I didnt setup the Lync 2010 server, however I had to troubleshoot issues with user connecting to the Lync server whose laptop is not a member of the Domain that the Lync server is on. The certificates are working on Domain member machines. Need to sort out this issue for non domain machines that are VPN into our network.
The current workaround is to export the root certificate from one of the domain machine and import it into the laptop/pc thats not a domain member.
When you import the cert, you may get an warning about trusting the cert. Just click accept and install anyways. When you do connect to the Lync server, it will then prompt the user for thier credentials.
On a Windows 7 machine run the following command in the run field
Expand trusted root certification Authority, select the Root CA for the domain, then right click, all task > export..
Then you have a certificate file that you can install on a non domain machine, the non domain machine will know about the Root CA of the domain, but I beleive this shouldnt be the case - but will get around to fixing it properly.
Will have to read the white papers and redo the config.