Lync 2010 Mobility Sign-in not working from external

If you are deploying Mobility externally at all, you are supposed to have both internal and external clients go through the external reverse proxy: http://technet.microsoft.com/en-us/library/hh690030.aspx

 

 

"Important:

 

All Mobility and LyncDiscover traffic goes through the reverse proxy, regardless of where the origination point is – internal or external. Internal traffic, in the case of a single or farm of reverse proxies, or a device that is providing the reverse proxy function a problem can arise where the internal traffic is egressing an interface and attempting to immediately ingress on the same interface. This behavior, called ‘hair pinning’, must be allowed for LyncDiscover and Mobility to function. One solution to this problem is to use a reverse proxy that is separate from the firewall (where this rule is typically enforced for security purposes). The hairpin can occur at the interface of the reverse proxy instead of being directed to the internal firewall interface, and then directed immediately back through the firewall external interface, which is typically a disallowed behavior.

 

In summary, use the DNS host or CNAME records to define the reverse proxy for the hairpin behavior – not the firewall - if at all possible."

 

 

This article is for 2013, but the same applies to Lync 2010. At any rate, which LTM VIP are you pointing the internal clients at, the 4443 VIP?