AVHE Access Instructions v2.2

created by Jacob M. Wessler
contact info in the Outlook Global
Last Updated: Mar 31, 2020

introduction | mac & pc

This page was created to help users access AVHE medical applications and DEE Webmail from home.

It was originally intended to help Mac users access these applications but I have added some information for Windows users as well.

I know it can get technical and a bit wordy, but please try to follow these instructions in order and do specifically what they ask you to do.

Each blue section header is labeled with Mac and PC so you know if the section applies to your platform.

We have to get your computer set up with a very specific configuration to work correctly. That takes a little bit of work.

Good luck!!
Jacob

what CAC reader should I get? | mac & pc

Get one of these two CAC readers. (click the links to shop at Amazon. These are NOT affiliate links. I don't make any money from you clicking them.)

PC USERS - Some folks still have success with the SCR331. But, you'd be safer buying a new one.
MAC USERS - Stay away from the SCR331. It's pretty old and doesn't play well with the current setup.
It looks like this:

enable your CAC reader | mac

Before we talk about CAC enablers, we need to know which version of macOS you are running.

To find your operating system, click the Apple icon in the top left corner of your screen and select "About this Mac." The pop-up will tell you what version is installed (ex: Version 10.15.4).

If you have macOS 10.15 or later, read the below subsection. If you have 10.14 or earlier, skip this subsection and move down a bit.

 

If you're reading this, then you have macOS 10.14 or EARLIER installed (Mojave, High Sierra, Sierra, etc). If you have macOS 10.15 (Catalina) installed READ THE PART ABOVE FOR macOS 10.15!!!

Now that you have a CAC reader, you have to install some software to make it work with your Mac.

To choose the right software, we need to know if you have a Gemalto or an Oberthur CAC. Look on the back at the top of the card. There is a small strip of numbers and words. Look for Gemalto or Oberthur.

Go to this site and find the right CAC enabler for your CAC type and your Mac operating system.

In general, if your CAC is a Gemalto, you will download Smart Card Services.
If your CAC is an Oberthur, you will download CACKey.
PKard is an option (and has its apostles) but you have to buy the software (~$40). I have had success with CACKey for the past 8 years. You can likely get away without having to pay for PKard, but it is available as a last resort.

Now that you have the software installed, you should make sure it works. Plug your reader into your computer, put your CAC in the reader, and open Keychain Access. (Click the magnifying glass in the top right of your screen and type in Keychain. Select Keychain Access) Above the login item in the top left corner should be your name or PIV_II or something similar (depending on your CAC).

Click ONCE on that listing (you cannot unlock your CAC card...nor do you need to) - if you can see a bunch of certificates, some with your name and some without, then you were successful. If not, go back and download a different enabler. Make sure that enabler works with your CAC and macOS version.

dod certificates | mac & pc

This has become one of the biggest hurdles for new users to get over.

Make sure you follow these instructions closely. If you have already installed the DoD Certificates and you are getting SSL or connection errors, please install the certificates again using these links and these instructions.

These DoD certificates are DIFFERENT than the certificates on your CAC. You need to have the right DoD certificates installed on your computer in order for your computer to talk to the DoD servers.

In order for the security handshake to work, your computer needs to have the DOD certificates installed so it can decrypt the messages sent from the DOD servers. It's pretty complicated stuff but the DOD servers encrypt information with their SECRET certificates and then your computer decrypts that information with the DOD PUBLIC certificates.

The DOD updates their certificates every now and then and you need to make sure that you have the most current certificates installed and trusted on your computer.

ONLY INSTALL DoD CERTIFICATES FROM MILITARYCAC.COM. ALL OTHER SOURCES DON'T HAVE THE RIGHT CERTIFICATES!!

Mac Users - Those instructions are here. Install all the certificates and follow the instructions for trusting those certificates.
PC Users - Those instructions are here. You are looking for the InstallRoot program. I download the .MSI version and then run it on the computer. It walks you through the correct steps.

If you are still having troubles after downloading the DOD certificates, install them again and make sure that they are all trusted.

download CITRIX | mac & pc

Moving along now.

We need to download the CITRIX software to talk to the AVHE servers. Because the software is changing so often, I will direct you to the CITRIX site to download the latest software.

Click here to go to the CITRIX downloads page.

Once there, click on the "Select Product..." drop-down and select "CITRIX Workspace App" from the list. On the next page, select "Workspace App for Mac" or "Workspace App for PC" from the list.

Download the newest version of CITRIX Workspace App and install it.

Note: Previous versions of these instructions used CITRIX Receiver. This product is now dated and CITRIX has replaced it with the Workspace App. If you used Receiver in the past, download and use the Workspace App.

