Enterprise Vault™ Administrator's Guide
- About this guide
- Managing administrator security- About administrator security
- Roles-based administration- About the predefined roles
- Roles and the Enterprise Vault Administration Console
- Roles-based administration (RBA) and the classification feature
- Roles and Enterprise Vault Operations Manager
- Roles and Enterprise Vault Reporting
- Working with predefined RBA roles
- Customizing RBA roles
- Determining your current role entitlements
- Resetting all roles and assignments
 
- Using permissions to control access
- Changing the Vault Service account
 
- Day-to-day administration- Monitoring the system status
- Monitoring application logs
- About Exchange mailbox archiving reports
- Monitoring MSMQ queues
- About starting or stopping tasks or services
- Checking logs with the Windows Event Viewer
- Monitoring journal mailboxes
- About monitoring disks
- About maintaining the SQL databases
- Using SQL AlwaysOn availability groups
- About managing vault store groups and sharing
- About managing safety copies
- About managing partition rollover
- Recovering deleted items
- About expiry and deletion
- Working with retention categories and retention plans- Creating a retention category
- About retention plans
- Creating retention plans
- Applying retention plans to your Enterprise Vault archives
- About the PowerShell cmdlets for working with retention plans
- How retention plans affect storage expiry
- Setting up retention folders
 
- About maintaining provisioning groups
- Enabling archiving for new mailboxes
- About applying or removing legal holds on selected archives
- About moving archives- How Move Archive works
- About moving mailbox archives within a site
- About moving mailbox archives between sites
- About moving journal archives within a site
- About configuring Move Archive
- Running Move Archive
- Monitoring Move Archive
- Deleting archives after Move Archive
- Managing Move Archive operations with Failed and Error statuses
- Move Archive reporting and monitoring
 
- Deleting an archive
- PowerShell cmdlets for managing archives
- PowerShell cmdlets for managing archive permissions
- Deleting a vault store
- Setting a system message
- About index volumes
- Moving the directory database
- Moving a vault store database
- Moving a fingerprint database
- Moving the Monitoring database
- Moving the auditing database
- Changing the Vault Service account password
 
- Using Enterprise Vault for records management- Introducing records management
- About records and non-records
- How Enterprise Vault marks items as records
- Setting up the required record types
- Setting the default record type for users
- Allowing users to change the record types of individual items
- Using the classification feature for records management
- Potential conflicts between EVPM and the classification feature
- Common configuration scenarios
- Searching archives for items marked as records
- Viewing the records management settings for one or more archives
- Exporting items from archives
 
- Automatically filtering events
- Managing indexes- About the indexing wizards
- Managing indexing exclusions
- Viewing details of index volumes
- About the indexing PowerShell cmdlets
 
- Advanced Domino mailbox and desktop policy settings- About the advanced policy settings for Domino mailbox and desktop policy
- Editing the advanced settings for Domino mailbox and desktop policy
- Domino mailbox policy advanced settings- Archiving General: Domino mailbox policy- Action for failed items (Domino Archiving General setting)
- Archive draft items (Domino Archiving General setting)
- Lookup e-mail addresses (Domino Archiving General setting)
- Reset archive names (Domino Archiving General setting)
- Strip attachments to non-shortcut items (Domino Archiving General setting)
 
 
- Archiving General: Domino mailbox policy
- Domino desktop policy advanced settings
 
- Advanced Exchange mailbox and desktop policy settings- About the advanced Exchange mailbox and desktop settings
- Editing the advanced Exchange mailbox and desktop settings
- Exchange mailbox policy advanced settings- Archiving General (Exchange mailbox policy advanced settings)- Archive deleted items (Exchange Archiving General setting)
- Archive draft items (Exchange Archiving General setting)
- Archive Exchange Managed Folders (Exchange Archiving General setting)
- Archive naming convention (Exchange Archiving General setting)
- Archive unexpired Calendar Events (Exchange Archiving General setting)
- Code pages for right-to-left custom shortcuts (Exchange Archiving General setting)
- Do not archive pending reminders (Exchange Archiving General setting)
- Encode custom body using appropriate code pages (Exchange Archiving General setting)
- Future item retention category (Exchange Archiving General setting)
- Include default and anonymous permissions (Exchange Archiving General setting)
- Inherited permissions (Exchange Archiving General setting)
- Maximum message size to archive in MB (Exchange Archiving General setting)
- Pending shortcut timeout (Exchange Archiving General setting)
- Reset archive names (Exchange Archiving General setting)
- Set failed messages 'Do Not Archive' (Exchange Archiving General setting)
- Strip attachments to non-shortcut items (Exchange Archiving General setting)
- Synchronize folder permissions (Exchange Archiving General setting)
- Text direction indicator for custom shortcuts (Exchange Archiving General setting)
- Valid Enterprise Vault site aliases (Exchange Archiving General setting)
- Warn if default or anonymous permissions exist (Exchange Archiving General setting)
 
