For the last few days I've been struggling to get a user's Moto Q working with the ActiveSYNC over SSL. 0x80072F17, 0x80072f7d, 0x85010014, etc. Many error codes. As it turns out, the first stupid post I read about this was the answer, but it didn't fit my understanding of the situation so I didn't implement it.
Essentially, Microsoft says that ActiveSYNC won't work with ssl, so you have to disable it. Not a good solution, right? I need that data to be encrypted, not having it ssl is just not an option. Besides, the phone itself has an option in the account settings, "This server requires SSL", so it must be implemented, right?
Well, the activesync virtual directory doesn't like to communicate with the exchange virtual directory over SSL, that is, INSIDE THE FRIGGIN' SERVER. You can enable SSL on the activesync directory and the default website, but not the exchange virtual directory itself. ARGH. Three days to figure that out.
Also, you have to import the root cert into the phone if you're not using a "public" root cert, and the activesync virtual directory has to be in the exchange application pool, or you'll get "the shared memory heap could not be created" errors in the application log.