Tuesday, May 25, 2010

How to configure AKO email on your Android phone

*Edited SEP 08, 2010 to incorporate changes and compatibility notes for different types of android phones. Should work for most Android phones now, please let me know if it didn't work for you, or if there was something different. Details of what was changed at bottom of post. Thanks for everyones input.

AKO is the army's internet site/mail server for soldiers and some DOD/contractors. These steps are written so that anyone should be able to configure this on their Android phone, but you can possibly also use the info to configure it on other phones as well. A lot of the information automatically prefills after you've entered it once, so if it's already entered, then just ignore and move on. In order for this to work you have to allow non-CAC logins from AKO. In the AKO main page select My Account dropdown menu, then select Account settings and then Change Password. There is a check mark labeled "Set CAC Only Login" that must not be selected for this to work. You may have to login to AKO with your CAC and enter a new password to do this.

Incoming Mail Settings

  1. IMAP
  2. SSL required (for the Samsung Vibrant and probably for other Galaxy S phones select SSL required - accept all certificates)
  3. The IMAP Server is imap.us.army.mil
  4. Port 993
Outgoing Mail Settings
  1. SSL required (for the Samsung Vibrant and probably for other Galaxy S phones select SSL required - accept all certificates)
  2. The SMTP server is mailrouter.us.army.mil
  3. The port is 465

NOTE The following steps are specifically for the HTC Hero, and the HTC EVO running 2.1 (and 2.2), but may also be helpful to anyone running HTC Sense or other Android phones.

The first time you open the mail client (cleverly named "Mail" under all programs) it asks you to choose a mail provider, or if you already have other email accounts setup open the mail client. Select Menu, then more, then new account, or you can select the circle with a little triangle in it at the top left of the screen and then select new account.

  1. Select "Other (POP3/IMAP)"
  2. Enter your full email address
  3. Enter your password, this is case sensitive. I click show password so I can see if I typed it wrong. Don't do this if there are spies around.
  4. Click next or manual setup, it doesn't matter because there isn't a profile built into Android for AKO, so clicking next just brings you to the manual setup screen anyways.
  5. You should now be in the incoming settings page. In the drop down menu for protocol select IMAP
  6. Enter your full email address.
  7. Enter your user name. It will probably autofill with your email address, but that isn't your username. Your username is what you use to log into AKO. As far as I know, that is your email address minus the @us.army.mil part. That's what worked for me anyways, if yours is different, please let me know in the comments.
  8. Enter your password.
  9. Enter imap.us.army.mil for the IMAP server.
  10. In the security type dropdown select SSL.
  11. The server port needs to be 993.
  12. Select "next". If it asks you about certificates (it asks the first time), accept them. It will verify account information and if you entered everything right it will bring you to the outgoing server settings.
  13. Select "Login required"
  14. Enter your username
  15. Enter your password
  16. Enter mailrouter.us.army.mil for the SMTP Server.
  17. In the security type dropdown select SSL.
  18. The server port needs to be 465.
  19. Select next. It will verify account information again, and if you entered everything right it will bring you to the Edit account page.
  20. Enter an account name. You can leave it with the default that it auto fills, or you can name it whatever you like. This name is for when you select different mail accounts. I named mine AKO, because I like coming up with unique exotic names.
  21. Enter your name.
  22. Select Finish setup.

You should now be able to send and recieve emails from your AKO email. If you aren't getting updates frequently enough (or to frequently) or if you aren't seeing certain emails in your inbox, change the Send & Receive settings by selecting Menu, then more, then settings. It also by default adds a signature to all out going emails which can be changed or stopped from General settings. Please let me know if you have any questions or suggestions.

*I edited this post to reflect the differences that my army buddy Dan pointed out. Depending if you are running straight Android, or HTC Sense, or some other user interface for Android, then the steps are going to be slightly different, so I've just added a list of the settings and then below that is the detailed steps needed specifically for the HTC Hero, the HTC EVO 4G, and in all likelyhood any HTC Android Phone with the Sense UI. Also edited to show the slight change that the Samsung Vibrant (and likely other Galaxy S phones) have to do in order to accept certificates. On my HTC Evo if someone sends a message with a digital signature from Outlook, it says mail is on the server. Tested this with a Nexus One and a Samsung Vibrant (what my friends happen to have) and neither one of those had the same problem. Seems to be an HTC thing. If you are having the same problem you can configure your email as POP, or try using K-9 mail like Pat says below. Thanks Evan for pointing out how to change the settings to POP and thanks to Pat for explaining the difference and why it's (probably) best not to use POP.

