We had a number of issues after moving to Exchange 2013 with our current setup and have been researching furiously for a few weeks now and it was only today that we realised that the issues we had identified were linked! Here’s what we were seeing:
We publish our Exchange 2013 via UAG 2010 SP3 and our Lync is published via TMG 2010 currently. After migrating to Exchange 2013 our contacts store was changed to the Unified Contacts Store (UCS) which is published via EWS which in turn is published via UAG (lots of publishing!). After much research we stumbled upon our issue, its seems that UAG pre-auths by default on AD and EWS traffic which Lync does not support. Therefore the fix was to disable SSO for the EWS and Autodiscover publishing rules in UAG. Full instructions below:
On the trunk that publishes Outlook edit the application for EWS and select the Authentication tab:
Untick the SSO tick box.
Repeat this step for at least the Autodiscover application too. Also on all UAG boxes set the following reg key:
HKEY_LOCAL_MACHINESOFTWAREWhaleCome-GapvonUrlFilterFullAuthPassthru and set the value to 1
More info on the above: http://technet.microsoft.com/en-us/library/ee809087.aspx. Apply the UAG policy then perform an IIS reset on all UAG boxes.
Credit to The Missing Lync for providing the above instructions although this blog references an O365 setup our is an on-premise solution which the fix also worked for.