Exchange 2003 server with HTTP Proxy (for remote office workers) was working fine until the validated SSL Cert Expired. (Nobody knew about it, and apparently nobody got an email.) OWA was still available for users, but Outlook was broken. I am not certain if iPhone users could use the cert during this time, but I think so.
I purchased a new cert and installed it, and Outlook clients could connect. Rejoicing happened.
Until someone noticed that they couldn't connect with iOS.
I've gone through significant troubleshooting, validating the IIS settings describing that Secure Forms are not required, and individual security settings on the Exchange, exchange-owa, etc virtual directories.
Running the Microsoft Connectivity Analyzer to test Exchange ActiveSync ultimately fails on the Activesync session
Attempting the FolderSync command on the Exchange ActiveSync session.
The test of the FolderSync command failed.
Additional Details
An HTTP 403 forbidden response was received. The response appears to have come from Unknown. Body of the response: <body><h2>HTTP/1.1 403 Forbidden</h2></body>
Headers received:
MicrosoftOfficeWebServer: 5.0_Pub
Pragma: no-cache
MS-Server-ActiveSync: 6.5.7638.1
Content-Length: 44
Content-Type: text/html
Date: Wed, 03 Jul 2013 19:25:17 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
I have also verified that Exchange ActiveSync is enabled both Globally and at the individual user level in Exchange. I have tried toggling the global setting off and on, both between restarts of Exchange (SA + other core services) as well as the Exchange server itself.
Unlike this question here, the return code is 403, and my SSL Cert is working.
Where can I go from here to try to get this working
I know of no way that you could see the behavior you're seeing now w/o changes to the IIS configuration outside of the installation of a new certificate. I'd strongly recommend restoring a backup of the IIS metabase from prior to any changes being made since, presumably, Active Sync was working fine "before".
If you don't have a metabase backup then I'd recommend biting the bullet and restoring the default virtual directories and walking thru the setup process again, very deliberately. You can't make things much worse since you're currently having an outage anyway.