I've got a user to whom I just gave a new machine. She still has her old machine running.
All machines are Windows 7. VPN is via Cisco AnyConnect client to our ASA.
She can RDP to the new machine from her old machine from within the LAN.
She can RDP to her old machine from the new machine on the LAN.
She can RDP to the old machine from her home machine on the VPN.
She *cannot* RDP to the new machine from her home machine on the VPN. The error is a simple authentication message (see attached screen shot).
She can RDP to another machine on the VPN and then hop from there to the new machine.
I looked at HKEY_LOCAL_MACHINE\SYSTEM\
The Security Packages Key had kerberos msv1_0 schannel wdigest tspkg pku2u, as required.