My iPhone connects in my office to wi-fi which also is able to connect through my VPN router. For my laptop, I had set the DHCP settings on my wireless router to include the internal CoNetrix DNS server. When I connected my phone which uses Exchange active-sync to connect, it would get an error about the certificate authority being untrusted and hit OK to continue.
Later on I noticed that my phone kept getting synchronization errors and would get the pop up about the certificate authority being untrusted. What I later noticed was that the server name would change from our internal to external back and forth. [more]
I later realized that our DNS server had a host record that was the same as our external mail server address. Each time the phone went on and off my wireless network, it would keep switching server names because the internal DNS would resolve to the actual internal server name.
I removed the DNS server for the CoNetrix internal network from my wireless router and the phone has only connected to webmail externally. It no longer tries internal access.