 
- Archiving General (Exchange mailbox policy advanced settings)
- Exchange desktop policy advanced settings- Office Mail App (Exchange desktop policy advanced settings)
- Outlook (Exchange desktop policy advanced settings)- Add server to intranet zone (Exchange Outlook setting)
- Allow script in public folders (Exchange Outlook setting)
- Allow script in shared folders (Exchange Outlook setting)
- Allow shortcut copy (Exchange Outlook setting)
- Alternative Web Application URL (Exchange Outlook setting)
- Automatically delete IE file cache (Exchange Outlook setting)
- Automatically re-enable Outlook add-in (Exchange Outlook setting)
- Deploy forms locally (Exchange Outlook setting)
- Display notifications (Exchange Outlook setting)
- Display Office Apps on original items (Exchange Outlook setting)
- Folder properties visible (Exchange Outlook setting)
- Force form reload on error (Exchange Outlook setting)
- Forward original item (Exchange Outlook setting)
- Limit automatic re-enabling of add-in (Exchange Outlook setting)
- Mailbox properties visible (Exchange Outlook setting)
- Mark PST files (Exchange Outlook setting)
- Message properties visible (Exchange Outlook setting)
- Outlook Add-In behavior (Exchange Outlook setting)
- Policy lookup locations (Exchange Outlook setting)
- Preserve message class (Exchange Outlook setting)
- Preserve message class (for content class) (Exchange Outlook setting)
- Prevent disabling of Outlook Add-In (Exchange Outlook setting)
- Printing behavior (Exchange Outlook setting)
- PST Import pause interval (Exchange Outlook setting)
- PST Import work check interval (Exchange Outlook setting)
- PST search interval (Exchange Outlook setting)
- Public Folder operations (Exchange Outlook setting)
- Remove PST entries (Exchange Outlook setting)
- Remove server from intranet zone (Exchange Outlook setting)
- Reply behavior (Exchange Outlook setting)
- RPC over HTTP restrictions (Exchange Outlook setting)
- Search behavior (Exchange Outlook setting)
- Shortcut download progress (Exchange Outlook setting)
- Soft deletes (Exchange Outlook setting)
- Use proxy settings (Exchange Outlook setting)
- Web Application URL (Exchange Outlook setting)
 
- OWA versions before 2013 (Exchange desktop policy advanced settings)- Archive confirmation (Exchange OWA versions before 2013 setting)
- Archive subfolders (Exchange OWA versions before 2013 setting)
- Basic archive function (Exchange OWA versions before 2013 setting)
- Basic restore function (Exchange OWA versions before 2013 setting)
- Delete shortcut after restore (Exchange OWA versions before 2013 setting)
- External Web Application URL (Exchange OWA versions before 2013 setting)
- Forward mode (Exchange OWA versions before 2013 setting)
- Location for restored items (Exchange OWA versions before 2013 setting)
- Open mode (Exchange OWA versions before 2013 setting)
- OWA 'Archive Policy' context menu option (Exchange OWA versions before 2013 setting)
- Premium archive function (Exchange OWA versions before 2013 setting)
- Premium restore function (Exchange OWA versions before 2013 setting)
- Reply mode (Exchange OWA versions before 2013 setting)
- 'Reply To All' mode (Exchange OWA versions before 2013 setting)
- Restore confirmation (Exchange OWA versions before 2013 setting)
- 'Search Vaults' in Basic OWA client (Exchange OWA versions before 2013 setting)
- 'Search Vaults' in Premium OWA client (Exchange OWA versions before 2013 setting)
- View mode (Exchange OWA versions before 2013 setting)
- Web Application alias (Exchange OWA versions before 2013 setting)
 
