Cac Reader For Mac 2013
- Best Cac Reader For Mac
- Cac Reader For Mac El Capitan
- Best Cac Reader For Mac
- Cac Card Reader For Mac
- Cac Reader For Mac
The next generation of ActivCard® Gold™ for CAC, the leading smart card-based strong authentication software for the DOD Common Access Card enables usage of PKI certificates and keys on a CAC to secure desktop applications, network login, remote access, web login, e-mail and electronic transactions.
- I have a CAC reader GSR202 class - Answered by a verified Mac Support Specialist We use cookies to give you the best possible experience on our website. By continuing to use this site you consent to the use of cookies on your device as described in our cookie policy unless you have disabled them.
- 1 product rating - Saicoo DOD Military USB Common Access CAC Smart Card Reader, Compatible with Mac $15.20 Trending at $15.38 Trending price is based on prices over last 90 days.
mac book pro 17' intel duo core, Mac OS X (10.6.1)
Posted on
NOTE: This page lists all known problems and Solutions (that I and others have come across). I hope one of these will answer whatever problem you are having. Please don't email me telling me my Solutions don't work. Everyone of these have worked on several other computers. If your particular problem is not on this page, please feel free to contact me and we will figure it out together.
Disclaimer: These fixes are for Home Users Only. Do not attempt these on your Government Computer (unless otherwise noted)
THE TOP 18 CURRENT PROBLEMS [with SOLUTIONS] BEING EXPERIENCED
1.Most DoD website access problems [for Windows computers using Internet Explorer] can be fixed by following these adjustments to your web browser.
1a.Cannot send email in Windows 10 using Internet Explorer since Microsoft patch Tuesday around 14 March 2017.
.
2. To use your CAC with your Mac, use the Mac Notes page. Please verify in step 6 which CAC enablers will with work with your version of Mac OS. See how to make DTS work by following guidance on the DTS support page.
3.All Army Knowledge Online (AKO) users who have a CAC should now be migrated to DoD Enterprise Email (DEE) and will no longer be able to access their AKO email with username and password. DEE is only accessible via CAC, so, please look at this page for information you will need to access your email.
4. If you have a 'GEMALTO TOP DL GX4144', 'GEMALTO DLGX4-A 144', 'Oberthur ID One 128 v5.5 Dual', 'Oberthur ID One 128 v5.5a D', or 'G&D FIPS 201 SCE 3.2' CAC, are using Windows 10, 8.1, 8, or 7, you 'might' be able to use your CAC without installing ActivClient.
5. If you have the 'Oberthur ID One 128 v5.5 Dual' CAC and it does not work with your Windows [7 or below] computer you need to install ActivClient 6.2.0.50, AND then update it.
5a. Windows 10 users, install ActivClient 7.1
6. Mac users who have purchased the IO Gear GSR-202, GSR-202V, or GSR-203 CAC readers may have problems. We've worked with Thursby Software and IOGear to find an update [which is actually a downgrade] for the firmware on the reader. Please follow guidance here to update / downgrade your CAC reader.
7. Windows 7 (64 bit) users who have the IO Gear GSR-202 CAC reader [and are having problems with the reader not staying in device manager after the computer is restarted] should Install the driver from IOGear then restart the computer to fix the problem. This has worked for some people, others are still having the problem. To update the driver manually, follow this guidance. The only other solution for it not working is to return it and purchase a different reader.
8. Windows 8 and 8.1 information is on this page.
8a. Windows 10 information is on this page.
9. Created retiring page dedicated to providing information for people getting ready to retire (or separate) from the Army.
10. Internet Explorer 11 on Windows 10, 8.1, 8, and 7 needs some assistance to work. Look here for the needed fixes.
11. Receiving 'Error 500' when visiting your webmail. Follow these possible solutions
12. If you are having problems accessing CAC enabled websites,
-You can also manually add an exception for each website you are having problems accessing by selecting the Protection option (on the left), then select ONLINE THREAT PREVENTION, followed by exceptions. From here manually type inthe webmail server addresse(s).
-
ESET users can try adding the site(s) not working to the exclusion list, or uninstall the program
Kaspersky users
-
Qustodio Parental Control Software causes problems, uninstall it to use your CAC on your computer.
Windows Defender users rarely have a problem, but this may help. Go to Internet Options, Advanced (tab), deselect Enable Windows Defender SmartScreen.
RAR Reader is a small RAR file viewer and a free and easy to use compression software. An extraction utility for archives compressed in.rar format. It's interface is very simple, making it easy. Rar reader for mac. Feb 18, 2008 Both only open.rar files, neither can create them. Most.rar tools for OS X are still command line apps for some reason. Once you install the software, you have to run it from the Terminal. Rar reader free download - RAR Expander, Adobe Acrobat Reader DC, RAR Extractor Free, and many more programs.
Problem 1: Receive 'Parameter is incorrect' message (when logging onto computer). This IS a fix for a Government Computer.
Solution 1-1: Have another person logon to the computer with their CAC and update the DoD Certificates, instructions
Solution 1-2: Have another person logon to the computer with their CAC. Once logged in, Double click the ActivClient Client Agent button (down by the clock in the lower right corner of your screen). Click on Tools, Advanced, select Forget State for all cards. Log off, and have affected user sign back on.
Solution 1-3: Go to: https://www.dmdc.osd.mil/self_service , select Replace Certificate to avoid going to a RAPIDS ID card office. Visual steps NOTE: You will need internet access and 2 CAC readers on this particular computer for this to work.
Solution 1-4: If the above Solutions don't work, you will need to visit a RAPIDS ID card office and have them update the certificates on your CAC. (You may walk out with a new ID card).
Problem 2: Receive 'The system could not log you on. Your credentials could not be verified' message (when logging onto a computer). This error message only affects Government Computers.
Solution 2-1: Have another person logon to the computer with their CAC and update the DoD Certificates, instructions
Solution 2-2: This error is mostly seen when a Soldier tries to logon to a computer that is part of a domain that his / her account has been deleted (or never had an account). Contact your local Help Desk to verify whether your user account is still in the system.
Solution 2-3: Verify that you have the network cable plugged into the computer and try it again.
Solution 2-4: The computer may have been removed from the network. You may need to check with your IT department to verify this. This happens when a computer is unplugged from the network for a certain period of time (45-60 days for most organizations)
Solution 2-5: Unplug the network cable, logon (you will be logging on with cached credentials) then plug the cable back in. NOTE: This will only work if you were the last person to logon to this computer.
Solution 2-6: If you are a dual CAC holder, and trying to access your computer when away from the office. You will have to use the same CAC you used to logon to the computer the last you time you logged into it on the network. This is due to the way your credentials are cached on the computer.
Solution 2-7: Open ActivClient, double click My Certificates, then double click on any of the certificates. Click the Advanced tab and scroll down to and select 'Subject Alternative Name.' You will see in the bottom window Principal Name=##########@mil.This is your UPN (User Principle Name). This must match what is in Active Directory for the account's LOGIN NAME. An administrator can verify they are the same.
Solution 2-8: If you have a 3rd party DAR (Data at Rest) called Credent installed, it seems to encrypt something in the user's profile that will not allow them to logon cached. If you have your administrator's help, you can decrypt all of your user data, then be able to logon to the computer again. The exact file causing this is not known.
Solution 2-9: Verify if your Smart Card service is started look here for instructions.
Solution 2-10: You may be trying to login to your computer with your FASC-N (16 digit) certificate rather than your EDI-PI (10 digit) certificate, select the certificate that is only 10 digits long instead of 16 digits.
Solution 20-11: If you have received a new CAC after 11 June 2016, and trying to use the DoD visitor access, you won't be able to. DISA has not figured out a way yet to authenticate the CACs with the newer Root certifications of Root CA3 and Root CA4. You will need to request a regular account for the DoD organization.
Problem 3: When installing ActivClient, receive 'This application has failed to start because MOZCRT19.dll was not found. Re-installing the application may fix this problem.'
Solution 3-1: Once ActivClient installs, search your computer for 'MOZCRT19.dll' (another user found it in the Internet Explorer folder). Copy it into C:Program FilesActivIdentityActivClient. Now go to Add / Remove programs in Control Panel (XP), or Programs and Features in Vista, or Uninstall a Program in Windows 7 or 8. Highlight the ActivClient and select Change. Select Repair and the install should work.
Solution 3-2: Uninstall Firefox, restart computer, reinstall ActivClient again, then reinstall Firefox again.
Problem 4: While attempting the above fix you receive 'The Call to DllRegisterServer Failed with Error Code 0×80004005' on Windows Vista
Solution 4: You need to run 3 [above] as an administrator or turn off User Access Control in the Users option in Control Panel
Problem 5: When attempting to extract ActivClient 6.1, the icon is not a folder with a zipper on it, or a different program opens up. Somehow your file association was changed on your computer.
Solution 5: This can be fixed by re-associating .zip files to the Windows Compressed Folder.
Vista / 7 / 8 fix: Press the following keys on your keyboard <Windows> < R>, this will open up your Run line. Type in CMD, once in the DOS screen: type in assoc .zip=CompressedFolder (there is a space in between assoc & .zip) [You may need to run the CMD prompt as an administrator]
Vista / 7 / 8 fix (alternate):Right click the file, Select Properties, Click the Change button. When the Open With box opens up, select Browse and navigate to C:Windows and click on explorer. It should be immediately below the folders. Select Open, OK, OK, OK.
XP fix: Double click My Computer, Select Tools, Folder Options, File Types, Scroll down to (and select) ZIP, Click the Change button, Select Compressed (zipped) Folders under Recommended Programs, select OK.
Now try right clicking your zip folder again and select Extract All.
Problem 6: You are not receiving the standard 'Insert Card, or press Ctrl Alt Del' message when using Windows Vista or Windows 7 on a Government Computer.
Solution 6: Press <Ctrl> <Alt> <Del>, it will then ask you for your Smart Card. If it comes up to a username and password screen, select 'Switch user' button and you should see the option for Smart card.
Problem 7: When trying to install ActivClient, it states 'Error 1500, another installation in progress, you must complete installation before continuing this one.'
Solution 7:Look here for a remedy
Problem 8: When installing ActivClient, it stalls during installation and receive a message stating: 'Your administrator will not allow this to happen.'
Solution 8-1: Make sure you are running the installation as an administrator
Solution 8-2: Disable your Antivirus software, as it may be blocking the installation. McAfee is famous for making installs difficult.
Problem 9: You have ActivClient installed on your computer, but do not use your CAC reader that often AND you are tired of the annoying message that pops up telling you you do not have a CAC reader plugged in.
Solution 9: Follow the guidance in this guide to disable the message.
Problem 10: After installing ActivClient, you are still unable to access DoD CAC enabled websites.
Solution 10-1: Internet Explorer users: Follow this guide
Solution 10-2: Firefox users: Follow instructions here
Problem 11: Received 'Error 2738. Could not access VBScript run time for custom action' while installing ActivClient.
Solution 11: Look here for a solution
Problem 12: When opening ActivClient with the Oberthur ID One 128 v5.5 Dual CAC and you do not see anything in the large white section, you probably only have ActivClient 6.2.0.50 installed
Solution 12:Update your ActivClient
Problem 13: You want a way to remove CAC certificates automatically from Internet Explorer when removing your CAC.
Solution 13: Open ActivClient (Only works in AC 6.2.0.x), Click Tools, Advanced, Configuration .., Certificate Availability, Change the No to a Yes at the Remove certificates from Windows on smart card removal option (A restart of your computer will be required).
All Army Knowledge Online problems and Solutions are located on this page.
APPROVE IT / eSign (No longer used by the Army)
The Army now uses Adobe Reader
CAC / CAC READER
Problem 1: The CAC reader driver did not automatically install correctly
Solution 1-1: Go to Device Manager (Instructions are on the CACDrivers page), scroll down to Smart Card readers, right click the CAC reader that shows up below Smart Card Readers. It may also show up under unknown devices. Select Uninstall. It will give you a message. Once it is uninstalled, unplug the reader from your computer. Wait a few moments, then plug it back in. It 'should start to install itself. If that doesn't work, keep reading for other ideas below.
Solution 1-2: If you have an SCR-331 CAC Reader and using Vista, Windows 7, or 8, and are still having problems getting the reader to be recognized by ActivClient, or your CAC reader shows up as STCII Smart Card Reader follow these instructions for updating the firmware on the reader.
Problem 2: Receive quick beep when you start your computer with the CAC reader plugged in, or when plugging in your CAC reader.
Solution 2: Change the following registry key to 0 from 1 by going to Start, Run, type in 'Regedit' (without the quotes) and navigate to: HKEY_LOCAL_MACHINESoftwareActivCardActiveClientNotificationNoReaderWarningEnable
Problem 3: Card does not read consistently
Solution 3-1: Try cleaning the gold portion of the CAC with a clean pencil eraser.
Solution 3-2: Your card could be wearing out. It may be time to get a new one. Click here to find an ID card office.
Solution 3-3: Your reader may be showing signs of wear. Click here to find a new one.
Problem 4: CAC reader is seen in Device Manager in Windows but not by ACTIVCLIENT software (Error 1920 on Windows 8):
Information: Windows runs the Smart Card service as a local service and without it, smart cards will not work. Another symptom of this is when the Card Icon does not show on the logon screen (Government computer).
Solution 4-1: Make sure the ActivIdentity Shared Store Service is started. Here's how: Click Start, type in: services.msc in the search box, double click on: ActivIdentity Shared Store Service. Make sure the Startup type is set to Automatic and if not started, select Start.
Solution 4-2: Run this file to fix your Smart Card service. If you have problems with the other file, try this one. NOTE: This will not work on Windows 8.1
Solution 4-3:Log on as the local administrator. Go to Start, Run, type in: services.msc, Verify that both ActivClient middleware and SmartCard services are stopped. (Windows 8 users hover your mouse in the lower right corner of your screen to get the Charms bar to show up. Click Search, type in 'regedit.exe' then click it with your mouse.)
From the Run line (XP) Search programs and files (Windows Vista & 7): type: Regedit
Navigate to 'HKLMSoftwareMicrosoftCryptography' Right click on the Calais folder then choose 'Permissions'.
Verify 'LOCAL SERVICE' exists, if it doesn't, click 'ADD'
In the large white box type 'LOCAL SERVICE' IF your computer is part of a domain, you will need to add your computer name before 'LOCAL SERVICE'
Click Check Names, then OK.
Select Local Service -> Click Advanced (button) -> in the Permissions (tab) select LOCAL SERVICE -> and click Edit. (Windows 8 / 8.1 users will need to click 'Show advanced permissions' to see these).
Mark the following with Allow:
Query Value
Set Value
Create Subkey
Enumerate Subkeys
Notify
Delete
Read Control
Close all open windows
Open Services.msc again, Start smart Card Service, Start ActivClient middleware Service.
CAC Reader 'should' now be showing in ActivClient.
Solution 4-4: Follow these instructions for modifying your registry to make the Smart Card service start.
.
Problem 5: How can I use 2 CAC readers on my computer with ActivClient?
Solution 5: Once the second CAC reader is physically functioning: Double click the ActivClient icon (down by your clock), select File, Use Reader, Select the other reader. Go to Tools, Advanced, Make Certificates Available to Windows. You should be able utilize either CAC on your computer now.
** Here is a presentation showing how to do this.
Problem 5a: How can I use 2 CAC readers on my Windows 10, 8.1, 8, or 7 computer without ActivClient?
Solution 5a: Plug it in and use it
Problem 6: How do I get the message to stop coming up that says my CAC reader isn't plugged in? I get a notice every time I start my computer that my reader isn't installed. I own a laptop and don't plug in the reader unless I need it.
Solution 6: Go to Start, All Programs, ActivIdentity, and click on Advanced Configuration Manager. Select Notifications Management. Double click Display No Smart Card Reader Alert, it will automatically change from a YES to a NO. ** Here are Visual steps showing you how to do this.
Problem 7: Receive 'An internal error has been encountered (the specified smart card is no more available for use)' when trying to access CAC using ActivClient 6.1 on computers with built in CAC reader and trying to use an external at the same time.
Solution 7-1: Upgrade to ActivClient 6.2, Oberthur ID One 128 v5.5 Dual card holders may need a further update to ActivClient 6.2
Solution 7-2: The built in reader is taking priority over the external. Unplug the external and try the internal reader. On some computers (Gateway), the CAC has to go in upside down.
Problem 8: Receiving message 'No Card Reader Found' when using RDP (Remote Desktop Protocol) between 2 computers.
Solution 8: ActivClient is designed to only work with the card reader installed on the VIEWING computer. Users MUST install the card reader & driver to the computer they are sitting at, not to the target computer (where ActivClient is installed). If just configuring another computer with reader and software it should be done FROM THE CONSOLE of that machine.
Problem 9: How do I change my CAC PIN?
Solution 9-1: If you know your current PIN..You have 3 options:
- With ActivClient installed right click the ActivClient icon (down by your clock), select PIN Change Tool. Enter your current PIN, then your new PIN twice, hit Next.
