So after following 3 guides and one book I can now connect to my Lync 2010 server remotely through TMG 2010. The nifty error in the title there was rather fun to get rid of. You'd think that just toggling a setting that says enable remote user access would be the end of it. The final hitch that got me was that all the guides I found for setting up an Edge server have you export/import the configuration BEFORE you assign a global access policy and the Access Edge Configuration. I just assumed that once they'd partnered up, all updates would just magically sync by themselves. I found out through trial and error that if you make changes after you've deployed your Edge server then you need to go back in and re-import the configuration. Here's how to sync them up again:
1. Export out the current configuration from your internal Lync 2010 server.
Export-CsConfiguration -filename c:\temp\yourfilename.zip
2. Import the current configuration onto your Edge server using that file.
Import-CsConfiguration -filename c:\temp\yourfilename.zip -LocalStore