The card had to remain in the reader for computer access. Using a CAC with the iPad would seem to require an app and I do not see any in the App Store if it could be used at all since it is really not a supported USB device. Ensure your CAC reader works with Mac; Check to ensure your Mac accepts the reader; Check your Mac OS version; Check your CAC’s version; Update your DOD certificates; Guidance for Firefox Users; Look at graphs to see which CAC enabler to use; Step 1: Purchase a Mac Friendly CAC Reader. Purchase a CAC reader that works for your Mac.
54
2
Most of the time, the New hardware wizard will install the CAC reader automatically, negating the need for you to install the driver. To Verify your driver did (or did not) install, follow these instructions. IF you did not see a Smart card readers option when checking. Alternate download links for the DoD certificates: https://ako.us. If you have AKO access you can get what you need for free. Some CAC card readers won't access the newer CAC cards, but an update may be available for you. Under Windows 7 I did not need to install a driver, but without the middleware I could not do anything.
0
I know I could have contacted CW3 Michael Danberry privately via inbox but I hope an open forum would resolve this issue not only for me but for whoever else that may have or will experience this.
I have had this issue on my home computer (laptop) now for three days. I can log into AKO with the regular certificate (not the EMAIL one) but when I want to check my email on Enterprise (of course I select the EMAIL certificate), I get the “Please insert a smart card.” Window with the “OK” greyed out.
That leaves me with two button choices; the “Cancel” or “Details >>” button. When I click on the “Details >>” button I get this Smart card status: “A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate.”
Here are some of the things I have tried already:
- Restart
- Uninstall ActivClient then Reinstall again (restarting at each)
- Install the driver from IOGear then restarting my computer
- Change the CAC reader
My computer is a MS Windows 7 Home Premium; x64-based PC
I can’t get to my emails!! I need to get on it for some very important work! Please Help!
I have had this issue on my home computer (laptop) now for three days. I can log into AKO with the regular certificate (not the EMAIL one) but when I want to check my email on Enterprise (of course I select the EMAIL certificate), I get the “Please insert a smart card.” Window with the “OK” greyed out.
That leaves me with two button choices; the “Cancel” or “Details >>” button. When I click on the “Details >>” button I get this Smart card status: “A smart card was detected but is not the one required for the current operation. The smart card you are using may be missing required driver software or a required certificate.”
Here are some of the things I have tried already:
- Restart
- Uninstall ActivClient then Reinstall again (restarting at each)
- Install the driver from IOGear then restarting my computer
- Change the CAC reader
My computer is a MS Windows 7 Home Premium; x64-based PC
I can’t get to my emails!! I need to get on it for some very important work! Please Help!
Posted >1 y ago
11
0
The best way to secure AKO is to make sure no one can ever access it, no matter what. Are you in the Army and eligible to access it? Are you a cyberterrorist trying to hack into it? NEITHER of you gets in. Call it what you want, but that's absolute security. The only person in the world who can conquer AKO's accessibility issues is the same guy who solved the world's largest rubik's cube in 7 hours (video below).
Nice time-killing game!
(11)
Comment
(0)
SGT(Join to see)LTC (Join to see); CPT Aaron Kletzing... What if RallyPoint was a .mil? What is it required a DoD certificate?... Naah Please don't.
(1)
Reply
(0)
CW3Michael DanberryIf you want a CAC enabled on a .mil network you can use MilSuite. I had a person one time ask why I did not put all of my MilitaryCAC information on MilSuite. I simply stated it did not help anyone if they couldn't access it in the first place. I have not heard back from the person. Maybe it was a 'duh' moment for him. :)
(3)
Reply
(0)
4
0
There has to be a better alternative than using a CAC and wasting 30 minutes of my life trying to log into my email.
(4)
Comment
(0)
COL(Join to see)CW3 Michael Danberry, So, A rant.
The issue tends to be that the average (or above average, for that matter!!) user has little to know knowledge of all the switches that need to be flipped on the OS to make it work. For us traditional reservists, this is a big issue as we need to do a LOT of our work away from military networks.
Military IT systems commonly assume a given underlying system configuration. Which makes sense on a standard install of a system on a given network, both of which can only be altered by a select few with admin privileges. Home systems are generally NOT set up that way.
