There are several possible causes of this. The common ones are:
1. Check your UAG/AP appliance blastExternalURL setting. e.g. httpss://ap1.myco.com:443. Make sure it references a hostname that can be resolved by the client to get to your UAG/AP appliance. If PCoIP is working then this hostname will the name that resolves to the IP address you used in the equivalent pcoipExternalURL.
2. If your blastExternalURL uses port 8443 instead of 443, then make sure your Internet facing firewall also allows TCP 8443 in.
3. If you have a firewall between the UAG/AP appliance and the virtual desktops and RDS Hosts make sure that allows TCP port 22443 from the UAG/AP appliance to any virtual desktop.
4. Make sure you don't have the option set in Connection Server to gateway Blast connections. The setting for Connection Server "Use Blast Secure Gateway ..." should be unticked.
5. If you use a load balancer, make sure it is set up correctly to ensure that this Blast connection from the client (on TCP 443 or 8443) gets directed to the same UAG/AP appliance as was used for the initial authentication. This is described in more detail here - Load Balancing across VMware Unified Access Gateway Appliances (formerly known as Access Point)
Let us know if any of these resolve this for you.
Mark