I am using Forms Based Authentication and Thawte SSL on a front-end Exchange server that is in domain1. We have other backend Exchange servers in different domain. When we use Exchange Activesync from our smartphones, it works with users whose accounts exist in domain1, but not for users in other domains, who get a 0x85010014 error.
After going through the information in the other threads regarding the error, the best solution that worked was enabling 'Integrated Windows Authentication' on the /Exchange virtual directory for the front-end and backend servers. However, we saw that IWA gets unchecked everytime any of the Exchange servers get rebooted - I believe this is a function of the DS2MB process.
What can be done so that IWA gets permanently checked even after an Exchange server reboot?