Generally, instructions for home use seem to be based on the gold standard of 'works on my machine' - from people who already have their systems set up in the 'proper' configuration and have a very high level of background IT knowledge compared to the general public. Getting the settings right to start with can therefore be a painful exercise in discovery learning.
And then the fun starts..... Most home users, as opposed to most 'official networks' and IT professional networks have automatic updates turned on... So there is an IE (oh how I hate you!!) update, and suddenly your OWA reverts to 'basic mode' (forget the actual name!, but I do remember that it doesn't show up in the title bar that you are running in broken & stupid mode) and you can no longer read your encrypted emails. So you search and find out that you should re-install the 'S/MIME' (whatever the F that is.... you're getting mad now....) control. OK, fine. You follow the instructions and that settings tab DOES NOT EXIST!!!! Now you are in a whole new plane of pissed off....
After your wife has made you walk away from the bad computer, and you spend half an hour calming down, you do a search, figure out that you are in 'basic mode', start googling that. See a comment about IE. Find out that normal OWA (a microsoft F'ing product) is incompatible with the latest version of IE (Oh, you F'ing, F's, I want to F you...). So you 'downgrade', and now things work... until the Java update takes down DTS.... Or they come up with the new evaluation system that uses an ActiveX signature thingy (forget the details) that requires a hook to something installed by ActiveClient - which you haven't needed installed on your system ever since you went to windows 7.... But you need it now, for no adequately explained reason... Which is OK, I suppose, because there was no announcement that it was needed in the first place. Calls to tech support have you flip all the System and IE switches, and after that fails, they throw their hands up - because 'it should work' - checking for ActiveClient isn't on their checklist because it's on the standard image... (I understand that they fixed that hook, but still).
As you might guess, all of the above were joys I personally experienced. I skipped over the 'oh, your CAC has a different manufacturer', 'Oh, you got a new CAC and can't read encrypted emails that you already received', and dozens of other issues. All of these at a time when - overall - the civilian IT meta-infrastructure 'just works.'
A little background. Over 15 years working in (non-DoD) IT, 8 years as a programmer. Doing Web Apps, mainly....A computer programming degree, as well as a Db Management one, I've got my A+. My main computer is a Mac. I have configured it to do everything that doesn't require an actual windows client natively (i.e., OWA, etc) and the rest in a Win 7 VM. However, it became such a colossal pain in the ass that I actually have a separate physical Windows 7 box in my workout room that does two things: 1) Streams Netflix while I'm on the treadmill and 2) is a static Windows 7 box for doing Army stuff. I shudder to think how out of date it may be....
Yes, militarycac.com and other sites exist to help, and they are very helpful (especially militarycac.com. It is a lifesaver as well as a sanity saver). Though, while all the information is usually there, it can be hard to find, especially when you are frustrated, have spent several hours trying to open an email, or sign a document, after your full workday, and it's due tomorrow and WTF!!
It also isn't much value when you are the canary in the coal mine. IE, the problem just occurred, and all the tech support guys are still at the 'works on my machine, you must be doing something wrong' stage (No sh$t, wanna drop we a clue?!). I was that guy with the signing the new OERs. All I knew for over a month was that I had to drive to my unit to go to internet explorer to sign a document.
Actually, typing the above, while pointless, makes me appreciate the fact that I am on ADOS right now, and everything 'just works' at my work computer, without the need to do anything official from home.
The issue tends to be that the average (or above average, for that matter!!) user has little to know knowledge of all the switches that need to be flipped on the OS to make it work. For us traditional reservists, this is a big issue as we need to do a LOT of our work away from military networks.
Military IT systems commonly assume a given underlying system configuration. Which makes sense on a standard install of a system on a given network, both of which can only be altered by a select few with admin privileges. Home systems are generally NOT set up that way.
Generally, instructions for home use seem to be based on the gold standard of 'works on my machine' - from people who already have their systems set up in the 'proper' configuration and have a very high level of background IT knowledge compared to the general public. Getting the settings right to start with can therefore be a painful exercise in discovery learning.
And then the fun starts..... Most home users, as opposed to most 'official networks' and IT professional networks have automatic updates turned on... So there is an IE (oh how I hate you!!) update, and suddenly your OWA reverts to 'basic mode' (forget the actual name!, but I do remember that it doesn't show up in the title bar that you are running in broken & stupid mode) and you can no longer read your encrypted emails. So you search and find out that you should re-install the 'S/MIME' (whatever the F that is.... you're getting mad now....) control. OK, fine. You follow the instructions and that settings tab DOES NOT EXIST!!!! Now you are in a whole new plane of pissed off....
