introduction

This page was created to help users access AVHE medical applications and DEE Webmail from home.

Please follow all these instructions in order.

They are.

Very.

Important.

If, after following the instructions, you find yourself stuck, send me an e-mail. My contact information is in the Outlook Global. I'm the only Jacob Wessler in there.

Good luck!!
Jacob

what CAC reader should I get?

Get one of these two CAC readers. (click the links to shop at Amazon. These are NOT affiliate links. I don't make any money from you clicking them.)

Stay away from the SCR331. It's pretty old and doesn't play well with the current setup.
It looks like this:

SCR3500 USB reader

enable your CAC reader

info for macOS 10.15 cantalina and later

For macOS 10.15 (Cantalina) and later, you CANNOT install a CAC enabler. The operating system has built-in software to read your CAC. This built-in feature works...um...variably.

Go to this article from militarycac.com and follow the instructions to remove any old CAC enablers you may have installed on your computer.

If you have disabled the included SmartCard services in macOS 10.13 Sierra or later, you will need to re-enable those services. Those instructions are at the very bottom of this page in NOTE3.

If you computer is BRAND NEW computer with macOS 10.15 or later and you have never installed a CAC enabler on it - DON'T INSTALL ONE.

If you have macOS 10.15 (Cantalina) or later, you can skip to the AVHE links.

installing software

Apple has a safety feature called Gatekeeper. This program prevents you from installing potentially dangerous software. Basically, any software that is NOT sold directly from Apple is considered dangerous. In order to install certain programs (like the CAC reader software and CITRIX), you may need to disable Gatekeeper.

Go to this article from Apple to learn how to disable Gatekeeper or bypass it for one application. If you disable it, please re-enable it after installing CITRIX.

It's safer that way.

Now that you have a CAC reader, you may have to install some software to make it work with your Mac.

To find your operating system, click the Apple icon in the top left corner of your screen and select "About this Mac." The pop-up will tell you what version is installed (ex: Version 10.15.4).

Remember this version because you will need it when downloading the CAC enabling software.

In general, if your CAC is a Gemalto, download Smart Card Services.
If your CAC is an Oberthur, download CACKey.
PKard has its apostles but you have to buy the software (~$40). I have had success with CACKey for the past 8 years. You should not need to pay for PKard, but it is available as a last resort.

Go to this site and find the right CAC enabler for your CAC and your operating system.

Now that you have the software installed, you should make sure it works. Put your CAC in the reader and then open Keychain Access. Above the login item in the top left corner should be your name or PIV_II or something.

Click ONCE on that listing (you cannot unlock your CAC card...nor do you need to) - if you can see a bunch of certificates, some with your name and some without, then you were successful. If not, go back and download a different enabler.

AVHE

AVHE stands for Application Virtual Hosting Environment. It uses the CITRIX Receiver web plugin to allow access to specific applications.

Those applications are AHLTA, CHCS, and Essentris.

AVHE is replacing VMWARE and soon you should be able to log on to a virtual computer at your command and access network folders as well as encrypted e-mail through Outlook.

setting up AVHE

download CITRIX receiver

Moving along now.

We need to download the CITRIX software. Because the software is changing so often, I will direct you to the CITRIX site to download the appropriate software

Click here to go to the CITRIX downloads page

Once there, select "CITRIX Receiver" from the "Select Product..." drop down then select "Receiver for [YOUR OPERATING SYSTEM HERE]" from the list.

Download the newest version of CITRIX Receiver and install it.

mac only - disabling gatekeeper

Apple has a safety feature called Gatekeeper. This program prevents you from installing potentially dangerous software. Basically, any software that is NOT sold directly from Apple is considered dangerous. In order to install certain programs (like the CAC reader software and CITRIX), you may need to disable Gatekeeper.

Go to this article from Apple to learn how to disable Gatekeeper or bypass it for one application. If you disable it, please re-enable it after installing CITRIX.

It's safer that way.

You should be able to move to the next step now. OCCASIONALLY, some users have had problems getting CITRIX Receiver to work. If that is the case for you (and you have followed ALL of the steps above with no success), select "Legacy Client Software" from the Download Type and click Find. Download the "Online Plug-in..." file and install it. You should uninstall CITRIX Receiver first.

