The main problem I have run into is sort of a catch-22 in that, while remote, the user can't login until the VPN client has started and the user can't start the VPN client until they are logged in (duh). That means, an employee would take the laptop home and try to sign in with their domain user account but not be able to since the domain would be unreachable until the VPN gets connected.
I use this exact same setup for all of our clients. It works perfectly.
Tell me. When you start up the Laptop, and once you press <CTRL>-<ALT>-<DEL> to login, BUT BEFORE you authenticate, do you see the extra icon in the lower right corner?
And do you see this NetExtender logon when you click it?
It will bring you here next. Building the VPN BEFORE authenticating to the domain.
This should all work for you without any issues.