ActiveSync Problems with Mobile phones

I am running exchange 2010 sp3 on Server 2008 R2 -  I cannot get any of my mobile devices at my company to connect with my exchange server. I have a UCC cert from digicert installed. OWA is working just fine. I have not pushed this into production.

I tested  the connection with the remote connectivity Analyzer and get this:

Image may be NSFW. Clik here to view.	ExRCA is testing Exchange ActiveSync.
	The Exchange ActiveSync test failed.
	Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. Attempting the Autodiscover and Exchange ActiveSync test (if requested). Autodiscover was successfully tested for Exchange ActiveSync. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. Attempting each method of contacting the Autodiscover service. The Autodiscover service was tested successfully. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. Attempting to test potential Autodiscover URL https://ohcac.org/AutoDiscover/AutoDiscover.xml Testing of this potential Autodiscover URL failed. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. Attempting to resolve the host name ohcac.org in DNS. The host name resolved successfully. Image may be NSFW. Clik here to view. Additional Details IP addresses returned: 4.30.212.33 Image may be NSFW. Clik here to view. Testing TCP port 443 on host ohcac.org to ensure it's listening and open. The specified port is either blocked, not listening, or not producing the expected response. Image may be NSFW. Clik here to view.<label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl00_ctl01_tmmArrow">Tell me more about this issue and how to resolve it</label> Image may be NSFW. Clik here to view. Additional Details A network error occurred while communicating with the remote host. Image may be NSFW. Clik here to view. Attempting to test potential Autodiscover URL https://autodiscover.ohcac.org/AutoDiscover/AutoDiscover.xml Testing of the Autodiscover URL was successful. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. Attempting to resolve the host name autodiscover.ohcac.org in DNS. The host name resolved successfully. Image may be NSFW. Clik here to view. Additional Details IP addresses returned: 4.30.212.37 Image may be NSFW. Clik here to view. Testing TCP port 443 on host autodiscover.ohcac.org to ensure it's listening and open. The port was opened successfully. Image may be NSFW. Clik here to view. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. ExRCA is attempting to obtain the SSL certificate from remote server autodiscover.ohcac.org on port 443. ExRCA successfully obtained the remote SSL certificate. Image may be NSFW. Clik here to view. Additional Details Remote Certificate Subject: CN=mail.ohcac.org, OU=IT, O=Ohio Heartland Community Action Commission, L=Marion, S=Ohio, C=US, Issuer: CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US. Image may be NSFW. Clik here to view. Validating the certificate name. The certificate name was validated successfully. Image may be NSFW. Clik here to view. Additional Details Host name autodiscover.ohcac.org was found in the Certificate Subject Alternative Name entry. Image may be NSFW. Clik here to view. Certificate trust is being validated. The certificate is trusted and all certificates are present in the chain. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. ExRCA is attempting to build certificate chains for certificate CN=mail.ohcac.org, OU=IT, O=Ohio Heartland Community Action Commission, L=Marion, S=Ohio, C=US. One or more certificate chains were constructed successfully. Image may be NSFW. Clik here to view. Additional Details A total of 4 chains were built. The highest quality chain ends in root certificate CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US. Image may be NSFW. Clik here to view. Analyzing the certificate chains for compatibility problems with versions of Windows. No Windows compatibility problems were identified. Image may be NSFW. Clik here to view. Additional Details The certificate chain has been validated up to a trusted root. Root = CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US. Image may be NSFW. Clik here to view. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Image may be NSFW. Clik here to view. Additional Details The certificate is valid. NotBefore = 6/5/2012 12:00:00 AM, NotAfter = 8/12/2015 12:00:00 PM Image may be NSFW. Clik here to view. Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Image may be NSFW. Clik here to view. Additional Details Accept/Require Client Certificates isn't configured. Image may be NSFW. Clik here to view. Attempting to send an Autodiscover POST request to potential Autodiscover URLs. ExRCA successfully retrieved Autodiscover settings by sending an Autodiscover POST. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover.ohcac.org/AutoDiscover/AutoDiscover.xml for user davidw@ohcac.org. The Autodiscover XML response was successfully retrieved. Image may be NSFW. Clik here to view. Additional Details Autodiscover Account Settings XML response: <?xml version="1.0"?> <Autodiscover xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://schemas.microsoft.com/exchange/autodiscover/responseschema/2006">   <Response xmlns="http://schemas.microsoft.com/exchange/autodiscover/mobilesync/responseschema/2006">     <Culture>en:us</Culture>     <User>       <DisplayName>Wirick, David</DisplayName>       <EMailAddress>DavidW@ohcac.org</EMailAddress>     </User>     <Action>       <Settings>         <Server>           <Type>MobileSync</Type>           <Url>https://mail.ohcac.org/Microsoft-Server-ActiveSync</Url>           <Name>https://mail.ohcac.org/Microsoft-Server-ActiveSync</Name>         </Server>       </Settings>     </Action>   </Response> </Autodiscover> Image may be NSFW. Clik here to view. Validating Exchange ActiveSync settings. Exchange ActiveSync URL https://mail.ohcac.org/Microsoft-Server-ActiveSync was validated successfully. Image may be NSFW. Clik here to view. Attempting to resolve the host name mail.ohcac.org in DNS. The host name resolved successfully. Image may be NSFW. Clik here to view. Additional Details IP addresses returned: 4.30.212.37 Image may be NSFW. Clik here to view. Testing TCP port 443 on host mail.ohcac.org to ensure it's listening and open. The port was opened successfully. Image may be NSFW. Clik here to view. Testing the SSL certificate to make sure it's valid. The certificate passed all validation requirements. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. ExRCA is attempting to obtain the SSL certificate from remote server mail.ohcac.org on port 443. ExRCA successfully obtained the remote SSL certificate. Image may be NSFW. Clik here to view. Additional Details Remote Certificate Subject: CN=mail.ohcac.org, OU=IT, O=Ohio Heartland Community Action Commission, L=Marion, S=Ohio, C=US, Issuer: CN=DigiCert High Assurance CA-3, OU=www.digicert.com, O=DigiCert Inc, C=US. Image may be NSFW. Clik here to view. Validating the certificate name. The certificate name was validated successfully. Image may be NSFW. Clik here to view. Additional Details Host name mail.ohcac.org was found in the Certificate Subject Common name. Image may be NSFW. Clik here to view. Validating certificate trust for Windows Mobile devices. The certificate is trusted and all certificates are present in the chain. Image may be NSFW. Clik here to view. Test Steps Image may be NSFW. Clik here to view. ExRCA is attempting to build certificate chains for certificate CN=mail.ohcac.org, OU=IT, O=Ohio Heartland Community Action Commission, L=Marion, S=Ohio, C=US. One or more certificate chains were constructed successfully. Image may be NSFW. Clik here to view. Additional Details A total of 4 chains were built. The highest quality chain ends in root certificate CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US. Image may be NSFW. Clik here to view. Analyzing the certificate chains for compatibility problems with Windows Phone devices. No Windows Phone compatibility problems were identified. Image may be NSFW. Clik here to view. Additional Details The certificate is trusted for Windows Mobile 5.0 and later versions. Root = CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US Image may be NSFW. Clik here to view. ExRCA is analyzing intermediate certificates sent by the remote server. All intermediate certificates are present and valid. Image may be NSFW. Clik here to view. Additional Details All intermediate certificates were present and valid. Image may be NSFW. Clik here to view. Testing the certificate date to confirm the certificate is valid. Date validation passed. The certificate hasn't expired. Image may be NSFW. Clik here to view. Additional Details The certificate is valid. NotBefore = 6/5/2012 12:00:00 AM, NotAfter = 8/12/2015 12:00:00 PM Image may be NSFW. Clik here to view. Checking the IIS configuration for client certificate authentication. Client certificate authentication wasn't detected. Image may be NSFW. Clik here to view. Additional Details Accept/Require Client Certificates isn't configured. Image may be NSFW. Clik here to view. Testing HTTP Authentication Methods for URL https://mail.ohcac.org/Microsoft-Server-ActiveSync. The HTTP authentication test failed. Image may be NSFW. Clik here to view. Additional Details An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;;} .content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div class="content-container"><fieldset>   <h2>403 - Forbidden: Access is denied.</h2>   <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html>