Are you allowing anonymous enter to the hub intentionally? if not, check the Anonymous access mode if it set "no anonymous user" under ( QMC> Virtual Proxies > select the proxy>edit>Authentication > "anonymous access mode") This should force to users request the authentication, depending the browser not sure if it is passing correct you NT credentials correctly so it thinks you are anonymous. If you are using IE can you add the site to the "trusted site".
Thats really strange, that shouldn't affect the actual view of the hub. That's just strictly determine what kind of people may access the HUB, but at first would request for credentials. Now, the problem lays on that DNS , have you added correctly the SSL browser certificate thumbprint? or users are using HTTP? Ca you do a NSlookup on that DNS and see if it listed "non-authoritative" if it does, I would reach you IT /security/DNS team to look the DN and ask them why the DNS is "non-authoritative" (domain name system - DNS - NSLOOKUP what is the meaning of the non-authorative answer? - Server Faul...
I believe I have installed the thumbprint correctly. Accessing the hub (as an anonymous user) I get the padlock icon and a secure connection.
As for the DNS it is a non-authoritative response. The Sense server is hosted in Microsoft Azure. My guess is that it is likely we do not have any name servers in our Azure environment and that is why it is non-authoritative.