2

0

I know I could have contacted CW3 Michael Danberry privately via inbox but I hope an open forum would resolve this issue not only for me but for whoever else that may have or will experience this.
I have had this issue on my home computer (laptop) now for three days. I can log into AKO with the regular certificate (not the EMAIL one) but when I want to check my email on Enterprise (of course I select the EMAIL certificate), I get the “Please insert a smart card.” Window with the “OK” greyed out.
That leaves me with two button choices; the “Cancel” or “Details >>” button. When I click on the “Details >>” button I get this Smart card status: “A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate.”
Here are some of the things I have tried already:
- Restart
- Uninstall ActivClient then Reinstall again (restarting at each)
- Install the driver from IOGear then restarting my computer
- Change the CAC reader
My computer is a MS Windows 7 Home Premium; x64-based PC
I can’t get to my emails!! I need to get on it for some very important work! Please Help!

Posted >1 y ago

11

0

The best way to secure AKO is to make sure no one can ever access it, no matter what. Are you in the Army and eligible to access it? Are you a cyberterrorist trying to hack into it? NEITHER of you gets in. Call it what you want, but that's absolute security. The only person in the world who can conquer AKO's accessibility issues is the same guy who solved the world's largest rubik's cube in 7 hours (video below).

(11)

Comment

(0)

LTC (Join to see); CPT Aaron Kletzing.. What if RallyPoint was a .mil? What is it required a DoD certificate?.. Naah Please don't.

(1)

Reply

(0)

If you want a CAC enabled on a .mil network you can use MilSuite. I had a person one time ask why I did not put all of my MilitaryCAC information on MilSuite. I simply stated it did not help anyone if they couldn't access it in the first place. I have not heard back from the person. Maybe it was a 'duh' moment for him. :)

(3)

Reply

(0)

4

0

There has to be a better alternative than using a CAC and wasting 30 minutes of my life trying to log into my email.

(4)

Comment

(0)

CW3 Michael Danberry, So, A rant.
The issue tends to be that the average (or above average, for that matter!!) user has little to know knowledge of all the switches that need to be flipped on the OS to make it work. For us traditional reservists, this is a big issue as we need to do a LOT of our work away from military networks.
Military IT systems commonly assume a given underlying system configuration. Which makes sense on a standard install of a system on a given network, both of which can only be altered by a select few with admin privileges. Home systems are generally NOT set up that way.
Generally, instructions for home use seem to be based on the gold standard of 'works on my machine' - from people who already have their systems set up in the 'proper' configuration and have a very high level of background IT knowledge compared to the general public. Getting the settings right to start with can therefore be a painful exercise in discovery learning.
And then the fun starts... Most home users, as opposed to most 'official networks' and IT professional networks have automatic updates turned on.. So there is an IE (oh how I hate you!!) update, and suddenly your OWA reverts to 'basic mode' (forget the actual name!, but I do remember that it doesn't show up in the title bar that you are running in broken & stupid mode) and you can no longer read your encrypted emails. So you search and find out that you should re-install the 'S/MIME' (whatever the F that is.. you're getting mad now..) control. OK, fine. You follow the instructions and that settings tab DOES NOT EXIST!!!! Now you are in a whole new plane of pissed off..
After your wife has made you walk away from the bad computer, and you spend half an hour calming down, you do a search, figure out that you are in 'basic mode', start googling that. See a comment about IE. Find out that normal OWA (a microsoft F'ing product) is incompatible with the latest version of IE (Oh, you F'ing, F's, I want to F you..). So you 'downgrade', and now things work.. until the Java update takes down DTS.. Or they come up with the new evaluation system that uses an ActiveX signature thingy (forget the details) that requires a hook to something installed by ActiveClient - which you haven't needed installed on your system ever since you went to windows 7.. But you need it now, for no adequately explained reason.. Which is OK, I suppose, because there was no announcement that it was needed in the first place. Calls to tech support have you flip all the System and IE switches, and after that fails, they throw their hands up - because 'it should work' - checking for ActiveClient isn't on their checklist because it's on the standard image.. (I understand that they fixed that hook, but still).
As you might guess, all of the above were joys I personally experienced. I skipped over the 'oh, your CAC has a different manufacturer', 'Oh, you got a new CAC and can't read encrypted emails that you already received', and dozens of other issues. All of these at a time when - overall - the civilian IT meta-infrastructure 'just works.'
A little background. Over 15 years working in (non-DoD) IT, 8 years as a programmer. Doing Web Apps, mainly..A computer programming degree, as well as a Db Management one, I've got my A+. My main computer is a Mac. I have configured it to do everything that doesn't require an actual windows client natively (i.e., OWA, etc) and the rest in a Win 7 VM. However, it became such a colossal pain in the ass that I actually have a separate physical Windows 7 box in my workout room that does two things: 1) Streams Netflix while I'm on the treadmill and 2) is a static Windows 7 box for doing Army stuff. I shudder to think how out of date it may be..
Yes, militarycac.com and other sites exist to help, and they are very helpful (especially militarycac.com. It is a lifesaver as well as a sanity saver). Though, while all the information is usually there, it can be hard to find, especially when you are frustrated, have spent several hours trying to open an email, or sign a document, after your full workday, and it's due tomorrow and WTF!!
It also isn't much value when you are the canary in the coal mine. IE, the problem just occurred, and all the tech support guys are still at the 'works on my machine, you must be doing something wrong' stage (No sh$t, wanna drop we a clue?!). I was that guy with the signing the new OERs. All I knew for over a month was that I had to drive to my unit to go to internet explorer to sign a document.
Actually, typing the above, while pointless, makes me appreciate the fact that I am on ADOS right now, and everything 'just works' at my work computer, without the need to do anything official from home.

