MSTSC fails to connect with AD account if Win10 remote and over VPN

Background: Server 2012 R2 with domain.  SonicWall VPN.  Windows 10 Pro host workstations.

Remote Desktop connectivity has recently been failing for remote Windows 10 users connecting to their Windows 10 workstations over a VPN if they use their Active Directory credentials.  It used to work.

If we remote into the same Windows 10 workstation host with same Active Directory credentials on the inside of the LAN (no vpn), it works.

If we remote into the same Windows 10 workstation host with Active Directory credentials over the VPN from a Windows 7 workstation, it works.  Only the remote OS has changed from original working scenario.

If we remote into the same Windows 10 workstation with local credentials (to that host workstation) over the VPN from a Windows 10 workstation, it works.

It seems to only be the combination of the VPN, Windows 10 as the remote workstation, and Active Directory credentials.  If we change any one of those three conditions, it works.

This suggests something about how credentials are checked from Win10 over the VPN is different than from Win7, and it seems to have changed within the last one or two months (updates?).

How do I get remote Win10 workstations able to connect with Remote Desktop on Win 10 hosts using Active Directory credentials over the VPN?

Head scratcher.

Thanks in advance.

Mark Raintree