Can APM change the default domain on an NTLM request?

Okay, so just to be clear, I'm talking about the Persistent cookie option in the APM policy. Typically what happens with SharePoint is that APM sets a session-based cookie for the web application itself, but the browser doesn't share its memory with the office agents, so when they're triggered they don't send the access session cookie and ultimately break because they can't deal with whatever a new access session is asking them to do (ie. a logon page, 302 redirect to /my.policy, etc.). The persistent cookie option drops the access cookie into the file system so that the agent can use it.

So then the question becomes, is the agent using it and can you see the access session cookie (MRHSession) in the agent's communications to the virtual server? And if you can is it still returning a 401 response?

And on a side note, do you have OneConnect enabled on the VIP?