At this point, restart your computer.

Seriously. Do it.

Now.

connect to AVHE

This is the option for clinical applications. This means AHLTA, CHCS, and Essentris.

It is called the Application Virtualization Hosting Environment and it is supplied by DHA.

This system uses CITRIX Receiver to run applications on your desktop.

Connect to AVHE using this link:

You will be presented with a drop-down asking you to select your CAC certificate.

DOD E-mail certificate selection

Select the DOD ID CA-XX certificate. (the numbers may be different for your CAC card. That's okay.)

THIS STEP HAS CHANGED! We used to log in with the DOD E-MAIL certificate but now we use the DOD ID certificate. Go figure.

Mac users will be presented with a dialog box asking for Keychain access. This is asking for your CAC PIN. Do not enter your computer password here. It is your 6-8 number CAC PIN.

CAC Password

Next you will see the DOD Consent Banner. Click Accept.

DOD Consent Banner

If everything worked out, you should see a page wtih two shortcuts: AVHE Support and DHAGSC Remedy Phone number (This is the DHA Global Service Center (GSC) Helpdesk phone number).

My page has additional apps already added in.

Favorites page

This is your Favorites tab. You can see Favorites at the top middle of the page.

Next to Favorites is the Apps tab. Click on Apps to find your site-specific application shortuts.

Type your MTF in the search box to filter the apps.

The site knows which AHLTA application to give you based on your MTF. The name may not match. For example, Langley users will see the Portsmouth AHLTA app when they type in Langley. That's because Langley AFB is on the same CHCS/AHLTA host as Portsmouth.

CITRIX Folders

Click the Details button of the app you want to use.

AHLTA App details

Click the "Add to Favorites" button to add this app to your Favorites tab.

Click the Open button to launch the app.

Click around. Have fun. You have just successfully set up AVHE at home.

how do i log off?

To log off, close all your open applications. You can select CITRIX then Quit CITRIX for any open Receiver applications.

Make sure you click the Log Off button at the top of the screen.

CITRIX Logoff

connect to webmail

Webmail allows you to read your Defense Enterprise E-mail (DEE) from home.

Unfortunately, on a Mac, you cannot send/read encrypted e-mail or access your personal folders.

Here is the link:

Accept the DoD Consent Banner.

Use your DoD E-mail CAC certificate.

The rest is pretty straightforward.

troubleshooting

There are a lot of things that can go wrong with the above process. Software will change frequently and the system can often get confused.

If you find that your system WAS working but now is NOT, think about anything that might have changed.

Did you:

Any one of these might change your system.

The first step is to troubleshoot your CAC/reader combination. Try logging on to DTS or MyPay. If you can get in there, your problem is with AVHE. If you can't get in there, then the problem is with your CAC/reader combination. Start at the beginning of these instructions and work through them again.

mac only - clear your keychain

Sometimes, your computer gets confused on which CAC certificate it should present to the server. The easiest way to fix this problem is to delete the keychain preference. You should do this if you notice that you are having trouble logging on when things were working before and you didn't change any of the above things.

Open Keychain

Find any reference to web.mail, web-mail, or AVHE. Click on those entries and delete them.

Keychain clear

Go back to WebMail or AVHE and try logging in again.

Remember to use your DOD ID CA-XX certificate.

thanks

I hope you found this useful. If you have any comments or critiques, please send me an e-mail. I'm in the global.

Jacob Wessler
Lt Col, USAF

versions

I'll keep a running list of version changes here so you can come back and see what has changed if you find you are having problems.

version 2.0uploaded 21 FEB 20

Refresh of all instructions
Reduced information as the process is simpler now
Added info on macOS 10.15 Cantalina and later
Added DOD Certificates in Troubleshooting

version 1.1uploaded 08 AUG 18

Updated URL
Updated screenshots
Added screenshots for Favorites
Fixed all instances of the "CAC card" tautology (Ugh...)
Version 1.1 Archive

version 1.0uploaded 20 OCT 15

Website created
Version 1.0 Archive