Error Message

As the self-signed certificate is trusted only on the Exchange server, the mailbox will not be enabled for archiving.

You need to import the self-signed certificate used by the Exchange server to the Enterprise Vault server.

Export the certificate file from the Exchange Server

1. On an Exchange server, open the Start menu, type mmc in the Search box, and press Enter to run mmc.exe.
2. On the File menu, click Add/Remove Snap-in.
3. Double-click Certificates, select Computer Account, and click Next.
4. Select Local Computer, and click Finish.
5. Click OK.
6. Expand the Certificates node.
7. Click Trusted Root Certification Authorities > Certificates node. Right-click the certificate with the friendly name as Microsoft Exchange and select All Tasks > Export.
8. Click Next on the Certificate Export Wizard page.
9. On the Export Private Key page, select No, do not export the private key.
10. Make sure that DER encoded binary X.509 (.CER) is selected, and click Next.
11. On the File to Export page, enter a name for the certificate file.
12. Click Finish to exit the wizard.

Import the certificate file to the Enterprise Vault server

1. Copy the certificate file that you exported in Step 11 on the Enterprise Vault server, which hosts the Exchange Provisioning Task and the Exchange Archiving Task.
2. On Enterprise Vault server, open the Start menu, type mmc in the Search box, and press Enter to run mmc.exe.
3. On the File menu, click Add/Remove Snap-in.
4. Double-click Certificates, select Computer Account, and click Next.
5. Select Local Computer, and click Finish.
6. Click OK.
7. Expand the Certificates node.
8. Under the Trusted Root Certification Authorities node, right-click Certificates and select All Tasks > Import.
9. On the File to Import page, select the certificate file.
10. On the Certificate Store page, select Place all certificates in the following store and select  Trusted Root Certification Authorities.

The Exchange Mailbox feature does not work if you have installed Outlook 2016 Click-to-run (32-bit) on the Enterprise Vault server that is configured to use self-signed certificates.