

 

All Army Knowledge Online problems and Solutions are located on this page.

 

 

 

 

APPROVE IT  / eSign (No longer used by the Army)

back to top

 

The Army now uses Adobe Reader

 

 

 

 

CAC / CAC READER

back to top

 

Problem 1:  The CAC reader driver did not automatically install correctly

 

Solution 1-1:  Go to Device Manager (Instructions are on the CACDrivers page), scroll down to Smart Card readers, right click the CAC reader that shows up below Smart Card Readers.  It may also show up under unknown devices.  Select Uninstall.  It will give you a message.  Once it is uninstalled, unplug the reader from your computer.  Wait a few moments, then plug it back in.  It "should start to install itself.  If that doesn't work, keep reading for other ideas below.

 

Solution 1-2:  If you have an SCR-331 CAC Reader and using Vista, Windows 7, or 8, and are still having problems getting the reader to be recognized by ActivClient, or your CAC reader shows up as STCII Smart Card Reader follow these instructions for updating the firmware on the reader.   

 

 

 

Problem 2:  Receive quick beep when you start your computer with the CAC reader plugged in, or when plugging in your CAC reader.

 

Solution 2:  Change the following registry key to 0 from 1  by going to Start, Run, type in "Regedit" (without the quotes) and navigate to:  HKEY_LOCAL_MACHINE\Software\ActivCard\ActiveClient\Notification\NoReaderWarning\Enable

 

 

 

Problem 3:  Card does not read consistently

 

Solution 3-1:  Try cleaning the gold portion of the CAC with a clean pencil eraser. 

 

Solution 3-2:  Your card could be wearing out.  It may be time to get a new one.  Click here to find an ID card office.

 

Solution 3-3:  Your reader may be showing signs of wear.  Click here to find a new one.

 

 

 

Problem 4:  CAC reader is seen in Device Manager in Windows but not by ACTIVCLIENT software (Error 1920 on Windows 8) or Windows not communicating with CAC and Reader:

Information:  Windows runs the Smart Card service as a local service and without it, smart cards will not work. Another symptom of this is when the Card Icon does not show on the logon screen (Government computer).

Solution 4-1: Make sure the ActivIdentity Shared Store Service is started.  Here's how:  Click Start, type in:  services.msc in the search box, double click on:  ActivIdentity Shared Store Service.  Make sure the Startup type is set to Automatic and if not started, select Start.

Solution 4-2:  Run this file to fix your Smart Card service.  If you have problems with the other file, try this oneNOTE:  This will not work on Windows 8.1 or newer.

Solution 4-3: Log on as the local administrator.  Go to Start, Run, type in: services.msc, Verify that both ActivClient middleware and SmartCard services are stopped.  (Windows 8 users hover your mouse in the lower right corner of your screen to get the Charms bar to show up.  Click Search, type in "regedit.exe" then click it with your mouse.)

From the Search programs and files (Windows 8 and newer):  type: Regedit

 

Navigate to "HKLM\Software\Microsoft\Cryptography\"    Right click on the Calais folder then choose "Permissions".

 

Verify "LOCAL SERVICE" exists, if it doesn't, click "ADD"

 

In the large white box type "LOCAL SERVICE"  IF your computer is part of a domain, you will need to add your computer name\ before "LOCAL SERVICE"

 

Click Check Names, then OK.

 

Select Local Service -> Click Advanced (button) -> in the Permissions (tab) select LOCAL SERVICE -> and click Edit.  (Windows 8.1 & 11 users will need to click "Show advanced permissions" to see these).

 

Mark the following with Allow:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Delete

Read Control

 

Click OK

 

Close all open windows

 

Open Services.msc again, Start smart Card Service,  Start ActivClient middleware Service.

 

CAC Reader "should" now be showing in ActivClient.

 

Solution 4-4:  Follow these instructions for modifying your registry to make the Smart Card service start.

  .

 

 

 

Problem 5:  How can I use 2 CAC readers on my computer with ActivClient?

 

Solution 5:  Once the second CAC reader is physically functioning:  Double click the ActivClient icon (down by your clock), select File, Use Reader, Select the other reader.  Go to Tools, Advanced, Make Certificates Available to Windows.  You should be able utilize either CAC on your computer now.   

**  Here is a presentation showing how to do this.

 

 

 

Problem 5a:  How can I use 2 CAC readers on  my Windows 10, 8.1, 8, or 7 computer without ActivClient?

 

Solution 5a:  Plug it in and use it

 

 

 

Problem 6:  How do I get the message to stop coming up that says my CAC reader isn't plugged in?  I get a notice every time I start my computer that my reader isn't installed.  I own a laptop and don't plug in the reader unless I need it. 

 

Solution 6:  Go to Start, All Programs, ActivIdentity, and click on Advanced Configuration Manager.  Select Notifications Management.  Double click Display No Smart Card Reader Alert, it will automatically change from a YES to a NO.  ** Here are Visual steps showing you how to do this.

 

 

 

Problem 7:  Receive "An internal error has been encountered (the specified smart card is no more available for use)" when trying to access CAC using ActivClient 6.1 on computers with built in CAC reader and trying to use an external at the same time.

 

Solution 7-1:  Upgrade to ActivClient 6.2, Oberthur ID One 128 v5.5 Dual card holders may need a further update to ActivClient 6.2

 

Solution 7-2: The built in reader is taking priority over the external.  Unplug the external and try the internal reader.  On some computers (Gateway), the CAC has to go in upside down. 

 

 

 

Problem 8:  Receiving message "No Card Reader Found" when using RDP (Remote Desktop Protocol) between 2 computers.

 

Solution 8:  ActivClient is designed to only work with the card reader installed on the VIEWING computer.  Users MUST install the card reader & driver to the computer they are sitting at, not to the target computer (where ActivClient is installed).  If just configuring another computer with reader and software it should be done FROM THE CONSOLE of that machine.

 

 

 

Problem 9:  How do I change my CAC PIN?

 

Solution 9-1:  If you know your current PIN...You have 3 options:

- With ActivClient installed right click the ActivClient icon (down by your clock), select PIN Change Tool.  Enter your current PIN, then your new PIN twice, hit Next.

- If you are using the Windows 7 built in Smart card utility follow this guidance

- Visit an ID card office

 

Solution 9-2:  If you don't know your current PIN, your only option is to visit an ID card office

 

 

 

DTS

back to top

 

 

Problem 1:  Can I use DTS with my Mac or Linux computer?

Solution 1:  Yes you can.  The current version of DBSign called DBSign Universal Web Signer is available when accessing the DTS website and will allow all computer platforms to use it.    NOTE:  Look at #2 below and here for troubleshooting tips.

NOTE specifically for Mac users:  You will get a blank page when trying to navigate to your Authorizations or Vouchers until you do the following:  Click the word Safari, uncheck Block Pop-Up windows

MAC Users, please look here for new information regarding accessing DTS

 

 

Problem 2:  Unable to access DTS (Error message "There has been a problem with Login.  Problem getting security information from your computer.  Please contact your DTS site administrator for assistance."), or DTS stalls at DBsign: logging into cryptographic libraries....

 

Solution 2-1: Follow the guidance in this PDF

 

Solution 2-2:  In Internet Explorer:  Go to Tools, Internet Options, Security (tab), Click on Trusted Sites (green checkmark), Click Sites (button), in the Add this website to the zone:   type in "*.osd.mil" after unchecking "Require Server Verification", click add (button), select close, then click OK
 
Solution 2-3:  Go to:  Tools, Internet Options, Security (tab), single click on Internet (globe).  Uncheck the box for Enable Protected Mode (down near Custom level...) button. 

 

 

 

 
Problem 3:  DTS screen flashes up, then disappears after you select login.
 

Solution 3:  Check your pop-up blocker(s), they are more than likely "killing" the page that is attempting to pop up.  DTS loves pop ups. :)

 

 

 

Problem 4:  DTS will not allow you to get past the logon screen in Vista or Windows 7 (64 bit).

