Is there any impact on CA-PAM when Network Level Authentication(NLA) is implemented on Windows servers?
Note: Testing was done doing PAM 3.2.4. The results may vary if an older version of PAM is used.
There appears to be no impact on PAM when NLA is configured on a Windows Server. Initial tests involved Windows 2012 and 2016. Both servers were deployed with NLA already, and the RDP applet had absolutely no problem connecting, and logging in. Testing was then performed with a Windows 2008 server. The Security Layer field was set to RDP Security Layer, with the NLA check box grayed out. PAM was configured for Autoconnect and it worked in this mode. The Security Layer was changed to SSL(TLS 1.0) and the box checked to allow connections only from systems running NLA. Autoconnect still worked with no problem. Lastly, the Security Layer was changed to Negotiate and the box was still checked. Autoconnect still worked. In short, all 3 Security Layer settings worked, indicating that there is no impact on PAM's ability to make RDP connections by configuring the server to require NLA.
More details on this topic may be found in the PAM documentation.