The problem is that "URL Authentication" does not exist.
The feature is actually called "URL Authorization". Authorization (i.e.
what can a user do?) is totally different than Authentication (i.e.
what user are you?)
"URL Authorization" takes effect AFTER Authentication completes, since
you need to know WHO the user is before trying to determine WHAT the
user is authorized to do.
Since you say you cannot authenticate to this server when logged into a
remote machine, what you configured for "URL Authorization" is not
involved at all.
Your problem has to do with why those users cannot authenticate from a
remote machine. The best way is to look at the IIS web log entries for
these remote access attempts to see what is wrong.