Posted on Jan 28, 2015
CAC recognized for AKO login but not for Enterprise email certificate?
101K
46
47
1
1
0
I know I could have contacted CW3 Michael Danberry privately via inbox but I hope an open forum would resolve this issue not only for me but for whoever else that may have or will experience this.
I have had this issue on my home computer (laptop) now for three days. I can log into AKO with the regular certificate (not the EMAIL one) but when I want to check my email on Enterprise (of course I select the EMAIL certificate), I get the “Please insert a smart card.” Window with the “OK” greyed out.
That leaves me with two button choices; the “Cancel” or “Details >>” button. When I click on the “Details >>” button I get this Smart card status: “A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate.”
Here are some of the things I have tried already:
- Restart
- Uninstall ActivClient then Reinstall again (restarting at each)
- Install the driver from IOGear then restarting my computer
- Change the CAC reader
My computer is a MS Windows 7 Home Premium; x64-based PC
I can’t get to my emails!! I need to get on it for some very important work! Please Help!
I have had this issue on my home computer (laptop) now for three days. I can log into AKO with the regular certificate (not the EMAIL one) but when I want to check my email on Enterprise (of course I select the EMAIL certificate), I get the “Please insert a smart card.” Window with the “OK” greyed out.
That leaves me with two button choices; the “Cancel” or “Details >>” button. When I click on the “Details >>” button I get this Smart card status: “A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate.”
Here are some of the things I have tried already:
- Restart
- Uninstall ActivClient then Reinstall again (restarting at each)
- Install the driver from IOGear then restarting my computer
- Change the CAC reader
My computer is a MS Windows 7 Home Premium; x64-based PC
I can’t get to my emails!! I need to get on it for some very important work! Please Help!
Posted >1 y ago
Responses: 15
The best way to secure AKO is to make sure no one can ever access it, no matter what. Are you in the Army and eligible to access it? Are you a cyberterrorist trying to hack into it? NEITHER of you gets in. Call it what you want, but that's absolute security. The only person in the world who can conquer AKO's accessibility issues is the same guy who solved the world's largest rubik's cube in 7 hours (video below).

This Guy Spends 7 Hours To Solve The World's Largest Rubik's Cube | 9GAG.tv
Nice time-killing game!
(10)
(0)
SGT (Join to see)
LTC Yinon Weiss; CPT Aaron Kletzing... What if RallyPoint was a .mil? What is it required a DoD certificate?... Naah Please don't.
(1)
(0)
CW3 Michael Danberry
If you want a CAC enabled on a .mil network you can use MilSuite. I had a person one time ask why I did not put all of my MilitaryCAC information on MilSuite. I simply stated it did not help anyone if they couldn't access it in the first place. I have not heard back from the person. Maybe it was a 'duh' moment for him. :)
(3)
(0)
From, https://militarycac.com/EEmail.htm
Solution 37: Your computer still has your certificates from your former CAC and is trying to them instead of your new CAC certificates.
Follow slide 15 in this guide to clear them: https://militarycac.com/files/Making_AKO_work_with_Internet_Explorer_color.pdf
Let me know if that doesn't work, but it should.
Solution 37: Your computer still has your certificates from your former CAC and is trying to them instead of your new CAC certificates.
Follow slide 15 in this guide to clear them: https://militarycac.com/files/Making_AKO_work_with_Internet_Explorer_color.pdf
Let me know if that doesn't work, but it should.

MilitaryCAC's Enterprise Email specific problems and solutions page
Are you having problems using your CAC with Enterprise Email?
(4)
(0)
MSG (Join to see)
If you search for your specific error message(s) on militarycac.com--well, I haven't found an issue yet that there's no advice or fix for there. I know that CW3 Michael Danberry, has been commended for it, but probably not enough.
(1)
(0)
SGT (Join to see)
MSG (Join to see): I had the distinct honor to work in the same building with CW3 Michael Danberry. Others mention him as a mythical legend but I am proud to say, I have met “the man, the myth, the legend” personally.
(2)
(0)
I get more errors when logging into my military laptop that are considered OK than I can shake a stick at.
