I had a strange issue on a production SharePoint 2007 farm today where one WFE server ‘suddenly’ stopped serving pages for a number of the web applications. The second WFE server still worked fine.
Interestingly, the apps that were configured for Kerberos still worked okay, but the ones configured for NTLM did not.
There were no errors in any of the server logs (ULS, events, IIS).
If I ran fiddler, it showed the usual NTLM challenges and 401 messages.
I installed an extremely useful tool from Microsoft called authdiag on the server to check the IIS configuration.
It reported that NTLM requires HTTP Keep Alives. We looked at the IIS config and sure enough, the checkbox was deselected. We re-enabled http keep alives and the web sites worked again.
I have no idea how it got into that state, but it was great to get it back online.
Authdiag is a very useful tool. (This is the second time it has led me to a solution like this)