It still makes me sad that TMG has been retired and superseded with UAG (URGH!). That’s a whole other blog post though.
One thing that is not explained with publishing Exchange 2013 OWA with TMG is the security settings. Recently, I have been deploying an multi-tenancy solution involving single signon between Sharepoint 2013, Exchange 2013 and Remote Desktop Gateway. One of the issues is many of these products have issues with TMG 2010 out of the box, and require slight tweaking.
Today I will focus on Exchange 2013.
Go through the default wizard in TMG 2010 for publishing Exchange 2010 OWA (Web Access). You want to make sure that the Authentication Delegation is set to basic.
On your Exchange server, login in to the admin centre (ECP) and go to servers->virtual directories. Select the OWA virtual directory and change the authentication to basic.
You should also do this with your ECP virtual directory.
If you don’t set these virtual directories, you will need to login twice. When TMG authenticates, it will send you to the OWA login. Not a good look.
I also suggest reading the following link about setting the log off page in TMG.