This post explains a scenario where a service other than IIS grabs web ports used by TMG causing publishing rules to fail. "Consider the scenario where a TMG 2010 Server is installed as Hyper-V guest on a Windows 2008 Server. You publish a website on port 80 or enable HTTP to HTTPS redirection on a Web Listener for an existing SSL publishing rule. When you try to access the published website you get an error: 10060 Connection Refused," explained Microsoft.
Troubleshooting: A quick look at TMG Live Logging reveals following:
Netstat output indicates that Process ID 4 (System) is listening on port TCP 80 as shown below: