Enterprise Email

Department of Defense (DoD) Enterprise Email Information

Email address and storage provided by: Defense Information Systems Agency (DISA)

All Army AKO users who have a CAC will be migrated to DISA’s DoD Enterprise Email and can no longer access their email via username/password. Enterprise Email uses Microsoft Exchange and requires 100% CAC use. Email addresses are given out from the Outlook Web App (OWA) site.

AKO accounts for Dual Persona users will be migrated in June or July of 2013.

In order to access OWA, you must first have a DISA DoD Enterprise Email mail.mil email account. If you do not have a DoD Enterprise Email account (an email account ending in “mail.mil”), check with your organization to get an activation date.

Once you have your DoD Enterprise Email account, follow the steps below to enable CAC usage on your Windows system.


Windows Installation Steps

  • Step 1: Obtain a CAC Reader
  • Step 2: Install a CAC Reader driver
  • Step 3: Obtain DoD Certificates
  • Step 4: Install ActivClient
  • Step 5: Configure Internet Explorer for CAC 
  • Step 6: Select “EMAIL” certificate when prompted. (Dual Persona personnel ONLY: select your PIV certificate when prompted. See the Dual Persona section below for instructions on installing and activating your PIV certificate on your CAC.)

Solutions to Common Problems

For Mac Users: The information and solutions below are for the Windows operating system only. Go to The Mac Solutions for solutions to Mac-related issues and requirements.

Other than using OWA, how can I check my DoD Enterprise Email when I’m not in the office?

DoD Enterprise Email can’t be used with personal computer email clients like Outlook or any other service that’s outside the military or government network or Mail.mil Advanced Technologies Email. There are some workarounds within this stricture:

1. While at work, you can forward your DoD Enterprise Email to another .mil or .gov email address that you can access at home. The Enterprise Email Office provides a guide here (CAC required to download). In a nutshell, there is a “Forwarding from DoD EE” button on .mil or .gov email addresses. By using the forwarding button you, in effect, combine your work and home email into one email address.

2. Business Class users can either use their government BlackBerry or take their government computer with them. Or, if you are a Business class user and your organization uses Citrix, you may be able to use your CAC-enabled PC with Outlook and the Citrix client.

3. For all mail.mil users, you can access your email on an iPhone or iPad using OWA. Sadly, Microsoft doesn’t allow digital encryption in Internet Explorer 32 bit with S/MIME installed.

I got the following error message when attempting to access https://web.mail.mil:

This error message says that your DoD Enterprise Email has not yet been set up. Check with your organization to find out when your email is set to be activated.

I know my DoD Enterprise Email account has been set up, but my profile information is incorrect in the Global Address List (GAL).

1. Read the How to Update your Information in the DoD Enterprise Email Global Address List (GAL) guide and follow the instructions to fix any incorrect information on your profile.

2. To update your profile, go to Defense Manpower Data Center (DMDC) MilConnect and sign in to update your profile. It takes 4 to 48 hours to update your GAL with new profile information.

Instructions on how to use the DMDC MilConnect website is available at  https://ee.csd.disa.mil (CAC required to access). Select the Update Your GAL Attributes button. An instruction guide is available at http://www.disa.mil/~/media/Files/DISA/Services/Enterprise-Services/MilConnectTTP.pdf

3. If your military rank is wrong on your profile, please visit an ID card office to get it corrected.

I get the following error when attempting to access my email via OWA: “HTTP/1.1 503 Service Unavailable”.

There is nothing wrong with your computer setup. This error appears when there are issues with the Exchange server.

Check your email again in a few minutes.

DISA has classified me as a “Dual Persona”, and I can’t access my email online. What is a “Dual Persona”, and what do I need to do to access my email online?

Dual Persona

“Dual Persona” individuals are classified as both a soldier (Reservist or National Guard) and a DoD civilian or contractor. You may be classified as dual persona if you were a DoD civilian or contractor during the past three years (even if you left that job over a year ago) and are also a current Reservist or National Guard soldier. Dual Persona individuals are authorized to carry two CACs, one for each designation. As a dual persona individual, however, you are initially blocked from accessing your email online and must add a PIV certificate to one of your CACs to remove the block.