79 comments:

  1. There appears to be some slight differences between HTC Sense's mail client and the straight Android UI's mail client's layout. None the less, your instructions are sound if not in the exact order needed for my Nexus One. They did help me get my AKO set up and running.

    ReplyDelete
  2. Thanks for checking it out Dan. I changed it to make it easier for people that don't need a step by step, or that the step by step doesn't apply to the. Glad it still worked for you.

    ReplyDelete
  3. Works great on Moto Droid. Thank you for posting the info :)

    ReplyDelete
  4. Glad it worked for you, and no problem. That reminded me that I needed to add an update. The steps for the HTC Hero are exactly the same as for the HTC Evo, and probably for anyone running an HTC Android phone with Sense UI.

    ReplyDelete
  5. There is not a valid authentication, over and over no luck what about root cedrts?

    ReplyDelete
  6. Alright, apparently the army doesn't care to have valid certificates registered for any of their websites. You would think that they would be concerned about people knowing it's the legitimate website. When the window comes up saying the certificate is not from a trusted authority just say continue. It shouldn't come up again.

    If it says invalid authentication then it means that something isn't configured right. Make sure that all settings are correct including that it's IMAP, SSL, the correct ports for incoming and outgoing and also your username and password. My two mistakes that I kept making while setting this up on various peoples phones was not changing the drop down menu at the top to IMAP and not shortening the username to not include @us.army.mil. Also make sure that you allow non cac login at AKO. Does it fail for incoming, or outgoing?

    ReplyDelete
  7. @Eric T. Jones:

    It's not that the Army "doesn't care to have valid certificates registered". The difference here is that the Army is their own security certificate provider, whereas on other websites a third party (I.E. VeriSign) is used. By being their own certificate provider, they are more in control of the security certificate.

    The problem is that our browsers are configured to automatically work with these trusted third party security certificate providing companies, and users are then not usually bothered with making the decision of whether or not the certificate provider is trustable. If our browsers were configured to trust the US Army like they do these private companies, we would not be bothered with the question for our AKO email access.

    ReplyDelete
  8. Isn't the whole point of security certificates to have a third party verify that the website you are going to is authentic? You can never tell with army websites if you are going to the correct army website managing it's own certificates, or if you are being redirected to a phishing website that has an invalid certificate. So maybe I should say it this way.

    "Apparently the army doesn't care to have valid certificates registered for any of their websites" with a third party certificate authority such as Verisign. Or, if they are a valid certificate authority, they haven't worked closely with any of the main web browsers to ensure that they are recognized as one. Either way, you must click to continue or not use army websites.

    ReplyDelete
  9. Yes, you're right, it is annoying that they haven't worked with the browser distributors to have themselves be trusted.

    They instead have you to manually download the root certificate and register it with your browser (there are instructions on AKO somewhere I think). This is technically more secure because once you download it you can be sure that you should never be prompted to accept another certificate as long as you're connected to the right server. So, yes, half the point is to verify that you're connected to the right server. The other half is to encrypt the data you transmit through your browser or email client.

    ReplyDelete
  10. Thanks for sharing. I will post to the AKO/DKO Facebook page.

    ReplyDelete
  11. Thanks this was very helpful. Some of my mail won't open on my phone though. It just says "[This mail is still on the server]." Is there a way to fix this?

    ReplyDelete
  12. Cool Sheldon. Glad it worked. Didn't know that there was a Facebook page.

    David, I get the same error some times. It seems to come from certain people on mine. I think it might be when they use a digital Sig, or something like that. I've increased the size limit to max, and still they are stuck on the server. Can't figure out why. If anyone figures it out, please post here so we can all fix it.

    ReplyDelete
  13. Thank you HTC EVO 4G PERFECT works just fine man! thanks again!from Puerto Rico!!!!

