Just to add a little color here… The account generating the event in the logs is an admin account. It is the same one defined in the Server Settings > Profile Settings > Directory Server (LDAP) > Administrator DN.
Hopefully that information may help. As for your suggestion, OpenJDK 11 should be able to use NTLMv2. I’m wondering if this is just defined somewhere else (either configurable or not) in Openfire.