- Vault Cache (Exchange desktop policy advanced settings)- Download item age limit (Exchange Vault Cache setting)
- Lock for download item age limit (Exchange Vault Cache setting)
- Manual archive inserts (Exchange Vault Cache setting)
- Offline store required (Exchange Vault Cache setting)
- Pause interval (Exchange Vault Cache setting)
- Per item sleep (Exchange Vault Cache setting)
- Preemptive archiving in advance (Exchange Vault Cache setting)
- Root folder (Exchange Vault Cache setting)
- Root folder search path (Exchange Vault Cache setting)
- Show Setup Wizard (Exchange Vault Cache setting)
- Synchronize archive types (Exchange Vault Cache setting)
- WDS search auto-enable (Exchange Vault Cache setting)
 
- Virtual Vault (Exchange desktop policy advanced settings)- Max archive requests per synchronization (Exchange Virtual Vault setting)
- Max attempts to archive an item (Exchange Virtual Vault setting)
- Max data archived per synchronization (Exchange Virtual Vault setting)
- Max delete requests per synchronization (Exchange Virtual Vault setting)
- Max item size to archive (Exchange Virtual Vault setting)
- Max item updates per synchronization (Exchange Virtual Vault setting)
- Max total size of contentless operations (Exchange Virtual Vault setting)
- Max total size of items to archive (Exchange Virtual Vault setting)
- Show content in Reading Pane (Exchange Virtual Vault setting)
- Threshold number of items to trigger synchronization (Exchange Virtual Vault setting)
- Threshold total size of items to trigger synchronization (Exchange Virtual Vault setting)
- Users can archive items (Exchange Virtual Vault setting)
- Users can copy items to another store (Exchange Virtual Vault setting)
- Users can copy items within their archive (Exchange Virtual Vault setting)
- Users can hard delete items (Exchange Virtual Vault setting)
- Users can reorganize items (Exchange Virtual Vault setting)
 
 
 
- Advanced Exchange journal policy settings- Editing the advanced Exchange journal policy settings
- Archiving General (Exchange journal policy advanced settings)- ClearText copies of RMS Protected items (Exchange Archiving General setting)
- Expand distribution lists (Exchange Archiving General setting)
- Failed DL expansion behavior (Exchange Archiving General setting)
- Inherited permissions (Exchange Archiving General setting)
- Journal delay (Exchange Archiving General setting)
- Maximum message size to archive in MB (Exchange Archiving General setting)
- Pending shortcut timeout (Exchange Archiving General setting)
- Queue Journal items (Exchange Archiving General setting)
- Reset archive names (Exchange Archiving General setting)
- Return failed items to inbox (Exchange Archiving General setting)
 
 
- Advanced Exchange public folder policy settings- Editing advanced Exchange public folder settings
- Archiving General (Exchange public folder policy advanced settings)- Archive unexpired Calendar Events (Exchange Archiving General setting)
- Code pages for right-to-left custom shortcuts (Exchange Archiving General setting)
- Do not archive pending reminders (Exchange Archiving General setting)
- Inherited permissions (Exchange Archiving General setting)
- Maximum message size to archive in MB (Exchange Archiving General setting)
- Pending shortcut timeout (Exchange Archiving General setting)
- Set failed messages 'Do Not Archive' (Exchange Archiving General setting)
- Strip attachments to non-shortcut items (Exchange Archiving General setting)
 
 
- Advanced SMTP policy settings
- Site properties advanced settings- About site properties advanced settings
- Editing site properties advanced settings
- Site properties advanced settings- Content Conversion (site properties advanced settings)- File types excluded from conversion (site properties Content Conversion setting)
- File types converted to text (site properties Content Conversion setting)
- File types for Postscript conversion (site properties Content Conversion setting)
- File types for OCR conversion (site properties Content Conversion setting)
- File types for IFilter conversion (site properties Content Conversion setting)
- Conversion timeout (site properties Content Conversion setting)
- Conversion timeout for archive file types (site properties Content Conversion setting)
- Include hidden text (site properties Content Conversion setting)
- Include hidden spreadsheet data (site properties Content Conversion setting)
- Show spreadsheet border (site properties Content Conversion setting)
- Show metadata properties (site properties Content Conversion setting)
- Maximum conversion size (site properties Content Conversion setting)
- Include metadata properties (site properties Content Conversion setting)
- OCR language (site properties Content Conversion setting)
- OCR optimization (site properties Content Conversion setting)
- Log conversion failure events (site properties Content Conversion setting)
- Log fallback to text events (site properties Content Conversion setting)
- Log conversion timeout events (site properties Content Conversion setting)
- Log file type not recognized events (site properties Content Conversion setting)
- Log maximum conversion size exceeded events (site properties Content Conversion setting)
- OCR Conversion of embedded images (site properties Content Conversion setting)
- File types for OCR conversion of embedded images (site properties Content Conversion setting)
- OCR conversion of scanned pages (site properties Content Conversion setting)
 
