diff --git a/lib/curl_ntlm_msgs.c b/lib/curl_ntlm_msgs.c
index e874f3265397df..3f4d86bd32aa2f 100644
--- a/lib/curl_ntlm_msgs.c
+++ b/lib/curl_ntlm_msgs.c
@@ -217,8 +217,6 @@ CURLcode Curl_ntlm_decode_type2_target(struct SessionHandle *data,
   return CURLE_OK;
 }
 
-#endif
-
 /*
   NTLM message structure notes:
 
@@ -256,9 +254,7 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
                                         const char *header,
                                         struct ntlmdata *ntlm)
 {
-#ifndef USE_WINDOWS_SSPI
   static const char type2_marker[] = { 0x02, 0x00, 0x00, 0x00 };
-#endif
 
   /* NTLM type-2 message structure:
 
@@ -280,7 +276,7 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
   unsigned char *type2 = NULL;
   size_t type2_len = 0;
 
-#if defined(CURL_DISABLE_VERBOSE_STRINGS) || defined(USE_WINDOWS_SSPI)
+#if defined(CURL_DISABLE_VERBOSE_STRINGS)
   (void)data;
 #endif
 
@@ -297,10 +293,6 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
     return CURLE_BAD_CONTENT_ENCODING;
   }
 
-#ifdef USE_WINDOWS_SSPI
-  ntlm->input_token = type2;
-  ntlm->input_token_len = type2_len;
-#else
   ntlm->flags = 0;
 
   if((type2_len < 32) ||
@@ -334,12 +326,10 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
   });
 
   free(type2);
-#endif
 
   return result;
 }
 
-#ifndef USE_WINDOWS_SSPI
 /* copy the source to the destination and fill in zeroes in every
    other destination byte! */
 static void unicodecpy(unsigned char *dest, const char *src, size_t length)
@@ -350,7 +340,6 @@ static void unicodecpy(unsigned char *dest, const char *src, size_t length)
     dest[2 * i + 1] = '\0';
   }
 }
-#endif
 
 /*
  * Curl_ntlm_create_type1_message()
@@ -472,6 +461,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
   /* Return with binary blob encoded into base64 */
   return Curl_base64_encode(NULL, (char *)ntlmbuf, size, outptr, outlen);
 }
+#endif
 
 /*
  * Curl_ntlm_create_type3_message()
diff --git a/lib/curl_sasl_sspi.c b/lib/curl_sasl_sspi.c
index 0665cf29593c4e..d54d2ae42175b2 100644
--- a/lib/curl_sasl_sspi.c
+++ b/lib/curl_sasl_sspi.c
@@ -39,6 +39,7 @@
 #include "curl_memory.h"
 #include "curl_multibyte.h"
 #include "curl_ntlm_msgs.h"
+#include "sendf.h"
 #include "strdup.h"
 
 #define _MPRINTF_REPLACE /* use our functions only */
@@ -616,7 +617,29 @@ CURLcode Curl_sasl_decode_ntlm_type2_message(struct SessionHandle *data,
                                              const char *type2msg,
                                              struct ntlmdata *ntlm)
 {
-  return Curl_ntlm_decode_type2_message(data, type2msg, ntlm);
+  CURLcode result = CURLE_OK;
+  unsigned char *type2 = NULL;
+  size_t type2_len = 0;
+
+  /* Decode the base-64 encoded type-2 message */
+  if(strlen(type2msg) && *type2msg != '=') {
+    result = Curl_base64_decode(type2msg, &type2, &type2_len);
+    if(result)
+      return result;
+  }
+
+  /* Ensure we have a valid type-2 message */
+  if(!type2) {
+    infof(data, "NTLM handshake failure (empty type-2 message)\n");
+
+    return CURLE_BAD_CONTENT_ENCODING;
+  }
+
+  /* Simply store the challenge for use later */
+  ntlm->input_token = type2;
+  ntlm->input_token_len = type2_len;
+
+  return result;
 }
 
 /*