We are trying to enable some users access to a SQL Server instance in a different (3rd party untrusted) domain. The users enter their domain credentials for this 3rd party domain into Credential Manager. Everything works fine while in the office (they can connect to DB, SSAS, and SSRS), however while on our VPN some users are unable to connect specifically to SSAS (connections to the DB and SSRS are fine). When this occurs we have noticed that SQL Server Profiler shows the request is rejected as NT AUTHORITY/ANONYMOUS LOGON. Anyone know what might be happening here?