That is the question...
Recently I have worked on several Microsoft Exchange migrations where this issue has come up with some regularity. The general rule of thumb from Microsoft (depending on if your reading an actual TechNet article or Blog) is that you should configure the ActiveSync Virtual Directory to proxy connections by setting the External URL to $null.
In this scenario, Exchange 2010 will proxy the connection back to the Exchange 2003 or 2007 server to facilitate making the connection and retrieving mail. What can be confusing if your having an issue (especially with IPhones) is the amount of old information out there concerning previous IOS versions and how they handled that piece. For a long while IPhones seemed to have trouble making the connection, when Windows and Droid devices didn't. Below are several scenarios and the settings I found worked best.
Exchange 2003 - 2010 ActiveSync Coexistence:
I have found that using a redirection via Legacy URL worked best and was the most consistent. When trying to use proxy in this configuration, I found that ActiveSync connections were not consistent, and users were intermittently being prompted for credentials. This was regardless of the Authentication settings that were present. Following the lead in this Exchange blog from the "The Microsoft Team" got that issue resolved, even though it is written from a Exchange 2007 to Exchange 2010 perspective.
Exchange 2007 - 2010 ActiveSync Coexistence
In this scenario, either redirection or proxy will work. I have most recently used proxy (setting external URL for ActiveSync to $null) by following the ActiveSync steps in this TechNet, resulting in no ActiveSync issues regardless of phone make.
Again, these are just my most recent configurations and I am sure over time and depending on IPhone IOS, it may change again. That's the fun part about technology, its always changing...
Labels: ActiveSync, coexistence, exchange 2007, exchange 2010