Search This Blog

Loading...

Saturday, May 25, 2013

Check your NMCI Outlook E-mail at Home (Windows 7)

I recently needed to send an e-mail from my @navy.mil address but did not want to drive the 25 minutes in to work just to fire off a letter and then come back home.  Hopefully this tutorial helps out users of the NMCI network who want to send e-mail from their personal computer.  Please be advised that even though you are able to view your Outlook account from your laptop, you should be completely certain you are on a trusted network prior to proceeding (ie, don't do this from Starbucks or a shared network WiFi hotpsot).  A trusted network is one that you own, has WPA encryption (NOT WEP, a proven unsecure and obsolete technology), and that you are fully aware has no unauthorized users connected.

Requirements:
CAC / PKI Reader
Windows 7 for this tutorial; it is possible on other platforms, but not covered in this article
Installed DoD certificates (covered in this article)


  1. Verify / change your Internet Options (Control Panel > Network and Internet > Internet Options)
    1. In the Advanced tab, scroll down to the Security section.  The following items should be selected:
      1. Check for publisher's certificate revocation
      2. Check for server certificate revocation
      3. Check for signatures on downloaded programs
      4. Enable DOM storage
      5. Enable Integrated Windows Authentication
      6. Enable native XMLHTTP support
      7. Use SSL 2.0
      8. Use SSL 3.0
      9. Use TLS 1.0
      10. Warn about certificate address mismatch
      11. Warn if POST submittal is redirected to a zone that does not permit posts
    2. If others are selected, that may be okay, but if you have issues come back to this step, click "Restore advanced settings", and then check "Use SSL 2.0".
  2. Download and install the DoD certificates:http://dodpki.c3pki.chamb.disa.mil/rootca.html
    1. Chrome is not supported, so use Firefox or, I hate to say it, Internet Explorer (remember, this is the DoD we are talking about here, so they probably are not aware that Chrome exists and that IE is full of security vulnerabilities)
    2. Follow the instructions on that page.  For step 2: For me, there were quite a number of certificates to install for the first link.  In lieu of installing each one separately, I highlighted all except the "Intermediate Certification Authorities" towards the bottom, pressed the Enter key, and installed.  Once those are installed, select the Intermediate Certification Authorities and install those per the instructions.  Not sure if that actually installs all of them, but I can view my Outlook, so something worked.  If you later find out that you cannot access your account, come back to this step and install each one independently.
  3. Plug in your CAC reader.  If this is your first time, let it finish installing the drivers.
  4. Insert your CAC.
  5. Go to the NMCI Webmail link based on where you are stationed:
    1. (This step does allow the use of Chrome!)
    2. If you are unaware of the domain you connect to, look at your work computer and see what it connects to (Ctrl-Alt-Del screen)
    3. When it asks which certificate to use, use your email certificate.
      1. NADSUSEA (Navy East): https://webmail.east.nmci.navy.mil
      2. NADSUSWE (Navy West, including Pearl Harbor): https://webmail.west.nmci.navy.mil
      3. NADSUSEA NCIS COI (Navy NCIS): https://webmail.ncis.nmci.navy.mil
      4. NAVSOC / Navy Special Warfare: https://owa2.navsoc.socom.mil/Exchange
      5. NMCI-ISF (Navy ISF): https://webmail.isf.nmci.navy.mil
      6. PADS (Navy PADS): https://webmail.pacom.mil
      7. PADS (Navy PACOM SMR Users): https://webmail.exceptions.pacom.mil
      8. Navy Medical: https://webmail.med.navy.mil
    4. To see the original list, go to https://www.homeport.navy.mil/links/owa-navy-links
      1. For this page, select your non-email certificate.
    5. If none of these links work for you, try https://webmail.nmci.navy.mil/exchange as a last resort.  Use your e-mail certificate for this link.
If you found this helpful but in need of a correction / addition, please leave a comment and let me know.

If you have errors, try the following:
  1. Go back to Step 2 and install each certificate individually
  2. Perform Step 1.(2).
  3. Close your browser, open Internet Options in Control Panel > Network and Internet
    1. General tab: Browsing History: Delete... : temporary internet files, cookies
    2. Security tab: Ensure the Internet icon is selected, drag the bar down to Medium. Ensure Enable Protected Mode is checked
    3. Privacy: Drag the cookies bar to Medium
    4. Content: Click Clear SSL state
    5. Advanced tab: Click Restore advanced settings, and then check Use SSL 2.0
  4. Open browser and attempt again
  5. If it still does not work, Clear SSL state again, and then uncheck Use SSL 2.0.