I recently had a problem on an external client's PC. We could not authenticate on client-to-site VPN using NMAS. Eventually this is what we did....

"Finally I removed software running in the background and found that the Kaspersky AV was the problem.
Shutting it down was not enough, it had to be uninstalled!! It is actually
a AOL product which is a rebranded Kaspersky AV called Active Virus Shield."

We have tested this in our lab and every time Active Virus Shield is installed the VPN client breaks.