Hello. I have exhausted all my options and troubleshooting. And I have spent hours reading every article related to this and haven't found a solution. Would be something wonderful if someone could offer some assistance.
I will try to give as much details as possible. . .
One of my responsibilities is a server application administrator. We have this digital signage application in our company that pulls calendar information from a particular mailbox. This application is working fine in our production environment. The current servers are end of life and need to be refreshed, so we are standing up the application on new servers. (Old ones are Server 2012 and new ones Server 2019). We have application vendor support and everything is installed and working except this EWS piece. The vendor has described their API as "dumb" in that it doesnt do anything complex. When trying to fetch the data through EWS it returns the error: "The request failed. The remote server returned an error: (401) Unauthorized." On the current working server it returns "success" and with the data requested. Let me mention that all of our servers are internally facing and none of them have access to the internet by design.
Removing the application variable, I can go to the URL in the API in Internet Explorer: https://mail.OURDOMAIN.com/EWS/exchange.asmx (if this works then the API should work)
When I hit that URL, it prompts me for credentials. I supply a service account's creds that have been granted access to the particular mailbox I am trying to pull data from. From the current (working) prod server, it returns a webpage that says "SERVICE: You have created a service. To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax...." (Success)
When I hit that URL on the new (not working) server, it just keeps prompting me for the credentials. After the 3rd time, it just gives me a white page.
Since it works on the current server, that would rule out any issues with the service account (permissions on the exchange side, locked account, or invalid password). I am copy and pasting the account name and password so it isnt an issue of mistyping.
The real issue is that I have little exchange experience and our exchange servers and service are run by a third party contractor. I have ZERO visibility on that side of the fence. I have a point of contact (admin), but he just says there is nothing to configure on the exchange side. It just "should work". He is adamant it is something on the app server side. The app vendor and I have spent hours troubleshooting and both agree it looks like something on the exchange side. So basically we are at a standstill pointing fingers at each other.
The exchange admin said that it maybe how IE is configured or antivirus but I went down line by line in the IE options and made sure both servers are identical. And the AV is the same on both servers. Also, I have another 2012 server I have access to and tried to hit the URL with the service account creds and it behaves the same as the new (NOT WORKING) server. It just keeps asking for creds and then gives a blank white page after 3 attempts. This would suggest that it is NOT a difference between the new 2019 server and the old 2012 server OS. It would also suggest that something is configured specifically for the current prod server to work with EWS. I just cant figure out where. And I dont know what to tell the exchange admin to check because I havent found anything online to suggest. And I also cant just go poking around myself because I dont have access to that side of the company (exchange servers).
Does anyone have any suggestions on what to do to troubleshoot or configure on either the app server or exchange server? We are dead in the water currently. (production is working, but we cant move forward with the new refreshed servers until this EWS portion is working).
Thanks in advance!