 

Solution 4:  Make sure you are using the (32 bit) Internet Explorer.  If you don't see it in your list of programs, navigate to:  C:\Program Files (x86)\Internet Explorer\  double click on iexplore.exe (it will be approximately 622KB in size).  You can also copy / create a shortcut for this program to your desktop.

 

 

 

Problem 5:  DTS error:  "Your user account could not be found or is locked, or your certificate has been revoked.  Please contact your local Registration Authority (LRA) or Verifying Official (VO) to obtain a new PKI certificate or to find additional information."

 

Solution 5-1:  Your account is more than likely "in between" your old and your new unit (which means you are not attached to any units).  Contact your current unit's DTS person and have them "Receive" you.

 

Solution 5-2:  A revoked certificate means you'll need to visit an ID card office to get a new CAC.

 

 

 

.

Problem 6:  DTS Login Error:  "There has been a problem with your login.  Your user account could not be found or is locked.  Please contact your DTS site administrator for assistance."

 

Solution 6:  Your account is more than likely "in between" your old and your new unit (which means you are not attached to any units).  Contact your current unit's DTS person and have them "Receive" you.

 

.

.

..

Problem 7:  When attempting to access DTS you receive "There has been a problem with your login.  Your certificate is invalid or expired.  Please contact your local Registration Authority (LRA) or Verifying Official (VO) to obtain a new certificate or CAC card.  Error is: --, dbsign code: 112" reading credentials" (See image below).

DTS Error Message

 

Solution 7-1: If you were recently issued a new CAC, you might have selected the old certificate, rather than the new one.  Close the web browser, remove CAC from reader.  Reinsert CAC, then attempt to access DTS again.  You can clear your old certs by following slide 14 of this guide.

.

Solution 7-2:   This means your CAC is expired, or the certificates have been revoked for some reason.  Your only option is to get a new CAC.  Visit the nearest ID card office to get your card replaced. 

.

Solution 7-3:  For Mac users, try clearing your keychain if you have received a new CAC and the site used to work.

 

 

 

EES (Evaluation Entry System)

 

All Evaluation Entry System problems and Solutions are located on this page.

 

 

 

 

 

ERROR CODES (BY THE NUMBER)

 

Error Codes (Specific Numbers) problems and Solutions are located on this page.

 

 

 

 

FIREFOX

 

Firefox problems and Solutions are located on this page.

 

 

 

FORMS (formerly known as MyForms)

back to top

 

FORMS has been replaced by Evaluation Entry System (EES), problems and Solutions are located on this page.

 

 

 

 

INTERNET EXPLORER

back to top

 

Problem 1:  Receive: "There is a problem with this website security certificate."  Your options are listed as  "Click here to close this webpage" or "Continue to this website" where it states it is not recommended.

 

Solution 1:  Latest DoD Certificates are needed, instructions where you can download and install them are here

 

 

 

 

Problem 2:  Receive the message: "You do not have Permission to Access this resource."

 

Solution 2-1:  Verify that you do have all needed software installed, Visit the Notes page to double check what you installed already.

 

Solution 2-2:  Verify that you are using Internet Explorer when attempting to register your CAC.  If you are using Firefox, please look at the Firefox page for the needed CAC reader configuration.

 

Solution 2-3:  If you receive this message when trying to download ActivClient from AKO, you need to know that the ActivClient download links on AKO are for Army personnel only.  If your account is listed as an Army volunteer, Guest, family member, retired, or other military branch, you  will not be able to download the file from AKO.  Other military branches look here to find where you can download ActivClient from your respective branch.

 

Solution 2-4:  Go to: https://www.us.army.mil from this link.  Your AKO shortcut in your favorites could be outdated.  Simply re add AKO to your favorites replacing your existing favorite.

 

Solution 2-5:  Follow guidance in this PDF

 

 

 

Problem 3:  CAC works to sign forms, but cannot access CAC enabled websites.

 

Solution 3-1:  Use Internet Explorer for any websites that need to use your CAC (IF using Firefox).

 

Solution 3-2:  Follow guidance in this PDF, or watch this video

 

Solution 3-3:  If you insist on using Firefox, follow this guidance AFTER you get it working with Internet Explorer.

 

 

 

Problem 4:  If you can access some websites with your CAC, but some don't work (e.g. AKO, the USMC MCNOSC site or the OWA for NMCI site)

 

Solution 4-1:  Click Tools, Internet Options, Advanced (tab).  Scroll to the bottom.  Make sure TLS 1.0, 1.1, & 1.2 are all checked, and SSL 2.0 & 3.0 are NOT checked. 

 

Solution 4-2:  Follow guidance in this PDF, or watch this video

 

 

 

Problem 5:  Are you having problems accessing ATAAPS (Automated Time Attendance and Production System)?

 

Information:  Bob Ridenour at Fort Gordon figured this out:  "If you have the Common Policy certificate installed it prevents access to ATAAPS.  More specifically, it affects all CACs with a CA-25 or higher."

 

More Information:  He has gotten rid of the problem locally, but has received emails from individuals outside of his organization who have the Common Policy cert installed.  When someone receives an email from one of these individuals you get a message (see screen image below) that asks if you want to install the policy.  If you select 'No' it's not a problem, but most users have a tendency to select 'Yes' even if they've been instructed otherwise, which starts the infection process all over again.  If the user chooses 'Yes' it installs the cert, then when they send an email the recipient gets the common policy popup, etc. etc.

...

Solution 5-1:  Open Internet Explorer, Click: Tools, Internet Options, Content (tab), Certificates (button), Intermediate Certification Authorities (tab), look down the Issued To column for:  Common Policy, select it and then click the Remove (button).  You will have to confirm that you do want to delete the certificate, select Yes

 

This image is what people clicked on and installed the Common Policy.  Select No when you see it next time.

 

Solution 5-2:  This guide shows other settings that should also be set in Internet Explorer

 

 

 

Problem 6:  Air Force users receiving "CA Not Recognized" error message when attempting to access the Air Force Portal

 

Solution 6:  Follow the guidance on the Air Force specific page

.

.

.

Problem 7:  Air Force users receiving  "There was a problem with this browser accessing your CAC for authentication. You may have pressed "cancel" button in your browser's certificate selection prompt.  If you are trying to authenticate with your CAC, please clear your SSL sessions.  In IE go to the Tools-Internet options.  Select the content tab and press the "Clear SSL State button."  If this does not work or you are unable to complete this close all open browser windows and try again.

.

Solution 7:  Follow the guidance on the Air Force specific page

.

.

.

Problem 8:  Receive the following error message "Your current security settings do not allow this file to be downloaded."

Solution 8:  Open Internet Explorer, click Tools, Internet Options, Security (tab), select the Internet icon, click the Custom level... (button), scroll down to the section titled Downloads and under File download make sure Enable is selected.

.

.

.

Problem 9:  "This page can't be displayed" message appears on your computer screen when trying to access a CAC enabled website.  You can replace the web address below with any number of websites.

ThisPageCan'tBeDisplayed image

 

Solution 9-1:  Hit refresh on your web browser

 

Solution 9-2: Go through this guide

 

Solution 9-3:  Verify your CAC is not expired, if so, get a new CAC

 

 

 

 

LOTUS FORMS (No longer used by the Army)

back to top

 

The ideas on this website are from regular people's experiences.  I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program.  703-692-1306 / DSN:  312-222-1306, Webform, or usarmy.pentagon.hqda-apd.mbx.fcmp@mail.mil   

 

If you are having problems accessing the CHESS website, contact the CHESS help desk at: peoeis.pdchess.helpdesk@us.army.mil or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday - Friday 0800-1700 EST).

 

Problem 1:  Receive "Error loading  C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll" when attempting to install Lotus Forms.

