When Automatic Credentials fail logging via NTLM user is prompted for user/pass
If the user fails to enter credentials correctly a 401 page and no re-prompt for credentials.
Refreshing the page likewise will display 401 but no re-prompt. Looking at headers it appears that WWW-Authenticate is only sent on the first response.
A WWW-Authenticate header should be sent with every 401, or optionally a max attempts within x minutes should be configurable.
Occurs under IE and FireFox.