Certificate errors, can't log into instant messenger, approvit doesn't recognize something or other.
It's a cacophony of bad configuration... Must be part of the security.
Certificate errors, can't log into instant messenger, approvit doesn't recognize something or other.
It's a cacophony of bad configuration... Must be part of the security.
(3)
(0)
MSG (Join to see)
One of the big flaws with AGM (Army Golden Master) is that they use it as a one size fits all when it doesn't really fit all the myriad platforms it can be put on. There are ways to fix a lot of it, but they aren't asking me.
(2)
(0)
CW3 Michael Danberry
CSM Heidke, Is this military laptop connected to VPN when you are at home? The instant messenger will only work when on the Army network. You might need to take it back to your IT people to have them reimage it.
(0)
(0)
COL Vincent Stoneking
This reminds me of my most recent TDY... I was working on my DTS in the hotel room. The details have faded in my mind, but I continually had to hop between being connected via VPN to being connected via just internet (NO VPN) to get various parts of the system to work. How did I find out? I vented to another person with more experience that X wasn't working - "Oh yeah, that doesn't work via VPN..." Something about the proxy settings and what DTS expected.
I wish I could remember the details, but it was about 4 hours of wasted effort and a significant emotional event, as I really wanted my flight home scheduled sometime before I was supposed to fly..
I wish I could remember the details, but it was about 4 hours of wasted effort and a significant emotional event, as I really wanted my flight home scheduled sometime before I was supposed to fly..
(1)
(0)
Looking for some assistance with a CAC issue of my own.
I recently (last week) became a dual persona CAC holder (i.e. National Guard and Contractor). I went online and activated the PIV for each card, but am now no longer able to login to my AKO email (I can login to the AKO homepage, but cannot login to my email when clicking the email folder, nor directly from the Enterprise email webpage address). I am selecting the right email certificate, but cannot get past the USG Warning and Consent banner.
I get this error message:
"Your session could not be established. The session reference number: xxxxxxx
Access was denied by the access policy. This may be due to a failure to meet access policy requirements. If you are an administrator, please go to Access Policy >> Reports : All Sessions page and look up the session reference number displayed above. To open a new session, please click here."
I called the Enterprise helpdesk and their recommendations (deleting certificates, deleting SSL, and following Military CAC website recommendations) did not correct the issue.
Any assistance to help correct this issue would be GREATLY appreciated!
I recently (last week) became a dual persona CAC holder (i.e. National Guard and Contractor). I went online and activated the PIV for each card, but am now no longer able to login to my AKO email (I can login to the AKO homepage, but cannot login to my email when clicking the email folder, nor directly from the Enterprise email webpage address). I am selecting the right email certificate, but cannot get past the USG Warning and Consent banner.
I get this error message:
"Your session could not be established. The session reference number: xxxxxxx
Access was denied by the access policy. This may be due to a failure to meet access policy requirements. If you are an administrator, please go to Access Policy >> Reports : All Sessions page and look up the session reference number displayed above. To open a new session, please click here."
I called the Enterprise helpdesk and their recommendations (deleting certificates, deleting SSL, and following Military CAC website recommendations) did not correct the issue.
Any assistance to help correct this issue would be GREATLY appreciated!
(2)
(0)
SGT (Join to see)
This also happened to me. It seems like every S6/G6/J6 are really good at identifying problems but I am still waiting for someone to solve it. Let me know if you got off-line help for this. I will do the same.
Looking at hindsight, I wish I never used my contractor card to login to anything! It's the same DoD number
Looking at hindsight, I wish I never used my contractor card to login to anything! It's the same DoD number
(0)
(0)
CPT (Join to see)
Ma'am, I have the SAME problem! I became a dual CAC card holder myself just a few days ago. Please, if you all find out how to get around this, I'm all ears. I'm literally at a stand still with everything I have going on.
(1)
(0)
SGM (Join to see)
Ma'am. I get that message when I use safari on my mac but not when I use chrome or firefox. Try those other search engines and see if that works.
