Also, This is the way I run all of my SQL Instances and I don't have any problems with login issues. It may or may not be correct but it works well for me.
1. Enable TCP/IP Client protocol only. (Disable the rest)
--Change Port number
2. Alias the Instance name with the new port number. (This is the key)
3. Setup Alias on the agent so I can join my MSX/TSX Correctly.
4. When I create a linked server I use with trusted connections.
--Always make sure I alias the remote machine.
5. I always use AD Accounts/Groups to contorl my security. I never assign a local and/or group/AD Account security to remote login.