This response means the authenticator was not able to validate NTLM credentials supplied by the client browser by making a LDAP bind to the LDAP server.
Why? - it may be for a lot of reasons.
Did the NTLM authentication work before or it is the first time you configured it?
Does this error happen for all users or for only some users?
Does it happen all the time or intermittently?
Usually if a client machine is in the domain - client credentials are supplied by the os so - it might happen if client is say linux/mac where user types those credentials himself and can make a typo mistake.
BTW it is always better to use Kerberos - hope you have it configured?
Best regards,
Rafael