Attempting to initialize Veritas Information Classifier fails with an error about failing to read the list of enabled policies.

Problem

Running the Initialize-EVClassificationVIC PowerShell commandlet fails with an error about failing to read the list of enabled policies.

Error Message

Error in the Enterprise Vault Managment PowerShell window:
     Initialize-EVClassificationVIC : Failed to read the list of enabled policies from Veritas Information Classifier.  One or more errors occurred.
     At line:1 char:1
     + Initialize-EVClassificationVIC -PoliciesPath \\EVServer\VicPolicies
     + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo                         :     NotSpecified:     (:)     [Initialize-EVClassificationVIC], Exception
          + FullyQualifiedErrorId     :     System.Exception.Symantec.EnterpriseVault.PowerShell.Commands.EVClassificationVICPS

Error in Dtrace log of the powershell process:
(powershell)     <Pipeline Execution Thread:22188>     EV-H     {VICRestClient.GetVICStateForComputer}
Exception: One or more errors occurred.
Info:
Diag: Type:System.AggregateException
ST:
    at System.Threading.Tasks.Task.ThrowIfExceptional(Boolean includeTaskCanceledExceptions)|   
    at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)|   
    at System.Threading.Tasks.Task`1.get_Result()|   
    at EnterpriseVault.StorageClassifierLibrary.VICRestClient.GetVICStateForComputer(String computerName)
    Inner:System.Net.Http.HttpRequestException: An error occurred while sending the request.
     ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
     ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.|   
    at System.Net.TlsStream.EndWrite(IAsyncResult asyncResult)|   
    at System.Net.PooledStream.EndWrite(IAsyncResult asyncResult)|   
    at System.Net.ConnectStream.WriteHeadersCallback(IAsyncResult ar)|   
    --- End of inner exception stack trace ---|   
    at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)|   
    at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)|   
    --- End of inner exception stack trace ---

Cause

The Classification feature in Enterprise Vault (EV) releases 12.2.x and 12.3.x is known as Veritas Information Classifier 2.0 (VIC 2.0).  Initializing VIC 2.0 requires the following prerequisites:

1. Installation of Microsoft's File Server Resource Manager, which is used to administer the File Classification Infrastructure (FCI) that is built into Windows Server 2012 and later releases, only if any of the following conditions are needed:
   1. The customer intends to use both File Classification Infrastructure and VIC 2.0.
   2. The customer intends to access the Classification Policies, Rules and Tags were created in File Classification Infrastructure in order to obtain their properties to create matching Policies, Rules and Tags in VIC 2.0 in order to replace the File Classification Infrastructure Policies, Rules and Tags..
2. Installation of Microsoft's Data Classification Toolkit if using Vic 1.0 along with VIC 2.0 or if importing VIC 1.0 rules into VIC 2.0.
3. Defining an Enterprise Vault Server Cache Location.
4. Defining a Data Access Account that is a domain level account that is not a member of any Administrators group (local or domain).
5. A shared resource to contain the VIC policies, rules and tags definition files.  This resource must be accessible by the Data Access Account with the ability to create and modify files.
6. Running a PowerShell commandlet 'Initialize-EVClassificationVIC' in the EV Management PowerShell window.  This PowerShell commandlet requires the argument '-PoliciesPath' that specifies the shared resourse to be used.

When the Initialize-EVClassificationVIC PowerShell commandlet with the argument '-PoliciesPath' is run, the following initial actions take place:

1. A check is made for the presence of the specified shared resource.
2. If the shared resource is available, the permissions on the share and file level are checked to enaure the Data Access Account can write and modify files.
3. The web access for VIC 2.0 is checked to see if it can be accessed.

The cause of this issue is that EV has been configured for secure communications using https web addresses without importing the certificate into the EV server's web browser prior to attempting to initialize VIC 2.0.

Solution

Install the security certificate into the EV server's web browser.  For information on securing VIC 2.0 for secure communications, review the section titled "Configuring the Veritas Information Classifier for secure client connections" in Chapter 2 (Preparing Enterprise Vault for classification) of the 'Classification_using_VIC.pdf' file located on the EV server in the Enterprise Vault installation folder > Documents folder > language specific folder > Administration Guides folder (default location for the English version is 'C:\Program Files (x86)\Enterprise Vault\Documentation\English\Administration Guides\English\Classification_using_VIC.pdf').

For more information about the Veritas Information Classifier, see the following documents located in the Enterprise Vault installation folder's Documentation folder's language sub-folders:

1. Enterprise Vault Classification using the Microsoft File Classification Infrastructure (Filename: Classification_using_FCI.pdf)
2. Enterprise Vault Classification using the Veritas Information Classifier (Filename: Classification_using_VIC.pdf)