I recommend trying the following:
- (IIS6) Ensure the IIS_WPG group has access to your website root
- (IIS5) Ensure the anonymous user has access to your website root
- Disable MCMS on the site and access a page (might have to swap it to another one first)
- Ensure NTAuthenticationProviders is set to "NTLM"
- Ensure there are no invalid () users listed in Site Manager
- Add a TraceSwitch named CmsAuthTraceSwitch with a value of "4" and a TextWriterTraceListener to output MCMS's inner thoughts