Changing Your Email Address

Also, you can’t have the same email address on both of your CACs. We recommend you put your AKO email address on your Military CAC. Click here for instructions on how to change your email address on your CAC.

Installing Your PIV Certificate on a CAC

  • You must have the following components, in the following versions, on the computer system where you initially install your PIV certificate on a CAC.
  • Windows 7 (only without the built-in Smart Card utility), Vistas, or XP
  • ActivClient or above Internet Explorer Java 6-35
  • The components must be all 32-bit or all 64-bit, depending on your Windows operating system. (Check your Windows bit level at startup.)

You cannot install your PIV certificate on a Windows 8 system. You will need to find a system that has a different version of Windows installed. Once your PIV certificate is installed on your CAC, you can use it on a Windows 8 system.

If you have a higher version of Java on your system, you must uninstall that version and install Java 6-35.

Once you are on a system with the correct system components, log into the
RAPIDS Self Service Website and follow the directions in CAC–Activating a PIV Authentication Certificate to install your PIV authentication certificate. If you have questions while on the RAPIDS Self Service site, contact the RAPIDS Help Desk.

If you are using a computer with Firefox instead of Internet Explorer as the browser, you may be able to install your PIV certificate. Firefox is 32-bit, so all of the other components above must be 32-bit, including your Windows operating system.

Activating, or “Exposing”, your PIV Certificate with ActivClient

Sadly, the DMDC RAPIDS Self Service website has been unable to activate PIV certificates for the majority of Dual Persona individuals. If you are unable to activate your PIV certificate at the DMDC Self Service website, and you have elevated access on government systems, you can “expose” your PIV certificate with ActivClient.

If you have ActivClient 6.2.0.x on the computer where you want to get your enterprise email (on all Windows systems EXCEPT Windows 8), upgrade ActivClient to the latest version available. After you have installed the latest version of ActivClient, open ActivClient and click Tools–>Advanced–>Configuration. Scroll down and click on Smart Card–>”Prefer CSC-IS over PIV EndPoint…”. Change the “Yes” to “No”. Then, restart your computer at the prompt.

You will have to “expose” your PIV certificate on every computer you need to access your Enterprise Email.

For Mac Users: There is no way for you to activate your PIV using a Mac. However, if you use PKard or Centrify Express, you may be able to see your PIV certificate.

Switching Certificates

After “exposing” your PIV certificate this way, you will always need to select the “PIV” certificate option in Internet Explorer, (not the “Email” Certificate in Step 4 above), every time you go to https://web.mail.mil.

Government computer users must make sure to select the 10-digit certificate in Internet Explorer when logging into the computer (see Step 6 above), and the 16-digit certificate to check your email. If you select the 16-digit certificate at login, you will either receive “DoD Visitor” status on the computer, or you will get a “Credentials cannot be verified” error

Wide Area Work Flow Users

If you use Wide Area Work Flow (WAWF), you cannot activate your PIV certificate using this ActivClient solution. You must work with the DCDC RAPIDS Self Service website to install and activate your PIV certificate.

The WAWF website is moving to a CAC/certificate-only logon and uses a DoD x.509 certificate. So, if you are Dual Persona and use WAWF, and you have activated your PIV certificate by “exposing” it with ActivClient with the steps above, the WAWF website will not correctly read their own DoD x.509 certificate and will not allow you to log in, and you will get a “No Certificates Found!” error message. You must “undo” your ActivClient PIV certificate activation in order to log into the WAWF website again. Specifically, change the “Yes” choice to “No” on the “Prefer CSC-IS over PIV EndPoint…” screen in ActivClient.

Computer Setup for Dual Persona Users

Once your PIV certificate is installed and activated on your CAC, you now need to set up your computer to use the PIV certificate instead of the Email certificate.

Start ActivClient.

For ActivClient 6.2.0.x, choose Tools–>Advanced–>Forget State for All Cards. Perform this operation twice. Then choose Make Certificate available to Windows.

For ActivClient 7.0.x.x, choose Tools–>Advanced–>Reset Optimization Cache. Then simply remove and reinsert your CAC.

After following these steps, you should see 4 active certificates on your CAC. If not, repeat the actions above.

I can’t access my mail.mil email on 64 bit AGM and 32 bit Office 2007.

For this specific set of circumstances, follow the steps in the href=http://militarycac.com/files/Windows7DualPersonaAndOutlook.pdf>Windows 7 64x AGM and Dual Persona’s Outlook 2007, and 32Bit Mail Client guide.

I can’t view encrypted emails in OWA.

Make sure you have the S/MIME control installed on your system. This solution will work on 32-bit Internet Explorer only. In Internet Explorer, click Options–>See All options…–>Settings–>S/MIME. Choose Install the S/MIME control.

If you unable to install the S/MIME control, make sure that the “Do not save encrypted pages to disk” option is unchecked under Tools–>Advanced. This will only work with 32-bit Internet Explorer.

Where can I get help for my Enterprise Email account?

From any location, call the Army Enterprise Service Desk at 866-335-2769, Option 3 (as of on 30 April 2013).

Contact the Army Reserve Help desk at 855-55-USARC, or, from your Army Reserve computer.

Contact the Army & NETCOM CAC/PKI Help desk at 866-738-3222 (DSN: 312-879-8133), or email army.cacpki.helpdesk@mail.mil.

Contact the DISA Help desk at 800-447-2457 or 614-692-3136 (DSN: 312-850-3136), or email NCES@csd.disa.mil.

How do I turn off the conversation view in web.mail.mil?

I am receiving the following error message when trying to use OWA on Windows 7 (both 32- and 64-bit):

1. You need to add your OWA link to your Trusted Sites. Open Internet Explorer, Click Tools–>Internet Options–>Security. Checkmark Trusted Sites and then click on the Sites button. Then type *.mail.mil in “Add this website to the zone” and click the Add button.

2. Make sure you have the S/MIME control installed on your system. This solution will work on 32-bit Internet Explorer only.
In Internet Explorer, click Options–>See All options…–>Settings–>S/MIME. Choose Install the S/MIME control.

If you have problems installing the S/MIME control, check to make sure that “Do not save encrypted pages to disk” is unchecked under Tools–>Advanced. This will only work with 32-bit Internet Explorer.

In OWA, how do I find out how much mailbox space I have already used?

Hover your mouse over your name at the top of your mailbox folder tree:

AKO gave me 1024 MB email storage space, and DISA only gave me 512 MB. How can I increase my email storage capacity?

Click here for an explanation of email box storage quotas.

When using OWA, I am getting the following message when I open certain email messages: “This message can’t be decrypted. If you have a smart card-based digital ID, insert the card and try to open the message again”.

Make sure the email address encoded on your CAC also exists in your Exchange profile. Army personnel should have their AKO email address on their CAC, and their AKO email address is also listed as an alias in their Exchange profiles. You can update your email address on your CAC by following this guide.

I have PCS’d to a new installation/location. How do I update my information in the Mail.mil Global Address List?

Normally, you do not need to do anything. When you move to a new installation, your mail.mil account will be automatically moved to a DECC (Defense Enterprise Computing Center) that is closer to your new duty station.

However, if your information is incorrect in the Global Address List (GAL), read the href=http://militarycac.com/files/Update_Your_GAL_Info.pdf>How to Update your Information in the DoD Enterprise Email Global Address List (GAL) guide and follow the instructions to fix any incorrect information on your profile.

How do I configure my DoD Enterprise Email on my government computer to use Outlook?

I can get to https://web.mail.mil with my CAC and PIN, and Internet Explorer shows that I am an email user. The next mail screen shows that my actual mail server is https://web-XXXX.mail.mil/owa. However, this link only times out and never works. This URL also times out when I try to go straight to it.

You need to add *.mail.mil to your trusted sites in Internet Explorer. Open Internet Explorer, Click Tools–>Internet Options–>Security. Checkmark Trusted Sites and click on the Sites button. Enter *.mail.mil into “Add this website to the zone” and click the Add button.

I’ve received my Notification of Transfer to Enterprise Email from AKO. How can I save all of my emails from AKO before the transfer takes place?

To get the latest information about the AKO-to-Enterprise Email transfer, visit this  AKO page.

For directions on how to save and move your AKO email, follow NETCOM’s TTP on the Manual Exporting of AKO Email Data to Enterprise Email. This file is in Word format.

