First I want to start by saying that I have this working as desired over our existing SSLVPN solution.
In the desired behavior while either in or out (while on the VPN) a user is able to open the RemoteApp and be signed on automatically. Works great.
I am trying to see if we can move to an alternate VPN solution due to some infrastructure changes we making.
The VPN connects but following the same workflow to open the RemoteApp prompts for credentials before allowing the user to sign on. Once the credentials are supplied, it works as expected.
I have a GPO enable for Allowing Delegated Default, Fresh and Saved Credentials.
With the new infrastructure change the IP address the clients are coming in from is a different subnet. I thought it might be something to do with AD Sites and Services not having the subnet in the right location, but that doesn't seem to have had any effect.
Could someone provide a few ideas of things I can check that might cause this behavior? I am guessing something to do with Kerberos, but I am not strong in that area. Our RemoteApp setup is fairly simple, (one server running all roles, and we are running enough of an internal PKI to provide the required trusted internally trusted certificates.