 

Solution 1:  Uninstall PureEdge Viewer (via Control Panel), Restart computer, then attempt Lotus Forms install again

 

 

 

Problem 2:  Word Sign is GRAY after installing IBM Forms Viewer / Lotus Forms Viewer / Pure Edge Viewer

 

Solution 2-1:  If you upgraded from Pure Edge Viewer and did not uninstall eSign / ApproveIt... Uninstall eSign / ApproveIt, restart computer, then install eSign / ApproveIt again.  eSign / ApproveIt HAS to be installed AFTER all programs that you want to be able to digitally sign.  These programs include: Office products, IBM Forms viewer, Lotus Forms, PureEdge, & Adobe Reader.

 

Solution 2-2:  64 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files(x86)\IBM\Forms Viewer\4.0\API\80\system

  

Solution 2-2a:  32 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files\IBM\Forms Viewer\4.0\API\80\system

 

Solution 2-2c:  32 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\API\76\System  

 

Solution 2-2d: 64 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files(x86)\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\API\76\System  

 

Solution 2-3:  More ideas are located below

 

 

 

Problem 3:  "One or more signatures could not be verified" when opening up Lotus Forms

 

Solution 3-1:  Latest DoD Certificates are needed

 

Solution 3-2:  Verify you have ApproveIt installed

 

Solution 3-3:  Restart your computer (if you have just installed eSign / ApproveIt)

 

Solution 3-4:  64 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files(x86)\IBM\Forms Viewer\4.0\API\80\system

  

Solution 3-4a:  32 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files\IBM\Forms Viewer\4.0\API\80\system

 

Solution 3-4b:  32 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\API\76\System  

 

Solution 3-4c: 64 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files(x86)\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\API\76\System 

 

 

 

Problem 4:  Receive error message:   "Viewer : Printer Driver's EndPage() Failed at PRINT ERROR(.\src\FormViewer\PrintEngine\CPrintEngine.cpp:1960 Fri Jan 29 15:27:50 2010):2780:8)"

 

Information:  You are unable to print Lotus forms on HP printers when using the 64 bit version of Vista & Windows 7.  This is a known problem that exists between IBM and HP, therefore it is "way above our heads" to get fixed, however, here are a few ideas you can try and still cheaper than buying a new printer.

 

Solution 4-1:  Download a program like DoPDF, print your form to the DoPDF "printer," then print the PDF to your printer

 

Solution 4-2:  Open Pure Edge, Select Preferences, Printing options, Uncheck "Print each page as a separate print job"

 

Solution 4-3:  Print your form to the Microsoft XPS Document Writer "printer,"  then print the XPS to your printer  

 

 

 

The below error and Solution was copied from the IBM Support Portal

 

Problem 5:  I see the following errors occur when opening Lotus® Forms:

 

20080109T154705.078-0600 3972 MEVRegisterErrorEx: \Anthill_Build\Branch-API-Cannae-20050228\Api\src\masqutil\masqutil.c 10427 2079 118 22

 

20080109T154705.078-0600 3972 Viewer ReportAppMsg Title:"(null)" Msg:" at MUCreateDir(\Anthill_Build\Branch-API-Cannae-20050228\Api\src\masqutil\masqutil.c:10427 Tue Apr 19 21:59:46 2005):3972:32 -> 22" TitleCode:7020 MsgCode:0

 

20080109T154706.515-0600 3972 MEVRegisterErrorEx: \Anthill_Build\Branch-API-Cannae-20050228\Api\src\masqutil\masqutil.c 10508 2080 118 4294967295

 

20080109T154706.515-0600 3972 Viewer ReportAppMsg Title:"(null)" Msg:" at MUCreateAllDirs(\Anthill_Build\Branch-API-Cannae-20050228\Api\src\masqutil\masqutil.c:10508 Tue Apr 19 21:59:46 2005):3972:32 -> -1" TitleCode:7020 MsgCode:0

Solution 5-1:  To correct the problem, you must make sure the Viewer has read/write access to certain registry keys. The Viewer requires read/write access to the following paths/folders that are defined by the following registry keys:

1. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

2. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Personal

3. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Desktop

4. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Common AppData

In addition, the Viewer requires read/write access to the following registry keys:

HKEY_CURRENT_USER\Software\Classes
HKEY_CURRENT_USER\Software\PureEdge
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents

Microsoft® Internet Explorer uses the following key and its sub-keys in order to properly host the Viewer. Access to these keys is critical in allowing the Viewer to interact with Internet Explorer:

HKEY_CURRENT_USER\Software\Microsoft

Solution 5-2:  If the instructions confuse you above, look at: http://support.microsoft.com/kb/886549

 

Problem 6: Receiving internal error when opening Lotus Forms.  Details show "Null pointer dereferenced (in function RegistryIterator::updateCurrent()@.\src\RegistryProfile.cpp:line531)  Stack trace (unavailable)

 

Solution 6-1:  Run this batch file to fix your computer.  If your web browser blocked the file, download this text file and remove the .txt at the end, then run.

 

Solution 6-2:  The following steps need to be completed while the affected user is logged in.  Since they are merely modifying the keys corresponding with their user hive, elevated privileges are not necessary.

1. Go to Start, Run, type in:  Regedit

2. Find [HKEY_CURRENT_USER\Software\VB and VBA Program Settings] and delete the entire key.

3. Click Start - Programs - ApproveIT Desktop - ApproveIT Configuration.

4. On the default Signature Method tab ensure the option "Sign using a certificate or smart card" is checked.

5. Click OK and test.

 

Solution 6-2 Alternative:  Save ApproveIt_Fixer.doc to your computer, then open it.  You may see a blank screen with a Security Warning.  Select the 'Enable Content' button.  Now click on Fix ApproveIt!, select OK.  Provided by CPT H

 

Solution 6-3:  64 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files(x86)\IBM\Forms Viewer\4.0\API\80\system

  

Solution 6-3a:  32 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files\IBM\Forms Viewer\4.0\API\80\system

 

Solution 6-3b:  32 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\API\76\System  

 

Solution 6-3c: 64 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files(x86)\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\API\76\System 

  

Solution 6-4:  Go to Start, Run

Type "regedit" (without the quotations)

Navigate to "HKEY_CURRENT_USER\Software\Silanis and delete it

Navigate to "HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ApproveIt MS Office" and delete it

Go to Start, All Programs, Startup, ApproveIt StartUp and click the ApproveIt Start up entry to start ApproveIt

 

 

Problem 7:  When clicking the login button trying to access CHESS [with your CAC] to download Lotus forms you are prompted for your certificate.  You select it and enter your PIN, it then states "you will be logged in shortly."  Within a few moments, you are returned to the login page without being logged in.

 

Solution 7:  Follow guidance in this PDF, or watch this video

 

 

 

Problem 8:  If you are using Windows XP and you experience the Lotus Forms "hanging" it may be because the Viewer is not able to find the Java Runtime or the Java Runtime is the wrong version needed for the Viewer.

 

Information:  APD has worked with IBM on this issue and believe they have found the problem and the solution.  It is posted at the following URL:  https://www-304.ibm.com/support/docview.wss?uid=swg21474129

 

 

 

Problem 9:  Receiving  "Bad length error" or "Link-exception is thrown" when submitting a form

 

Solution 9-1:  Visit IBM's support page for information about it.  Basically, we have to wait for the next version to be released.

 

Solution 9-1a:  Air Force members can read more at:  http://www.e-publishing.af.mil/viewerdownload.asp

 

 

 

Problem 10:  The check boxes have a green check inside rather than the black X.

 

Solution 10:  Open Lotus Forms, click Preferences, (the icon with blue an red O with a +).  Click Advanced Settings, Select the box next to:  Use "X" Style Check Boxes.

 

 

 

Problem 11:  Receiving "Internet Forms Error - The system cannot find the file specified. C:\Windows\System32\config\system profile at location=2079(\build\Cypress.API\api\src\masqutil\masqutil.c:10498 Wed Dec 3"  several times when opening Lotus Forms in Windows 7 or this error in the image that follows:

 

 Chinese Error message image

 

Solution 11-1:  Install Lotus Forms using compatibility mode for Windows Vista or XP

 

Solution 11-2:  While it is true that the program does in fact need access to the keys you have listed in solution 5, the true problem is the necessary strings the program is looking for are not built in the shell folders key when a user logs on.  We are not sure why the Lotus developers are still writing with the modules that look at that keys versus using the SHGetFolderPath or SHGetKnownFolderPath function instead.  The following is what Julie has done in all cases and fixed the problem quickly.

BLUF: When the program opens, it looks for the actual entries in the shell folder registry key under the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders key.  If they are not there then you get the 10498 error and some funky language folders are created.  I do not know why yet, why for some computers the strings are not being built off of what is indicated in the HKLM path but nonetheless all I did was export the key from a working machine, open it in notepad, replace all with the user name of the machine in error, and then import it to their computer. Once complete the program runs fine.


Solution 11-3:  Visit:  http://www.e-publishing.af.mil/viewerdownload.asp and download "AFDPO Releases Updated IBM Lotus Viewer_DSig_3.5.1.333.exe" under Software Link:

 

Solution 11-4:  If you have a Brother HL-2280DW wireless laser printer and have installed the Nuance software, they may be causing this error message.  What worked for a few Soldier was to return it and get a different printer.  They then had to restore their computers to an earlier time before the printer (and Nuance) software had been installed.

 

 

 

Problem 11a:  Receiving "Viewer : The system cannot find the file specified.  C:\Windows\system32\config\systemprofile at MUCreateDir(\build\Cypress.API\src\masqutil\masqutil.c:10498" when opening Lotus Forms in Windows 8

 

Solution 11a:  See Solutions to Problem 5 above

 

 

 

Problem 12:  Receive:  "An Error Has Occurred..." followed by "The system cannot find the file specified."  Your only options are Close and Details >>.

 

Solution 12:  Right click your taskbar, select Task Manager, look for Lotus Forms, you will probably 2 of them running.  Right click one of them and select End Task.  Now try it again.

 

 

 

Problem 13 (Fix for Government computer):  After installing Adobe Acrobat Reader X, users are not able digitally sign forms in Lotus Forms

 

Information / Solution 13:   When Acrobat Reader X is installed, you may not be able to digitally sign in Lotus Forms.  It seems that when you click on "Click to Approve" and the Digital Signature Viewer pops up; after you hit the "Sign" button the "ApproveIt-Certificate Selection" window does not pop up, the application just hangs indefinitely and so one cannot digitally sign. 

Modify the value of:
HKEY_CURRENT_USER\Software\Silanis\ApproveIt\Signing\RealTime\TopazLib
To disable it the value should be 0.

It has only affected a small percentage of those computers that received the Acrobat X push and was hard to replicate the issue. This solution fixed both Vista 32bit and Win7 64bit systems that were imaged w/ AGM disks that had the problem. This fix also worked when rights elevation, uninstall / reinstall, libeay32.dll and se_cryptoapi.ifx fixes did not resolve the issue.

 

 

 

Problem 14:  Receive the following error message after installing Lotus Forms 4.0.0.477:  "Your computer does not have a required file installed (Toolbar IFX).  This will prevent you from saving the form back to the server.  Please contact your help desk.

Toolbar.ifx image

 

Solution 14:  Follow guidance here

 

 

 

Problem 15:  Receive the following error windows when trying to open a form.  It can repeat several times, Lotus Forms won't close.  Some people actually get Japanese characters.

 

Lotus Error 1 image

 

Lotus Error 2 image

 

Lotus Error 3 image

 

Solutions 15:  Download and save this text file titled: regkeys4_lotus_forms.txt file to your desktop.

 

Double click the .txt file and select Edit and choose Replace.  Find and replace USER.NAME.HERE with your account name (this could be your AKO user ID if on a government computer, or your username on your home computer. 

 

Save the file, then right click select Rename and remove the .txt replace it with .reg

 

Double click the regkeys4_lotus_forms.reg file

 

Now run Command Prompt as an administrator and paste this into the CMD Prompt:  C:\Program Files\IBM\Forms Viewer\4.0>masqform.exe /register

or on a 64 bit version of Windows use this one:

C:\Program Files (x86)\IBM\Forms Viewer\4.0>masqform.ext /register

 

 

 

 

MAC / APPLE SPECIFIC ISSUES

back to top

 

Problem 1:  How do I use my CAC on my Mac

 

Solution 1:  Follow instructions on this page

 

 

 

Problem 2: DTS page goes white after selecting Voucher or Authorization in DTS. 

 

Solution 2:  In Safari, select Safari, Uncheck Block Pop-Up Windows.  You can also go to Safari, Preferences, Security, and uncheck Block pop-up windows under the Web content section.

 

 

 

Problem 3:  When trying to view a website using Safari, you may see the alert message: "Could not open the page. Too many redirects occurred trying to open (website name)." This may occur if you open a page that is redirected to open another page, which is then redirected to open the original page.


Information:  This issue is typically caused by the website you're trying to view, not by Safari.  Safari may be able to open the website at a later time, when the website's redirect problem has been corrected.

Occasionally, the issue might be caused by an interaction with Safari. The issue may also occur because redirect information has been retained beyond its useful life.

 

Solution 3:  In some cases, resetting Safari may allow you to regain access to a website. To do that, follow these steps:
1. Choose Safari > Reset Safari.
2. Only check "Remove all cookies" and "Empty the Cache."
3. Click Reset.
If the issue persists, sending feedback to the affected website may help. You can also send feedback to Apple by choosing Safari > Report Bugs to Apple.

 

 

 

 

 

OUTLOOK / MICROSOFT OFFICE / OWA

back to top

 

For DoD Enterprise Email users, please look here for specific support

 

Problem 1:  After installing ActivClient, Outlook users are unable to send email without selecting a certificate.  You may also receive Invalid Certificate - Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address 'user@mail.com'.

Invalid certificate

or

Invalid Certificate 2

 

Solution 1:  Outlook 2013 & 2010 Open Outlook, Click File, Options, Trust Center, Trust Center settings (button), E-mail Security, Uncheck the top 4 boxes

                   Outlook 2007:  Open Outlook, Click Tools, Trust Center, E-mail Security, Uncheck the top 4 boxes 

                   Outlook 2003:  Open Outlook, click Tools, Options, Security tab, Uncheck the top 4 boxes

                  

                    

 

Problem 2:  Receive ADTMSO.dll message after installing all needed software on Vista Premium.

 

Solution 2:  Purchase Vista Ultimate and upgrade your Premium (I know this seems like an expensive option, but it did work for a Soldier in New York).

 

 

 

Problem 3:  After installing ActivClient and opening Outlook, Receive error message:  "An extension file failed to initialize.  Can't open the file: extend.dat" 

 

You need to first be able to view hidden files (here's how): 

 

- XP:   Double click My Computer, once open, click on Tools (in the bar at the top), Folder Options, View tab, scroll down to Hidden files and folders, click the little circle next to Show hidden files and folders.

 

- Vista & 7:  Control Panel (classic view), select Folder Options, click the View tab, scroll down to Hidden files and folders, click the little circle next to Show hidden files and folders.

 

- Vista & 7: Control Panel (Control Panel Home), select Additional Options, Appearance and Personalization, Folder Options, click the View tab, scroll down to Hidden files and folders, click the little circle next to Show hidden files and folders.

 

Solution 3: Make sure Outlook is closed, rename extend.dat to extend.bak, restart Outlook

 

- XP users, go to:  C:\Documents and Settings\<userid>\Local Settings\Application Data\Microsoft\Outlook

- Vista & 7 users, go to: C:\users\<userid>\AppData\Local\Microsoft\Outlook

 

 

 

Problem 4: When using your Organization's OWA 2003 (Outlook Web Access) from home you cannot see the email in your inbox.

 

NOTE:  https://web.mail.mil uses OWA 2010, so, look at Solution 5-3 below for instructions

 

Solution 4-1:  Look at Solution 5-2 below for instructions for installing s/mime

 

Solution 4-2: Make sure you are not automatically downloading your email at your office to your local hard drive.  When you do this it removes the email from the server, therefore you cannot see it via OWA.

