NLS not reachable via HTTPS for DirectAccess

Hi, I've been trying to setup Microsoft DirectAccess for our roaming users, but am facing some difficulties resolving the given problem.

I have gone through setup on a Windows 2012 R2 Standard server, without any problems, and server manager gives operation status as green for all.

I proceed to client testing, using the directaccess troubleshooting tool, on local network and run into the following error:

"NLS is not reachable via HTTPS, the client computer is not connected to the corporate network (external) or the NLS is offline"

When looking at the trace i get the following:

30/10/2014 12:50:20 πμ[P:4488 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NlsChecker] Info: Got NLS Server: https://DirectAccess-NLS.premiernic.com:443/insideoutside.

30/10/2014 12:50:20 πμ[P:4488 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NlsChecker] Info: The NLS is set to https://DirectAccess-NLS.premiernic.com:443/insideoutside.

30/10/2014 12:50:20 πμ[P:4488 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NetworkHelper] Info: Proxy will be bypassed for destination https://DirectAccess-NLS.premiernic.com:443/insideoutside.

30/10/2014 12:50:21 πμ[P:4488 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NetworkHelper] Info: An WebException occurred while running a HTTP request. Message: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..

30/10/2014 12:50:21 πμ[P:4488 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NetworkHelper] Info: Set status code HTTP 503.

30/10/2014 12:50:21 πμ[P:4488 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.NlsChecker] Info: Received a non 200 HTTP status code, client computer must be external or the NLS is offline.​

Clearly this is a certificate issue. When I put the url (https://DirectAccess-NLS.premiernic.com:443/insideoutside) into the browser I get a 404 web server error. Investigating the cerificate error further, I get "the identity of this website has not been verified", and below Server certificate doesn't match URL, Server certificate is not trusted.

Looking at certificate information, the certificate provided is a self-signed certificate created for my external DirectAccess URL, directaccess.premier.com.cy. Clearly this is wrong as the URLs don't match.

Should directaccess.premier.com.cy be used consistently on the internal and external network? ie setup a forward lookup zone in local dns, pointing to the local IP? will this need to be updated in client GPO?

What could be going wrong?