- File System Archiving (site properties advanced settings)- Age-based retention of report (site properties File System Archiving setting)
- Days to keep report (site properties File System Archiving setting)
- Location of the report (site properties File System Archiving setting)
- Maximum size of report for rollover (site properties File System Archiving setting)
- Name of the folder shortcut file (site properties File System Archiving setting)
- NetApp C-Mode server certificate verification (site properties File System Archiving setting)
- NetApp C-Mode server port number (site properties File System Archiving setting)
- NetApp C-Mode server transport type (site properties File System Archiving setting)
 
- IMAP (site properties advanced settings)
- Indexing (site properties advanced settings)- Allowed index location characters (Site Properties Indexing setting)
- Index Group server preference for mailboxes (Site Properties Indexing setting)
- Maximum concurrent indexing tasks (Site Properties Indexing setting)
- Maximum consecutive failed items (Site Properties Indexing setting)
- Maximum update errors (Site Properties Indexing setting)
- Search Cache Permissions (Site Properties Indexing setting)
- Search Max Attempts When Engine Busy (Site Properties Indexing setting)
- Search Max Folders For Specific Folder Optimization (Site Properties Indexing setting)
- Search Specific Folder Optimization (Site Properties Indexing setting)
- Search VSA Can Search All Archives (Site Properties Indexing setting)
- Text limit for custom properties (Site Properties Indexing setting)
 
- Skype for Business (site properties advanced settings)
- SQL Server (site properties advanced settings)
- SMTP (site properties advanced settings)- Delete messages without recipients or a matching target (Site Properties SMTP setting)
- List of internal SMTP domains (Site Properties SMTP setting)
- Log action when a message does not contain any archiving-enabled target (Site Properties SMTP setting)
- Selective Journal Archiving (Site Properties SMTP setting)
 
- Storage (site properties advanced settings)- Additional StorageOnlineOpns instances (Site Properties Storage setting)
- Maximum classification content size (Site Properties Storage setting)
- Maximum expiry errors per archive (Site Properties Storage setting)
- Transaction history (Site Properties Storage setting)
- Update frequency for Information Classifier configuration file (Site Properties Storage setting)
 
 
- Content Conversion (site properties advanced settings)
 
- Computer properties advanced settings- About computer properties advanced settings
- Editing computer properties advanced settings
- Computer properties advanced settings- Agents (computer properties advanced settings)
- File System Archiving (computer properties advanced settings)- NetApp C-Mode server certificate verification (Computer properties File System Archiving setting)
- NetApp C-Mode server port number (Computer properties File System Archiving setting)
- NetApp C-Mode server transport type (Computer properties File System Archiving setting)
- Use site settings for NetApp C-Mode server configuration (Computer properties File System Archiving setting)
 
