![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 28.999999999999996%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Exchange | Exchange Server | Development
The process of building custom applications and tools that interact with Microsoft Exchange Server
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(32, 54%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESN%3C/text%3E%3C/svg%3E)
Thank you for reaching out to Microsoft Q&A
Based on your description, you currently have a Java Spring Boot application using the EWS Java API to query Outlook meeting rooms from an on‑premises Exchange Server. The client environment supports Basic and NTLM authentication, but your code experiences timeouts with Basic and 401 errors with NTLM. And now you want to find the information for your 5 questions.
First of all, I’m regret to say that due to the highly technical and complex nature of your issue, I may not be able to provide an exact solution. As a forum moderator, my access to resources and specialized testing environments is limited. Additionally, since your setup involves a server environment, we’re unable to access its structure or specific configurations, which makes it difficult to accurately detect the root cause in certain cases.
However, I’ve taken the time to conduct research and draw from my personal experience to provide insights into your five questions. I’ve also attached relevant documentation to each answer. I hope these suggestions are helpful to you.
Regarding to your first question: Am I using the SDK correctly? Is there a problem with how I create the WebCredentials object? Does the ExchangeVersion enumeration class have any impact? Do different enumerations affect functionality?
From my observation, your usage of the EWS Java API SDK appears mostly correct for basic EWS operations like fetching room lists, as you're properly initializing ExchangeService, setting credentials, and pointing to the EWS endpoint (/ews/exchange.asmx). The call to getServerTimeZones() is a good lightweight test for connectivity and auth, as states in https://github.com/OfficeDev/ews-java-api
- About ExchangeVersion:
Yes, it impacts functionality. Exchange2010_SP2 is an older version, if the client's Exchange Server is newer (2016, 2019, or later), features like certain room list queries might behave differently or fail. Newer enums (e.g., Exchange2016) support more APIs and better auth handling and the mismatch can lead to subtle errors or missing features. So, I recommend detecting the server's version (via service.autodiscoverUrl()) or asking the client, then set the closest matching enum. Different enums can affect XML schemas, property availability, and error handling as states in https://v4.hkg1.meaqua.org/en-us/exchange/client-developer/exchange-web-services/start-using-web-services-in-exchange
Regarding to your second question: Why am I seeing timeouts with Basic authentication (no error messages, just timeouts) and 401 authentication failures with NTLM, even after confirming the server supports both?
From what I know about this behavior, Timeouts in Basic auth (no errors) suggest initial connection succeeds but negotiation stalls, often from firewalls/proxies, high latency, EWS throttling (exceeding CPU/connection/AD limits), or SSL issues like untrusted certs causing silent failures. Despite server support, check permissions for room access.
Additionally, NTLM's repeated 401s indicate negotiation failure, typically from wrong domain (use exact Windows, not email-based), mismatched username formats (try DOMAIN\username), server config errors (Kerberos/IIS), or outdated API lacking NTLMv2. Enable setTraceEnabled(true); test with Postman/SoapUI for response details.
Link references:
Regarding to your third question: Having confirmed that the customer's Exchange Server service supports the authentication method, how can I troubleshoot this network connection timeout issue? Does this require verifying the customer's Exchange Server environment?
Yes, troubleshooting will likely require collaboration with the client to verify their environment, as timeouts often stem from network/server-side factors rather than just code. As the recommended steps:
- Increase timeouts: Set
service.setTimeout(30000)(30 seconds) or higher to see if it's purely latency. - Test connectivity: Use ping or telnet to the server host on port 443. Then, try a simple HTTPS GET with
curl -v --ntlm -u username:password https://server/ews/exchange.asmx(for NTLM) or with--basicto mimic your code. - Log everything: Add
HttpClientlogging (vialog4jor similar) to capture raw requests/responses. - Minimal repro: Create a standalone Java app (no Spring) with your
createServicemethod and run it on the client's network if possible.
Link references:
https://github.com/OfficeDev/ews-java-api
Client environment verification:
- Permissions: The username/password must have "Full Access" or at least "View" rights on room mailboxes. Use Exchange Admin Center (EAC) to check if the account can impersonate or access rooms via
Get-RoomListin PowerShell. - Network: Firewalls, proxies, or VPNs might block EWS. Ask for traceroute from your server to theirs. Ensure no MTU issues or packet loss.
- Server config: Confirm EWS is enabled (
Get-WebServicesVirtualDirectoryin PowerShell). Check IIS logs on Exchange for incoming requests/errors. Verify auth providers in IIS (NTLM/Basic enabled). - Certificates: Mismatched certs can cause timeouts.
- Versions: Ensure Exchange CU (Cumulative Update) is current; older versions have EWS bugs.
Link references:
Next one, about your fourth question: The customer mentioned a certificate issue. Is this related to this timeout
From my perspective view, the answer is Yes, this is a common cause of timeouts in Java EWS integrations with on-premises Exchange. Exchange uses HTTPS for EWS, and if the server's SSL certificate is self-signed, expired, or not trusted (e.g., issued by an internal CA not in Java's cacerts), the SSL handshake fails silently, leading to timeouts rather than explicit errors as states in https://v4.hkg1.meaqua.org/en-us/exchange/client-developer/exchange-web-services/how-to-validate-a-server-certificate-for-the-ews-managed-api
And your last question: Is there any official documentation available for reference on Java integration with Exchange Server?
Unfortunately, from my research, currently Microsoft doesn't provide an official Java SDK for EWS. However, official Microsoft docs cover EWS concepts, authentication, and operations that apply to any client language, including Java. Below is all the documentation related to this issue that I was able to find. Feel free to review it to gain additional insights, I am truly hope it might help clarify certain aspects or guide you toward a solution.
- Start with EWS overview: https://v4.hkg1.meaqua.org/en-us/exchange/client-developer/exchange-web-services/start-using-web-services-in-exchange
- Authentication details: https://v4.hkg1.meaqua.org/en-us/exchange/client-developer/exchange-web-services/authentication-and-ews-in-exchange (covers Basic/NTLM for on-premises)
- Troubleshooting: https://v4.hkg1.meaqua.org/en-us/exchange/client-developer/exchange-web-services/ews-throttling-in-exchange
- For modern alternatives: Microsoft recommends Microsoft Graph over EWS for new apps, but it requires Exchange Online or hybrid setup. If possible, migrate to Graph Java SDK for better support, you can find them in https://v4.hkg1.meaqua.org/en-us/graph/overview
This summary is based on my findings from the community and several relevant threads. However, it may not accurately reflect the behavior in question. To help you reach your goal more effectively, I recommend posting a thread on the Microsoft Tech Community forum or Newest Questions - Stack Overflow . There are great platforms for deeper technical discussions and connecting with individuals who have hands-on experience and expertise. They’re best positioned to provide guidance and valuable insights on this topic.
Best regards
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.