- If you are using the Windows 7 built in Smart card utility follow this guidance.
- Visit an ID card office
Solution 9-2: If you don't know your current PIN, your only option is to visit an ID card office
Problem 1: Can I use DTS with my Mac or Linux computer?
Solution 1: Yes you can. The current version of DBSign called DBSign Universal Web Signer is available when accessing the DTS website and will allow all computer platforms to use it. NOTE: Look at #2 below and here for troubleshooting tips.
NOTE specifically for Mac users: You will get a blank page when trying to navigate to your Authorizations or Vouchers until you do the following: Click the word Safari, uncheck Block Pop-Up windows
Problem 2: Unable to access DTS (Error message 'There has been a problem with Login. Problem getting security information from your computer. Please contact your DTS site administrator for assistance.'), or DTS stalls at DBsign: logging into cryptographic libraries..
Solution 2-1: Follow the guidance in this PDF
Solution 2-2: In Internet Explorer: Go to Tools, Internet Options, Security (tab), Click on Trusted Sites (green checkmark), Click Sites (button), in the Add this website to the zone: type in '*.osd.mil' after unchecking 'Require Server Verification', click add (button), select close, then click OK
Solution 2-3: Go to: Tools, Internet Options, Security (tab), single click on Internet (globe). Uncheck the box for Enable Protected Mode (down near Custom level..) button.
Problem 3:DTS screen flashes up, then disappears after you select login.
Solution 3:Check your pop-up blocker(s), they are more than likely 'killing' the page that is attempting to pop up. DTS loves pop ups. :)
Problem 4: DTS will not allow you to get past the logon screen in Vista or Windows 7 (64 bit).
Solution 4: Make sure you are using the (32 bit) Internet Explorer. If you don't see it in your list of programs, navigate to: C:Program Files (x86)Internet Explorer double click on iexplore.exe (it will be approximately 622KB in size). You can also copy / create a shortcut for this program to your desktop.
Problem 5: DTS error: 'Your user account could not be found or is locked, or your certificate has been revoked. Please contact your local Registration Authority (LRA) or Verifying Official (VO) to obtain a new PKI certificate or to find additional information.'
Solution 5-1: Your account is more than likely 'in between' your old and your new unit (which means you are not attached to any units). Contact your current unit's DTS person and have them 'Receive' you.
Solution 5-2: A revoked certificate means you'll need to visit an ID card office to get a new CAC.
.
Problem 6: DTS Login Error: 'There has been a problem with your login. Your user account could not be found or is locked. Please contact your DTS site administrator for assistance.'
Solution 6: Your account is more than likely 'in between' your old and your new unit (which means you are not attached to any units). Contact your current unit's DTS person and have them 'Receive' you.
Problem 7: When attempting to access DTS
Solution 7-1: If you were recently issued a new CAC, you might have selected the old certificate, rather than the new one. Close the web browser, remove CAC from reader. Reinsert CAC, then attempt to access DTS again. You can clear your old certs by following slide 14 of this guide.
.
Solution 7-2: This means your CAC is expired, or the certificates have been revoked for some reason. Your only option is to get a new CAC. Visit the nearest ID card office to get your card replaced.
EES (Evaluation Entry System)
All Evaluation Entry System problems and Solutions are located on this page.
ERROR CODES (BY THE NUMBER)
Error Codes (Specific Numbers) problems and Solutions are located on this page.
FIREFOX
Firefox problems and Solutions are located on this page.
FORMS (formerly known as MyForms)
FORMS has been replaced by Evaluation Entry System (EES), problems and Solutions are located on this page.
INTERNET EXPLORER
Problem 1: Receive: 'There is a problem with this website security certificate.' Your options are listed as 'Click here to close this webpage' or 'Continue to this website' where it states it is not recommended.
Solution 1:Latest DoD Certificates are needed, instructions where you can download and install them are here
Problem 2: Receive the message: 'You do not have Permission to Access this resource.'
Solution 2-1: Verify that you do have all needed software installed, Visit the Notes page to double check what you installed already.
Solution 2-2: Verify that you are using Internet Explorer when attempting to register your CAC. If you are using Firefox, please look at the Firefox page for the needed CAC reader configuration.
Solution 2-3: If you receive this message when trying to download ActivClient from AKO, you need to know that the ActivClient download links on AKO are for Army personnel only. If your account is listed as an Army volunteer, Guest, family member, retired, or other military branch, you will not be able to download the file from AKO. Other military branches look here to find where you can download ActivClient from your respective branch.
Solution 2-4: Go to: https://www.us.army.mil from this link. Your AKO shortcut in your favorites could be outdated. Simply re add AKO to your favorites replacing your existing favorite.
Solution 2-5:Follow guidance in this PDF
Problem 3: CAC works to sign forms, but cannot access CAC enabled websites.
Solution 3-1: Use Internet Explorer for any websites that need to use your CAC (IF using Firefox).
Solution 3-2:Follow guidance in this PDF, or watch this video
Solution 3-3: If you insist on using Firefox, follow this guidance AFTER you get it working with Internet Explorer.
Problem 4: If you can access some websites with your CAC, but some don't work (e.g. AKO, the USMC MCNOSC site or the OWA for NMCI site)
Solution 4-1: Click Tools, Internet Options, Advanced (tab). Scroll to the bottom. Make sure TLS 1.0, 1.1, & 1.2 are all checked, and SSL 2.0 & 3.0 are NOT checked.
Solution 4-2: Follow guidance in this PDF, or watch this video
Problem 5: Are you having problems accessing ATAAPS (Automated Time Attendance and Production System)?
Information: Bob Ridenour at Fort Gordon figured this out: 'If you have the Common Policy cert
More Information: He has gotten rid of the problem locally, but has received emails from individuals outside of his organization who have the Common Policy
This image is what people clicked on and installed the Common Policy. Select No when you see it next time.
Solution 5-2: This guide shows other settings that should also be set in Internet Explorer
Problem 6: Air Force users receiving 'CA Not Recognized' error message when attempting to access the Air Force Portal
Solution 9-1: Hit refresh on your web browser
Solution 9-2: Go through this guide
Solution 9-3: Verify your CAC is not expired, if so, get a new CAC
LOTUS FORMS (No longer used by the Army)
The ideas on this website are from regular people's experiences. I have been told by Army Publishing Directorate (APD) to send users to their help desk so they become aware of the problems with this program. 703-692-1306 / DSN: 312-222-1306, Webform, or usarmy.pentagon.hqda-apd.mbx.fcmp@mail.mil
If you are having problems accessing the CHESS website, contact theCHESS help desk at: peoeis.pdchess.helpdesk@us.army.mil or 888-232-4405 / 703-806-1019 / DSN: 312-656-1019 (Monday - Friday 0800-1700 EST).
Problem 1: Receive 'Error loading C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll' when attempting to install Lotus Forms.
Solution 1: Uninstall PureEdge Viewer (via Control Panel), Restart computer, then attempt Lotus Forms install again
Problem 2: Word Sign is GRAY after installing IBM Forms Viewer / Lotus Forms Viewer / Pure Edge Viewer
Solution 2-1: If you upgraded from Pure Edge Viewer and did not uninstall eSign / ApproveIt.. Uninstall eSign / ApproveIt, restart computer, then install eSign / ApproveIt again. eSign / ApproveIt HAS to be installed AFTER all programs that you want to be able to digitally sign. These programs include: Office products, IBM Forms viewer, Lotus Forms, PureEdge, & Adobe Reader.
Solution 2-2: 64 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program Files(x86)IBMForms Viewer4.0extensions
and to
C:Program Files(x86)IBMForms Viewer4.0API80system
Solution 2-2a: 32 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMForms Viewer4.0extensions
and to
C:Program FilesIBMForms Viewer4.0API80system
Solution 2-2c: 32 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMLotus FormsViewer3.5extensions
and to:
C:Program FilesIBMLotus FormsViewer3.5API76System
Solution 2-2d:64 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program Files(x86)ApproveIt to the following folders:
C:Program Files(x86)IBMLotus FormsViewer3.5extensions
and to:
C:Program Files(x86)IBMLotus FormsViewer3.5API76System
Solution 2-3: More ideas are located below
Problem 3: 'One or more signatures could not be verified' when opening up Lotus Forms
Solution 3-1: Latest DoD Certificates are needed
Solution 3-2: Verify you have ApproveIt installed
Solution 3-3: Restart your computer (if you have just installed eSign / ApproveIt)
Solution 3-4: 64 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program Files(x86)IBMForms Viewer4.0extensions
and to
C:Program Files(x86)IBMForms Viewer4.0API80system
Solution 3-4a: 32 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMForms Viewer4.0extensions
and to
C:Program FilesIBMForms Viewer4.0API80system
Solution 3-4b: 32 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMLotus FormsViewer3.5extensions
and to:
C:Program FilesIBMLotus FormsViewer3.5API76System
Solution 3-4c:64 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program Files(x86)ApproveIt to the following folders:
C:Program Files(x86)IBMLotus FormsViewer3.5extensions
and to:
C:Program Files(x86)IBMLotus FormsViewer3.5API76System
Problem 4: Receive error message: 'Viewer : Printer Driver's EndPage() Failed at PRINT ERROR(.srcFormViewerPrintEngineCPrintEngine.cpp:1960 Fri Jan 29 15:27:50 2010):2780:8)'
Information: You are unable to print Lotus forms on HP printers when using the 64 bit version of Vista & Windows 7. This is a known problem that exists between IBM and HP, therefore it is 'way above our heads' to get fixed, however, here are a few ideas you can try and still cheaper than buying a new printer.
