Microsoft Exchange Configuration

Fishbowl connects to your on-premises Exchange Server using the Exchange Web Services (EWS) API. You will need to create room mailboxes on your Exchange server and provide Fishbowl with credentials that have access to those mailboxes.

These instructions apply to Exchange Server 2016, 2019, and Subscription Edition (SE).

1. Create room mailboxes
2. Create a service account (optional)
3. Grant delegated Editor permissions
4. Configure Fishbowl

1. Create room mailboxes

Create a room mailbox for each meeting room. You can use the Exchange Admin Center (EAC) or the Exchange Management Shell (PowerShell).

Using the Exchange Admin Center

1. Log in to the Exchange Admin Center.
2. Navigate to Recipients > Resources.
3. Click New (+) > Room mailbox.
4. Enter a Room name (e.g. "Conference Room A").
5. Fill in the Alias field (e.g. confroomA).
6. Click Save.

Using PowerShell

Open the Exchange Management Shell and run the following command. Replace the example values with your own:

New-Mailbox -Room -Name "Conference Room A" -DisplayName "Conference Room A" -Alias confroomA

To create a room mailbox with an enabled user account and password (required for direct login):

New-Mailbox -Room -Name "Conference Room A" -UserPrincipalName [email protected] -Alias confroomA -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String 'example_password' -AsPlainText -Force) -ResetPasswordOnNextLogon $false

Replace [email protected] and example_password with your own values.

To verify that the room mailbox was created successfully:

Get-Mailbox -Identity "Conference Room A" | Format-List Name,PrimarySmtpAddress,RecipientTypeDetails

2. Create a service account (optional)

Instead of using separate credentials for each room, you can create a single service account and grant it access to all your room mailboxes. This is the recommended approach if you have many rooms.

Open the Exchange Management Shell and run the following commands to create a service account:

$password = Read-Host "Enter service account password" -AsSecureString
New-Mailbox -Name "EWS Service" -UserPrincipalName [email protected] -Password $password -FirstName EWS -LastName Service -DisplayName "EWS Service Account"

Replace [email protected] with an appropriate address for your domain.

Grant the ApplicationImpersonation management role to the service account. This allows it to access room mailbox calendars:

New-ManagementRoleAssignment -Name "EWS-Impersonation" -Role ApplicationImpersonation -User "EWS Service"

3. Grant delegated Editor permissions

You also need to grant the service account Editor permissions on each room mailbox's calendar folder. ApplicationImpersonation alone is not always sufficient. Without explicit calendar folder permissions, you may get a "The specified folder could not be found in the store" error.

Grant Editor permissions on a room mailbox's calendar folder to your service account. Replace [email protected] and [email protected] with your own values:

Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Editor

If the permission already exists and you need to update it:

Set-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Editor

To grant permissions to multiple rooms at once, you can combine both commands:

Try { Add-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Editor }
Catch { Set-MailboxFolderPermission -Identity [email protected]:\Calendar -User [email protected] -AccessRights Editor }

To verify the permissions were applied:

Get-MailboxFolderPermission -Identity [email protected]:\Calendar

Delegated permissions may take a few minutes to propagate.

4. Configure Fishbowl

1. When linking devices on the Fishbowl web dashboard, select Microsoft as the calendar type.
2. Select Legacy EWS / Exchange On-Premises as the authentication method.
3. Enter your EWS connection details:
   • Server Address: your EWS endpoint URL (e.g. https://mail.example.com/EWS/Exchange.asmx).
   • Email / Username: the email address of the room mailbox from Step 1, or the service account from Step 2.
   • Password: the password for the account above.
4. For each device, enter the email address of the room mailbox that the device should display (e.g. [email protected]).

Credentials are encrypted in your browser using each device's public key before being sent to the server. The server never sees the plaintext values.

To update the credentials on an existing device, open the device settings, go to the Calendar section, and click Replace Credentials.

Troubleshooting

• (401) Unauthorized: incorrect username or password.
• No address associated with hostname: the device cannot reach your Exchange server.
• The SMTP address has no mailbox associated with it: the mailbox address is incorrect.
• The specified folder could not be found in the store: the account does not have permission to access the room mailbox.