YOU "CAN USE" YOUR CAC WITH WINDOWS 8 & 8.1
Information for Windows 8 upgraders using Parallels
NOTICE: Computers with Internet Explorer 11 (Window 8.1, 8, & 7) will have to add the OWA server [or any other websites that are not working] to the "Compatibility View Settings" by following slides 19 & 20 in this guide. You might also need to reinstall the S/MIME control. More information is available here on this subject.
To use DTS with Internet Explorer 11 on Windows 8.1, look here for instructions
People who have updated from Windows 8 to 8.1 (who were previously using ActivClient 6.2.0.x) will need to uninstall it, restart computer to be able to use your CAC now.
NEWS: The latest patch (188.8.131.528) for ActivClient 184.108.40.206 (2A below) is needed to use your CAC with Windows 8.1. In my tests it will read, but you are still prompted for your PIN quite often. I was also not able to read most emails, I could only see the header. Google Chrome would open up all except the encrypted emails since S/MIME is not compatible with anything but Internet Explorer.
NOTE: One VERY Annoying problem with using the Windows 8 & 8.1 built in Smart Card Utility [even using ActivClient 7.0.1.x / 7.0.2.x] is when accessing Outlook Web App (OWA) aka web.mail.mil. You may be prompted for your PIN constantly. Windows 7 users had the option to install ActivClient 6.2.0.x to cache their PIN. The current 6.2.0.x version of ActivClient does not work on [most people's] Windows 8 or 8.1 computers. Both Smart Card Manager & CSSi did not experience this very annoying issue for me in my tests. (Smart Card Manager is not helping some Navy personnel with the annoying PIN prompt). CSSi did require me to "activate" my CAC each time I inserted it into the reader. See #2 below for links.
NOTE: An individual emailed me stating that if you add the website you are having the constant PIN prompts from to the Intranet zone, the persistent PIN prompts went away. Here's how: Open IE, click Tools, Internet Options, Security, Local Intranet, Sites, Advanced, now enter your webmail (or other CAC site) into it. NOTE: This did not help in my tests.
The basic CAC installation on Windows 8 is no different than it is for Windows 7, Vista, or XP, other than...
1. When installing the eSign / ApproveIt software [Army users only]. The eSign / ApproveIt page has specifics.
2a. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 6.2.0.x] will need to uninstall it, restart computer to be able to use your CAC now.
2b. People who have updated from Windows 8 to 8.1 [who were previously using ActivClient 220.127.116.11] will need to update to 18.104.22.1688 (download link)
NOTE: "Some" people who have the Windows 8 / 8.1 BASIC edition [shows only as Windows 8 / 8.1] are unable to get it to work [I'm hearing of a few more each day that some people are having luck. I have not figured why some work and some don't]. So, if it doesn't work for you, you have the following three solutions:
Windows 8 uses Internet Explorer 10 or 11, Windows 8.1 uses IE 11. The same problems we had with IE 9 have crossed over to IE 10 & 11 in regards to accessing some Government websites. Follow this guide to remedy most of them.
3. Users who are still using Outlook Web Access 2003 may see this message below when trying to check their email in IE 10 & 11(this affects Windows 7, 8, & 8.1 users):
Here is what it says (if you really wanted to know :)
Internet Explorer 10 & 11 are not compatible with Outlook Web Access 2003. You can however, use Compatibility view by clicking the little 'torn paper' icon (IE 10) in the web address line. IE 11 users, look at slide 20 in this guide.
4. Users who are using Kaspersky [antivirus] and trying to get to DTS may have issues. Read more here
"This is a known issue with Java, Windows 8 and Kaspersky [antivirus].
Kaspersky is working on an automated fix, but for now try this
5. Windows RT users cannot install the DoD certificates by using the InstallRoot file. You have a different way of installing the DoD certificates, which are currently Certificate Authority (CAs) 19-32.
Right Click this link DoDRootCA19-32.p7b and select "Save Target As," save to your desktop. Right click the "DoDRootCA19-32.p7b" file and select: "Install Certificate," Next, Next, Finish, OK.
The DISA download link below only has CAs 19-30, which means it is missing CAs 31 & 32. So, if your CAC has 31 or 32, you need the file above.
NOTE: Follow this guide to clear the certificates manually since you cannot run the Cross Cert Removal Tool (only written for regular Windows).
During the install process, ActivClient 7.0.2.x needs to stop and restart
the Certification Propagation Service, but fails to do so. The install hangs
with an "Error stopping certpropsvc" and then a Retry or Cancel window.
This service MUST be stopped in order for the installation to
continue. Trying to manually stop the service using the services.msc window
does not work (something about the service not responding in a timely
Please look on the back of your CAC (above the black magnetic strip), you will see: "GEMALTO TOP DLGX4 144", "GEMALTO DLGX4-A 144", "Oberthur ID One 128 v5.5 Dual", or "G&D FIPS 201 SCE 3.2" (see examples below). Since Windows 8 has a built in Smart Card utility, you "may" be able to use your CAC without the need of ActivClient.
Which CAC do I have video
Read more about the older CACs and replacing them
If you have questions or suggestions for this site, contact Michael J. Danberry
Are you interested in subscribing to the CACNews email list?
Last Update or Review: Friday, 14 November 2014 03:55 hrs
The following domain
names all resolve to the same website: ChiefsCACSite.com,
CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us
The following domain names all resolve to the same website: ChiefsCACSite.com, CommonAccessCard.us, CommonAccessCard.info, & ChiefGeek.us