Thanks so much for the suggestion on trying to add it to the $realm field. I actually did try that early into my troubleshooting exercises. Unfortunately, that made it even worse. When I did that, there isn't even a NTLMSSP_NEGOTIATE sent from the client to the server. It's just a straight GET followed by a HTTP1.1 401 Unauthorized. No NTLMSSSP_CHALLENGE is ever received back.