Problem
Enterprise Vault (EV) Office Mail App does not load in Outlook & OWA with the error Initialization failed.
Error Message
Additionally, in a Fiddler trace when the host makes this call “/owa/service.svc?action=ExecuteEwsProxy” the following error occurs:
{"Body":null,"ErrorMessage":"The remote server returned an error: (401) Unauthorized.","StatusCode":0,"StatusDescription":null,"WasProxySuccessful":false}
Exchange Http Proxy EWS logs (\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Ews) shows the following:
Non-working OWA request:Ews mail.ev.local /ews/exchange.asmx Bearer FALSE EWSProxy/MailApp/0cc6d075-e610-4b8a-90c6-1460e6d4d710 192.168.2.115 EXCH2019 401
Non-working Outlook request:
Ews mail.ev.local /EWS/Exchange.asmx Bearer FALSE Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5259; Pro) 192.168.2.104 EXCH2019 401
Working request should looks like this:
Working OWA request:
Ews mail.ev.local /ews/exchange.asmx Bearer TRUE S-1-5-21-3109810036-2610429583-3314573450-11632 OAuthActAsUser~actas1(smtp:2019user1@ev.local) EWSProxy/MailApp/0cc6d075-e610-4b8a-90c6-1460e6d4d710 192.168.2.115 EXCH2019 200
Working Outlook request:Ews mail.ev.local /EWS/Exchange.asmx Bearer TRUE S-1-5-21-3109810036-2610429583-3314573450-11632 OAuthActAsUser~actas1(smtp:2019user1@ev.local) Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5259; Pro) 192.168.2.104 EXCH2019 200
Cause
Enterprisevault OfficeMailApp sends Bearer authentication to Exchange EWS and it failed due to Authentication type mismatch if EWS is not configured for Oauth Authentication.
Exchange CMDlets can be used to determine the configured Authentication model for EWS.
Get-WebServicesVirtualDirectory -server ServerName | fl
For more information Microsoft documentation can be referred which recommends to set the “OAuthAuthentication” to true on the CAS Server EWS virtual directory.
https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/mail-apps-for-outlook-and-ews-in-exchange
Solution
Exchange CMDlets which can be used to add “OAuthAuthentication” to true. However, Please involve Microsoft Support Services for validation before any change.
Get-WebServicesVirtualDirectory -Server ServerName | Set-WebServicesVirtualDirectory -OauthAuthentication $true