I know there are some threads similar to this, but the other threads all seem to be that they can't get WPAD working at all.

I've just moved our ISA Server to a newer box and decided to try out TMG.

I setup everything to match the ISA Server and everything is working perfectly.
I setup WPAD and autodiscovery via DNS and DHCP to connect to the new TMG Server and everything seems to connect and work as it should. Local clients (laptops not on the domain) pickup the proxy server via autodiscovery and so do all our domain clients which are set to auto discover and also have the auto discover settings box checked via Group Policies.

I left the 2 boxes to run concurrently for a while incase there were any problems and I have received no complaints.

Yesterday I shutdown the old ISA server and today, the problems began...
On some computers!

If I try and access the internet with "Auto Discover Settings" I get

Code:
Technical Information (for support personnel) 
	Error Code: 403 Forbidden. The Forefront TMG denied the specified Uniform Resource Locator (URL). (12202) 
	IP Address: 209.85.227.147 
	Date: 2009/10/01 07:44:20 AM [GMT] 
	Server: Internet-01.Dainfern.College 
	Source: proxy
If I manually set the proxy server to the TMG Box, it works straight away.
But, like I said, this only seems to be affecting *SOME* of the computers, the rest are connecting via "Auto Discover Settings" as usual.

On the PCs that are not connecting, if I go to: http://wpad/wpad.dat it gives me the option to download the file instantly.

Has anybody else experienced these issues? Have I configured something incorrectly? Why does it work on some PCs? More Importantly, why did everything work until I shut down the old server (even though everything was going through the new one)?

Any suggestions would be greatly appreciated!