This is for the scenario where you are running SBS and running ISA in front of IIS for HTTP/HTTPS web publishing purposes. This needs to be configured correctly for Exchange ActiveSync and SSL OWA to work correctly.
Certificates You need to create a self-signed certificate (or purchase a proper SSL cert) for the servers FQDN for external access. (e.g. mail.mginq.com.au)
Install the cert to the various cert stores (Trusted root, etc) on server. Install the cert onto the HTTPS clients if its self-signed.
If server has multiple interfaces (virtual or real) for LAN and Inet access you need to configure IIS to listen only on the internal LAN iface using the httpcfg command.
Viewing all off the IP addresses that the HTTP API is listening on. > httpcfg query iplisten
Adding an IP address to the iplisten store. > httpcfg set iplisten -i 10.0.0.1
Deleting a record from the iplisten store. > httpcfg delete iplisten -i 10.0.0.1
You also need to add the external FQDN to the hosts file - pointing to internal iface so that when the ISA redirects to SSL connections to the FQDN a loop does not occur.
ISA needs to be configured as follows: Open the ISA management console Go to properties of the server. Go to Incoming Web requests tab Choose 'Configure listeners individually per IP Address' Select the listener, or create one that listens on the external iface only. Configure the listener to 'Use a server certificate to authenticate to web clients' Select Integrated Configure TCP port to 80 and SSL to 443 and Enable SSL listeners. Uncheck 'Ask unauthenticated users for identification' Under web publishing rules for all the generated 'Small Business ...' rules
On the 'Destinations' tab - make sure the FQDNs are correct and match the FQDN of the cert. On the 'Action' tab select 'Redirect the request...' to the FQDN of cert. Check the 'Send the original host header...' Make sure the port mappings are correct
On the 'Bridging' tab Redirect HTTP > HTTP Redirect SSL > SSL Check both 'Require secure channel' boxes
After that check configuration for conflicting rules in Accss Policy, etc
IIS setup Make sure the sites configured for ports 80 and 443 are listening on the internal iface only. Make sure the sites are using the new certificate.
Restart server at this point or stop and start the following processes: IIS: IIS Admin WWW Publishing SMTP MS Exchange Routing Engine MS Exchange POP3 FTP Publishing HTTP SSL