In the HQ site I have a CAS Array established 'outlook.contoso.com' where I point all my autodiscover services for each server in the organization.....or so I thought. As it turns out, the Microsoft article (http://technet.microsoft.com/en-us/library/bb310763.aspx) does a great job of outlining not only the settings you need for non-internet facing CAS servers, but HOW it all works. I had been given advice from a reputable source who indicated the non-internet facing CAS server (branch server) needed to have the Exchange ActiveSync virtual directory set to the CAS Array fqdn and not the server name. This turned out to be incorrect and resulted in the following error:
Clients were unable to sync their devices after making the change. It took a while to figure out but I did have to re-trace my steps on what changes I had made.
So, just remember, for your non-internet facing CAS servers, keep the virtual directory URL's set to the server's fqdn.
For reference, this can be changed using PowerShell as follows:
Set-ActiveSyncVirtualDirectory -Identity "name"