It appears that NTLM implementation doesn't play well with some implementations. JCIFS in particular [1]. Though, I admit, their implementation is a bit hackish (their words [2]).

I observed, through wireshark, that async-http-client doesn't set auth-scheme in Authorization HTTP header, i.e. header line is:

Authorization: ntlm-stuff-here\r\n

while it probably should be:

Authorization: NTLM ntlm-stuff-here\r\n

This is the way both Firefox and Chromium work. If I change [3] to include NTLM, then I'm able to use [1]. Something along the way of:

nettyRequest.setHeader(HttpHeaders.Names.AUTHORIZATION, "NTLM " + msg);

Btw. this is the way the same implementation work for proxy connections [4].

1: http://jcifs.samba.org/src/src/jcifs/http/NtlmHttpFilter.java
2: http://jcifs.samba.org/src/docs/ntlmhttpauth.html
3: https://github.com/AsyncHttpClient/async-http-client/blob/async-http-client-1.7.6/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java#L647
4: https://github.com/AsyncHttpClient/async-http-client/blob/async-http-client-1.7.6/src/main/java/com/ning/http/client/providers/netty/NettyAsyncHttpProvider.java#L692