A: 

Most likely the cause of your problem is a proxy that your clients are going through. This proxy is probably blocking NTLM authentication from the client. This is a common problem I have seen several times in the past.

JD  2010-04-01 23:26:28
The NTLM Authentication seems to have been working fine, it was the Kerbos that we think was failing. We changed the server to force NTLM authentication and so far it looks like it is working now.
Bryan  2010-04-05 13:46:48
+1  A: 

IE will refuse to use NTLM/Negotiate through a proxy unless that proxy injects a

Proxy-Support: Session-Based-Authentication

response header.

Furthermore, IE will take zone-settings into account when deciding what the proper behavior is. You may want to adjust your Trusted Sites setting for Logon to "Prompt for Username and Password."

EricLaw -MSFT-  2010-04-08 02:29:06

related questions

IE6 security login (debugging via VirtualPC)
Asp.net Reinstalling a DLL into the GAC
Failed to load resources from resource file.
What does an IISReset do?
How do I secure a folder used to let users upload files?
VBScript/IIS - How do I automatically set ASP.NET version for a particular website
IIS 6/COM+ hangs
Web server farms with IIS ? Basic Infos
.NET 3.5 Service Pack 1 causes 404 pages on ASP.NET Web App
What Url rewriter do you use for ASP.Net?
Publishing to IIS - Best Practices
ASP.NET Proxy Application
PHP on IIS
How do I stop IIS7 dropping my cookies?
HTTPS in IIS 5.1
Best tool for performance testing ASP.NET
Alternative Hostname for an IIS web site for internal access only
SQL Server 2008 FileStream on a Web Server
Solutions for working with multiple branches in ASP.Net
Dual vs. Quadcore on a Webserver
PHP Error - Uploading a file
Visual Studio 2008 debugger already attached work-around
Linux shell equivalent on IIS
Bandwith throttling in IIS 6 by IP Address
Checklist for IIS 6/ASP.NET Windows Authentication?