 

 

 

 

Problem 5:  I Can't view Encrypted emails in Outlook Web Access / App

 

Solution 5-1:  Make sure you have the S/MIME control installed.

NOTE:  This is only available in Internet Explorer (32 bit).  It will NOT work with the 64 bit version, on a Mac, or any other web browser.

NOTE2:  Internet Explorer 10 & 11 runs in 32 bit mode by default, so, this should not be an issue.  You would have to select "Enable 64-bit processes for Enhanced Protected Mode" to actually run in 64 bit mode.  More information can be read here.

 

Solution 5-2 (OWA 2003):  Go to Options, scroll down to Email Security, click on Download to download the S/MIME control.  You also need to have ActivClient installed on your computer.  Unless you are using the Windows 7 Smart Card service with your PIV II CAC, then you won't need ActivClient.

 

Solution 5-3 (OWA 2010): Click Options, See All options..., Settings, S/MIME, click on Install the S/MIME control

 NOTE3:  You will not see S/MIME control in IE 11 until you first add 'mail.mil' [or any other websites that are not working] to your "Compatibility View Settings" by following slide 19 in this guide

 

Solution 5-4a:  Follow the guide in solution 6 below.

 

 

 

Problem 6:  How do I access my encrypted email / files once I receive a new CAC?

 

Solution 6:  Emails & Files- Follow along with this guide explaining how to complete this process.  You will need to logon to the server with your current CAC non email certificate(this is what will authenticate you as you) on a government computer on the .mil network.

 

 

 

 

Problem 7: ActivClient is prompting for a smart card (5 times) when opening Windows Mail

 

Solution 7-1:  Open ActivClient, go to Tools, Advanced, Configuration and change "Remove certificates from Windows on Smart Card removal" from "No" to "Yes."

 

Solution 7-2: This can also happen when trying to use the Native Windows 7 smart card program.  Using ActivClient will not cause this problem (other than Solution 7 immediately above).

 

 

 

Problem 8:  Now that I have received a new CAC, how do I encrypt emails again in Outlook?  (Government computers only)

 

Solution 8:  You need to publish your new CAC certificates to the Global Address List (GAL), here's how:

                     Outlook 2003:  Tools, Options, Security (tab), Publish to GAL... (button)

                     Outlook 2007:  Tools, Trust Center..., E-mail Security, Click on Publish to GAL...(button)

                     Outlook 2016, 2013, & 2010:  File (tab), Options, Trust Center, Trust Center Settings...(button), E-mail Security, Click on Publish to GAL...(button)

                    

 

 

 

Problem 9:  Receive error message "You do not have a valid certificate to encrypt to the following recipients...."

Cause: It is necessary to have a copy of the recipient’s public key to encrypt email messages.

Solution 9: 1) Have recipient send you a digitally signed email.  Right click on their name in the from line and add them to your contacts.  Click Save - Close.  To send an encrypted email click on New - Mail Message. Create your message.  Click To, and in the Select Names window drop-down list, click Contacts.  Select the recipient’s email address from Contacts.  On the message toolbar, Click Options - Security Settings, and select Encrypt message contents and attachments check box.  Click OK - Close.  Click Send.

2) Look up the recipient at https://dod411.gds.disa.mil and download their public key to your computer.  Create a contact in your contacts list for them and add the certificate to it.  Follow the steps above to send encrypted email.

 

Problem 10:  Is there a way to adjust the size of the digital signature when signing in Word 2003 or 2007 using my CAC?   We are able to digitally sign, but the signature is so large it won't fit within the borders of a standard size memo.

 

Solution 10:  Yes, follow this Word document

 

 

 

Problem 11:  Receiving the following error message when trying to use OWA on Windows 7 (64bit) & (32bit):  "A digital ID that allows you to sign this message is missing."

 

 

 

Solution 11-1:  Add your OWA link to your Trusted Sites (this may be needed for Internet Explorer 9 users)

 

Here's How:  Open Internet Explorer, Go to Tools, Internet Options, Security (tab), Trusted Sites (green checkmark), Sites (button), Type your entire OWA web address into the Add this website to the zone (box)  Example:  https://web.mail.mil  Other OWA site links can be found on the OWA page.

 

Solution 11-2:  Install the S/MIME from the options section in your OWA client (see #5 above).  If you have problems installing the S/MIME check to make sure that "Do not save encrypted pages to disk" is unchecked under Tools, Advanced (tab). 

 

NOTE:  The S/MIME will ONLY work with the 32 bit version of Internet Explorer.  It is not compatible with the 64 bit version.

 

 


 

Problem 12:  You want to be able to Digitally Sign or Encrypt emails with Outlook when using AKO via IMAP, but you can't find where to add the buttons.

 

Solution 12:  When composing a new email, click on the Options tab and you will see Encrypt and Sign

 

 

 

Problem 13:  Users are having long load times when receiving digitally signed or encrypted emails.

 

Solution 13:  Follow this guide

 

 

 

Problem 14:  Receive message: "This message can't be decrypted.  If you have a smart card-based digital ID, insert the card and try to open the message again" when using Outlook Web Access / App (OWA)

 

Solution 14:  Make sure the email address that is listed on your CAC is also in your Exchange profile.  NOTE:  This is why Army users have AKO email address on our CACs, and that our AKO email address is also listed as an alias in our Exchange profile. 

Here's how:  To change your email address on your CAC.  This will also add it to your CAC if you don't have an email address on your CAC as well.

 

 

 

Problem 15:  ApproveIt tab does not show up in Microsoft Word 2007 or Excel 2007.  

 

Solution 15-1 for Word:  Follow this guide

Solution 15-1 for Excel:  Follow this guide

 

Solution 15-2:  Create a new profile on your computer and digitally sign the Word and Excel files from that profile

 

 

Problem 15a:  ApproveIt tab does not show up in Microsoft Word or Excel 2010 or 2013.  (Will NOT work with 64 bit version of Office)  Here's how to find out which one you have installed.

 

Solution 15:  The ability to digitally sign Word and Excel 2013 files is now built in, follow this guide

 

 

Problem 16:  Receive "HTTP/1.1 503 Service Unavailable" when attempting to access your email via OWA.

Information:  This is caused when the Exchange server is down, or having problems.

 

Solution 16:  Try accessing your email at a later time

 

 

 

Problem 17:  Receive:  "Cannot connect to Internet Directory Service (LDAP) server: directory.us.army.mil.  Check your network connection or modify your Address Book settings."  Followed by "The search cannot be completed.  MAPI_E_CALL_FAILED" after setting up the AKO LDAP address book.

 

Solution 17-1:  Latest DoD Certificates are needed

 

Solution 17-2:  If you have changed your AKO password recently, you need to change it in your LDAP connector as well.

 

 

 

Problem 18:  You are on one of the many RW#.army.mil  OWA email servers and are having problems connecting to your email.

 

Solution 18: You may have been migrated to DoD Enterprise Email, follow links on the OWA specific page.

 

 

 

Problem 19:  Air Force Users Only:  Everything appears to be setup correctly, but Outlook Web Access (OWA) STILL prompts that the digital ID is missing when attempting to send signed/encrypted.  Also, the user cannot read signed / encrypted messages. 

 

Solution 19:  According to Air Force Public Key Infrastructure (AF PKI), the email address found on the certificate must be also listed as a proxy SMTP address for the end user.  With the advent of Email for Life (E4L), the e-mail address listed on the certificate is the E4L address.  This e-mail address may not necessarily be listed on the user account.

 

(Background:  With E4L, many Air Force users have a lifetime email address, @us.af.mil, and a regular e-mail address, @base.af.mil)  This @us.af.mil exists at another location, and then forwards to the appropriate @base.af.mil address.  This works decently well.  However, in the case of signing messages with OWA S/MIME, that E4L address needs to be listed on the user's base account, or they won't be able to sign / encrypt email in their client.

