File this one under “More How Than Why.” Admittedly this is probably documented someplace else, but I found out the hard way, so maybe this will save you the trouble.
Background: By default, our machines have a universal local admin account for maintenance purposes. All are deployed with remote login enabled for this account, and remote management enabled for the local admin plus the primary user, whose account is always a cached Active Directory account. This has never presented a problem.
The Situation: User with a MacBook Pro running 10.6.8 wants remote access to her office iMac (also at 10.6.8) while traveling, using her AD credentials, and doesn’t want or need the expense and complexity of Apple Remote Desktop.
The First Solution: Logically enough, the first step was to have her VPN into our enterprise network and then connect to her machine via VNC (Go > Connect to server > vnc://my.machine.address).
The Result: Authentication failures. Repeatedly, from any account (including local administrator) and for all permutations of Remote Management settings.
The Fix: Disable Remote Management, and enable Screen Sharing.
I think, but have not confirmed, that I could then reenabled remote management and still have VNC work properly. The client was on a time-limited schedule, and once we had a fix she had to bolt. So she has a working VNC setup. Why this happens, I can only speculate. Again, it’s probably documented somewhere, but I’d say it’s gnarly settings somewhere.
A more graceful solution would, of course, be to upgrade to Lion. That’s in the works, but for now the workaround suffices.