SfBMac: Cannot connect to EWS after enabling EWS Access Policy

In a recent support case the Skype for Business Mac client wasn’t connecting to Exchange Web Services (EWS) after the EWS Access Policy was configured with the following cmdlets:

Set-CASMailbox -Identity brick@borderlands.lab -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowOutlook $true -EwsAllowMacOutlook $true
Set-CASMailbox -Identity brick@borderlands.lab -EwsAllowList @{add=’UCWA/*’, ‘OC/*’, ‘OWA/*’}

Get-CASMailbox -Identity brick@borderlands.lab | fl Name,EwsApplicationAccessPolicy,EwsAllowOutlook,EwsAllowMacOutlook,EwsAllowList

EWS was working except on Skype for Business Mac, after reviewing the logs the issue was that SfB Mac user agent is SfBForMac.
To fix this we simply add SfBForMac to the EwsAllowList with:

Set-CASMailbox -Identity brick@borderlands.lab -EwsAllowList @{add=’SfBForMac/*’}

Please note that the previous example was only for a test user, we can also configure it on the Organization Level:

Set-OrganizationConfig -EwsApplicationAccessPolicy EnforceAllowList -EwsAllowOutlook $true -EwsAllowMacOutlook $true -EwsAllowList @{add=’SfBForMac/*’,’UCWA/*’, ‘OC/*’, ‘OWA/*’}

Get-OrganizationConfig |fl Name,EwsApplicationAccessPolicy,EwsAllowOutlook,EwsAllowMacOutlook,EwsAllowList

Lync 2013: EWS has not fully initialized

Recently I had to troubleshoot an issue regarding EWS and Lync 2013 Client integration.

In the Lync 2013 Client Configuration Information window, EWS URLs were empty and the status message was EWS has not fully initialized and MAPI Status OK.


Lync 2013 Client was internal, therefore the conversations were stored in the Outlook Conversation History folder. However, there are some features that depend directly on EWS, such as voice mail integration in the Voice tab. In the next print we can see that the Voice Mail feature is missing:


One important information is that SIP and SMTP Domains were different, and there wasn’t any issue connecting to Lync or Exchange.

Using Microsoft Remote Connection Analyzer (https://testconnectivity.microsoft.com/), Exchange Autodiscover passed the test with some irrelevant warnings.

In Lync 2010 Client, users were asked to trust the autodiscover certificate:


This happens because Lync Client will trust certificates from the same domain as our SIP domain, even though it asks for confirmation when the domain of the certificate is changed:

SIP domain SMTP domain Trust
lync2013.uclobby lync2013.uclobby Yes
lync2013.uclobby exchange2013.uclobby No

Just for fun I removed the Lync 2013 Client updates and returned to 15.0.4517.1504 (August 2013 CU). After signing in, the following popup message was displayed:


In this case, the solution was to tell Lync to trust the other domain, by adding the following key to the registry:

reg add HKLMSoftwarePoliciesMicrosoftOffice15.0Lync /v TrustModelData /t REG_EXPAND_SZ /d exchange2013.uclobby /f

For more information check this:


After adding the registry key, just restart Lync Client and the EWS status will change to EWS Status OK. Since Lync 2013 Client can connect now to EWS in the voice tab, it will list our voice mails: