× Welcome to the Centrify Community! Looking for Express & Smart Card Help? Click Here

Problems with Enterprise Email https://web.mail.mil

Showing results for 
Search instead for 
Do you mean 
Reply
Participant I
Posts: 1
Registered: ‎04-07-2014
#1 of 11 60,624

Problems with Enterprise Email https://web.mail.mil

[ Edited ]

Dear Centrify, 

 

Thank you for this free software to access CAC sites.  I appreciate it.  I am new to MAC, but trying to access my Army email at: https://web.mail.mil

 

I am operating on OS X 10.8.5

I am using Chrome 33.0.1750.152

I am also using Safari 6.1.2 (8537.74.9)

 

I have been able to successfully log into AKO account via CAC with no issues using Centrify.  However, I cannot access EE email at https://web.mail.mil.  When I try to open this page, it does not ask me for a PIN or anything.  The page simply stops and says" 

This webpage is not available

 

Can you please help here?  It is not even giving me the option of using CAC, it simply does not load the page without any explanation.  

Thank you!

 

 

Retired Employee (Inactive)
Posts: 83
Registered: ‎04-24-2012
#2 of 11 60,406

Re: Problems with Enterprise Email https://web.mail.mil

Hi,

 

Thanks for contacting Centrify.

 

I think you are using CAC or CANNG cards?

 

Could you please try removing CAC and CACNG tokend, and retest?  

 

Please do the following:

 

  cd /System/Library/Security/tokend/

  sudo mkdir tmp

  sudo mv CAC* tmp/

 

Remove and insert your card again.

 

Open Keychain Access.  Make sure the card appears as "PIV-*".

 

Try going to web.mail.mil web site. 

(If you are using Safari, please remove the credential association to web.mail.mil, so that you can select the right cert.)

 

Please let us know: - Does this allow you to log in? - Does this break any other use case?

 

To undo the changes to tokend, you can do:

 

  cd /System/Library/Security/tokend/

  sudo mv tmp/CAC* .

 

Regards,

 

Ezazul Bhuiyan

Centrify Support

Participant II
Posts: 4
Registered: ‎08-08-2014
#3 of 11 57,788

Re: Problems with Enterprise Email https://web.mail.mil

Hi...I am having the same problem as the other user in this chain.  

 

You told that person to do the following:

 

Could you please try removing CAC and CACNG tokend, and retest?  

 

Please do the following:

 

  cd /System/Library/Security/tokend/

  sudo mkdir tmp

  sudo mv CAC* tmp/

 

....I am new to mac.  How do I get to this link?  I am using a MAC air w/ OS X 10.9.  Thanks! 

Participant II
Posts: 4
Registered: ‎08-08-2014
#4 of 11 57,784

Re: Problems with Enterprise Email https://web.mail.mil

so...i think i figured out how to access terminal, etc.  When I go through your instructions, my terminal says: "mkdir: tmp: File exists"

 

However, when I open up keychain, it is unclear where I am supposed to look to see if it has "PIV -" etc. 

 

Under the CAC keychain, it pulls up all the certificates, but they are not titled this way.  Am I looking at the wrong thing?  

Participant II
Posts: 4
Registered: ‎08-08-2014
#5 of 11 57,769

Re: Problems with Enterprise Email https://web.mail.mil

Update:  sorry for the serial posts.  Okay, keychain has now properly identified my CAC certificates as PIV- 

 

However, when I try to pull up a CAC accessible site, I still get an error.  It pulls up the certificate, I click on it, it asks for my keychain password, I type that in, and then it says webpage not found.  

Retired Employee (Inactive)
Posts: 83
Registered: ‎04-24-2012
#6 of 11 57,617

Re: Problems with Enterprise Email https://web.mail.mil

Hi DrewKK,

 

Thanks for using Centirfy.

 

From your descriptions it sounds like the Centrify components are working, but it's that your certificates that are not working.