Solution 4-1: Download a program like DoPDF, print your form to the DoPDF 'printer,' then print the PDF to your printer
Solution 4-2: Open Pure Edge, Select Preferences, Printing options, Uncheck 'Print each page as a separate print job'
Solution 4-3: Print your form to the Microsoft XPS Document Writer 'printer,' then print the XPS to your printer
The below error and Solution was copied from the IBM Support Portal
Problem 5: I see the following errors occur when opening Lotus® Forms:
20080109T154705.078-0600 3972 MEVRegisterErrorEx: Anthill_BuildBranch-API-Cannae-20050228Apisrcmasqutilmasqutil.c 10427 2079 118 22
20080109T154705.078-0600 3972 Viewer ReportAppMsg Title:'(null)' Msg:' at MUCreateDir(Anthill_BuildBranch-API-Cannae-20050228Apisrcmasqutilmasqutil.c:10427 Tue Apr 19 21:59:46 2005):3972:32 -> 22' TitleCode:7020 MsgCode:0
20080109T154706.515-0600 3972 MEVRegisterErrorEx: Anthill_BuildBranch-API-Cannae-20050228Apisrcmasqutilmasqutil.c 10508 2080 118 4294967295
20080109T154706.515-0600 3972 Viewer ReportAppMsg Title:'(null)' Msg:' at MUCreateAllDirs(Anthill_BuildBranch-API-Cannae-20050228Apisrcmasqutilmasqutil.c:10508 Tue Apr 19 21:59:46 2005):3972:32 -> -1' TitleCode:7020 MsgCode:0
Solution 5-1: To correct the problem, you must make sure the Viewer has read/write access to certain registry keys. The Viewer requires read/write access to the following paths/folders that are defined by the following registry keys:
1. HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersAppData
2. HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersPersonal
3. HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersDesktop
4. HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersCommon AppData
In addition, the Viewer requires read/write access to the following registry keys:
HKEY_CURRENT_USERSoftwareClasses
HKEY_CURRENT_USERSoftwarePureEdge
HKEY_CURRENT_USERControl PanelDesktop
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionApp Paths
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsAccepted Documents
Microsoft® Internet Explorer uses the following key and its sub-keys in order to properly host the Viewer. Access to these keys is critical in allowing the Viewer to interact with Internet Explorer:
HKEY_CURRENT_USERSoftwareMicrosoft
Solution 5-2: If the instructions confuse you above, look at: http://support.microsoft.com/kb/886549
Problem 6: Receiving internal error when opening Lotus Forms. Details show 'Null pointer dereferenced (in function RegistryIterator::updateCurrent()@.srcRegistryProfile.cpp:line531) Stack trace (unavailable)
Solution 6-1: Run this batch file to fix your computer. If your web browser blocked the file, download this text file and remove the .txt at the end, then run.
Solution 6-2: The following steps need to be completed while the affected user is logged in. Since they are merely modifying the keys corresponding with their user hive, elevated privileges are not necessary.
1. Go to Start, Run, type in: Regedit
2. Find [HKEY_CURRENT_USERSoftwareVB and VBA Program Settings] and delete the entire key.
3. Click Start - Programs - ApproveIT Desktop - ApproveIT Configuration.
4. On the default Signature Method tab ensure the option 'Sign using a certificate or smart card' is checked.
5. Click OK and test.
Solution 6-2 Alternative: Save ApproveIt_Fixer.doc to your computer, then open it. You may see a blank screen with a Security Warning. Select the 'Enable Content' button. Now click on Fix ApproveIt!, select OK. Provided by CPT H
Solution 6-3: 64 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program Files(x86)IBMForms Viewer4.0extensions
and to
C:Program Files(x86)IBMForms Viewer4.0API80system
Solution 6-3a: 32 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMForms Viewer4.0extensions
and to
C:Program FilesIBMForms Viewer4.0API80system
Solution 6-3b: 32 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMLotus FormsViewer3.5extensions
and to:
C:Program FilesIBMLotus FormsViewer3.5API76System
Solution 6-3c:64 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program Files(x86)ApproveIt to the following folders:
C:Program Files(x86)IBMLotus FormsViewer3.5extensions
and to:
C:Program Files(x86)IBMLotus FormsViewer3.5API76System
Solution 6-4: Go to Start, Run
Type 'regedit' (without the quotations)
Navigate to 'HKEY_CURRENT_USERSoftwareSilanis and delete it
Navigate to 'HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsApproveIt MS Office' and delete it
Go to Start, All Programs, Startup, ApproveIt StartUp and click the ApproveIt Start up entry to start ApproveIt
Problem 7: When clicking the login button trying to access CHESS [with your CAC] to download Lotus forms you are prompted for your certificate. You select it and enter your PIN, it then states 'you will be logged in shortly.' Within a few moments, you are returned to the login page without being logged in.
Solution 7: Follow guidance in this PDF, or watch this video
Problem 8: If you are using Windows XP and you experience the Lotus Forms 'hanging' it may be because the Viewer is not able to find the Java Runtime or the Java Runtime is the wrong version needed for the Viewer.
Information: APD has worked with IBM on this issue and believe they have found the problem and the solution. It is posted at the following URL: https://www-304.ibm.com/support/docview.wss?uid=swg21474129
Problem 9: Receiving 'Bad length error' or 'Link-exception is thrown' when submitting a form
Solution 9-1: Visit IBM's support page for information about it. Basically, we have to wait for the next version to be released.
Solution 9-1a: Air Force members can read more at: http://www.e-publishing.af.mil/viewerdownload.asp
Problem 10: The check boxes have a green check inside rather than the black X.
Solution 10: Open Lotus Forms, click Preferences, (the icon with blue an red O with a +). Click Advanced Settings, Select the box next to: Use 'X' Style Check Boxes.
Problem 11: Receiving 'Internet Forms Error - The system cannot find the file specified. C:WindowsSystem32configsystem profile at location=2079(buildCypress.APIapisrcmasqutilmasqutil.c:10498 Wed Dec 3' several times when opening Lotus Forms in Windows 7 or this error in the image that follows:
Solution 11-1: Install Lotus Forms using compatibility mode for Windows Vista or XP
Solution 11-2: While it is true that the program does in fact need access to the keys you have listed in solution 5, the true problem is the necessary strings the program is looking for are not built in the shell folders key when a user logs on. We are not sure why the Lotus developers are still writing with the modules that look at that keys versus using the SHGetFolderPath or SHGetKnownFolderPath function instead. The following is what Julie has done in all cases and fixed the problem quickly.
BLUF: When the program opens, it looks for the actual entries in the shell folder registry key under the HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders key. If they are not there then you get the 10498 error and some funky language folders are created. I do not know why yet, why for some computers the strings are not being built off of what is indicated in the HKLM path but nonetheless all I did was export the key from a working machine, open it in notepad, replace all with the user name of the machine in error, and then import it to their computer. Once complete the program runs fine.
Solution 11-3: Visit: http://www.e-publishing.af.mil/viewerdownload.asp and download 'AFDPO Releases Updated IBM Lotus Viewer_DSig_3.5.1.333.exe' under Software Link:
Solution 11-4: If you have a Brother HL-2280DW wireless laser printer and have installed the Nuance software, they may be causing this error message. What worked for a few Soldier was to return it and get a different printer. They then had to restore their computers to an earlier time before the printer (and Nuance) software had been installed.
Apk reader for windows 10. ReadKit ships with a “Focus Mode” that strips away all of the source column cruft and puts reading front and center: This helps ReadKit feel more like a read-it-later service, but I honestly don’t care for it. Reading RSS items and articles I’ve saved for later are very different, and I don’t care for having them in the same environment.
