Which version of WildFly are you using? The reason why it works when the client and server are on same machine is because it uses the "local auth" mechanism explained here AS 7.1.0 Beta1 - Security Enabled By Default (see the section on "Local clients"). That would mean that the username/pass that you have configured is being ignored from the properties file.
Now when you move the client to a remote system, it won't use the "Local client auth" mechanism since obviously it's no longer a local client. It then starts to use the username/pass and other details to carry out the authentication. It appears that it's failing because either the credentials you are passing aren't correct or there is some other problem on the server side. What do the server side logs show and what are your security configurations in the relevant standalone/domain xml?
I am using WildFly 8.0.0.Final and the default 'standalone-full.xml' config, no changes at all.
I added the 'ejbuser' to the default ApplicationRealm, as member of a group 'guest'.
Server side there is no logging at all about the call.
Off course after removing the security the remote EJB works (see config below):
<http-connector name="http-remoting-connector" connector-ref="default" />