>What seems odd to me is that there a always a pair of these - one with no username (that, as expected, returns a HTTP 401 code) then one with a valid username (I've edited the real name for security). Don't know why a single call to the webservice generates these two entries but I see that it happens on all my web services that require authentication.
That's normal - that's how Windows Auth operates. Authentication is always a server iniated task so the server will prompt for authentication with a header and the client then resends with the authentication information.