Exchange Hybrid (Teams Calendar missing)

Just to add an update here:

As the only thing you can find is basically to create the Oauth Setup Manually we tried this also.
So we deleted and recreated the configuration like described here https://learn.microsoft.com/de-de/exchange/configure-oauth-authentication-between-exchange-and-exchange-online-organizations-exchange-2013-help.

The only difference we noticed is that HCW uses AuthMetadataUrl "https://accounts.accesscontrol.windows.net/7b85e921-3452-4ddc-a14b-77xxxxxxxxxx/metadata/json/1" and "https://autodiscover-s.outlook.com/autodiscover/autodiscover.svc" as IntraOrganizationConnecter while the manual uses "https://login.microsoftonline.us/domain.mail.onmicrosoft.com/metadata/json/1" and "https://outlook.office365.com/autodiscover/autodiscover.svc"

However, after this has been finished the issue is exactly the same. So it seems Oauth is not really the issue here but something else.
So far the Eventlog was not helpful and we are still searching for any hint what went wrong here.

regards

Just to check this also, should the webpage https://something.domain.de/metadata/json/1 show anything if opened from external source?
Because if we try it just shows a white page and if we try from internal with https://exchangeFQDN/metadata/json/1 or https://localhost/metadata/json/1 it just shows webpage not found.

But if i open https://something.domain.de/autodiscover/metadata/json/1 from external or internal with https://exchangeFQDN/autodiscover/metadata/json/1 i get some text.

However, if i try the test with this url it still got the same issue:

Test-OAuthConnectivity -Service EWS -TargetUri https://remote.expopartner.de/autodiscover/metadata/json/1 -Mailbox ******@expopartner.de -Verbose | Format-List

Creating a new Remote PowerShell session using Modern Authentication for implicit remoting of "Test-OAuthConnectivity" command ...

RunspaceId : a73ef744-9fd4-41fb-8172-f24XXXXXXX
Task : Checking EWS API Call Under Oauth
Detail : Die Konfiguration wurde zum letzten Mal erfolgreich geladen um 01.01.0001 00:00:00 UTC. Dies war vor 1062865035 Minuten.
Der Tokencache wird geleert, weil "zwischengespeichertes Token verwenden" auf "false" festgelegt ist.
Oauth-Protokoll für ausgehende Exchange-Nachrichten:
Clientanforderungs-ID: ce3ce26b-8365-475c-b19a-6e3XXXXXXXXX
Information:[OAuthCredentials:Authenticate] entering
Information:[OAuthCredentials:Authenticate] challenge from 'https://something.domain.de/ews/Exchange.asmx' received: Basic realm="something.domain.de"
Error:[OAuthCredentials:Authenticate] the authorization header was 'Bearer', but no challenge returned from 'https://something.domain.de/ews/Exchange.asmx'. That url may not support OAuth

          Exchange-Antwortdetails:
          HTTP-Antwortnachricht:
          Ausnahme:
          System.Net.WebException: The request was aborted: The request was canceled. ---> Microsoft.Exchange.Security.OAuth.OAuthTokenRequestFailedException: The specified url may not support OAuth.
             at Microsoft.Exchange.Security.OAuth.OAuthCredentials.Authenticate(String challengeString, WebRequest webRequest, Boolean preAuthenticate)
             at System.Net.AuthenticationManager2.Authenticate(String challenge, WebRequest request, ICredentials credentials)
             at System.Net.AuthenticationState.AttemptAuthenticate(HttpWebRequest httpWebRequest, ICredentials authInfo)
             at System.Net.HttpWebRequest.CheckResubmitForAuth()
             at System.Net.HttpWebRequest.CheckResubmit(Exception& e, Boolean& disableUpload)
             at System.Net.HttpWebRequest.DoSubmitRequestProcessing(Exception& exception)
             at System.Net.HttpWebRequest.ProcessResponse()
             at System.Net.HttpWebRequest.SetResponse(CoreResponseData coreResponseData)
             --- End of inner exception stack trace ---
             at System.Net.HttpWebRequest.GetResponse()
             at Microsoft.Exchange.Monitoring.TestOAuthConnectivityHelper.SendExchangeOAuthRequest(ADUser user, String orgDomain, Uri targetUri, String& diagnosticMessage, Boolean appOnly, Boolean useCachedToken, Boolean reloadConfig)

ResultType : Error
Identity : Microsoft.Exchange.Security.OAuth.ValidationResultNodeId
IsValid : True
ObjectState : New

This worked for us (definitely was not removed by the Teams Admin in the admin panel) and EWS settings on Exchange Online were never changed/customized.

Get-organizationconfig | fl ews*

EwsAllowEntourage:

EwsAllowList:

EwsAllowMacOutlook:

EwsAllowOutlook:

EwsApplicationAccessPolicy:

EwsBlockList:

EwsEnabled:

Environment:

Exchange Hybrid

Mailboxes in Exchange Online

[FIXED] - Use the Teams Web App once

1. Open **Teams web **app 
2. Sign-in to Teams
3. Restart Teams desktop app

I know, is an easy fix, but nobody thought that this might impact the Teams desktop client.

Other solutions we've tried:

Delete Teams Cache

1. Fully close Teams app (or Kill Teams process)
2. Delete all teams cache 

• Open File Explorer → Paste in this path:  %appdata%\Microsoft\Teams
• Delete all files 

1. Start Teams again

Delete files in AAD Plugin broker path:

1. %username%\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_**********\AC\TokenBroker\Accounts
2. Restart laptop

Empty Credentials manager 

1. Go to Start → Credentials Manager 
2. Windows Credentials
3. Delete /remove all credentials from Teams or Office or OneDrive.
4. Restart laptop

Update Teams app 

1.  Open Teams
2. On Top click on the 3 dots icon 
3. Select "Check for updates"
4. Restart laptop

Test the connectivity 

https://testconnectivity.microsoft.com/tests/TeamsCalendarMissing/input

P.S. could be also that all affected users had MFA enabled on Office Apps (via Conditional Access) which might have caused this "glitch" in the MS matrix.