If I'm not mistaken some hardware clients can't handle tunneled connections and must run in direct connect mode. This would prevent it from being able to connect from a Security server and prevent it from connecting to a connection broker running in tunneled mode.
If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points
Twitter: http://twitter.com/mittim12