Problem 11a: Receiving 'Viewer : The system cannot find the file specified. C:Windowssystem32configsystemprofile at MUCreateDir(buildCypress.APIsrcmasqutilmasqutil.c:10498' when opening Lotus Forms in Windows 8
Solution 11a: See Solutions to Problem 5 above
Problem 12: Receive: 'An Error Has Occurred..' followed by 'The system cannot find the file specified.' Your only options are Close and Details >>.
Solution 12: Right click your taskbar, select Task Manager, look for Lotus Forms, you will probably 2 of them running. Right click one of them and select End Task. Now try it again.
Problem 13 (Fix for Government computer): After installing Adobe Acrobat Reader X, users are not able digitally sign forms in Lotus Forms
Information / Solution 13: When Acrobat Reader X is installed, you may not be able to digitally sign in Lotus Forms. It seems that when you click on 'Click to Approve' and the Digital Signature Viewer pops up; after you hit the 'Sign' button the 'ApproveIt-Certificate Selection' window does not pop up, the application just hangs indefinitely and so one cannot digitally sign.
Modify the value of:
HKEY_CURRENT_USERSoftwareSilanisApproveItSigningRealTimeTopazLib
To disable it the value should be 0.
It has only affected a small percentage of those computers that received the Acrobat X push and was hard to replicate the issue. This solution fixed both Vista 32bit and Win7 64bit systems that were imaged w/ AGM disks that had the problem. This fix also worked when rights elevation, uninstall / reinstall, libeay32.dll and se_cryptoapi.ifx fixes did not resolve the issue.
Problem 14: Receive the following error message after installing Lotus Forms 4.0.0.477: 'Your computer does not have a required file installed (Toolbar IFX). This will prevent you from saving the form back to the server. Please contact your help desk.
Solution 14: Follow guidance here
Problem 15: Receive the following error windows when trying to open a form. It can repeat several times, Lotus Forms won't close. Some people actually get Japanese characters.
Solutions 15: Download and save this text file titled: regkeys4_lotus_forms.txt file to your desktop.
Double click the .txt file and select Edit and choose Replace. Find and replace USER.NAME.HERE with your account name (this could be your AKO user ID if on a government computer, or your username on your home computer.
Save the file, then right click select Rename and remove the .txt replace it with .reg
Double click the regkeys4_lotus_forms.reg file
Now run Command Prompt as an administrator and paste this into the CMD Prompt: C:Program FilesIBMForms Viewer4.0>masqform.exe /register
or on a 64 bit version of Windows use this one:
C:Program Files (x86)IBMForms Viewer4.0>masqform.ext /register
MAC / APPLE SPECIFIC ISSUES
Problem 1: How do I use my CAC on my Mac
Solution 1: Follow instructions on this page
Problem 2: DTS page goes white after selecting Voucher or Authorization in DTS.
Solution 2: In Safari, select Safari, Uncheck Block Pop-Up Windows. You can also go to Safari, Preferences,Security, and uncheck Block pop-up windows under the Web content section.
Problem 3: When trying to view a website using Safari, you may see the alert message: 'Could not open the page. Too many redirects occurred trying to open (website name).' This may occur if you open a page that is redirected to open another page, which is then redirected to open the original page.
Information: This issue is typically caused by the website you're trying to view, not by Safari. Safari may be able to open the website at a later time, when the website's redirect problem has been corrected.
Occasionally, the issue might be caused by an interaction with Safari. The issue may also occur because redirect information has been retained beyond its useful life.
Solution 3: In some cases, resetting Safari may allow you to regain access to a website. To do that, follow these steps:
1. Choose Safari > Reset Safari.
2. Only check 'Remove all cookies' and 'Empty the Cache.'
3. Click Reset.
If the issue persists, sending feedback to the affected website may help. You can also send feedback to Apple by choosing Safari > Report Bugs to Apple.
OUTLOOK / MICROSOFT OFFICE / OWA
For DoD Enterprise Email users, please look here for specific support
Problem 1: After installing ActivClient, Outlook users are unable to send email without selecting a certificate. You may also receive Invalid Certificate - Microsoft Outlook cannot sign or encrypt this message because there are no certificates which can be used to send from the e-mail address 'user@mail.com'.
or
Solution 1: Outlook 2013 & 2010: Open Outlook, Click File, Options, Trust Center, Trust Center settings (button), E-mail Security, Uncheck the top 4 boxes
Outlook 2007: Open Outlook, Click Tools, Trust Center, E-mail Security, Uncheck the top 4 boxes
Outlook 2003: Open Outlook, click Tools, Options, Security tab, Uncheck the top 4 boxes
Problem 2: Receive ADTMSO.dll message after installing all needed software on Vista Premium.
Solution 2: Purchase Vista Ultimate and upgrade your Premium (I know this seems like an expensive option, but it did work for a Soldier in New York).
Problem 3: After installing ActivClient and opening Outlook, Receive error message: 'An extension file failed to initialize. Can't open the file: extend.dat'
You need to first be able to view hidden files (here's how):
- XP: Double click My Computer, once open, click on Tools (in the bar at the top), Folder Options, View tab, scroll down to Hidden files and folders, click the little circle next to Show hidden files and folders.
- Vista & 7: Control Panel (classic view), select Folder Options, click the View tab, scroll down to Hidden files and folders, click the little circle next to Show hidden files and folders.
- Vista & 7: Control Panel (Control Panel Home), select Additional Options, Appearance and Personalization, Folder Options, click the View tab, scroll down to Hidden files and folders, click the little circle next to Show hidden files and folders.
Solution 3: Make sure Outlook is closed, rename extend.dat to extend.bak, restart Outlook
- XP users, go to: C:Documents and Settings<userid>Local SettingsApplication DataMicrosoftOutlook
- Vista & 7 users, go to: C:users<userid>AppDataLocalMicrosoftOutlook
Problem 4: When using your Organization's OWA 2003 (Outlook Web Access) from home you cannot see the email in your inbox.
NOTE: https://web.mail.mil uses OWA 2010, so, look at Solution 5-3 below for instructions
Solution 4-1: Look at Solution 5-2 below for instructions for installing s/mime
Solution 4-2: Make sure you are not automatically downloading your email at your office to your local hard drive. When you do this it removes the email from the server, therefore you cannot see it via OWA.
Problem 5: I Can't view Encrypted emails in Outlook Web Access / App
Solution 5-1: Make sure you have the S/MIME control installed.
NOTE: This is only available in Internet Explorer (32 bit). It will NOT work with the 64 bit version, on a Mac, or any other web browser.
NOTE2: Internet Explorer 10 & 11 runs in 32 bit mode by default, so, this should not be an issue. You would have to select 'Enable 64-bit processes for Enhanced Protected Mode' to actually run in 64 bit mode. More information can be read here.
Solution 5-2 (OWA 2003): Go to Options, scroll down to Email Security, click on Download to download the S/MIME control. You also need to have ActivClient installed on your computer. Unless you are using the Windows 7 Smart Card service with your PIV II CAC, then you won't need ActivClient.
Solution 5-3 (OWA 2010): Click Options, See All options.., Settings, S/MIME, click on Install the S/MIME control
NOTE3: You will not see S/MIME control in IE 11 until you first add 'mail.mil' [or any other websites that are not working] to your 'Compatibility View Settings' by following slide 19 in this guide.
Solution 5-4a: If you have recently received a new CAC, follow along with this guide (CAC required link) explaining how to recover your old CAC certificate(s). NOTE: You MUST be on the military unclassified network to access the certificate recovery websites, which means you cannot access the links from your home computer.
Solution 5-4b: Follow the guide in solution 6 below.
Problem 6: How do I access my encrypted email / files once I receive a new CAC?
Solution 6: Emails & Files- Follow along with this guide explaining how to complete this process. You will need to logon to the server with your current CAC non email certificate(this is what will authenticate you as you) on a government computer on the .mil network.
Problem 7: ActivClient is prompting for a smart card (5 times) when opening Windows Mail
Solution 7-1: Open ActivClient, go to Tools, Advanced, Configuration and change 'Remove certificates from Windows on Smart Card removal' from 'No' to 'Yes.'
Solution 7-2: This can also happen when trying to use the Native Windows 7 smart card program. Using ActivClient will not cause this problem (other than Solution 7 immediately above).
