Enterprise Vault Office Mail App fails to initialize due to Authentication type mismatch

book

Article ID: 100049607

calendar_today

Updated On:

Description

Error Message

Additionally, in a Fiddler trace when the host makes this call “/owa/service.svc?action=ExecuteEwsProxy” the following error occurs:
 
{"Body":null,"ErrorMessage":"The remote server returned an error: (401) Unauthorized.","StatusCode":0,"StatusDescription":null,"WasProxySuccessful":false}

Exchange Http Proxy EWS logs (\Program Files\Microsoft\Exchange Server\V15\Logging\HttpProxy\Ews)  shows the following:

Non-working OWA request:
Ews mail.ev.local /ews/exchange.asmx  Bearer FALSE    EWSProxy/MailApp/0cc6d075-e610-4b8a-90c6-1460e6d4d710 192.168.2.115 EXCH2019 401

Non-working Outlook request:

Ews  mail.ev.local  /EWS/Exchange.asmx    Bearer  FALSE  Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5259; Pro)  192.168.2.104  EXCH2019  401

Working request should looks like this:

Working OWA request:

Ews  mail.ev.local  /ews/exchange.asmx  Bearer  TRUE  S-1-5-21-3109810036-2610429583-3314573450-11632  OAuthActAsUser~actas1(smtp:2019user1@ev.local)  EWSProxy/MailApp/0cc6d075-e610-4b8a-90c6-1460e6d4d710  192.168.2.115  EXCH2019  200

Working Outlook request:
Ews  mail.ev.local  /EWS/Exchange.asmx  Bearer  TRUE  S-1-5-21-3109810036-2610429583-3314573450-11632  OAuthActAsUser~actas1(smtp:2019user1@ev.local)  Microsoft Office/15.0 (Windows NT 10.0; Microsoft Outlook 15.0.5259; Pro)  192.168.2.104  EXCH2019  200

Cause

Enterprisevault OfficeMailApp sends Bearer authentication to Exchange EWS and it failed due to Authentication type mismatch if EWS is not configured for Oauth Authentication.

Exchange CMDlets can be used to determine the configured Authentication model for EWS.

Get-WebServicesVirtualDirectory -server ServerName | fl

For more information Microsoft documentation can be referred which recommends to set the “OAuthAuthentication” to true on the CAS  Server EWS virtual directory.

https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/mail-apps-for-outlook-and-ews-in-exchange

Resolution

Exchange CMDlets which can be used to add “OAuthAuthentication” to true.  However, Please involve Microsoft Support Services for validation before any change.

Get-WebServicesVirtualDirectory -Server ServerName | Set-WebServicesVirtualDirectory -OauthAuthentication $true

 

Issue/Introduction

Enterprise Vault (EV) Office Mail App does not load in Outlook & OWA with the error Initialization failed.
Powered by Wolken Software