When the CITRIX Workspace App first runs, it will ask you to ADD AN ACCOUNT. Just close the program. There is no account to add and any e-mail you put in there is not going to work. You do not need to add an account so don't worry about trying.

You should be able to move to the next step now. OCCASIONALLY, some users have had problems getting CITRIX Receiver to work. If that is the case for you (and you have followed ALL of the steps above with no success), select "Legacy Client Software" from the Download Type and click Find. Download the "Online Plug-in..." file and install it. You should uninstall CITRIX Receiver first.

AVHE | mac & pc

AVHE stands for Application Virtual Hosting Environment and is used to connect to clinical applications. This means AHLTA, CHCS, and Essentris.

This system uses the CITRIX Workspace App to run applications on your desktop.

You already installed CITRIX, right?

RIGHT?!

Okay...good.

 

You can connect to AVHE using this link: https://avhe.health.mil

Note: AVHE links used to be site specific. This is no longer the case. One URL for EVERYONE!

You will be presented with a drop-down asking you to select your CAC certificate.

Select your PIV certificate (DOD ID CA-XX; the numbers may be different for your CAC. That's okay.)

THIS STEP HAS CHANGED! We used to log in with the DOD E-MAIL certificate but now we use the DOD PIV certificate. Go figure.

Mac users will be presented with a dialog box asking for Keychain access. This is asking for your CAC PIN. Do not enter your computer password here. It is your 6-8 number CAC PIN.
PC users will be presented with a dialog box that looks like the one at work. Make sure you select your authentication certificate.

Next you will see the DOD Consent Banner. Click Accept.

If everything worked out, you should see a page with two shortcuts: AVHE Support and DHAGSC Remedy Phone number (This is the DHA Global Service Center (GSC) Helpdesk phone number).

My page has additional apps already added in.

This is your Favorites tab. You can see Favorites at the top middle of the page.

Next to Favorites is the Apps tab. Click on Apps to find your site-specific application shortcuts.

Type your MTF in the search box to filter the apps.

The site knows which AHLTA application to give you based on your MTF. The name may not match. For example, Langley users will see the Portsmouth AHLTA app when they type in Langley. That's because Langley AFB is on the same CHCS/AHLTA host as Portsmouth.

Click the Details button of the app you want to use.

Click the "Add to Favorites" button to add this app to your Favorites tab.

Click the Open button to launch the app.

Click around. Have fun. You have just successfully set up AVHE at home.

connect to DHA Desktop | mac & pc

Some users will have the DHA desktop available to them. This will depend on whether your MTF is using the DHA desktop and whether you have signed up for a CDP account. If you used to use VMWare, you might have a DHA Desktop account.

If you see a DESKTOPS button at the top of your AVHE page, then you DO have access. Click that button and you'll go to the DHA Desktop page.

From there, click on the DHA Desktop - [YOUR MTF HERE]. I have not seen a difference between the Portsmouth 2016 and Portsmouth NAVMED options. I do NOT use the Portsmouth TEST desktop, though.

This Desktop will allow you to work on a desktop that looks just like your desktop at work. You can access all network applications (e.g. Synapse) and network shares (like your H: drive or any department/division drives). Since you're using regular Microsoft Outlook, you CAN send and receive encrypted e-mail.

connect to webmail

Webmail allows you to read your Defense Enterprise E-mail (DEE) from home.

Mac Users - You cannot send/read encrypted e-mail or access your personal folders using webmail.
PC Users - You can read and send encrypted e-mail if you install the S/MIME extension. Unfortunately, I do not know how to do that. See Note 7-1 for more information.

Here is the link: https://web.mail.mil

Accept the DoD Consent Banner.

Use your DoD PIV certificate.

The rest is pretty straightforward.

troubleshooting | mac & pc

There are a lot of things that can go wrong with the above process. Software will change frequently and the system can often get confused.

If you find that your system WAS working but now is NOT, think about anything that might have changed.

Did you:

• Get a new CAC?
• Get a new computer?
• Download new software?
• Update your computer software?

Any one of these might change your system.

The first step is to troubleshoot your CAC/reader combination. Try logging on to DTS or MyPay. If you can get in there, your problem is with AVHE. If you can't get in there, then the problem is with your CAC/reader combination. Reinstall your CAC enabler to see if that fixes things. (DO NOT reinstall/install a CAC enabler if you are on macOS 10.15 Catalina or later)

thanks

I hope you found this useful. If you have any comments or critiques, please send me an e-mail. I'm in the global.

Jacob Wessler
Lt Col, USAF

versions

I'll keep a running list of version changes here so you can come back and see what has changed if you find you are having problems.