Problem 8: Now that I have received a new CAC, how do I encrypt emails again in Outlook? (Government computers only)
Solution 8: You need to publish your new CAC certificates to the Global Address List (GAL), here's how:
Outlook 2003: Tools, Options, Security (tab), Publish to GAL.. (button)
Outlook 2007: Tools, Trust Center.., E-mail Security, Click on Publish to GAL..(button)
Outlook 2016, 2013, & 2010: File (tab), Options, Trust Center, Trust Center Settings..(button), E-mail Security, Click on Publish to GAL..(button)
Problem 9: Receive error message 'You do not have a valid certificate to encrypt to the following recipients..'
Cause: It is necessary to have a copy of the recipient’s public key to encrypt email messages.
Solution 9: 1) Have recipient send you a digitally signed email. Right click on their name in the from line and add them to your contacts. Click Save - Close. To send an encrypted email click on New - Mail Message. Create your message. Click To, and in the Select Names window drop-down list, click Contacts. Select the recipient’s email address from Contacts. On the message toolbar, Click Options - Security Settings, and select Encrypt message contents and attachments check box. Click OK - Close. Click Send.
2) Look up the recipient at https://dod411.gds.disa.mil and download their public key to your computer. Create a contact in your contacts list for them and add the certificate to it. Follow the steps above to send encrypted email.
Problem 10:Is there a way to adjust the size of the digital signature when signing in Word 2003 or 2007 using my CAC? We are able to digitally sign, but the signature is so large it won't fit within the borders of a standard size memo.
Solution 10: Yes, follow this Word document
Problem 11: Receiving the following error message when trying to use OWA on Windows 7 (64bit) & (32bit): 'A digital ID that allows you to sign this message is missing.'
Solution 11-1: Add your OWA link to your Trusted Sites (this may be needed for Internet Explorer 9 users)
Here's How: Open Internet Explorer, Go to Tools, Internet Options, Security (tab), Trusted Sites (green checkmark), Sites (button), Type your entire OWA web address into the Add this website to the zone (box) Example: https://web.mail.mil Other OWA site links can be found on the OWA page.
Solution 11-2: Install the S/MIME from the options section in your OWA client (see #5 above). If you have problems installing the S/MIME check to make sure that 'Do not save encrypted pages to disk' is unchecked under Tools, Advanced (tab).
NOTE: The S/MIME will ONLY work with the 32 bit version of Internet Explorer. It is not compatible with the 64 bit version.
Problem 12: You want to be able to Digitally Sign or Encrypt emails with Outlook when using AKO via IMAP, but you can't find where to add the buttons.
Solution 12: When composing a new email, click on the Options tab and you will see Encrypt and Sign
Problem 13: Users are having long load times when receiving digitally signed or encrypted emails.
Solution 13: Follow this guide
Problem 14: Receive message: 'This message can't be decrypted. If you have a smart card-based digital ID, insert the card and try to open the message again' when using Outlook Web Access / App (OWA)
Solution 14: Make sure the email address that is listed on your CAC is also in your Exchange profile. NOTE: This is why Army users have AKO email address on our CACs, and that our AKO email address is also listed as an alias in our Exchange profile.
Here's how: To change your email address on your CAC. This will also add it to your CAC if you don't have an email address on your CAC as well.
Problem 15: ApproveIt tab does not show up in Microsoft Word 2007 or Excel 2007.
Solution 15-1 for Word: Follow this guide
Solution 15-1 for Excel: Follow this guide
Solution 15-2: Create a new profile on your computer and digitally sign the Word and Excel files from that profile
Problem 15a: ApproveIt tab does not show up in Microsoft Word or Excel 2010 or 2013. (Will NOT work with 64 bit version of Office) Here's how to find out which one you have installed.
Best Cac Reader For Mac
Solution 15: The ability to digitally sign Word and Excel 2013 files is now built in, follow this guide
Problem 16: Receive 'HTTP/1.1 503 Service Unavailable' when attempting to access your email via OWA.
Information: This is caused when the Exchange server is down, or having problems.
Solution 16: Try accessing your email at a later time
Problem 17: Receive: 'Cannot connect to Internet Directory Service (LDAP) server: directory.us.army.mil. Check your network connection or modify your Address Book settings.' Followed by 'The search cannot be completed. MAPI_E_CALL_FAILED' after setting up the AKO LDAP address book.
Solution 17-1:Latest DoD Certificates are needed
Solution 17-2: If you have changed your AKO password recently, you need to change it in your LDAP connector as well.
Problem 18: You are on one of the many RW#.army.mil OWA email servers and are having problems connecting to your email.
Solution 18: You may have been migrated to DoD Enterprise Email, follow links on the OWA specific page.
Problem 19:Air Force Users Only: Everything appears to be setup correctly, but Outlook Web Access (OWA) STILL prompts that the digital ID is missing when attempting to send signed/encrypted.Also, the user cannot read signed / encrypted messages.
Solution 19:According to Air Force Public Key Infrastructure (AF PKI), the email address found on the certificate must be also listed as a proxy SMTP address for the end user. With the advent of Email for Life (E4L), the e-mail address listed on the certificate is the E4L address.This e-mail address may not necessarily be listed on the user account.
(Background:With E4L, many Air Force users have a lifetime email address, @us.af.mil, and a regular e-mail address, @base.af.mil)This @us.af.mil exists at another location, and then forwards to the appropriate @base.af.mil address.This works decently well.However, in the case of signing messages with OWA S/MIME, that E4L address needs to be listed on the user's base account, or they won't be able to sign / encrypt email in their client.
According to AFPKI:
'Important Note: Suppression of Name Checking does not work with OWA S/MIME. In order for a user to send signed e-mail or receive encrypted e-mail, the e-mail address on their e-mail certificates must match either their primary network Simple Mail Transfer Protocol (SMTP) e-mail address or one of the proxy SMTP addresses for their e-mail account. Use of the proxy address is controlled through the OWA S/MIME Security Setting “CertMatchingDoNotUseProxies”, which by default allows the use of proxy addresses. The AF PKI SPO recommends the default for all of the OWA S/MIME Security Settings. Detailed descriptions of the available security settings can be found in Microsoft’s Exchange Server 2003 Message Security Guide available at: http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/exmessec.mspx
In order to correct a case of e-mail mismatch, the Exchange administrator can add the e-mail address in the user's certificate to the list of user e-mail addresses, or a user can obtain new e-mail certificates either by returning to a DEERS / RAPIDS ID card issuance facility or accessing a User Maintenance Portal / Post-Issuance Portal (UMP/PIP) via their workstation.
UMP/PIP website: https://www.dmdc.osd.mil/self_service , select Replace Certificate to avoid going to a RAPIDS Site.
NOTE: You'll have to logon to the UMP/PIP site with your CAC. Visual steps
NOTE2: In my tests with Windows 7, it did NOT work with the Windows 7 built in Smart Card utility or with ActivClient installed. So, you will need to find a Windows Vista or XP computer with ActivClient installed.
Source: https://afpki.lackland.af.mil/html/kbdetail.cfm?id=343
Solution 20-1: Visit this website: https://www.dmdc.osd.mil/self_service, select Replace Certificate
NOTE: You have to logon to the site with your CAC. Visual steps or these steps
NOTE2: In my tests with Windows 7, it did NOT work with the Windows 7 built in Smart Card utility or with ActivClient installed. So, you will need to find a Windows Vista or XP computer with ActivClient installed.
An Air Force Major sent this in: 'When I tried to access the CAC User Maintenance Portal on a Windows 7 computer, the Java failed; however, when I tried the same thing on my Windows 7 computer at work (.mil domain), Java still failed but I got a popup dialog that told me I had to use the 64-bit version of IE and Java.When I started a browser session with the 64-bit IE, I was able to get to the User Maintenance Portal just fine.'
Solution 20-2: You can also visit an ID card office
Problem 21: Problems with mail.mil when using 64 bit AGM and 32 bit office 2007
Solution 21: Follow guidance in this PDF.
Problem 22: You are using OWA 2010, and do not like the conversation view..
.
Solution 22: Follow guidance here
Problem 23: How can I find out how much space I'm using in OWA 2010?
Solution 23: Hold your mouse over the root of your mailbox folder [Your name]. You 'may' need to click it. Only seems to work in Windows, not Macs.
Problem 24: Outlook issue on a Government computer: I can select the certificates to digitally sign emails but when I click ok to make the changes made stay. I get an error telling me to insert a card into the reader. The card is there, it can be used to access military websites it's just not recognized by Outlook.
Solution 24: Make sure your email address is correct on your CAC.
Here's how: Open ActivClient, click on My Certificates, click the middle certificate. Make sure the email address there is correct. 'Most' Army users will have either their AKO or mail.mil email addresses in the email address block.
