The reason a single server model doesn't work is because ActiveSync doesn't work with forms-based authentication and SSL. (In reality, this is a fix for all ActiveSync devices, not just for iPhones). There is a workaround, however:
Note: This process will interrupt Outlook Web Access service. Be sure to plan accordingly, though it should take very long to complete these steps.
1. On the Exchange 2003 server, open the System Manager.
2. Expand Administrative Groups > (first group listed) > Servers > (your Exchange server) > Protocols > HTTP.
3. Right-click "Exchange Virtual Server" and select "Properties"
4. Click the Settings tab and uncheck "Enable Forms Based Authentication. Click OK and close System Manager.
5. Restart IIS.
- Option 1: From Computer Mangement, right-click "Internet Information Services (IIS) Manager" and go to All Tasks > Restart IIS...
- Option 2: Go to Start > Run.. and enter: IISRESET /NOFORCE
7. Right-click the "Exchange" virtual directory, go to All Tasks > Save Configuration to a File...
8. For a File Name, you can use whatever you want (ExchangeVDir is in Microsoft's example).
9. Right-click "Default Web Site" and select New > Virtal Directory (from file).
10. Click "Browse" and locate the file you created in step 8, click "Open" and then "Read File.
11. Under "Select a configuration to import" click "Exchange" and then OK.
12. A message will indicate that the directory already exists, so select "Create a new virtual directory" and type "exchange-oma" in the "Alias" box. Click OK.
13. Right-click the "exchange-oma" virtual directory and select "Properties."
14. Go to the Directory Security tab and click the Edit button under "Authentication and access control."
15. Make sure only Integrated Windows authentication and Basic authentication are enabled. Click OK.
16. Under the Directory Security tab, click the Edit button under "IP address and domain name restrictions."
17. Select "Denied access," click "Add," click "Single computer" and enter the IP address of your Exchange server (the one you're making all these changes on). Click OK twice.
18. Under "Secure communications" click the "Edit" button and verify that "Require secure channel (SSL) is not enabled. Click OK.
19. Close IIS Manager.
20. In the registry, browse to this location:
21. Right-click "Parameters," click New > String Value.
22. Type "ExchangeVDir" (without quotes and exactly as capitalized). Then modify "ExchangeVDir" and give it a value of "/exchange-oma" (again, without the quotes).
23. Restart IIS (see Step 5).
24. Re-enable forms-based authentication for Outlook Web Access, if desired, by re-checking the box in steps 1-4.
25. Restart IIS once again and you should be able to connect to your Exchange server using Activesync! If you see some glitches, try restarting the server.