Afaria 7 SP3 + Relay Server + iOS Device

Dear All,

I hope this question has been asked several times but after banging my head for last few days and reading different discussions, I am not able to figure out the issue.

Communication Sequence

iPad -> Relay Server -> (Afaria Server, Enrollment Server, CA Server)

Afaria Setup:

1- Stand Alone Single Server with following components

    a- Afaria Server and Database

    b- MS Certificate Authority (Enterprise Root)

    c- Afaria Administrator and API Service

    d- Enrollment Server

    e- Package Server

    f- Self Service Portal (I am not using it, directly connecting from Device -> Relay -> Afaria)

2- Relay Server, Configured with

    a- Afaria Server

    b- Enrollment Server

    c- Package Server

3- Hot Fix Installation Sequence

    a- 7SP3AfariaFx06

    b- 7SP3AfariaFx11

    c- 7SP3AfariaFx19

    d- 7SP3AfariaFx30

    e- 7SP3AfariaFx26

    f- 7SP3AfariaFx35

4- Additional Details

   a- All the required ports are opened between Afaria Server and Relay Server.

        i-80, 81, and 443 from Afaria to Relay Server outbound

        ii- 80 and 443, from Public Internet to Relay Server inbound

   b- Relay Server is working fine and accessible from iPad.

5- Attachments

    a- afaria_server_diagnostics shows everything for iOS seems fine on the server

    b- device_communication shows the HTTP port given to Afaria and Relay server address

    c- afaria_device_log shows the ERROR that comes from the device that seems relevant to some secure certificate.

       Error: (SecTrustEvaluate  [leaf AnchorTrusted])

6- Confusions / Questions

     a- While installing Enrollment Server, initially I provided SSL certificate that i generated on Enrollment Server but now I imported the Relay Server

         SSL certificate (generated from Enterprise Root CA installed on same machine) in Afaria machine and give this certificate on Enrollment Server

         installation. Is this Correct or I am missing something?

     b- I need to create an ISAPI Farm and Server in rs.config for Relay Server because Relay Server logs shows error for afaria-farm-IS Outbound

         enabler that is running on Afaria Server. Why is this required?

     c- Device seems not to reach the Relay Server as I saw the Relay Server logs.

I am sorry for the information overloading. Looking forward for a prompt response.