    ReplyDelete
  14. I want to thank you I did get it to work on a Motorola Cliq. I had to uncheck the "check Certificates" and it worked like a charm.
    Mahalo
    B1wyatt

    ReplyDelete
  15. Something of note. If you have the problem where it says checking your account settings and then just times out, there is a workaround. Set everything as stated by Eric, except in the security type box put none instead of ssl. It will tell you you cannot connect to the server and let you hit continue. Do the same for the smtp half of the setup. Once you are through both of thes it will drop you into a newly set up empty acct. Now go back and change your setting for both servers to ssl. It will tell you there is a problem with the cert being untrusted. We know about the dod connundrum already so hit continue and it will be added to your cert store. Hope this helps. See ya on the high ground!

    SySfS

    ReplyDelete
  16. Thanks this worked with my EVO tonight.

    ReplyDelete
  17. I am attempting to log on but with the now...does the new TLS1 security changes that started last month affect it?

    ReplyDelete
  18. Carrie, I just checked mine to verify that it works. I can send and receive emails and my phone is still set to SSL. I tried TLS and couldn't get it to work. I guess that they haven't switched ako mail yet. If it stops working anytime soon, that's probably a good place to look for fixing it.

    Glad it's helping everyone out.

    ReplyDelete
  19. --------------------------------------------------------------------------------

    I live in the New York area...from day one of having Motorola Droid, the phone could not connect to AKO (settings confirmed); communication error. Strangely, when I was down in South Carolina recently, AKO miraculously worked (flawlessly). Returned through Chicago, and AKO no longer works.

    Verizon what gives? Come clean. Marginal 3G coverage in these metro areas?....are we being misled?

    I have done the science experiment...AKO works, setting are correct; Do we all have to move to South Carolina?

    ReplyDelete
  20. I have an HTC Incredible and tried your direction on how to set up my device with AKO about a hundred times and it still doesn't work. What in the world am I doing wrong here. Does it just not work with the incredible? Please help me.

    ReplyDelete
  21. Chad,
    I'm not sure why it's not working for you, it should work on the Incredible just fine, in fact it should be pretty close to identical following the steps. I guess the first trouble shooting step would be, can you log into your ako account on a computer with out using a CAC card?

    The second step would be to verify that all of the settings are configured exactly right. There are some defaults that are filled in that aren't correct like your username doesn't have .us.army.mil on it, port numbers, etc. Without seeing it, it's going to be hard to trouble shoot, but I'll do my best. One thing that I find helps me to solve problems like this, is to have a friend look at the steps and have them try to configure it. Usually when I'm stuck on something, it's a simple mistake that I'm doing over and over again. Let me know what you find, and I'll see if I can help.

    ReplyDelete
  22. Thanks!!! It worked for my HTC EVO

    ReplyDelete
  23. Keeps force closing on my nexus one. Any suggestions. The settings are correct because i had two emails in my inbox and they show up on the phone. Once it new messages begin to load it force closes.

    ReplyDelete
  24. Michael,
    That sounds like an issue with your email app, than an issue with your ako account. I would try restarting the phone, and don't use any kind of task killer. You may be unintentionally killing a task necessary for your email app to work. Try checking emails after that, and let me know if it works.

    Do you have other email accounts set up? If so, do they work fine? That would narrow it down to the email app, or AKO.

    ReplyDelete
  25. The problems people are experiencing are because by are using IMAP settings. set up Ako on your Android using POP instead. AKO is native pop server, and you will not encounter the "mail is still on server" and other problems. Set it up almost the same as the IMAP settings, only use pop.us.army.mil (ssl) and smtp.us.army.mil (ssl), respectively. As always, ports will set themselves. I don't know why all the "how to's" are using IMAP. This should fix most everyone's problems.

    ReplyDelete
  26. Evan,
    Thanks! I tried it the way you said, and it works much better. No more messages stuck on the server. I'm going to rewrite the post with those settings.

    The reason that my guide had it set up using IMAP was because at the time I started setting up AKO I had no idea how to do it. I came across a guide for setting it up on a black berry. I set up my phone, it worked (mostly) and I forgot about it. When I got an Android, I copied the settings from my old phone. I put my settings that worked on the blog so that I would have a record of how to do it myself, and also to share. Can't speak for any of the other guides, but I'm sure it's something similar. Thanks again.

