TMG can be configured in a Mail protection role. In such configurations FPE and Exchange Server (edge transport role) are installed on same machine as TMG. "We've identified problems when installing Exchange Server 2010 SP1 on such deployments," informs Microsoft.
Cause: SP1 made some changes to SDK including removing some of existing cmdlets. When Email protection is configured on TMG and Spam Filtering functionality is enabled, TMG uses one of the cmdlets that has been removed (get-antispamupdates) in SP1. As a result, Forefront TMG Managed Control service fails to start and the event viewer will contain a message that the service terminated with error: %%-2146233088
TMG is working on a fix, meanwhile "it's recommend to refrain from installing 2010 SP1 on TMG". If already affected, contact Microsoft support.