 

According to AFPKI: 

"Important Note: Suppression of Name Checking does not work with OWA S/MIME.  In order for a user to send signed e-mail or receive encrypted e-mail, the e-mail address on their e-mail certificates must match either their primary network Simple Mail Transfer Protocol (SMTP) e-mail address or one of the proxy SMTP addresses for their e-mail account.  Use of the proxy address is controlled through the OWA S/MIME Security Setting “CertMatchingDoNotUseProxies”, which by default allows the use of proxy addresses.  The AF PKI SPO recommends the default for all of the OWA S/MIME Security Settings.  Detailed descriptions of the available security settings can be found in Microsoft’s Exchange Server 2003 Message Security Guide available at: http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx

 

In order to correct a case of e-mail mismatch, the Exchange administrator can add the e-mail address in the user's certificate to the list of user e-mail addresses, or a user can obtain new e-mail certificates either by returning to a DEERS / RAPIDS ID card issuance facility or accessing a User Maintenance Portal / Post-Issuance Portal (UMP/PIP) via their workstation.

UMP/PIP website:  https://www.dmdc.osd.mil/self_service , select Replace Certificate to avoid going to a RAPIDS Site. 

NOTE: You'll have to logon to the UMP/PIP site with your CAC.  Visual steps 

NOTE2:  In my tests with Windows 7, it did NOT work with the Windows 7 built in Smart Card utility or with ActivClient installed.  So, you will need to find a Windows Vista or XP computer with ActivClient installed.

Source:  https://afpki.lackland.af.mil/html/kbdetail.cfm?id=343 (CAC enabled from .mil domain)

NOTE:  An Air Force Major sent this to me:  "When I tried to access the CAC User Maintenance Portal on a Windows 7 computer, the Java failed; however, when I tried the same thing on my Windows 7 computer at work (.mil domain), Java still failed but I got a popup dialog that told me I had to use the 64-bit version of IE and Java.  When I started a browser session with the 64-bit IE, I was able to get to the User Maintenance Portal just fine."

Problem 20:  My email address is incorrect on my CAC, How can I fix it?

Solution 20-1:  Visit this website:  https://www.dmdc.osd.mil/self_service, select Replace Certificate

NOTE: You have to logon to the site with your CAC.  Visual steps  or these steps

NOTE2:  In my tests with Windows 7, it did NOT work with the Windows 7 built in Smart Card utility or with ActivClient installed.  So, you will need to find a Windows Vista or XP computer with ActivClient installed.

An Air Force Major sent this in:  "When I tried to access the CAC User Maintenance Portal on a Windows 7 computer, the Java failed; however, when I tried the same thing on my Windows 7 computer at work (.mil domain), Java still failed but I got a popup dialog that told me I had to use the 64-bit version of IE and Java.  When I started a browser session with the 64-bit IE, I was able to get to the User Maintenance Portal just fine."

 

Solution 20-2:  You can also visit an ID card office

 

 

 

Problem 21:  Problems with mail.mil when using 64 bit AGM and 32 bit office 2007

 

Solution 21:  Follow guidance in this PDF.

 

 

 

Problem 22: You are using OWA 2010, and do not like the conversation view...
.

Solution 22:  Follow guidance here

 

 

 

Problem 23:  How can I find out how much space I'm using in OWA 2010?

 

Solution 23:  Hold your mouse over the root of your mailbox folder [Your name].  You 'may' need to click it.  Only seems to work in Windows, not Macs.

 

 

 

Problem 24:  Outlook issue on a Government computer:  I can select the certificates to digitally sign emails but when I click ok to make the changes made stay.  I get an error telling me to insert a card into the reader.  The card is there, it can be used to access military websites it's just not recognized by Outlook.


Solution 24:  Make sure your email address is correct on your CAC. 

Here's how:  Open ActivClient, click on My Certificates, click the middle certificate.  Make sure the email address there is correct.  "Most" Army users will have either their AKO or mail.mil email addresses in the email address block.

 

Fix:  Look here problem 20 or here problem 24, or visit an ID card office

 

 

 

Problem 25:  You see the following error message when using Outlook Web Access 2003 with Internet Explorer 10  (this affects both Windows 7 & 8 users)

 

  OWA2003IE10 image

Here is what it says:

OWA2003IE10 image

 

Solution 25:  Internet Explorer 10 is not compatible with Outlook Web Access 2003.  You can use Compatibility view by clicking the little 'torn paper' icon in the web address line. 

 

compatibility view image

 

 

 

Problem 26:  Receiving following message in OWA when trying to open an encrypted email message:  "This message can't be decrypted.  If you have a smart card-based digital ID, insert the card and try to open the message again."

 

MessageCan'tBeDecrypted

 

You may be able to encrypt outgoing emails, but decrypting is your issue.

 

Solution 26:  When the message appears, remove your CAC from the reader, reinsert it, select another email, and reselect the encrypted email.  IE may ask again for your PIN and then it will decrypt the email so you can read it.

 

 

 

Problem 27:  Web.mail.mil / OWA locking up when trying to delete a thread of email with Skype Click to Call (C2C) installed. 

 

NOTE:  You  may have received an auto update to Skype on your Windows computer.  This update comes with C2C. One person noticed the issue appear and also noticed that phone numbers in emails suddenly appeared in blue (hyperlinked) with a Skype symbol next to them.

 

Solution 27:  Uninstall C2C and the issue with locking up OWA when deleting email threads went away.

 

 

 

 

Problem 28:  When trying to send an email from Outlook on a Government computer, receive the following error message: 


 InvalidCertError image

 

Solution 28-1 (All Computers):  Remove CAC, then reinsert it  Try sending your email again

 

Solution 28-2 (ActivClient installed Computers):  Open ActivClient, right click My Certificates, select Make Certificates available to Windows.  Try sending your email again

 

 

 

 

PURE EDGE VIEWER (replaced by LOTUS FORMS) Army No Longer using this program)

back to top

 

The Army now uses Adobe Reader
May still be used by the Air Force

 

 

Problem 1:  The word Sign is "GRAYED OUT" when attempting to digitally sign a Pure Edge form.
 
Solution 1:  See answers in THE WORD SIGN IS GRAY section below.

 

 

 

Problem 2:  "One or more signatures could not be verified" when opening Pure Edge

 

Solution 2-1:  Verify you have ApproveIt installed.

 

Solution 2-2:  Restart your computer (if you have just installed ApproveIt)

 

Solution 2-3:  64 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files(x86)\IBM\Forms Viewer\4.0\API\80\system

  

Solution 2-3a:  32 bit systems IBM Forms Viewer 4.0:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Forms Viewer\4.0\extensions

and to

C:\Program Files\IBM\Forms Viewer\4.0\API\80\system

 

Solution 2-3b:  32 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files\IBM\Lotus Forms\Viewer\3.5\API\76\System  

 

Solution 2-3c: 64 bit systems Lotus Forms 3.5:  Copy and paste libeay32.dll from C:\Program Files(x86)\ApproveIt to the following folders: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\extensions 

and to: 

C:\Program Files(x86)\IBM\Lotus Forms\Viewer\3.5\API\76\System 

 

PDF with complete instructions

 

Solution 2-4:  Latest DoD Certificates are needed

 

Solution 2-5:  Uninstall ApproveIt 5.8.2, 5.9, or 6.1,  restart computer, Install ApproveIt 5.7.3.  Follow instructions below. 

PLEASE NOTE:  ApproveIt 6.1 & 6.5 are the only versions that will work with Lotus Forms.

Solution 2-6:  The new Lotus Forms and ApproveIt 6.5 works very well on Vista and Windows 7.  I would recommend you upgrade.  If you are still using using XP, it does not work as well.  Look at #4 immediately above

 

 

 

Problem 3:  Digital Signature not loading

 

Solution 3-1:  Visit here

 

Solution 3-2:  Uninstall ApproveIt 5.8.2, 5.9, or 6.1,  restart computer, Install ApproveIt 5.7.3.  Follow instructions below. 

PLEASE NOTE:  ApproveIt 6.1 & 6.5 are the only versions that will work with Lotus Forms.

