Getting Exchange ActiveSync to work on a single box with Forms Based Authentication and SSL enabled.
These are the revised steps that were originally outlined in:
817379 Cannot Access Exchange Server 2003 by Using Outlook Mobile Access When
https://support.microsoft.com/?id=817379
The only difference between these steps and the KB is that you create the new Virtual Directory iin IIS Manager and not ESM.
1. Start Internet Information Services (IIS) Manager
2. Locate the \exchange virtual directory (default location is Web Sites\Default Web Site\Exchange)
3. Right click on the Exchange virtual directory, choose All Tasks/Save Configuration to a File…
4. Type a name in the File name: text box (for example, ExchangeVDir)
5. Click OK
6. Right click the root of this web site (Default Web Site), choose New/Virtual Directory (from file)…
7. On the Import Configuration dialog box, select the Browse button and locate the file from step #4, then click Open
8. Next, select the Read File button
9. In the Select a configuration to import text box, select Exchange (or whatever virtual directory you selected in step #3) and press OK.
10. A dialog box will appear stating the virtual directory already exists. In the Alias text box, type a name for the new virtual directory that you want the
Exchange Server ActiveSync and Outlook Mobile Access processes to use. For example, type ExchDAV.
11. Click OK
12. Right click on the new virtual directory and choose Properties, in this example, ExchDAV
13. Select the Directory Security tab
14. Click the Edit button in the Authentication and access control section.
15. Verify only the following authentication methods are enabled
Integrated Windows authentication
Basic authentication
16. Click OK
17. Click Edit under IP address and domain name restrictions.
18. Click Denied access, and then click Add.
19. Click Single computer (if this option is not already selected), type the IP address of the server that you are configuring, and then click OK.
20. Click the Edit button in the Secure communications section
21. Verify Require secure channel (SSL) is not enabled and click OK.
22. Click OK, and then quit IIS Manager.
23. Click Start, click Run, type regedit in the Open box, and then click OK.
24. Locate the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MasSync\Parameters
25. Right-click Parameters, point to New, and then click String Value.
26. In the New Value #1 box, type ExchangeVDir, and then press ENTER.
27. Right-click ExchangeVDir, and then click Modify.
28. In the Value data box, type a forward slash ( /) followed by the name of the new virtual directory that you created in step 10. For example, type /ExchDAV.
29. Click OK, and then quit Registry Editor.
30. Restart the World Wide Web Publishing Service. To do this: Click Start, click Run, type services.msc in the Open box, and then click OK. In the Name list, right-click World Wide Web Publishing Service, and then click
31. Restart the Server to make the registry changes effective.
If your using your smartphone to test Exchange ActiveSync, and your running your own Certificate (from your own Root CA), then you will need to install the DisableCertChk utility on the smartphone as the smartphone will use SSL to talk to the Microsoft-Server-ActiveSync vdir. If your running a Pocket PC 2003 device then you can toggle between using SSL or HTTP which is helpful for testing.
The DisableCertChk utility does not bypass the SSL connection, it just bypasses the verification check of the certificate to see if its trusted on the device or not.
Grab DisableCertChk from here https://www.microsoft.com/downloads/details.aspx?FamilyId=D88753B8-8B3A-4F1D-8E94-530A67614DF1&displaylang=en
To add a custom route certificate to you PPC, you will need this utility - https://www.microsoft.com/downloads/details.aspx?FamilyID=ecfde1c7-36c9-4c13-986e-8a46790f61e4&DisplayLang=en
Also, you'll need to publish the Microsoft-Server-ActiveSync virtual directory if your running ISA or the like.