Hmm, it's interesting that it fails only with augmentation.
Augmentation happens only in the STS of SharePoint, which runs with the farm account, whereas all other requests made by LDAPCP run in the w3wp of the site.
So I wonder if there could be something special with your farm account that could cause this...
Can you confirm you use a different account for the application pool of the sites?
If so, could you maybe try to create a test web app that runs with the farm account, and see if you can repro during search in people picker?
Augmentation happens only in the STS of SharePoint, which runs with the farm account, whereas all other requests made by LDAPCP run in the w3wp of the site.
So I wonder if there could be something special with your farm account that could cause this...
Can you confirm you use a different account for the application pool of the sites?
If so, could you maybe try to create a test web app that runs with the farm account, and see if you can repro during search in people picker?