Fix: Look here problem 20 or here problem 24, or visit an ID card office
Problem 25: You see the following error message when using Outlook Web Access 2003 with Internet Explorer 10 (this affects both Windows 7 & 8 users)
Here is what it says:
Solution 25: Internet Explorer 10 is not compatible with Outlook Web Access 2003. You can use Compatibility view by clicking the little 'torn paper' icon in the web address line.
Problem 26: Receiving following message in OWA when trying to open an encrypted email message: 'This message can't be decrypted. If you have a smart card-based digital ID, insert the card and try to open the message again.'
You may be able to encrypt outgoing emails, but decrypting is your issue.
Solution 26: When the message appears, remove your CAC from the reader, reinsert it, select another email, and reselect the encrypted email. IE may ask again for your PIN and then it will decrypt the email so you can read it.
Problem 27: Web.mail.mil / OWA locking up when trying to delete a thread of email with Skype Click to Call (C2C) installed.
NOTE: You may have received an auto update to Skype on your Windows computer. This update comes with C2C. One person noticed the issue appear and also noticed that phone numbers in emails suddenly appeared in blue (hyperlinked) with a Skype symbol next to them.
Solution 27: Uninstall C2C and the issue with locking up OWA when deleting email threads went away.
Problem 28: When trying to send an email from Outlook on a Government computer, receive the following error message:
Solution 28-1 (All Computers): Remove CAC, then reinsert it Try sending your email again
Solution 28-2 (ActivClient installed Computers): Open ActivClient, right click My Certificates, select Make Certificates available to Windows. Try sending your email again
PURE EDGE VIEWER (replaced by LOTUS FORMS) Army No Longer using this program)
The Army now uses Adobe Reader
May still be used by the Air Force
Problem 1: The word Sign is 'GRAYED OUT' when attempting to digitally sign a Pure Edge form.
Solution 1: See answers in THE WORD SIGN IS GRAY section below.
Problem 2: 'One or more signatures could not be verified' when opening Pure Edge
Solution 2-1: Verify you have ApproveIt installed.
Solution 2-2: Restart your computer (if you have just installed ApproveIt)
Solution 2-3: 64 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program Files(x86)IBMForms Viewer4.0extensions
and to
C:Program Files(x86)IBMForms Viewer4.0API80system
Solution 2-3a: 32 bit systems IBM Forms Viewer 4.0: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMForms Viewer4.0extensions
and to
C:Program FilesIBMForms Viewer4.0API80system
Solution 2-3b: 32 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders:
C:Program FilesIBMLotus FormsViewer3.5extensions
and to:
C:Program FilesIBMLotus FormsViewer3.5API76System
Solution 2-3c:64 bit systems Lotus Forms 3.5: Copy and paste libeay32.dll from C:Program Files(x86)ApproveIt to the following folders:
C:Program Files(x86)IBMLotus FormsViewer3.5extensions
and to:
C:Program Files(x86)IBMLotus FormsViewer3.5API76System
Solution 2-4: Latest DoD Certificates are needed
Solution 2-5: Uninstall ApproveIt 5.8.2, 5.9, or 6.1, restart computer, Install ApproveIt 5.7.3. Follow instructions below.
Solution 2-6: The new Lotus Forms and ApproveIt 6.5 works very well on Vista and Windows 7. I would recommend you upgrade. If you are still using using XP, it does not work as well. Look at #4 immediately above
Problem 3: Digital Signature not loading
Solution 3-1: Visit here
Solution 3-2: Uninstall ApproveIt 5.8.2, 5.9, or 6.1, restart computer, Install ApproveIt 5.7.3. Follow instructions below.
PLEASE NOTE: ApproveIt 6.1 & 6.5 are the only versions that will work with Lotus Forms.
Problem 4: Receiving internal error when opening Pure Edge. Details show 'Null pointer dereferenced (in function RegistryIterator::updateCurrent()@.srcRegistryProfile.cpp:line531) Stack trace (unavailable)
Solution 4-1: Run this batch file to fix your computer. If IE blocked the file, download this text file and remove the .txt at the end, then run.
Solution 4-2: The following steps need to be completed while the affected user is logged in. Since they are merely modifying the keys corresponding with their user hive, elevated privileges are not necessary.
1. Go to Start, Run, type in: Regedit
2. Find [HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsApproveIt MS Office] and delete the key.
3. Find [HKEY_CURRENT_USERSoftwareclassesApproveItDesignerAddIn] and delete the key.
4. Find [HKEY_CURRENT_USERSoftwareclassesCLSID{97A21885-E335-4164-AD1C-8A3BF0F003E9}] and delete the key.
5. Find [HKEY_CURRENT_USERSoftwareclassesCLSID{08E623D3-BEAD-4bd3-8401-EFF51FD754CE}] and delete the key.
6. Click Start - Programs - ApproveIT Desktop - ApproveIT Configuration.
7. On the default Signature Method tab ensure the option 'Sign using a certificate or smart card' is checked.
8. Click OK and test.
Solution 4-2 Alternative: Save ApproveIt_Fixer.doc to your computer, then open it. You may see a blank screen with a Security Warning. Select the 'Enable Content' button. Now click on Fix ApproveIt!, select OK. Provided by CPT H
Solution 4-3: Copy and paste libeay32.dll from C:Program FilesApproveIt to the following folders: C:Program FilesPureEdgeViewer6.5extensions and to: C:Program FilesPureEdgeViewer6.5API65SystemPDF with complete instructions
Solution 4-4: Go to Start, Run
Type 'regedit' (without the quotations)
Navigate to 'HKEY_CURRENT_USERSoftwareSilanis and delete it
Navigate to 'HKEY_CURRENT_USERSoftwareVB and VBA Program SettingsApproveIt MS Office' and delete it
Go to Start, All Programs, Startup, ApproveIt StartUp and click the ApproveIt Start up entry to start ApproveIt
Problem 5: 'Pure Edge Viewer has encountered a problem and needs to close. We are sorry for the inconvenience.'
Solution 5: Copy 'libeay32.dll' from the following location: 'C:Program FilesApproveIt'
Paste the files into both of the following locations: 'C:Program FilesPureEdgeViewer 6.5API65System' and 'C:Program FilesPureEdgeViewer 6.5extensions'
Reason: These files can get written over by some Microsoft Updates. Pure Edge cannot use the newer files that were installed by Microsoft.
Problem 6: Receive the following error 'Form API initialization Failed'
Solution 6-1: Reinstall Pure Edge
Solution 6-2:
1. Insure you close all errors that appear when launching a PureEdge form
2. Go to: C:windowssystem32 and double click 'fixmapi.exe'
NOTE: This file will not show anything, give it approximately 5-10 seconds to insure it completed
3. Attempt to open the PureEdge form again
Problem 7: Receive ePersona message when trying to sign a form in Pure Edge with Approve It.
Solution 7: Close PureEdge (if it is open). Go to: C:Program FilesApproveIt, double-click the icon that looks like a wrench titled: 'AprvCfg.exe'. On the Signature Method tab, make sure the radio button is on the bottom choice - 'Sign using a certificate or smart card.' Don't change anything else. Click Apply, then OK
After you click 'Sign' in PureEdge, it may take a few minutes for the list of certificates to pop up. Be patient. Choose the certificate that doesn't say Email, and put a check in the box that says 'Use this certificate as default' (if this is your personal computer).
Problem 8: Receive ' MUCreateDir(Anthill_BuildBranch-API-Cannae-20050228Apisrcmasqutilmasqutil.c:10427 Tue Apr 19 21:59:46 2005):2696:32-> 22'
Solution 8-1: Try the same Solution as Problem #5 above
Solution 8-2: Read the Tech notes on IBM
Solution 8-3: Read Microsoft Support information
Solution 8-4: If you are using Vista and the errors happened after macrovision, this is the fix.
Logon as an administrator (i.e. using your SA account) instead of right clicking and choosing 'run as'(do not choose).
Open PureEdge to make sure it is running fine(if macrovision hasn't been installed already).
Install macrovision if not yet installed.
If you are unsure it has been installed, go ahead and run it and it will ask you to modify, repair, or uninstall. Uninstall it and reboot, then you can install it again.
Open PureEdge to see if it has the errors.
Go into Regedit follow this path;
HKCUsoftwareMicrosoftWindowsCurrentVersionExplorerShell FoldersAppData
Before you install macrovision AppData key is:
C:Users**USER.NAME**AppDataRoaming
After you install it, nothing will be in its place so you can copy the above key from another key ONLY to roaming.
After, open PureEdge and and check to see if the errors were fixed.
Solution 8-5: Uninstall ApproveIt 5.8.2, 5.9, or 6.1, restart computer, Install ApproveIt 5.7.3. Follow instructions below.
