Local EWS error: The request failed. The remote server returned an error: (401) Unauthorized.

Tyler 106 Reputation points

Hello. I have exhausted all my options and troubleshooting. And I have spent hours reading every article related to this and haven't found a solution. Would be something wonderful if someone could offer some assistance.

I will try to give as much details as possible. . .

One of my responsibilities is a server application administrator. We have this digital signage application in our company that pulls calendar information from a particular mailbox. This application is working fine in our production environment. The current servers are end of life and need to be refreshed, so we are standing up the application on new servers. (Old ones are Server 2012 and new ones Server 2019). We have application vendor support and everything is installed and working except this EWS piece. The vendor has described their API as "dumb" in that it doesnt do anything complex. When trying to fetch the data through EWS it returns the error: "The request failed. The remote server returned an error: (401) Unauthorized." On the current working server it returns "success" and with the data requested. Let me mention that all of our servers are internally facing and none of them have access to the internet by design.

Removing the application variable, I can go to the URL in the API in Internet Explorer: https://mail.OURDOMAIN.com/EWS/exchange.asmx (if this works then the API should work)

When I hit that URL, it prompts me for credentials. I supply a service account's creds that have been granted access to the particular mailbox I am trying to pull data from. From the current (working) prod server, it returns a webpage that says "SERVICE: You have created a service. To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax...." (Success)

When I hit that URL on the new (not working) server, it just keeps prompting me for the credentials. After the 3rd time, it just gives me a white page.

Since it works on the current server, that would rule out any issues with the service account (permissions on the exchange side, locked account, or invalid password). I am copy and pasting the account name and password so it isnt an issue of mistyping.

The real issue is that I have little exchange experience and our exchange servers and service are run by a third party contractor. I have ZERO visibility on that side of the fence. I have a point of contact (admin), but he just says there is nothing to configure on the exchange side. It just "should work". He is adamant it is something on the app server side. The app vendor and I have spent hours troubleshooting and both agree it looks like something on the exchange side. So basically we are at a standstill pointing fingers at each other.

The exchange admin said that it maybe how IE is configured or antivirus but I went down line by line in the IE options and made sure both servers are identical. And the AV is the same on both servers. Also, I have another 2012 server I have access to and tried to hit the URL with the service account creds and it behaves the same as the new (NOT WORKING) server. It just keeps asking for creds and then gives a blank white page after 3 attempts. This would suggest that it is NOT a difference between the new 2019 server and the old 2012 server OS. It would also suggest that something is configured specifically for the current prod server to work with EWS. I just cant figure out where. And I dont know what to tell the exchange admin to check because I havent found anything online to suggest. And I also cant just go poking around myself because I dont have access to that side of the company (exchange servers).

Does anyone have any suggestions on what to do to troubleshoot or configure on either the app server or exchange server? We are dead in the water currently. (production is working, but we cant move forward with the new refreshed servers until this EWS portion is working).

Thanks in advance!

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,493 questions
{count} votes

Accepted answer
  1. Tyler 106 Reputation points

    I appreciate everyone's help. I figured out what was wrong. The service account I was using to make the connection needed to be whitelisted on the new servers. This was something I didnt realize needed to be done from an Active Directory standpoint. I thought it had to be associated with servers when trying to LOGIN or run services ON the server. But apparently, it's bidirectional. It also has to be whitelisted to be able to "talk" FROM a server. So when the Exchange server was responding "unauthorized" it was talking about the service account credentials. I had our AD admin add the 3 new servers to the service account whitelist and it immediately started working. This was a lack of knowledge on my part. Hope this helps someone else in the future. Again, thanks for the assistance.

    1 person found this answer helpful.

2 additional answers

Sort by: Most helpful
  1. Glen Scales 4,431 Reputation points

    Have you tried the Microsoft Remote Connectivity Analyzer EWS test eg https://testconnectivity.microsoft.com/tests/O365EwsAccess/input if this fails as well it should give you a better debug output to go back to the Admin about what might be the issue or if it works then you know it something in app code.

    0 comments No comments

  2. Mohammed Alsayani 1 Reputation point

    I got this error when I tried to use https://testconnectivity.microsoft.com/tests/O365EwsAccess/input with Basic authentication

    any help please ?

    thank you

    A new mail item is being created.
    The attempt to create a mail item failed.
    Additional Details
    Exception details:
    Message: The request failed. The remote server returned an error: (401) Unauthorized.
    Type: Microsoft.Exchange.WebServices.Data.ServiceRequestException
    Stack trace:
    at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)
    at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.ValidateAndEmitRequest(IEwsHttpWebRequest& request)
    at Microsoft.Exchange.WebServices.Data.MultiResponseServiceRequest1.Execute() at Microsoft.Exchange.WebServices.Data.ExchangeService.InternalCreateItems(IEnumerable1 items, FolderId parentFolderId, Nullable1 messageDisposition, Nullable1 sendInvitationsMode, ServiceErrorHandling errorHandling)
    at Microsoft.Exchange.WebServices.Data.Item.InternalCreate(FolderId parentFolderId, Nullable1 messageDisposition, Nullable1 sendInvitationsMode)
    at Microsoft.Exchange.WebServices.Data.Item.Save(FolderId parentFolderId)
    at Microsoft.M365.RCA.ConnectivityTests.CreateItemTest.PerformTestReally()

    Exception details:
    Message: The remote server returned an error: (401) Unauthorized.
    Type: System.Net.WebException
    Stack trace:
    at System.Net.HttpWebRequest.GetResponse()
    at Microsoft.Exchange.WebServices.Data.EwsHttpWebRequest.Microsoft.Exchange.WebServices.Data.IEwsHttpWebRequest.GetResponse()
    at Microsoft.Exchange.WebServices.Data.ServiceRequestBase.GetEwsHttpWebResponse(IEwsHttpWebRequest request)