- IMAP (computer properties advanced settings)
- Indexing (computer properties advanced settings)- Create multiple Index Locations (Computer Properties Indexing setting)
- Empty index volume deletion limit (Computer Properties Indexing setting)
- Force Indexing Engine Shutdown (Computer Properties Indexing setting)
- Frequency of checks for failed volumes (Computer Properties Indexing setting)
- Frequency of checks for index volumes to process (Computer Properties Indexing setting)
- Frequency of full checks for index volumes to process (Computer Properties Indexing setting)
- Indexing Engine Query Service Port (Computer Properties Indexing setting)
- Indexing Execution Timeout (Computer Properties Indexing setting)
- Indexing Max Request Length (Computer Properties Indexing setting)
- Indexing memory throttling threshold (Computer Properties Indexing setting)
- Maximum child process shutdown time (Computer Properties Indexing setting)
- Maximum child process startup time (Computer Properties Indexing setting)
- Maximum concurrent indexing capacity (Computer Properties Indexing setting)
- Maximum indexing application pool start time (Computer Properties Indexing setting)
- Maximum indexing engine shutdown time (Computer Properties Indexing setting)
- Maximum indexing engine startup time (Computer Properties Indexing setting)
- Maximum item wait time (Computer Properties Indexing setting)
- Maximum items in a file system index volume (Computer Properties Indexing setting)
- Maximum items in a journal index volume (Computer Properties Indexing setting)
- Maximum items in a mailbox index volume (Computer Properties Indexing setting)
- Maximum items in a public folder index volume (Computer Properties Indexing setting)
- Maximum items in a shared index volume (Computer Properties Indexing setting)
- Maximum items in a SharePoint index volume (Computer Properties Indexing setting)
- Maximum items in an index volume (Computer Properties Indexing setting)
- Maximum items in an internet mail index volume (Computer Properties Indexing setting)
- Search HTTP Service Path (Computer Properties Indexing setting)
- Search HTTP Service Port (Computer Properties Indexing setting)
- Search HTTP Service Requires SSL (Computer Properties Indexing setting)
- Search Log Queries (Computer Properties Indexing setting)
- Search Log Results (Computer Properties Indexing setting)
- Search Logs Folder (Computer Properties Indexing setting)
- Search Maximum Threads (Computer Properties Indexing setting)
- Search Minimum Threads (Computer Properties Indexing setting)
- Search Performance Counters Enabled (Computer Properties Indexing setting)
 
- Storage (computer properties advanced settings)- Compress savesets (Computer Properties Storage setting)
- Keep classification files (Computer Properties Storage setting)
- Maximum concurrent active connections (Computer Properties Storage setting)
- Maximum vault stores for concurrent storage expiry processing (Computer Properties Storage setting)
- Number of threads per vault store for storage expiry processing (Computer Properties Storage setting)
- Threshold for number of queued items (Computer Properties Storage setting)
- Threshold for remaining disk space (Computer Properties Storage setting)
 
 
 
- Task properties advanced settings
- Advanced Personal Store Management properties
- Classification policy advanced settings
- Managing the Storage queue
- Automatic monitoring- About automatic monitoring
- Monitoring in Site Properties
- About monitoring using Enterprise Vault Operations Manager
- About monitoring using MOM
- About monitoring using SCOM
 
- Managing extension content providers
- Exporting archives
- Enterprise Vault message queues
- Customizations and best practice- Mailbox archiving strategies- About mailbox archiving strategies
- Notes on archiving based on age
- Notes on archiving based on quota or age and quota
- Notes on archiving items from Exchange Server 2010 managed folders
- Archiving items only if they have attachments
- How to customize the Enterprise Vault settings for a journal mailbox
- Disabling archiving for mailboxes
 
- Public folder archiving best practice
- About performance tuning
 
- Mailbox archiving strategies
- Failover in a building blocks configuration- About Enterprise Vault services in building blocks configurations
- Extra requirements for building blocks
- Updating service locations after failover
- Additional actions after failover for FSA Archiving
- Additional actions after failover for SMTP Archiving
- Additional actions after failover for Skype for Business Archiving
 
- Appendix A. Ports used by Enterprise Vault
- Appendix B. Useful SQL queries
- Appendix C. Troubleshooting- Installation problems
- Microsoft SQL Server problems
- Server problems
- Client problems
- Problems enabling or processing mailboxes
- Problems with Vault Cache synchronization- Viewing the Vault Cache Diagnostics page
- About Vault Cache Diagnostics
- Advanced use of Vault Cache Diagnostics
- Exporting results
- Client synchronization status text
- Identifying and resolving Vault Cache issues on the Enterprise Vault server
- Identifying and resolving Vault Cache issues on an end-user computer
- Examining IIS log files
 
- Problems with Enterprise Vault components- Troubleshooting: All tasks and services- Task or service fails to start: all tasks and services
- Failed to create MAPI session: all tasks and services
- Error creating or opening an MSMQ message: all tasks and services
- User does not have access to an archive: all tasks and services
- Tasks or services stop because of low system resources: all tasks and services
 