Now that I have been transferred to DoD Enterprise Email, how do I save the email that is currently in my AKO account before I lose it?

  1. 1. Set up Outlook on your computer and then set up AKO via IMAP. Create a PST and move the email to the PST.
  2. 2. Forward each email individually to your new mail.mil email address.

How do I move my contacts from AKO to DoD Enterprise Email?

Follow the instructions in this guide to export your contacts into a .csv file. You can only import a .csv file via Outlook, but you can’t import contacts into target=”_blank”>Outlook Web Apps 2010, which is the version that mail.mil currently uses. This option will become available with the rollout of Office 365 (OWA 2013). In OWA 2013, you will find the below link by clicking Options–>See All Options….

I’m retiring in the next few months, and I do not want to move to Enterprise Email. Is there a waiver I can submit so I won’t
be migrated to mail.mil?

Yes, you can opt out of email migration if you are retiring soon. Visit the AKO to Mail.mil Transition page for information on requesting a retirement waiver.

I do not have a PC at home, or I read my AKO email on a public computer. Also, I don’t have a CAC reader at home, but I need to read my email when not in my office. What are my options?

Go to the AKO to Mail.mil Transition page to obtain a waiver for these circumstances.

I live in a foreign country, such as Korea, where I cannot access mail.mil from home. What are my options?

Visit the AKO to Mail.mil Transition page for information on how to request a waiver for this reason.

I am married to another soldier (or I am a member of another soldier’s family) and I am trying to update my information on MilConnect, and I cannot get my information to show up as the Sponsor.

On the MilConnect Sign-in page, choose CAC–>Manage Account first. Do NOT choose the Logon button. Choose the Select Sponsor option, choose your own name from the drop-down menu, and choose the Save button. Then choose the Continue to MilConnect Website button on the following screen. You can then login as yourself and update your information on the MilConnect website.

I can’t access my web.mail.mil email server. Could the website be down?

You may be able to get details about the status of your DECC at https://status.mail.mil (you must use your Email or PIV certificate).

My email prompts me for my PIN over and over when I’m using Windows 8 (with built-in smart card utility) and/or ActivClient 7.0.1.x and 7.0.2.x. What can I do?

Windows 8 (with built-in smart card utility) and ActivClient 7.0.1.x/7.0.2.x do not have the option to cache your PIN (like ActivClient 6.2.x.x), and so DISA will prompt you for your PIN every time mail.mil calls for it. Installing CSSi solves this problem, and Coolkey works everywhere except for the Navy OWA. You can find information about CSSi and Coolkey on the Windows 8 support page.

  1. I cannot access my DoD Enterprise Email using Firefox.
  2. Follow the installation guidance on the Firefox page.

I am getting a “The ActiveX control needs to be enabled…” error message:

Follow the Making AKO Work with Internet Explorer guide, specifically slide 20.

I am getting a “Your S/MIME control is out of date” error message:

Make sure you have the S/MIME control installed on your system. This solution will work on 32-bit Internet Explorer only. In Internet Explorer, click Options–>See All options…–>Settings–>S/MIME. Choose Install the S/MIME control.

If you have problems installing the S/MIME, check to make sure that “Do not save encrypted pages to disk” is unchecked under Tools–>Advanced. This will only work with 32-bit Internet Explorer.

I am getting the following error: “Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.”

  1. For Windows users, go to this section for debugging information.
  2. For Mac users, check this section for possible solutions.

I am using Internet Explorer 10 on Windows 8. The New Email button on Internet Explorer 10 does not work.

The problem is an incompatible Browser Mode and Document Mode values in Internet Explorer. In order for Internet Explorer 10 in Windows 8 to work with Enterprise Email OWA, the Browser Mode can be any value from “IE7″ to “IE10″ (Regular or Compatibility Mode),and the Document Mode MUST be set to IE8 Standards or higher (such as IE9 Standards or IE10 Standards). To change the Browser or Document Mode, access the Mode Menu by pressing F12. Choose a compatible Browser Mode and Document Mode from the resulting menu.

I have reached my Enterprise Email storage limit, and I am not able to send a new mail. What are my options?

There is currently no way to increase your Enterprise EMail storage limit. You can call the Army Enterprise Service Desk at 866-335-2769 for further information.