Summary:
SSLv2 is insecure and if enabled, will cause your servers to fail common security vulnerability scans and put information and people at risk. SSLv2 is enabled by default on a Windows Server 2008R2 box running Threat Management Gateway, so your published OWA sites and all IIS sites are potentially vulnerable as a result.
Test your server - using one of these tools - to confirm that there is a problem:
The fix:
I used IISCrypto to disable all insecure protocols on my TMG box. This secured access to my Exchange box. A restart is required.
Additional discussions: