Connecting to your Exchange mailbox from iPhone and other devices (required server side settings)

I had some hard time, setting up my Exchange 2003 to handle an iPhone and other mobile device.

You shoud setup Exchange ActiveSync and you'll be able to connect from iPhone, Nokia Exchange client and other devices.

ActiveSync can be confusing! There are at least two types of ActiveSync's:
- ActiveSync desktop application, currently at version 4.5, which is used for syncronizing a desktop PC' Outlook with a Windows Mobile powered device.
- Exchange ActiveSync, which is part of Microsoft Exchange, and allows a mobile device to syncronize with Exchange directly, without the need of a desktop computer.

I found this articles useful:

Exchange ActiveSync: Frequently Asked Questions

Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003

Error messages when you try to synchronize a Windows Mobile 5.0-based mobile device to Exchange Server 2003 on a Windows SBS 2003-based computer

How to reset the default virtual directories that are required to provide Outlook Web Access, Exchange ActiveSync, and Outlook Mobile Access services in Exchange Server 2003

Step-by-step checklist:
(This is how it works for me. Probably not each step is required, but I do not have time to fine tune this entry.)

1. You'll need a valid SSL certificate for the server! (This should be purchased.) You can get a 90-day working cetificate from InstantSSL.
I found some articles, about self signed certificate installation on mobile devices. It might work, but not worth the time.

2. Check the necessary user rights in Active Directory Users and Computers.

3. Exchange System Manager > Mobile Devices > General - have everything Enabled

4. Exchange System Manager > Server > Protocols > HTTP > Exchange Virtual Server properties - disable Form Based Authentication

5. IIS manager: default website properties: TCP port should be 80 and 443 for SSL.

6. IIS manager > Websites > Default > Exchange properties > Directory security > anonymous acces should be disabled, deafult domain should be set.

7. IIS manager > Websites > Default > Exchange-OMA properties > Directory security > anonymous acces should be disabled, deafult domain should be "\".

8. IIS manager > Websites > Default > Exchange-OMA properties > IP address all should be grant.

9. IIS manager > Websites > Default > Microsoft-Server-ActiveSync properties > Directory security > anonymous acces should be disabled, deafult domain should be set.

Now you should be able to connect from your mobile device, according to the device manual.
Tested with several servers (mainly SBS) and Nokia E71, iPhone and some Windows Mobile based devices.

Good luck!