I'm trying to call EWS from MonoTouch like in this snippet:

byte[] bytes = Encoding.UTF8.GetBytes("... some xml here ...");
HttpWebRequest req = WebRequest.Create("https://owa.site.com/ews/exchange.asmx") as HttpWebRequest;
req.Method = "POST";
req.KeepAlive = true;
req.ContentType = "text/xml";
req.ContentLength = bytes.Length;
req.AuthenticationLevel = AuthenticationLevel.MutualAuthRequested;
CredentialCache ch = new CredentialCache();
ch.Add(req.RequestUri, "Negotiate", new NetworkCredential("uname", "pwd", "domain"));
req.Credentials = ch;
Stream sreq = req.GetRequestStream();
sreq.Write(bytes, 0, bytes.Length);
sreq.Close();
WebResponse resp = req.GetResponse();

There is an exception thrown at last line: 401: Not Authorized.

Isn't HttpWebRequest supposed to handle negotiations transparently, i.e. to process challenge and generate the second and third request?

P.S. The results are the same with both http and https

P.P.S. Using EWS managed API, I've made successful EWS calls from the simulator (but unfortunately, it doesn't build for the actual device). Using network sniffer at the Exchange server proved that there are three HTTP requests in one single managed call and only one from the code above.

The original NTLM is supported by Mono and by extension MonoTouch, see: MonoTouch support for accessing Mono.Security.Protocol.Ntlm.NtlmFlags

However the newer Negotiate which allows authentication in a kerberos-only environment is not supported by Mono (nor MonoTouch).

Try changing your "Negotiate" for "NTLM" and it should, if the network allows it, work using the older protocol.