After your wife has made you walk away from the bad computer, and you spend half an hour calming down, you do a search, figure out that you are in 'basic mode', start googling that. See a comment about IE. Find out that normal OWA (a microsoft F'ing product) is incompatible with the latest version of IE (Oh, you F'ing, F's, I want to F you...). So you 'downgrade', and now things work... until the Java update takes down DTS.... Or they come up with the new evaluation system that uses an ActiveX signature thingy (forget the details) that requires a hook to something installed by ActiveClient - which you haven't needed installed on your system ever since you went to windows 7.... But you need it now, for no adequately explained reason... Which is OK, I suppose, because there was no announcement that it was needed in the first place. Calls to tech support have you flip all the System and IE switches, and after that fails, they throw their hands up - because 'it should work' - checking for ActiveClient isn't on their checklist because it's on the standard image... (I understand that they fixed that hook, but still).
As you might guess, all of the above were joys I personally experienced. I skipped over the 'oh, your CAC has a different manufacturer', 'Oh, you got a new CAC and can't read encrypted emails that you already received', and dozens of other issues. All of these at a time when - overall - the civilian IT meta-infrastructure 'just works.'
A little background. Over 15 years working in (non-DoD) IT, 8 years as a programmer. Doing Web Apps, mainly....A computer programming degree, as well as a Db Management one, I've got my A+. My main computer is a Mac. I have configured it to do everything that doesn't require an actual windows client natively (i.e., OWA, etc) and the rest in a Win 7 VM. However, it became such a colossal pain in the ass that I actually have a separate physical Windows 7 box in my workout room that does two things: 1) Streams Netflix while I'm on the treadmill and 2) is a static Windows 7 box for doing Army stuff. I shudder to think how out of date it may be....
Yes, militarycac.com and other sites exist to help, and they are very helpful (especially militarycac.com. It is a lifesaver as well as a sanity saver). Though, while all the information is usually there, it can be hard to find, especially when you are frustrated, have spent several hours trying to open an email, or sign a document, after your full workday, and it's due tomorrow and WTF!!
It also isn't much value when you are the canary in the coal mine. IE, the problem just occurred, and all the tech support guys are still at the 'works on my machine, you must be doing something wrong' stage (No sh$t, wanna drop we a clue?!). I was that guy with the signing the new OERs. All I knew for over a month was that I had to drive to my unit to go to internet explorer to sign a document.
Actually, typing the above, while pointless, makes me appreciate the fact that I am on ADOS right now, and everything 'just works' at my work computer, without the need to do anything official from home.
(2)
Reply
(0)
CPT(Join to see)CW3 Michael Danberry, what COL (Join to see) said!
(0)
Reply
(0)
CW3Michael DanberryHello LTC Stoneking. I'm sorry you had to go through all of that. And believe me I feel for you. I personally feel for everyone having problems with all of this stuff. Which was one of the many reasons MilitaryCAC exists and why it has grown from 1 page to over 120 pages of information.
Please let me know what we / I can do to make this easier for you on your personal system. I understand you now have a GFE computer so, your problems are reduced until you come off of orders and have to turn it in.
I'm personally sorry the Army does not support Macs. Believe me, it is on my agenda at the primary training coordinator for the Army Enterprise Service Desk now. I have learned of a lot of classes they have to go through just to be allowed to answer the calls. So, I need to wait until we are at a steady state to start the training I want to see the agents have. This might help you a little. It won't unfortunately help you sign forms or digitally encrypt emails because that technology does not exist for your Mac.
Why did you need the Netflix Windows computer / Army when you already have Windows virtually on your Mac.
FYI, as of this moment, Windows 10 has no built in CAC support, and none of the versions of ActivClient work either. So, I recommend you don't update anytime soon.
Did you follow instructions on http://militarycac.com/macnotes.htm to get the CAC working on your Mac?
Please let me know what we / I can do to make this easier for you on your personal system. I understand you now have a GFE computer so, your problems are reduced until you come off of orders and have to turn it in.
I'm personally sorry the Army does not support Macs. Believe me, it is on my agenda at the primary training coordinator for the Army Enterprise Service Desk now. I have learned of a lot of classes they have to go through just to be allowed to answer the calls. So, I need to wait until we are at a steady state to start the training I want to see the agents have. This might help you a little. It won't unfortunately help you sign forms or digitally encrypt emails because that technology does not exist for your Mac.
Why did you need the Netflix Windows computer / Army when you already have Windows virtually on your Mac.
FYI, as of this moment, Windows 10 has no built in CAC support, and none of the versions of ActivClient work either. So, I recommend you don't update anytime soon.
Did you follow instructions on http://militarycac.com/macnotes.htm to get the CAC working on your Mac?
(0)
Reply
(0)
CW3Michael DanberryHello CPT Barden, I'm sorry you had the exact same issues as LTC Stoneking.
(0)
Reply
(0)
4
0
I get more errors when logging into my military laptop that are considered OK than I can shake a stick at.
Certificate errors, can't log into instant messenger, approvit doesn't recognize something or other.
It's a cacophony of bad configuration... Must be part of the security.
Certificate errors, can't log into instant messenger, approvit doesn't recognize something or other.
It's a cacophony of bad configuration... Must be part of the security.
(4)
Comment
(0)
1SG(Join to see)One of the big flaws with AGM (Army Golden Master) is that they use it as a one size fits all when it doesn't really fit all the myriad platforms it can be put on. There are ways to fix a lot of it, but they aren't asking me.
(2)
Reply
(0)
CW3Michael DanberryCSM Heidke, Is this military laptop connected to VPN when you are at home? The instant messenger will only work when on the Army network. You might need to take it back to your IT people to have them reimage it.
(0)
Reply
(0)
COL(Join to see)This reminds me of my most recent TDY... I was working on my DTS in the hotel room. The details have faded in my mind, but I continually had to hop between being connected via VPN to being connected via just internet (NO VPN) to get various parts of the system to work. How did I find out? I vented to another person with more experience that X wasn't working - 'Oh yeah, that doesn't work via VPN...' Something about the proxy settings and what DTS expected.
I wish I could remember the details, but it was about 4 hours of wasted effort and a significant emotional event, as I really wanted my flight home scheduled sometime before I was supposed to fly..
I wish I could remember the details, but it was about 4 hours of wasted effort and a significant emotional event, as I really wanted my flight home scheduled sometime before I was supposed to fly..
(1)
Reply
(0)
SOLUTION FOUND!!!
There is an opensource software called 'Smart Card Manager' which is referenced on militarycac.com as an alternative to using ActivClient 6.2 (AKA for those of us that can't access a CAC secured site to download a program designed to enable the use of a CAC card needed for said site).
I'm not totally sure what the program actually did, however, it seems to have re-established the link between my card reader and my internet browser/certificate management software. Below is the link to the program:
And below is the link to the page on militarycac.com (Also a wonderful resource for anyone military for finding the latest drivers and certificate packs for your computer and card reader)
Finally, make sure (if you're military) that you have all of the appropriate DoD PKI Root Certificates installed and have uninstalled old/conflicting certificates. Instructions for this can be found by clicking the Navy Knowledge Online (NKO) website ( https://wwwa.nko.navy.mil/ ) and clicking the CAC Login Help link below the login button in the center of the page. The link will pop up a window with instructions for things to do on the DISA website. Make sure you complete the following:
What Certificates Do I Need For Mac Card Reader Akon
- Follow the instructions to run the Cross-Certificate remover (instructions are found in the popup on NKO.
- INSTALL 'Installroot 4' on your machine. To do this choose the 'Trust Store' tab instead of the 'Certificate Validation' tab on the Tools page of the DISA site. 'Installroot 4: NIPR Windows Installer' is the DoD PKI certificate installer that you then need to download and install.
Following all of that, you should be up and running. It's taken me a lot of digging to find this solution and I've done a lot of the working with solutions from militarycac.com in the past and it seems every time windows changes, something about smartcard login on government sites breaks. Hopefully this will save some of the rest of you that headache that we all hate.
Apply For Mac Card
*This method has successfully restored my access to all of the military sites I had access to in the past. (MyPay, BUPERS, NFAS, DEERS, NSIPS, NKO, MOVE.MIL) hopefully it works for you as well.