Hi, first thank you again for the comments and suggestions. All solid items to review. I had hit I most of them prior to my posting (which was not as exhaustive (or exhausting) of all the work that was done to date). But I have to say, after going through some 110 various urls - MS - SF - Reddit - other 3rd party add-ons that discuss EWS - I found one article today that resolved it. As the thread is archived, and the individual who posted only had one post to his 'name' I can not thank the individual directly.
https://social.technet.microsoft.com/Forums/en-US/503705cc-275b-416d-8f37-2dca5e809959/configuration-of-ews-and-autodiscovermetadatajson1-for-external-calls?forum=exchangesvrgeneral
Mica Doe
regarding AuthConfig certificate.
Although all the exchange certs were active and valid (checked that pretty early in the process) the Authconfig did not reflect a current thumbprint (which apparently does not matter for 'vanilla' Exchange functionality as everything else from Autodiscover etc was working fine).
I followed the steps (repeated here for others if necessary) Per Mica (and thank you!):
QUOTE -
The cause was a missing / invalid Exchange Auth Certificate. I assigned our public valid OWA certificate to the Exchange Auth Configuration:
Get-ExchangeCertificate
Copy thumbprint of valid IIS/OWA cert
$a=get-date
Set-AuthConfig -NewCertificateThumbprint (your thumbprint) -NewCertificateEffectiveDate $a
accept warning with Y
Set-AuthConfig -PublishCertificate
See if cert is in place:
Get-AuthConfig
Delete previous maybe invalid cert from Auth Config:
Set-AuthConfig -clearpreviouscertificate
Restart IIS
iisreset
JSON token gets delivered correctly now to Salesforce calls and Outlook Plugin is working.
- END QUOTE.
implemented, and everything worked!
Note: when I opened my Outlook client after the change - Outlook could not open mailbox (and I thought I screwed the pooch), but close and open and all is well.
Again thank you for your suggestions, and thank you @micha Doe. - Dan