Hmm. OK. Is port 32111 open from the Security Server to the virtual desktop subnet? I'm not sure if this is the test that you ran but to test this connection you can telnet from the SS to one of the virtual desktops on that port.
Also, there is a requirement that the certificate generated during the install of the Lync server be installed in the Trusted Root Certificate store on the client system. Is this cert installed there?
-Mike