I am working on a Windows 2003 SBS server issue with Exchange.
The problem is that remote users cannot open their mailboxes. Local users are able to open their mailboxes without issue. ActiveSync and OWA both work correctly.
https://www.testexchangeconnectivity.com shows no errors on either the RPC test or the activesync test (with the exception of a warning that windows phones older than version 6 may not trust the cert). There are no cert errors. Port 443, 25, 80 all forward to the internal IP of the server. I aslo added port forwards for port 6001, 6002 and 6004 to the router and another tech added port 1723 for a VPN.
The IIS virtual directories are set with the following authentication and access control:
Exadmin - Integrated Windows authentication
Exchange - Integrated windows authentication, Basic authentication.
ExchWeb - Anonymous access
Microsoft Server ActiveSync - Basic Authentication
OMA - Basic Authentication
RPC - Integrated Windows authentication, Basic authentication
RPCwithCert - Integrated Windows authentication
I deleted and recreated the virtual directories in IIS. I set up the users account on a remote workstation that I have access to. It will not work via the RPC over http, but if I connect via a VPN, it works fine.
The settings on the client system are set up  as follows: Cached mode enabled (also tried without), encrypt data between outlook and exchange is turned on (also tried with off), Negotiate authentication (also tried with NTLM and keberos). Set to connect using http, the FQDN is used as the proxy server, connect using ssl only is selected, set to basic authentication
This is a single server set up, the registry entries have been made to point to the correct ports, the Kaspersky firewall has been disabled (to rule out the possibility that it was blocking it). Any assistance or suggestions in this matter would be greatly appreciated.
You do not need to open those to the internet. This feature is designed to work through 443 only.
Second - has it ever worked?
As this is SBS, did you enable the feature with the wizard?
Finally, are you using a commercial SSL certificate or the self signed one?
Simon.