    ReplyDelete
  27. As an avid Android user and also as the chief engineer for AKO/DKO Mail, I just wanted to chime in on this thread.

    I have never had an issue using IMAP to connect to my AKO account from my Droid. The benefit of using IMAP is that all messages stay on the server. If you use POP (without setting the "leave messages on the server" option) then if you lose or wipe your phone, you lose all of your messages. IMAP is a more advanced protocol that allows you to sync your messages to your device, so you should always see the same mailbox regardless of which client you are using (phone, Outlook, Thunderbird, AKO Webmail.)

    I believe the "this message is still on the server" message is caused by certain digitally signed messages. There are two ways to sign a message - clear and opaque. Clear-signed messages appear in normal, plain text and have a .p7s attachment that contains the signature. These types of messages appear correctly in the stock Android mail app (even though it cannot decode and verify the signatures.) All good mail clients generate clear-signed messages.

    Opaque signed message, however, encode the entire message and the signature into one .p7m attachment. (Outlook is notorious for doing this, however the behavior is configurable.) From some initial googling, these are the type of e-mails that cause the "this message is still on the server" message. However, I have just configured the stock e-mail app on my Droid (with Android 2.2) for AKO access and I cannot reproduce this message - opaque signed messages show up as empty with a .p7m attachment (which cannot be viewed, unfortunately.)

    A while back I switched to a free app called K-9 mail for my non-gmail accounts, including AKO, and it works great. It's basically a fork of the stock android mail app, with enhancements (see http://code.google.com/p/k9mail/wiki/FeatureList) I highly recommend it.

    As for the DoD certificates: Mike P is correct. DoD chooses to operate its own PKI infrastructure. Adding the root certificates to your Windows key store is a simple process. Instructions can be found on AKO on the CAC resource page. For Android, just select the security type "SSL - accept all certificates" when configuring the account.

    One final note - the outgoing SMTP server for AKO is officially called "mailrouter.us.army.mil", not smtp.us.army.mil. The latter is an alias for the former, and is probably working with the given instructions due to the "accept all certificates" setting. Usually having a certificate not match the given hostname will cause at least a popup warning, our outright failure, depending on how strict the security settings are.

    ReplyDelete
  28. Worked great! Thanks for your assistance. Excellent step-by-step
    instructions..:)

    Ms. Anna Alvarez

    ReplyDelete
  29. Thanks for your help Pat. After a bunch of testing from outlook to various phones it appears that the stock mail client on HTC phones using sense even blocks clear-signed messages. K-9 works fine though. Updated the post again to reflect that most people should be using IMAP.

    F Anna Alvarez - Glad it worked for you, as you can see by all the other posts I've had a lot of help.

    ReplyDelete
  30. I liketo use the K-9 Mail client for AKO, since it can show pictures and other attachements to the email. the HTC mail client...doesn't

    ReplyDelete
  31. Thanks , Works completely fine, very much Apperciated.

    ReplyDelete
  32. Thanks! I was able to follow your instructions exactly and setup AKO on my new Verizon HTC Incredible in just a few minutes!

    Nice job!

    ReplyDelete
  33. I found your website trying to set up my HTC Hero. My only problem is when I try to log in or click next from incoming settings screen it says loggin failed that my user name or password are incorrect and thats impossible since I just change my password. So if you know of any reason it would say that I would appreciate all the help. Thanks in advance.

    ReplyDelete
  34. Make sure that you remove @us.army.mil from your username and be careful typing your password. It's easy to enter the wrong password because the numbers and special characters aren't in the same place as a normal keyboard. I recommend logging on with password to AKO to make sure it works, and write down the password so its harder to get wrong. Destroy the paper afterwards. Also make sure you accept certificates.

    ReplyDelete
  35. Thanks for the info I did all that but it still says authentication failed. Not really sure what other options I might have besides resetting password again maybe

    ReplyDelete
  36. Are you able to log into AKO from a computer without using a CAC card? If that works fine, then its some setting that isn't right. SSL selected? Hard for me to check over the web. Have a friend take a look to see if they can notice something small you are overlooking.

