That seemed to be a major fix for the issues.
Customer did not have "Verify Server Certificate" checked, so they did not have the cert selected. Also they did not have "Use Windows credentials for authentication" checked, which was why it was not automatically connecting them and prompting them for passwords after logging in. Fixed settings and updated Group policy on devices.
We still had a few scattered problem, but determined it was still Microsoft server and Group OU misconfiguration.
Thanks for the help!