Logon failure: unknown username or bad password
The following error occurred on an application deployed to a Server 2008 machine which was not part of the domain, but on the same network. The application needed to query to domain controller for permissions related to the users browsing the site.
If you encounter this error, this is intentional to prevent unauthorized enumeration of domain information by unknown users/accounts. There are a couple different ways to resolve this issue (see references for MSDN link.)
The method I settled on is referred to as the “impersonation feature” of the web.config.
See this article I have posted on using aspnet_setreg in server 2008.