OWA and iPhone not working on Exchange 2007

The fact that both worked on Exchange 2003 is of non-consequence at all. Exchange 2007 is a very different beast.
However you have provided very little information to work with. No indication in what way they don't work, whether it works internally, whether it has worked at all.
You need to provide more information on the configuration and what is actually happening.

-M

Here are some additional details.  From an outside computer trying to reach http://mail.domainname.com/exchange I get 403-Forbidden: Access is denied. I am never prompted for credentials.  Same thing when I try http://mail.domainname.com/owa.  Same thing when I try https with both owa and exchange

Internally I try 172.25.X.X/exchange and I get the same 403 error.  If I use https I get "There is a problem with this websites security certificate". If I click continue to this website (not recommended) I am prompted for credentials.  When I put in my credentials it takes me back to the certificate error.  If I again choose continue I get a 404-File or directory not found with the certificate error still showning on the status bar.

I do not have a certificate server or one purchased from any authority.  I hope you have enough information here to start with.  Thanks.

You need to change the certificate to start with.
The self generated certificate that is supplied with Exchange is not supported for Exchange ActiveSync, which is how the iPhone will connect.
My blog posting here goes in to what is required to change the certificate.
http://www.sembee.co.uk/archive/2008/05/30/78.aspx

The access denied would tend to indicate that restrictions are on the IIS server in some way, or you are pointing the firewall at the wrong server. Check both of those.

You did install the CAS role on the server? In IIS manager you can see the Exchange virtual directories?

-M

Do you have an ISA server?  The external 403 could come from there.  It would help if you could find the relevant IIS log entries - in IIS there are 20 subcodes (i.e. different reasons) for 403.

I do not have an ISA server.  I use a Sonicwall firewall.

Okay.  Can you find the IIS log entries (from your OWA server) generated when you try to use OWA?

Where are those log entries?  I don't find anything related with a time stamp of when I attempt to make the connection.

Usually in C:\Windows\System32\LogFiles\W3SVC1 .  Note that the times are in GMT.

Oh, this is on Windows Server 2008 by the way.

I think you'll find them in C:\Inetpub\logs\logfiles .

I don't see anything in the files related

Can you see lines containing GET and /owa ?  If not, look at the properties of the Default Web Site, and make sure that logging is enabled.  Then look at the properties of owa, and make sure that Log Visits is checked.  Note that the times in these files are in GMT.

I this is what you want.  See attachment

log.txt

Those log file entries show a 403.4 response, which just means that SSL is required, and you should be using https:// .  No mystery there.  Can you see any entries where the port number is 443 (i.e. https), not 80.  If not, then maybe your Default Web Site is not actually configured to listen on port 443?

I do see that owa is set to both 80 and 443  From the server, if I click on the 443 application for owa it tries to open it locally.  I have added the errors that I get from that to the attached log plus the 443 errors from the log file.
log.txt

When you try to open the FBA logon page, you are getting a 404.3 error, which makes me think that the server is not configured to handle ASP.Net (the FBA logon page is an .aspx page).  You can either turn FBA off for a quick fix, or make sure that the ASP.Net extension is set to Allowed in IIS.

Turning off FBA didn't fix it.  Another bit of info.  When I first tried to get this working, it told me ASP.net wasn't installed on the server.  I added ASP.net and it's accompanying components.  Maybe I need to start from scratch.  Would that be easier?  Not the server but just OWA and iPhone support.  What would be the best way to accomplish that?

I have attached a screenshot of the get-owavirtualdirectory output.  It references 2000/2003 stuff which doesn't exist anymore.  Could that be the problem?  OWA does say 2007 though.
getowa.doc

The 2000/2003 VDirs are normal.  They are there for legacy applications.

Ok, so I will just try the remove and then new?

Yes, it might help.  Read the get-help carefully - some parameters require a colon, while others don't.

Ok, I did that successfully.  When I (internally) go to servername.domainname/owa I get a 4.03 Forbidden.  Access is denied.  I am not prompted for credentials.

Are you using https:// in your URL?

Ok, making progress.  It works internally using HTTPS://.  Externally, using HTTPS:// I am not prompted for a password and I just get a cannot connect to the website error message

Have another look at your IIS log file, and see if the external https requests are reaching the server.

Ok, once I cleared the cache on the external machine and tried it again, it is prompting me and working now externally using HTTPS://  It is also still working inside.  I will try an iPhone now.  Not sure if they are related at all but maybe something we did will have it working now as well.

iPhones are working too.  Thanks for the help.