When attempting to enroll an iOS device through the Relay Server, the error "The resource cannot be found" occurs with a status code of 404.

You are able to access the following address successfully (which returns a blank page):
http://<RelayServerIP>/ias_relay_server/client/rs_client.dll/<EnrollmentServerFarmID>/aips

You can also successfully access the default IIS "Service Help Page" directly from the Enrollment Server using the following address:
http://localhost/aips/aipService.svc/help

However, attempting to access either of the following addresses generates the same 404 error seen on the device:
http://<RelayServerIP>/ias_relay_server/client/rs_client.dll/<EnrollmentServerFarmID>/aips/aipService.svc/help
http://<RelayServerIP>/ias_relay_server/client/rs_client.dll/<EnrollmentServerFarmID>/aipsr/login.aspx

Reproducing the Issue

1. Install a Relay Server machine
2. Install MDM to support iOS device enrollment through the Relay Server
3. Add the .NET 3.5.1 feature in Windows from the Windows Server Manager, including the WCF Activation sub-feature with HTTP Activation
4. Alternatively, install the Windows Process Activation Service feature from the same.
5. Another alternative would be to deny handler mappings the "Execute" permission in IIS on the Relay Server's application directory or to place the "ISAPI-dll" managed handler further down on the ordered list than the .aspx or .svc handlers

One or both of the following scenarios exist:

1. Additional Windows Server features are installed on the Relay Server which are intercepting the URL before the Relay Server can forward it to the backend server.
2. Handler mappings in IIS are set to either disable the "Execute" permission on the Relay Server's application directory, which will disable the "ISAPI-dll" .dll handler, or the "ISAPI-dll" handler is ranked lower than either the .svc or .aspx handlers in the ordered list

Scenario 1:

Check from the Windows Server Manager on the Relay Server under the Features page to see if either the "WCF Activation" sub-feature under the .NET 3.5.1 Framework feature and/or the Windows Process Activation Service feature have been installed. If either exist, remove them from the server and reboot.
Note that WCF Activation is required on the Enrollment Server machine. Only remove it from the Relay Server machine to correct this issue.

Scenario 2:

1. In IIS Manager on the Relay Server, expand the Sites > Default Web Site path on the left pane
2. Highlight the Relay Server's application directory ("ias_relay_server" by default)
3. In the center pane double-click "Handler Mappings"
4. On the right pane click "Edit Feature Permissions…"
5. Ensure the boxes for "Script" and "Execute" are checked
6. Close the Feature Permissions dialog and click the "View Ordered List..." link in the right pane
7. Locate the "ISAPI-dll" handler and highlight it
8. If it's not already at the top of the list, click the "Move Up" button until it is