The Security Configuration Wizard (SCW) is included with Windows 2003 SP1, but must be installed in a separate step. Exchange administrators have to be careful as it may cause some serious headaches. The issue is explained in detail by Nino Bilic in the MS Exchange blog - You Had Me At EHLO.
In summary, the SCW configures server access based on the machine role. Roles are detected by analyzing the running services such as DNS, File Server, Exchange 2003 server etc.
With this information, the SCW is able to configure the Windows Firewall to block server access except for the permitted server roles. In case of Exchange, the role is enabled by configuring firewall exceptions for the core Exchange executables. Referring to the following screen grab in my case an exception was created for emsmta.exe, mad.exe and store.exe.
I think you have already guessed it. SCW may fail to correctly configure the firewall exceptions leading Exchange to be blocked from communicating with its clients. This problem happens if Exchange was not originally installed in its default directory. You may check the exceptions from the Control Panel under Windows Firewall. In case of problems the path to the executable files will be incorrect.
Despite this issue the SCW is pretty powerful and can do a great job in securing a server. If you run into this problem you may fix it by correcting the Firewall exceptions manually. A step-by-step procedure on how to do this is available from KB896742. You should also find Nino's posting helpful. Just follow the reference links for more details.
References
Windows Server 2003 Service Pack 1 (SP1)
Windows 2003 SP1 Security Configuration Wizard and Exchange servers
KB896742 - After you run the Security Configuration Wizard in Windows Server 2003 SP1, Outlook users may not be able to connect to their accounts