That sounds like a firewall or possibly routing issue. When you uncheck the tunnels/secure gateways your endpoints need to be able to communicate with the Horizon Agent in addition to the connection servers.
You need to do one of the following.
- Configure the necessary firewall rules/routing
- Cutover to use UAG internally
- Keep these connection servers for internal traffic and deploy a new pool just for external connections that the UAG will point to. All tunnels/secure gateways must be disabled on these.
