What static route did you create for the DMA in Lync? If you want to enable logging on your client, you can send a PM to me with the log. I can take a look at it to see what is going on. I assum the certificates were created on the DMA correctly. Also the CA Root is trusted by Lync Fornt End servers.
Take a look at Jeff''s blog about setting up DMA with Lync to make sure you setup everything correctly.