It seems that Liferay's NTMLv2 SSO implementation is not working.
Authentication with NTMLv2 fails, user/browser is prompted to log in again using NTMLv1. With NTMLv1 authentication works fine. So it looks like it works.
But if you set in your domain LAN Manager authentication level to 5 (Send NTLMv2 response only. Refuse LM & NTLM), which is default in new Windows, authentication fails.
We use Windows Server 2012 as a DomainController and workstations are Win7 or Win8.