I would make sure that the site is configured in IIS for only anonymous authentication, make sure basic or digest authentication is not enabled, and I would make sure that nothing is configured on the site to enable identity impersonation.
Hope that helps,
Joe