The following is applying to TMG too.
If you have an internal certificate authority and a GPO which enables automatic certificate enrollment, you may have the following event logged on the Application event log:
Event ID: 6
Source: CertificateServiceClient-Autoenrollment
Description: Automatic certificate enrollment for local system failed (0x800706ba). The RPC server is unavailable.
To solve this issue, you have to open the TMG Management console (even for UAG), right click on Firewall Policy and choose Edit system policy (All tasks\System Policy)
Disable Enforce strict RPC compliance (available at Authentication Services\Active Directory)