    ReplyDelete
  37. I recently recieved a a Motorola Droid X running version 2.2. I've setup the AKO IMAP email account as listed above but i cannot send an email. The emails just sits in the Outbox with no errors displayed. I have no problems receiving email into the phone and the IMAP setup appears to be working great as i can delete an email on either my computer or Droid and the email will be deleted on both devices. I've been using IMAP on my computer for years with little to no problems. I've gone over the Outgoing Server settings a hundered times with no luck. The SMTP is set for "mailrouter.us.army.mil", Port 465, standard username without the @us.army.mil, password is correct, and Use Secure Connection and Verify Certificate are checked. I'm open for suggestions. The GMAIL side of the Droid is working fine. thanks.

    ReplyDelete
  38. That's a tough one. Only few things I can think to do are to see if maybe there is a select SSL if available instead of always? Delete the account from your email client and try again, maybe its a weird glitch. Try k-9 to see if your account is fine and that your email client is bad. I read on one of these other Android AKO forums that Motorola busted active exchange when they did 2.2. Might have to use another app until its fixed. Not sure how true it is. Good luck.

    ReplyDelete
  39. Yes, my concern is that it's an issue with the 2.2 OS. I had also read in another blog of one individual who experianced issues with his AKO following 2.2 download but i really thought if was an issue with the 2.2 OS that more folks would be complaining. I'll try removing the account and starting again. After that i'll go with a third party app. I'll let you know what i find out. thanks.

    ReplyDelete
  40. hay Thanks,
    there where some slight
    differences with the LG Ally but I was able to tweek it, but this put me in the ballpark so thanks for the posting. this will make life so easy cause PlTSGT sends alot of info thru emails so thanks again for the info

    ReplyDelete
  41. No problem, glad it worked for you. If you post what the differences are I'll add them above just in case someone can't figure it out like you did.

    ReplyDelete
  42. Just wanted to chime in here as an HTC Droid Incredible user. I've had the phone for about 4 months now and here are my observations.

    The HTC Mail client on 2.1 was bugged and would not accept any certificates, making AKO a no-go (use K-9 instead). On any 2.2 build, the follow issues come up:

    IMAP - Occasional emails cannot be read from server. While I consider IMAP to be superior to POP, not being able to read an email is a show-stopper. This means that I need to physically login to the desktop webmail client, which doesn't work well if at all from my phone.

    POP - "Delete from server" is buggy. Some messages stay on the server, others don't This means that every so often, I need to log in to clear out my inbox.

    For me, I chose the lesser of two evils, having to check the client occasionally to clear out trash as opposed to being forced to check it from emails signed by my boss's outlook client. With the hTC Mail app, POP > IMAP. I will, however, try K-9 as suggested earlier.

    ReplyDelete
  43. The only trouble I had was the first time I did it I got the security cert warnings.... and of course it didn't work. I deleted the account, started over and it worked immediately. I have the HTC Incredible running 2.2

    ReplyDelete
  44. Thank you!!!! The instructions above worked perfectly on my HTC EVO!

    ReplyDelete
  45. Very nice instructions. Now I can definitely stay on top of things a little better with it going to my phone. Thanks for putting this out there!!!

    ReplyDelete
  46. For my Droid2, everything was the same except the security certificates shouldn't be checked. Once I unchecked that, it worked. Thanks!

    ReplyDelete
  47. Thank you, works perfectly on a Samsung Focus!

    ReplyDelete
  48. Perfect on my HTC Incredible II

    ReplyDelete
  49. Worked perfectly on my Sanyo Zio running Froyo. Thanks!

    ReplyDelete
  50. Worked perfectly for my Samsung Galaxy S

    ReplyDelete
  51. I have an moto atrix and cannot get AKO to work for anything.

    ReplyDelete
  52. Hey Tim, what doesn't work? Is it incoming, outgoing? Does it have entirely different settings than how its described above? Are you able to login on a computer without a cac card? I can try to help, but I need more specifics, especially if you get any kind of errors.

    To everyone else, I'm glad that this is working and has helped so many people! I can't believe its still relevant. I was originally doing this just to help myself remember it, and thought I would share, so its quite a surprise how many people it has helped.

    ReplyDelete
  53. BTW, all of these instructions have also been on the AKO Help pages since early last year.