(2)

Reply

(0)

CW3 Michael Danberry, what COL (Join to see) said!

(0)

Reply

(0)

Hello LTC Stoneking. I'm sorry you had to go through all of that. And believe me I feel for you. I personally feel for everyone having problems with all of this stuff. Which was one of the many reasons MilitaryCAC exists and why it has grown from 1 page to over 120 pages of information.
Please let me know what we / I can do to make this easier for you on your personal system. I understand you now have a GFE computer so, your problems are reduced until you come off of orders and have to turn it in.
I'm personally sorry the Army does not support Macs. Believe me, it is on my agenda at the primary training coordinator for the Army Enterprise Service Desk now. I have learned of a lot of classes they have to go through just to be allowed to answer the calls. So, I need to wait until we are at a steady state to start the training I want to see the agents have. This might help you a little. It won't unfortunately help you sign forms or digitally encrypt emails because that technology does not exist for your Mac.
Why did you need the Netflix Windows computer / Army when you already have Windows virtually on your Mac.
FYI, as of this moment, Windows 10 has no built in CAC support, and none of the versions of ActivClient work either. So, I recommend you don't update anytime soon.
Did you follow instructions on http://militarycac.com/macnotes.htm to get the CAC working on your Mac?

(0)

Reply

(0)

Hello CPT Barden, I'm sorry you had the exact same issues as LTC Stoneking.

(0)

Reply

(0)

4

0

I get more errors when logging into my military laptop that are considered OK than I can shake a stick at.
Certificate errors, can't log into instant messenger, approvit doesn't recognize something or other.
It's a cacophony of bad configuration.. Must be part of the security.

(4)

Comment

(0)

One of the big flaws with AGM (Army Golden Master) is that they use it as a one size fits all when it doesn't really fit all the myriad platforms it can be put on. There are ways to fix a lot of it, but they aren't asking me.

(2)

Reply

(0)

CSM Heidke, Is this military laptop connected to VPN when you are at home? The instant messenger will only work when on the Army network. You might need to take it back to your IT people to have them reimage it.

(0)

Reply

(0)

This reminds me of my most recent TDY.. I was working on my DTS in the hotel room. The details have faded in my mind, but I continually had to hop between being connected via VPN to being connected via just internet (NO VPN) to get various parts of the system to work. How did I find out? I vented to another person with more experience that X wasn't working - 'Oh yeah, that doesn't work via VPN..' Something about the proxy settings and what DTS expected.
I wish I could remember the details, but it was about 4 hours of wasted effort and a significant emotional event, as I really wanted my flight home scheduled sometime before I was supposed to fly.

(1)

Reply

(0)