I imported the certificate in into the Computer Certificate Store on all Exchange Servers in the cluster then enabled the certificate with the Enable-ExchangeCertificate. I also updated the Load Balancers performing SSL Bridging with the new certificate.
After performing these changes the following services worked correctly:
- Exchange ActiveSync
- MAPI over HTTPS
- RPC over HTTPS
- OAB Distribution
- Exchange Web Services
To get the Thumbprint you can use the Get-ExchangeCertificate PowerShell cmdlet.
Microsoft has published a technical writeup of this known issue called "The One with the FBA Redirect Loop" which is available here:
The resolution they have for this issue is as follows:
For my customer we ended up creating a new dedicated certificate for the Exchange cluster using the New-ExchangeCertificate cmdlet to generate a new CSR.