Enterprise Vault Office Mail App fails to initialize due to Authentication type mismatch

Article: 100049607
Last Published: 2023-04-07
Ratings: 0 0
Product(s): Enterprise Vault

Problem

Enterprise Vault (EV) Office Mail App does not load in Outlook & OWA with the error Initialization failed.

Error Message

Additionally, in a Fiddler trace when the host makes this call “/owa/service.svc?action=ExecuteEwsProxy” the following error occurs:
 
{"Body":null,"ErrorMessage":"The remote server returned an error: (401) Unauthorized.","StatusCode":0,"StatusDescription":null,"WasProxySuccessful":false}

Exchange Http Proxy EWS logs (\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Ews)  shows the following:

Non-working OWA request:
Ews mail.ev.local /ews/exchange.asmx  Bearer FALSE    EWSProxy/MailApp/0cc6d075-e610-4b8a-90c6-1460e6d4d710 192.168.2.115 EXCH2019 401

Non-working Outlook request:

Ews  mail.ev.local  /EWS/Exchange.asmx    Bearer  FALSE  Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5259; Pro)  192.168.2.104  EXCH2019  401

Working request should looks like this:

Working OWA request:

Ews  mail.ev.local  /ews/exchange.asmx  Bearer  TRUE  S-1-5-21-3109810036-2610429583-3314573450-11632  OAuthActAsUser~actas1(smtp:2019user1@ev.local)  EWSProxy/MailApp/0cc6d075-e610-4b8a-90c6-1460e6d4d710  192.168.2.115  EXCH2019  200

Working Outlook request:
Ews  mail.ev.local  /EWS/Exchange.asmx  Bearer  TRUE  S-1-5-21-3109810036-2610429583-3314573450-11632  OAuthActAsUser~actas1(smtp:2019user1@ev.local)  Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5259; Pro)  192.168.2.104  EXCH2019  200

Cause

Enterprisevault OfficeMailApp sends Bearer authentication to Exchange EWS and it failed due to Authentication type mismatch if EWS is not configured for Oauth Authentication.

Exchange CMDlets can be used to determine the configured Authentication model for EWS.

Get-WebServicesVirtualDirectory -server ServerName | fl

For more information Microsoft documentation can be referred which recommends to set the “OAuthAuthentication” to true on the CAS  Server EWS virtual directory.

https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/mail-apps-for-outlook-and-ews-in-exchange

Solution

Exchange CMDlets which can be used to add “OAuthAuthentication” to true.  However, Please involve Microsoft Support Services for validation before any change.

Get-WebServicesVirtualDirectory -Server ServerName | Set-WebServicesVirtualDirectory -OauthAuthentication $true

 

Was this content helpful?