The main point is that Microsoft proxies that use NTLM (Windows® domain authentication / Microsoft security's protocol) is not supported. The protocol is a proprietary protocol (much like NRPC) that Microsoft uses in its suite of products (IE, Outlook®, Windows login).
A good indicator that NTLM is enabled is to open IE and get the prompt for authentication, where there are three text fields (username, password, domain). In the client, despite best efforts and intentions and countless correct login attempts, the red Xs will still be there.
The only workaround for this is to disable NTLM authentication. You cannot put in domain\username for the user name in Notes when the pop-up appears. On a single server machine, this is in the Internet Information Server (IIS) settings in Administrative tools. Make sure that domain authentication is disabled.
This is what I've been saying all along (to people internally). They just don't want to believe me (and I can't say I blame them) - it is remarkable that, in this day and age, Notes doesn't support NTLM. For a company like IBM that is always stressing how seriously they take *security* to not support anything better than basic authentication where the ID and PW are SENT IN CLEAR TEXT over the wire strains the bounds of credulity. It makes it very hard to defend (let alone "evangelize") the product under these conditions.
BTW, IBM's argument that NTLM is proprietary is lame. There are loads of apps, including open-source, free stuff that support it. Besides, if they don't want to support it, they should at least offer an alternative. Without that, I can't even counter-propose a solution.
Sorry, I'll stop venting (for now).
Join The WebLog Revolution at BlogSphere.net