Which version of Windows?
Prior to 8, Windows devices will machine authenticate prior to user authenticating and if they're not joined to your domain, authentication will likely fail until you go in and select User only authentication.
Also, what kind of certificate are you using for your NPS server? Was it issued specifically for that server or are you using a wildcard certificate?