Mysterious 401 challenge when using AJAX

I have seen issues somewhat like this, and they have generally been related to security settings. You might try looking into CSRF headers. It could be several things. This could include a local antivirus, on-machine firewall, anti-spyware, or other privacy / protection application. Since it is a single user, debugging it will be extremely difficult, and I would recommend you figure out how that user's security settings / applications vary from their colleagues'.

Adding your site to the trusted sites list in specific browsers may resolve the single issue. It's almost certainly something hidden in there.