We did AD SSO recently too (m.25, under Apache - took quite a few goes to get that bit right!) - we have some manual accounts for outside partners for our Training division, but they never access moodle on campus so are never tripped up by the NTLM kicking in.
All our student and staff accounts are set to be LDAP, admin is manual and it works fine off site.
We added a block to the homepage which detects if you're on a college PC and not logged in, and if you are it offers a Manual Login link (the same skipntlmsso=1 one you mention) - and it all works fine.
We use the same URL for our moodle internally as externally.
So I have no idea what's up with yours - if your skipntlmsso page is bust, then you might have to replace the login and auth folders for your version/build?