I have run into this pesky problem a few times now since moving from ISA 2006 to TMG2010. I just ran into it again this evening and decided to post the results of my troubleshooting. In this case i am working on a brand new (2 week old) install of TMG 2010 for my home network. When I rebuilt the server two weeks ago, I enabled Remote Desktop to the TMG2010 server then enabled the built-in System Policies for remote RDP connections and all was golden. This evening I was suddenly unable to RDP from any workstation any longer. In fact, I could not RDP from the ISA server to itself. In previous installations of TMG,  I would do something like install a non-critical Windows Update, or reboot, or something else equally non-invasive and suddenly I am unable to RDP to my Threat Manage Gateway machine any longer. Tonight when I enabled logging in TMG and then inititate an RDP session. I saw the following in the TMG logs -

The interesting thing is that there isn't actually a denied connection anywhere in the logs. It looks like everything is okay unless you look closely and see the "abortively closed" message above. I wish i could say I know what causes this issue to crop up. Unfortunately I have never been able to actively recreate the issue. It just happens now and then. But after doing a bunch of disgnostics logging, a few netmon traces (worthless btw), I do have a fix for the problem. On the TMG2010 machine, do the following -

Click Start - Type MMC.EXE - press Enter <to open a empty MMC Console>

Add the "Remote Desktop Session Host Configuration" snap-in and set to Local Computer

Select - RD Session Host Configuration - you should see RDP-Tcp in the center panel

Right Click - RDP-Tcp - choose Properties

Select the - Network Adapter - Tab

In the Network Adapter selection box, choose "All network adapters configured with this protocol"

Click - OK

In the menu bar selection - Action --> Disable Connection then re-enable the connection

Right Click - RDP-Tcp - choose Properties

Select the - Network Adapter - Tab

In the Network Adapter selection box, choose "<name of your internal NIC>"

Click - OK

In the menu bar selection - Action --> Disable Connection then re-enable the connection

Now, from a remote client test your RDP Client connection to the ISA Server. It should be back in working order. As noted, i don't know what causes the problem to arise, but the fix seems to reset the RDP server so that it will actually answer the RDP clients.

 

Cheers!