Our redirect rule is configured to allow our users to connect to webmail
externally using the simple http URL (i.e http://webmail.domain.com)
The redirect rule denys the HTTP request and redirects to the correct HTTPS address with the /owa path (i.e https://webmail.domain.com/owa)
After running TMG montitoring and logging, it became apparent the issue was with the redirect rule (I was still able to connect to webmail if I used the full URL https://webmail.domain.com/owa)
I found the below event in the application logs
Application: Event Log
Text: EventType:Warning, EventSource: Microsoft Forefront TMG Web Proxy, EventID: 14148, EventDescription: The Web Proxy filter failed to bind its socket to
172.16.1.10 port 80. This may have been caused by another service that is already using the same port or by a network adapter that is not functional. To resolve this issue, restart the Microsoft Firewall service. The error code specified in the data area of the event properties indicates the cause of the failure.
Microsoft have a KB Article around this issue http://support.microsoft.com/kb/888650.
Their suggested fix is to uninstall IIS (if possible) as it maybe a local site also binding to port 80 on that NIC causing a conflict.
However in my case IIS was not installed.
I found out that a System Center agent that we recently deployed was also using port 80 and was causing the redirect rule to stop working. I uninstalled the agent, restarted the Windows Firewall service (and all dependancies) and the redirect rule started to work again, allowing users to connect to webmail using the HTTP address externally.