PLEASE NOTE: ApproveIt 6.1 & 6.5 are the only versions that will work with Lotus Forms.
Problem 9: Pure Edge bar stalls half way across the screen when attempting to load a form
Solution 9-1: Reinstall the DoD certificates & ApproveIt try to access your form again.
Solution 9-2: Create a new profile and install Lotus Forms and ApproveIt from this new profile.
Problem 10: 'Unable to complete the signature; the private key cannot be found or is inaccessible on the system. Make sure you are using a good signing key or the right smart card.'
Solution 10: Look at ApproveIt Problem 4 above.
Problem 11: Receive 'Internal function call failed. at IFSObject_RegisterClass(Anthill_Build/Branch-API-Cannae-20050228ApisrcifxIFSObject.c:1997 Tue Mar 15 12:04:02 2005):2788'
Solution 11-1: Uninstall ApproveIt 5.8.2, 5.9, or 6.1, restart computer, Install ApproveIt 5.7.3. Follow instructions below.
Solution 11-2: You can also try items listed at #9 above or #5 in the LOTUS section
Problem 12: If you receive an ePersona message, or 'Add digital ID' with the choice of, I want to sign this document using?
Solution 12: Visit the Notes page to find out how to correct this.
Problem 13:Unable to print forms from Pure Edge Viewer in Vista & Windows 7 64 bit systems with HP printers. (Receive an error similar to: Viewer : Printer Driver's EndPage() Failed at PRINT ERROR(.srcFormViewerPrintEngineCPrintEngine.cpp:1960 Fri Jan 29 15:27:50 2010):2780:8) )
Solution 13-1: Download a program like DoPDF, print your form to the DoPDF 'printer,' then print the PDF to your printer
Solution 13-2: Open Pure Edge, Select Preferences, Printing options, Uncheck 'Print each page as a separate print job'
Solution 13-3: Print your form to the Microsoft XPS Document Writer 'printer,' then print the XPS to your printer
Problem 14: Receive error message: 'Unable to initialize the API at C:Progra~1PureEdgeVIEWER1.5API65'
Solution 14:Follow guidance to uninstall Pure Edge here.
VISTA UAC (USER ACCESS CONTROL)
Problem 1: If you do not like it, read below on how to turn it off.
Solution 1-1: Visit How-To-Geek for easy screen shot views (I prefer this method)
Solution 1-2: Video on Chris.Pirillo.com
Solution 1-3: User Access Control message. Here is a registry hack to turn User Access Control off (right click, save target as on DisableUACforAdmin.reg), then double click it. You will not have to enter the registry with this small .reg file as it will automatically change the location in the registry for those of you who are uncomfortable working in the registry. I use this registry hack on my Windows Vista computers and do not get the annoying message saying that I'm not safe. If you feel you should have it after turning it off, here is another .reg file to re-enable the UAC (right click, save target as on Re-EnableUACforAdmin.), then double click it.
OTHER MISC ERROR MESSAGES
Problem 1: The system could not log you on. 'The requested key container does not exist on the smart card.'
Solution 1-1:Switch user, then log back in as yourself.
Solution 1-2:Have someone else log onto the same computer, double click ActivClient, Click on Tools, Advanced, Forget State for all cards. This 'other' person does NOT have to be an administrator.
Solution 1-3: Visit Google Groups for another possible solution
Problem 2: Receive the following error 'Please enter the master password for the ActivIdentity ActivClient 0.' when using Firefox.
Solution 2-1: This is Firefox's 'secret code' forEntering your CAC [6-8 digit] PIN
Solution 2-2: You are getting this error because you are trying to use Firefox and your CAC.
You have 2 options, first is to switch over to Internet Explorer for any websites you need to use your CAC. Second option is to visit the Firefox support page and attempt to get your Firefox working using the instructions.
NOTE: Firefox will only work with ActivClient (or OpenSC) installed. Therefore if you are using the Windows 7 or 8 / 8.1 built in Smart Card utility, it won't work.
Problem 3: Certificate box comes up empty when trying to access a webpage.
Solution 3:Latest DoD Certificates are needed, instructions are here
Problem 4: Receive error message: 'Local policy does not allow you to log on interactively.'
Solution 4:Latest DoD Certificates are needed, instructions are here
Problem 5: Government owned computer will not read CAC after computer is locked.
Information: Sometimes when a user locks their computer, they are unable to unlock it because their CAC will not read. The research points toward buffer overflow errors and memory write errors due to registry key permissions. Two workarounds have been found:
Solution 5-1: Disable Windows Aero theme, instructions can be read on HowToGeek or LanceLHoff
Solution 5-2: Unplug and re-plug in the CAC reader or keyboard w/CAC reader (this is the equivalent of rebooting the reader, but only works for external CAC readers)
Problem 6: Problem accessing some CAC enabled websites
Solution 6: Run this .bat file to clear out old certificates from your computer. If your computer blocks the download, please download this file and remove the .txt from the end of the file name.
CURRENT PROBLEMS WITH NO KNOWN RESOLUTION
Please continue to check back later to see if a Solution has been found
If you've found a Solution for this, please contact me
NONE right now
Question 1: How can I set up my personal Windows computer to be able to login with my CAC (like my government computer)?
Cac Reader For Mac El Capitan
Answer 1: You can try this program if you are using Windows 7 or 8. (I personally have not tried it). Please let me know how it works for you. I only have 1 CAC, and need to access multiple computers at the same time. So, I can't afford to tie it up on one computer.
Notes from a person who tried the idea above: 'The solution listed above worked great. Just remember after restart when you set it up, the first password you put in is the User Account Password, then when clicking finish to test, I had to select the second certificate on the popup. All went well!
Question 2: Can I set up my personal Mac computer to be able to login with my CAC?
Answer 2-1: Follow this guidance in this PDF
Answer 2-2: Follow these instructions from Thursby (I have NOT tested this).
Question 3: Are Individual Ready Reserve (IRR) Soldiers eligible for a Common Access Card (CAC)?
Answer 3: IRR Soldiers are issued the Armed Forces of the United States Geneva Conventions Identification Card (Reserve) (Green). If on active duty orders for 31 days or longer the IRR Soldier can receive a CAC.
Members being released from active duty with a Military Service Obligation (MSO) are part of the IRR and will be issued the green Reserve ID cards.
Question 4: Are retirees and family members eligible for a Common Access Card (CAC)?
Information: The CIO/G6 recognized the need to provide stronger authentication for retirees and had a working pilot program to provide Smart Cards with DoD PKI certificates to Army retirees and family members. The cards were used as an alternative to username password login to Army websites. The pilot was limited to 2,500 users and evaluated user experience and the overall acceptance of using the card as a replacement for username / password login. Other alternatives such as One Time Passwords were also being considered. Sites such as MyPay will be allowed to continue to use username and password until a stronger authentication solution is fielded.
This Pilot program ended on 1 October 2012
Answer 4: Not at this time. Retirees will continue to receive the traditional Retired (blue) or Reserve Retired (red) cards. Family members will continue to be issued the tan or red cards.
Question 5: I am retired and do not have a CAC anymore. How do I access my military records, since iPerms is 100% CAC authentication?
Answer 5-1:Your records are archived; therefore, veterans and authorized family members must request a copy of their records by submitting a prepared Standard Form 180 to the appropriate address listed on the back of the form or by going to the following website to submit the request electronically:
http://www.archives.gov/veterans/evetrecs/
NOTE: If you do not consider yourself 'computer-savvy,' or want to discuss this with someone at the facility, the number to call is 1-866-272-6272.
Best Cac Reader For Mac
.
.
.
Answer 7:Emails & Files- Follow along with this guide explaining how to complete this process. You will need to logon to the server with your current CAC (this authenticates you as you). The websites mentioned in the guide can only be accessed from a US Government computer and network.
Question 8: Prompted repeatedly for your CAC PIN when using Windows 7 (and 8) built in Smart Card utility accessing CAC enabled websites.
Background: The way Windows 7 (and 8) accesses your CAC It doesn’t cache your CAC PIN on your computer
Solution 8-1 Windows 7: Install ActivClient 6.2.0.x (this program will cache your PIN for 15 minutes).
.
Solution 8-1a Windows 8: Install Coolkey or purchase CSSi (these programs will cache your PIN)
Question 9: My email address is incorrect on my CAC, How can I fix it?
Answer 9:Follow guidance here
THE WORD SIGN IS GRAY
No longer an issue with fillable PDF forms
.
CREATE A NEW USER PROFILE
.
Windows 10
.
Cac Card Reader For Mac
Windows 7 & 8/8.1
.
Cac Reader For Mac
Mac OS