I've got a mashup using Qlik's qdt components deployed on an IIS machine.
I've configured a virtual proxy with standard ticket authentication using AD user accounts and everything works ok with one exception: all Qlik objects render fine, no issues at all, but there are several extension objects being used that do not display, instead showing 'invalid extension object'. They are throwing 401 errors in the console as per below:

I've troubleshot the problem by changing the virtual proxy to allow anonymous users (see attached image), then logging in to Qlik via the virtual proxy and opening the mashup from the same browser session. This works and the extension objects render, so there is some issue with internal communication that's causing the extension objects to be unauthorised and throw the 401.

Does anyone know how to solve this?

Virtual proxy with 'Allow Anonymous' set - this solves the issue at hand, but is obviously not the right solution.