This error has driven me crazy for a while: while using Microsoft CRM 2011 in IFD-mode, the external authentication would work correctly but not the internal access!
DNS were working correctly, the TMG server was configured correctly, the SSL certificate was correctly bound to the internal & external (we are using a wildcard SSL certificate) and ADFS was set up per the Microsoft installation document.
Now, to resolve the internal access issue, I had to remove the “:443” from the Deployment Manager Web addresses:
And now everything is working properly 