 

 

 

Problem 4:  Receiving internal error when opening Pure Edge.  Details show "Null pointer dereferenced (in function RegistryIterator::updateCurrent()@.\src\RegistryProfile.cpp:line531)  Stack trace (unavailable)

 

Solution 4-1:  Run this batch file to fix your computer.  If IE blocked the file, download this text file and remove the .txt at the end, then run.

 

Solution 4-2:  The following steps need to be completed while the affected user is logged in.  Since they are merely modifying the keys corresponding with their user hive, elevated privileges are not necessary.

1. Go to Start, Run, type in:  Regedit

2. Find [HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ApproveIt MS Office] and delete the key.

3. Find [HKEY_CURRENT_USER\Software\classes\ApproveItDesignerAddIn] and delete the key.

4. Find [HKEY_CURRENT_USER\Software\classes\CLSID\{97A21885-E335-4164-AD1C-8A3BF0F003E9}] and delete the key.

5. Find [HKEY_CURRENT_USER\Software\classes\CLSID\{08E623D3-BEAD-4bd3-8401-EFF51FD754CE}] and delete the key.

6. Click Start - Programs - ApproveIT Desktop - ApproveIT Configuration.

7. On the default Signature Method tab ensure the option "Sign using a certificate or smart card" is checked.

8. Click OK and test.

 

Solution 4-2 Alternative:  Save ApproveIt_Fixer.doc to your computer, then open it.  You may see a blank screen with a Security Warning.  Select the 'Enable Content' button.  Now click on Fix ApproveIt!, select OK.  Provided by CPT H

 

Solution 4-3:  Copy and paste libeay32.dll from C:\Program Files\ApproveIt to the following folders:  C:\Program Files\PureEdge\Viewer6.5\extensions  and to:  C:\Program Files\PureEdge\Viewer6.5\API\65\System   PDF with complete instructions

 

Solution 4-4:  Go to Start, Run

Type "regedit" (without the quotations)

Navigate to "HKEY_CURRENT_USER\Software\Silanis and delete it

Navigate to "HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ApproveIt MS Office" and delete it

Go to Start, All Programs, Startup, ApproveIt StartUp and click the ApproveIt Start up entry to start ApproveIt

 

 

 

Problem 5:  "Pure Edge Viewer has encountered a problem and needs to close.  We are sorry for the inconvenience."

 

Solution 5:  Copy "libeay32.dll" from the following location:  "C:\Program Files\ApproveIt"

Paste the files into both of the following locations:  "C:\Program Files\PureEdge\Viewer 6.5\API\65\System" and "C:\Program Files\PureEdge\Viewer 6.5\extensions" 

Reason:  These files can get written over by some Microsoft Updates.  Pure Edge cannot use the newer files that were installed by Microsoft.

 

 

 

Problem 6: Receive the following error "Form API initialization Failed"

 

Solution 6-1:  Reinstall Pure Edge

 

Solution 6-2: 

1.  Insure you close all errors that appear when launching a PureEdge form

2.  Go to:  C:\windows\system32 and double click 'fixmapi.exe'

NOTE:  This file will not show anything, give it approximately 5-10 seconds to insure it completed

3. Attempt to open the PureEdge form again

 

 

 

Problem 7:  Receive ePersona message when trying to sign a form in Pure Edge with Approve It.

 

Solution 7:  Close PureEdge (if it is open).  Go to: C:\Program Files\ApproveIt\, double-click the icon that looks like a wrench titled: "AprvCfg.exe".  On the Signature Method tab, make sure the radio button is on the bottom choice - "Sign using a certificate or smart card."  Don't change anything else.  Click Apply, then OK

 

After you click "Sign" in PureEdge, it may take a few minutes for the list of certificates to pop up. Be patient. Choose the certificate that doesn't say Email, and put a check in the box that says "Use this certificate as default" (if this is your personal computer).

 

 

 

Problem 8:  Receive " MUCreateDir(\Anthill_Build\Branch-API-Cannae-20050228\Api\src\masqutil\masqutil.c:10427 Tue Apr 19 21:59:46 2005):2696:32-> 22"

 

Solution 8-1: Try the same Solution as Problem #5 above

 

Solution 8-2:  Read the Tech notes on IBM

 

Solution 8-3:  Read Microsoft Support information

 

Solution 8-4:  If you are using Vista and the errors happened after macrovision, this is the fix.

 

Logon as an administrator (i.e. using your SA account) instead of right clicking and choosing "run as"(do not choose).

 

Open PureEdge to make sure it is running fine(if macrovision hasn't been installed already).

 

Install macrovision if not yet installed.

If you are unsure it has been installed, go ahead and run it and it will ask you to modify, repair, or uninstall. Uninstall it and reboot, then you can install it again.

 

Open PureEdge to see if it has the errors.

 

Go into Regedit follow this path;

HKCU\software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData

 

Before you install macrovision AppData key is:

C:\Users\**USER.NAME**\AppData\Roaming

After you install it, nothing will be in its place so you can copy the above key from another key ONLY  to roaming.

 

After, open PureEdge and and check to see if the errors were fixed.

 

Solution 8-5:  Uninstall ApproveIt 5.8.2, 5.9, or 6.1,  restart computer, Install ApproveIt 5.7.3.  Follow instructions below.  

PLEASE NOTE:  ApproveIt 6.1 & 6.5 are the only versions that will work with Lotus Forms.

 

 

 

Problem 9:  Pure Edge bar stalls half way across the screen when attempting to load a form

 

Solution 9-1:  Reinstall the DoD certificates & ApproveIt try to access your form again.

 

Solution 9-2:  Create a new profile and install Lotus Forms and ApproveIt from this new profile. 

 

 

 

Problem 10:  "Unable to complete the signature; the private key cannot be found or is inaccessible on the system.  Make sure you are using a good signing key or the right smart card."

 

Solution 10:   Look at ApproveIt Problem 4 above.

 

 

 

Problem 11:  Receive "Internal function call failed. at IFSObject_RegisterClass(\Anthill_Build/Branch-API-Cannae-20050228\Api\src\ifx\IFSObject.c:1997 Tue Mar 15 12:04:02 2005):2788"

 

Solution 11-1:  Uninstall ApproveIt 5.8.2, 5.9, or 6.1,  restart computer, Install ApproveIt 5.7.3.  Follow instructions below. 

PLEASE NOTE:  ApproveIt 6.1 & 6.5 are the only versions that will work with Lotus Forms.

Solution 11-2:  You can also try items listed at #9 above  or #5 in the LOTUS section

 

 

 

Problem 12:  If you receive an ePersona message, or "Add digital ID" with the choice of, I want to sign this document using? 

 

Solution 12:  Visit the Notes page to find out how to correct this.

 

 

 

Problem 13:  Unable to print forms from Pure Edge Viewer in Vista & Windows 7 64 bit systems with HP printers.  (Receive an error similar to:  Viewer : Printer Driver's EndPage() Failed at PRINT ERROR(.\src\FormViewer\PrintEngine\CPrintEngine.cpp:1960 Fri Jan 29 15:27:50 2010):2780:8) )

 

Solution 13-1:  Download a program like DoPDF, print your form to the DoPDF "printer," then print the PDF to your printer

 

Solution 13-2:  Open Pure Edge, Select Preferences, Printing options, Uncheck "Print each page as a separate print job"

 

Solution 13-3:  Print your form to the Microsoft XPS Document Writer "printer,"  then print the XPS to your printer  

 

 

 

Problem 14:  Receive error message:  "Unable to initialize the API at C:\Progra~1\PureEdge\VIEWER1.5\API\65"

 

Solution 14:  Follow guidance to uninstall Pure Edge here.

 

 

 

 

 

VISTA UAC (USER ACCESS CONTROL)

back to top

 

Problem 1: If you do not like it, read below on how to turn it off.

