Henry pointed out that my original post on Custom Presence was helpful up to the point of actually using it and couldn’t figure out why only https was working.
I have not found this documented and in fact there is no KB article on it so I will start that process as well but the change is that in R2 when your default security level is set to High this also forces the requirement for the customstateurl to be HTTPS.
The setting that controls this Group Policy -
Configure SIP security mode
"Enables Office Communicator to send and receive instant messages securely when using the SIP Communications Service. This policy has no effect on Windows .NET or Microsoft® Exchange Server services.
If you do not configure this policy setting, Communicator can use any transport. But if it does not use TLS and if the server authenticates users, Communicator must use either Microsoft Windows NT LAN Manager (NTLM) or Kerberos authentication.
2 = Security is medium (default). TLS is not required, but server authentication must use either NTLM or Kerberos authentication. Instant messages and SUBSCRIBE SIP messages must pass through the SIP server.
0 = Security is low. Any transport and any authentication method (including Basic or Digest) can be used. Instant messages can pass directly between clients.
1 = Security is high. TLS transport is required. Server authentication must use either NTLM or Kerberos authentication. Instant messages and SUBSCRIBE SIP messages must pass through the SIP server."
Inband provisioning: ucEnableSIPSecurityMode