    ReplyDelete
  54. That's good instigator, when i made this, it wasn't on ako, or if it was, I couldn't find it. I guess that means they approve of us accessing ako from our phones.

    ReplyDelete
  55. Not quite...


    http://militarycac.com/mobile.htm

    ReplyDelete
  56. Thanks for the detailed instructions. I was struggling with opening digitally signed emails. I changed the incoming server to POP and it worked like a charm.

    I have an advise for those who use Droid Mail app and want to change Reply-to email address. Most of the posts say you can't do this (but you can). Change the AKO email (joeshmoe@us.arm.mil) to the desired one (joeshmoe@gmail.com) in the account settings. The app will warn that the other account will be removed and all data will be lost. Select ok. Keep the rest of the configuration the same - username/pswd, servers (imap.us.army.mil/mailrouter...), port numbers, etc. Note, you other settings (mail size, notifications, signature, etc) will revert to default. You'll have to set it again. When senders hit reply to your email, it will go to the new address.

    Reply back if you have trouble.

    ReplyDelete
  57. Thanks this helped out, it was not the exact order for my G2x but it was the info i needed to get it set up.

    ReplyDelete
  58. For DROID X you have to uncheck the verify certificate to get it to work, both in incoming and outgoing. otherwise the setting above worked well. Thanks!

    ReplyDelete
  59. Exactly as Caleb said! Works great on my DroidX! Thanks for the tips guys :D

    ReplyDelete
  60. Unable to connect to mailrouter.us.army.mil on Droid Bionic.

    All settings as Rx'd.

    ReplyDelete
  61. This comment has been removed by the author.

    ReplyDelete
  62. I have a question, I followed the steps you set and it worked but now how do i set up the icon for my phone to go to send emails and check them threw the droid market? i have a HTC inspire

    ReplyDelete
  63. I have an HTC EVO and it works great for me, thx forr the instruction

    ReplyDelete
  64. I have a HTC Inspire and I am having no luck doing this. Any help would greatly be appreciated.

    ReplyDelete
  65. The order of the settings might be different, but if you fill out all of the above the same, it should work. Make sure that the default username doesn't have the @us.army.mil on it. For the SSL, I usually select use if available, but some phones need use always. Also make sure that you have enabled non CAC login from AKO, it's under my account, change password. There is a little checkbox, make sure it isn't checked.

    ReplyDelete
  66. Are these settings same for all the android phones ? I haven't tried all these settings yet and is having a Samsung galaxy model. Please do guide me, Thanks in advance.
    electronic signature software

    ReplyDelete
  67. Works Great for HTC One S

    ReplyDelete
  68. WORKS GREAT MAN!!!! THANK YOU VERY MUCH!

    ReplyDelete
  69. This worked for me on a Verizon Samsung Galaxy Nexus.

    ReplyDelete
  70. i very much appreciate the help with establishing the email. ive been trying for awhile now. worked flawlessly for my HTC Inspire 4G.

    ReplyDelete
  71. ok the Setting for Samsung Exhibit will work. thanks for the info

    ReplyDelete
  72. Worked perfectly for HTC Sensation. Thanks for your help.

    ReplyDelete
  73. I have the HTC EVO Shift and the phone's default mail program was unable to view AKO e-mails there were digitally signed from a Microsoft Outlook exhange sever as it forwarded to my phone....I tried all the setting variations with no success. Yet in the end, the K-9 mail app proved to be the fix and a much more rapid mail program....however, the only negative comment that I would add is that there is no internal spell check mechanism (unless I missed it) as compared to the orginal app. Overall, thanks for the input, advice and help....I am now 100% mobile with work all the time.

    ReplyDelete
  74. Glad this post is still helping people out. I have the HTC EVO 4G LTE now, and it has problems with digitally signed emails too. I just use K9, with the only problem being their ugly icon.

    ReplyDelete
  75. Thanks. I have an LG Ally. It worked without any hickups whatsoever.
    Ben

    ReplyDelete
  76. Thank you. It worked perfectly on my Galaxy S3

    ReplyDelete
  77. I have a problem on the Galaxy S3. We are using Outlook with office 365. When we receive a dod signed email, it shows invalid signature and certificate not installed message.
    How to fix this?

    ReplyDelete