 

Try downloading the latest ones directly from the DoD PKI Management site and also make sure to validate your certificate trust chain.

 

Use the steps from our Smart Card Express docs:

http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js...

 

http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js...

 

Additionally - when attempting to open the smartcard keychain and it prompts for a password - you enter your CAC PIN as it's asking to authenticate into the smartcard itself.

 

As a quick addon to this - another way to verify whether it's the smart card software that is not letting you in, or whether it's the certs themselves is to see if you are able to smartcard-login to the website from a Windows machine.

 

If the login also fails in Windows - then you'll know it's the website rejecting the certificates themselves.

 

Let us know how you get on with this.

 

 

Regards,

 

Ezazul Bhuiyan

Centrify Support

Participant II
Posts: 4
Registered: ‎08-08-2014
#7 of 11 57,546

Re: Problems with Enterprise Email https://web.mail.mil

Thanks -- I got it to work temporarily... It was indeed the fact that I was trying to enter my keychain password instead of the CAC PIN.  Once i used the PIN, it worked.

 

However, today when I logged on, my SCR331 CAC reader is not registering -- i.e., just a solid green light instead of the blinking green light that shows it's pulling from the card.  My keychain still shows the presence of the CAC keychain, with associated certificates, but it's obviously not activated -- because when I go to a website in either Chrome or Safari, it immediately says website not found.  

 

Any ideas?  Is there somewhat to clear the keychain to get it active again?  

 

Thanks!

Drew

CAC
Participant I
Posts: 1
Registered: ‎11-25-2015
#8 of 11 26,269

Re: Problems with Enterprise Email https://web.mail.mil

Hello,

 

I'm a new Mac user too. I'm also having the same issue with not being able to access my EE web.mail.mil email using my CAC reader. I have downloaded the proper program from centrify to utilize my CAC, and it allows me to access the AKO webpage, but once I try to access my enterprise email it simpliy does not give me the option to type in my PIV. I'm trying to use the steps below that you submitted as a possible solution and remove my CAC or CANNG tokend, and retest, but I do not know where the entry point for cd/System/Library/Security/tokend/sudo mkdir tmp sudo mv CAC* tmp/ . Should I look in the preferences on my Mac or is there another area on the computer I should search for this information. Thanks in advance.

Posts: 532
Kudos: 210
Blog Posts: 24
Solutions: 25
Registered: ‎04-19-2012
#9 of 11 26,244

Re: Problems with Enterprise Email https://web.mail.mil

[ Edited ]

Hi CAC,

 

Just want to double-check that you've first followed the steps here to ensure that you're definitely using the Centrify drivers, and not a another third-party driver:

http://community.centrify.com/t5/Express-for-Smart-Card/bd-p/ExpressforSmartCard2

 

(The main way to check is to look in Keychain Access when your card is inserted and make sure the smart card appears in the Keychain list with the correct prefix and a series of numbers, for example "CACNG-123456", "PIV-123456", etc. if it has a different format, then this would be an indication that it is using a different tokend driver)

 

 

Once the drivers have been verified, make sure you have configured your browser to use the correct identity on your smart card:

- "Configuring web browsers and mail clients" section:

http://www.centrify.com/downloads/products/documentation/mac-smart-smartcard/1.0.0/wwhelp/wwhimpl/js...

 

 

Kind regards,

Brian

 

Participant II
Posts: 2
Registered: ‎03-14-2017
#10 of 11 4,915

Re: Problems with Enterprise Email https://web.mail.mil

Aloha,

I'm in the US Army Reserves and currently having issue accessing my AKO Webmail with the following results...need assistance.

Your session could not be established.


The session reference number:  d3184e27

Access was denied by the access policy. This may be due to a failure to meet access policy requirements.

If you are an administrator, please go to Access Policy >> Reports : All Sessions page and look up the session reference number displayed above.

To open a new session, please click here.