(0)
(0)
SSG (Join to see)
Ma'am, you will need to select the PIV Cert to access email. You can identify the PIV because displays the 16 Digit DoD ID number. Make sure you check your certificates in ActivClient that the PIV is displayed. you will also need to make it available to windows by pulling your CAC out. Check Internet options > content > certificates. Again it will display the 16 digit DoD ID #
(0)
(0)

Suspended Profile
Try removing g active client. Windows 7 and 8 are supposed to be able to run with out. The only thing after that is to tweak your IE options. Make sure you use IE, btw. Not to insult anyone's intelligence.
CW3 Michael Danberry
Please keep in mind, the built in Smart Card utility available in Windows 7 & 8 does not cache your PIN. So, webmail will prompt you quite often for your PIN. Army users, you can download ActivClient for free via AKO username / password from links on http://militarycac.com/army.htm Other branches of the military are required to login with their CAC to download the program they need to use their CAC. Please also know, in my early tests of Windows 10, the built in Smart Card utility is gone, and neither 6.2.x.x or 7.0.x.x seem to currently work with it. So, I recommend if you want to use your CAC, do not become an early adopter.
(1)
(0)
I'm glad this post is attracting more help for others. My intentions are met! I can sleep well now.
(1)
(0)
Sorry that this is an old thread, but I recently started having issues as well. My AKO works marvelously, as does 99.9999% of other .mil and CAC-enabled sites like GKO, ACT, iPERMS, and MyPay. But my Enterprise mail won't even load the disclaimer page. Says "Internet explorer cannot connect to the webpage." Same error on three browsers across three computers (two desktops and a laptop) in my house, although Chrome is more specific with telling me DNS_PROBE_FINISHED_NXDOMAIN. I've tried uninstalling Installroot and reinstalling, deleting old certs, updating Activclient, and everything under the sun, including CW3 Danberry's tutorials on MilitaryCac.com.
"Help me CW3 Kenobi, you're my only hope."
"Help me CW3 Kenobi, you're my only hope."
(0)
(0)
SPC (Join to see)
Tha's where I'm stuck too. I was going well with my MacBook Pro then I had about set it on fire but instead but a HP on Amazon. Everything was going well then I hit the wall where I can't access the email. Jesus take the wheel and deliver us.
(0)
(0)
yeah when I try to acess my webmail it just stays on the loading screen and all my cirts are active had my borther who is an IT guy and he even could not log on to web mail I'm using a personal computer with windows 10.
(0)
(0)
CW3 Michael Danberry
Justin, are you using the built in Smart card ability of Windows 10, or ActivID 7.1.0.153? Do you have the DoD certificates installed per http://militarycac.com/dodcerts.htm ? Please fill out my Windows support form at http://militarycac.com/windowsquestions.htm

MilitaryCAC's Information on the importance of DoD Certificates
// Google Internal Site Search script- By JavaScriptKit.com (http://www.javascriptkit.com)// For this and over 400+ free scripts, visit JavaScript Kit- http://www.javascriptkit.com/// This notice must stay intact for use//Enter domain of site to search.var domainroot="militarycac.org"function Gsitesearch(curobj){curobj.q.value="site:"+domainroot+" "+curobj.qfront.value}
(1)
(0)
MAJ (Join to see)
CW3 Danberry, I initially was able to access Army enterprise email with a personal computer. However, after a few weeks, I couldn't access Army enterprise email. After much troubleshooting and consulting with enterprise email technical support on the phone to no avail, I've found the link to the post for ActivID above. I've downloaded it and followed the instructions and it worked. I'm a reservist and it is required to monitor email regularly. When the Army banned the use of personal email accounts to conduct business without an exception to policy, I was stressing when I couldn't access enterprise. You're making the world a better place. Thank you.
(0)
(0)
So what's the solution when militarycac.com doesn't fix any of your problems logging on or using .mil sites?
(0)
(0)
CW3 Michael Danberry
Yes, unfortunately the DoD has decided to block MilitaryCAC.com. I still can't find out why. Luckily for everyone the alias domains still work. So you can use MilitaryCAC.org or MilitaryCAC.us
(0)
(0)
(0)
(0)
Read This Next