We have an external facing Exchange 2010 CAS, protected by a new TMG2010. Previously, there was an ISA2004 as the external face. Both ISA and TMG use RSA auth.
When ISA was in place, any external connection would happily pass through ISA and auth on the OWA login page.
Now that TMG is in place, only the internal network can auth on OWA.
Any browser connection from outside the TMG (with the excpetion of Safari) gets to the OWA page and then is told "The user name or password you entered isn't correct. ..."
The setup of the TMG is identical to the ISA. The RSA doesn't seem to be posing a problem either.
The fact that TMG has presented the problem may be a red herring, but this is all that has changed. Plus, internally and from external Safari connections, all is well.
The logs on the CAS don't show any security failures or anything log-on-wise to go on.
Does anyone have any ideas ?