 

Solution 1-1:  Visit How-To-Geek for easy screen shot views (I prefer this method)

 

Solution 1-2:  Video on Chris.Pirillo.com

 

Solution 1-3:  User Access Control message.  Here is a registry hack to turn User Access Control off (right click, save target as on DisableUACforAdmin.reg), then double click it.  You will not have to enter the registry with this small .reg file as it will automatically change the location in the registry for those of you who are uncomfortable working in the registry.  I use this registry hack on my Windows Vista computers and do not get the annoying message saying that I'm not safe.   If you feel you should have it after turning it off, here is another .reg file to re-enable the UAC (right click, save target as on Re-EnableUACforAdmin..), then double click it.

 

 

 

 

OTHER MISC ERROR MESSAGES

back to top

 

Problem 1:  The system could not log you on.  "The requested key container does not exist on the smart card."
 
new imageSolution 1-1:  Switch user, then log back in as yourself.
 
Solution 1-2: Have someone else log onto the same computer, double click ActivClient, Click on Tools, Advanced, Forget State for all cards.  This "other" person does NOT have to be an administrator.

 

Solution 1-3:  Visit Google Groups for another possible solution

 

 

  

 

Problem 2:  Receive the following error "Please enter the master password for the ActivIdentity ActivClient 0."  when using Firefox.

 

Solution 2-1:  This is Firefox's "secret code" for Entering your CAC [6-8 digit] PIN

 

Solution 2-2: You are getting this error because you are trying to use Firefox and your CAC.

You have 2 options, first is to switch over to Internet Explorer for any websites you need to use your CAC.  Second option is to visit the Firefox support page and attempt to get your Firefox working using the instructions.

 

NOTE:  Firefox will only work with ActivClient (or OpenSC) installed.  Therefore if you are using the Windows 7 or 8 / 8.1 built in Smart Card utility, it won't work.
 
 

 

Problem 3: Certificate box comes up empty when trying to access a webpage.

Solution 3: Latest DoD Certificates are needed, instructions are here

 

Problem 4:  Receive error message:  "Local policy does not allow you to log on interactively." 

Solution 4:  Latest DoD Certificates are needed, instructions are here   

 

Problem 5:  Government owned computer will not read CAC after computer is locked.

Information:  Sometimes when a user locks their computer, they are unable to unlock it because their CAC will not read.  The research points toward buffer overflow errors and memory write errors due to registry key permissions.  Two workarounds have been found:

Solution 5-1:  Disable Windows Aero theme, instructions can be read on HowToGeek or LanceLHoff

Solution 5-2:  Unplug and re-plug in the CAC reader or keyboard w/CAC reader (this is the equivalent of rebooting the reader, but only works for external CAC readers)

 

Problem 6:  Problem accessing some CAC enabled websites

Solution 6:  Run this .bat file to clear out old certificates from your computer.  If your computer blocks the download, please download this file and remove the .txt from the end of the file name.

 

 

CURRENT PROBLEMS WITH NO KNOWN RESOLUTION

Please continue to check back later to see if a Solution has been found

If you've found a Solution for this, please contact me

 

NONE right now

 

 

 

 

OTHER QUESTIONS

back to top

 

Question 1:  How can I set up my personal Windows computer to be able to login with my CAC (like my government computer)?

 

Answer 1:  You can try this program if you are using Windows 7 or 8.  (I personally have not tried it).  Please let me know how it works for you.  I only have 1 CAC, and need to access multiple computers at the same time.  So, I can't afford to tie it up on one computer.

Video

 

Notes from a person who tried the idea above:  "The solution listed above worked great.  Just remember after restart when you set it up, the first password you put in is the User Account Password, then when clicking finish to test, I had to select the second certificate on the popup. All went well!"

 

 

 

 

Question 2:  Can I set up my personal Mac computer to be able to login with my CAC?

 

Answer 2-1:  Follow this guidance in this PDF

 

Answer 2-2:  Follow these instructions from Thursby (I have NOT tested this).

 

 

 

Question 3:  Are Individual Ready Reserve (IRR) Soldiers eligible for a Common Access Card (CAC)?

 

Answer 3:  IRR Soldiers are issued the Armed Forces of the United States Geneva Conventions Identification Card (Reserve) (Green).  If on active duty orders for 31 days or longer the IRR Soldier can receive a CAC.

 

DD Form 2 (Reserve) green military ID card

Members being released from active duty with a Military Service Obligation (MSO) are part of the IRR and will be issued the green Reserve ID cards.

 

Question 4:  Are retirees and family members eligible for a Common Access Card (CAC)?

Information:  The CIO/G6 recognized the need to provide stronger authentication for retirees and had a working pilot program to provide Smart Cards with DoD PKI certificates to Army retirees and family members.  The cards were used as an alternative to username password login to Army websites.  The pilot was limited to 2,500 users and evaluated user experience and the overall acceptance of using the card as a replacement for username / password login. Other alternatives such as One Time Passwords were also being considered.  Sites such as MyPay will be allowed to continue to use username and password until a stronger authentication solution is fielded. 

This Pilot program ended on 1 October 2012

Answer 4:  Not at this time. Retirees will continue to receive the traditional Retired (blue) or Reserve Retired (red) cards.  Family members will continue to be issued the tan or red cards.

 

Question 5:  I am retired and do not have a CAC anymore.  How do I access my military records, since iPerms is 100% CAC authentication?

 

Answer 5-1:  Your records are archived; therefore, veterans and authorized family members must request a copy of their records by submitting a prepared Standard Form 180 to the appropriate address listed on the back of the form or by going to the following website to submit the request electronically:

http://www.archives.gov/veterans/evetrecs/

NOTE:  If you do not consider yourself "computer-savvy," or want to discuss this with someone at the facility, the number to call is 1-866-272-6272.

.

Answer 5-2:  Visit the National Personnel Records Center, Saint Louis website

.

Answer 5-3:  iPerms is, but HRC is not "yet."  Visit: https://www.hrcapps.army.mil  Enter your AKO Login: & Password:

 

.

Question 6:  TLS 1.0 will not stay checked, and / or SSL 2.0 keeps checking itself in Internet Explorer

.

Answer 6-1:  Open Internet Explorer, Select Tools, Internet Options, Advanced (tab), click the Reset...(button)  under Reset Internet Explorer settings

 .

Answer 6-2:  Create a new profile on your computer

.

Answer 6-3:  McAfee Antivirus can also cause this problem.  If this is a home computer, try uninstalling McAfee, restart computer, then see if you still have the same problem.  You still need protection, so, look here for other Antivirus programs.

.

.

.

Question 7:  You are not able to access your old CAC encrypted files after receiving your new CAC.

.

Answer 7:  Emails & Files- Follow along with this guide explaining how to complete this process.  You will need to logon to the server with your current CAC (this authenticates you as you).  The websites mentioned in the guide can only be accessed from a US Government computer and network.

 

 

 

Question 8:  Prompted repeatedly for your CAC PIN when using Windows 7 (and 8) built in Smart Card utility accessing CAC enabled websites.

 

Background:  The way Windows 7 (and 8) accesses your CAC It doesn’t cache your CAC PIN on your computer


Solution 8-1 Windows 7: Install ActivClient 6.2.0.x (this program will cache your PIN for 15 minutes).

.

Solution 8-1a Windows 8: Install Coolkey or purchase CSSi (these programs will cache your PIN)

 

 

 

Question 9:  My email address is incorrect on my CAC, How can I fix it?

 

Answer 9:  Follow guidance here

 

 

 

 

THE WORD SIGN IS GRAY

back to top

 

No longer an issue with fillable PDF forms

.

 

 new_profile

CREATE A NEW USER PROFILE 

.

Windows 10

 https://www.laptopmag.com/articles/limited-user-accounts-windows-10

.

Windows 7 & 8/8.1

https://www.techadvisor.co.uk/how-to/windows/how-add-new-user-account-in-windows-7-3326039/

.

Mac OS

https://support.apple.com/kb/PH25796?locale=en_US&viewlocale=en_US

 
If you have questions or suggestions for this site, contact Michael J. Danberry

Disclaimer

 

ACRONYM Reference Page

 

GoDaddy Site Certified seal

 

Last Update or Review:  Monday, 11 March 2024 10:02 hrs

 

The following domain names all resolve to the same website:  ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us