Just a quick note: if you use IIS, you should check that the IIS has not any rule that, by default, the user passed on to the QlikView Server is Anonymous (IUSR_somethinghere). This doesn't seem to me a Server error rather than a IIS configuration issue.
Hope that helps.
EDIT: If you use the Alternate login page instead of the default in addition to NTLM authentication type and Prohibit anonymous checked, are you able to see the form and does it return the AccessPoint as expected? Did you upgrade from previous releases of version 10 or from version 9?