- Troubleshooting: File System Archiving
- Troubleshooting: Directory service
- Troubleshooting: Exchange archiving or Journaling tasks
- Troubleshooting: Restoring items
- Troubleshooting: Indexing
- Troubleshooting: Storage service- Storage Service does not start: Storage service
- Failing to create queues: Storage service
- Failure to access queues: Storage service
- Cannot create vault stores: Storage service
- Cannot perform archive, restore, replay, online operations: Storage service
- Cannot archive: Storage service
- Exchange messages stay as Archive pending: Storage service
- Messages are not restored: Storage service
- Error creating a vault store: Storage service
 
- Troubleshooting: Shopping service
- Troubleshooting: Web Access application
- Troubleshooting: Enterprise Vault Operations Manager and the Monitoring database
- Troubleshooting: Enterprise Vault Reporting and FSA Reporting
- Specific problems
- Restoring items for users
 
- Troubleshooting: All tasks and services
- Techniques to aid troubleshooting- Veritas Quick Assist
- Running on Demand: Run Now
- Use the Exchange mailbox archiving reports
- Moved Items report from the Exchange Mailbox task
- Running DTrace from the Administration Console
- Using the Deployment Scanner
- Creating a mail message that contains the Outlook Add-In log
- How to modify registry settings
 
- About moving an Indexing service
 
- Appendix D. Enterprise Vault accounts and permissions
Extra requirements for building blocks
The following extra requirements apply to building blocks configurations:
- If the active server hosts an Indexing service, then the failover server must have an Enterprise Vault server cache configured. 
- The Enterprise Vault Storage queue location must be on a file system that is a common shared location between the associated building blocks servers. 
- The Enterprise Vault cache location must have the same path on each Enterprise Vault server. The cache location is local to each server but the name must be the same to prevent errors after a failover. For example, all servers can have a cache location of - D:\MyCache.
- Each building blocks server can include a local Storage service. The storage files and index files must be stored on a file system that is shared with the associated building blocks servers. 
- You must install and configure the Enterprise Vault SMTP Archiving components on any building blocks server that is to support SMTP Archiving. 
- SMTP Archiving and Skype for Business Archiving use the SMTP Archiving task. If an SMTP Archiving task is running on both the active server and the failover server, then two SMTP Archiving tasks run on the failover server after you run Update Service Locations. For this reason, the SMTP holding folder path on the active server and failover server must be different. 
- You must log on to the active Enterprise Vault server using the Vault Service account, or an account that has been assigned to the Power Administrator role. - If Enterprise Vault needs to create a service on the failover server, you are prompted to log on using the Vault Service account, even if you use an account that is assigned to the Power Administrator role. 
- You must assign the user account the SC_MANAGER_ALL_ACCESS access right for the Service Control Manager (SCM) on all Enterprise Vault servers in the Enterprise Vault site. For more information, see Service Security and Access Rights, available at the following address on the Microsoft website: - https://msdn.microsoft.com/en-gb/library/windows/desktop/ms685981(v=vs.85).aspx 
- To secure Enterprise Vault servers, install on each server a certificate obtained from a trusted authority. The certificate must include the fully qualified DNS alias of the other Enterprise Vault servers in the building blocks configuration. These server names should be added to the certificate as subject alternative names. - By default in a new installation of Enterprise Vault 12.3 or later, Enterprise Vault configures HTTPS on port 443, and enables SSL on each Enterprise Vault virtual directory in IIS. If no valid certificate exists, the configuration wizard creates and uses a self-signed certificate for the HTTPS binding. You should regard this certificate as a temporary measure, until you install a certificate from a trusted authority. - The self-signed certificate created by Enterprise Vault configuration does not include the names of the other Enterprise Vault servers in the building blocks configuration. You can create a replacement self-signed certificate using a certificate tool, such as OpenSSL. To include subject alternative names in an OpenSSL certificate, you need to use the configuration file, - openssl.cnfwith the OpenSSL command. In the- [v3_req]section of configuration file, list the fully qualified DNS alias of the other Enterprise Vault servers in the- subjectAltNamesection, as shown in the following example:- [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = evserver1.example.local DNS.2 = evserver2.example.local DNS.3 = evserver3.example.local DNS.4 = evserver4.example.local- In the Default Web Site in IIS, replace the automatically generated, self-signed certificate with the SAN version that you have created.