Problem: If you extend your SharePoint Website you might get a invalid token error message as seen below:
Error Code: 500 Internal Server Error. The token supplied to the function is invalid (-2146893048)
on the external URL. The internal URL works fine and you do not see that error message. Depending on your configuration you might need to login at first (login page from the TMG) until you see the error message.
Solution 1: This error might appear when you configured your TMG to use SSL from the TMG to the internal SharePoint Server but do not added a SSL certificate to the Internal SharePoint site in the IIS. To solve that check the binding and add the correct certificate on the SharePoint server.
Solution 2: The error might also appear when the AAM (Alternate Access Mapping) is not configured correctly. Make sure that if you are using alias names (cnames) you add both, the DNS name and the cname to the AAM.