What is the audit log saying is the reason for the authentication failure?

If you really want to dig into the structure behind the XLSX files, change the extension on one of them from .xlsx to .zip and you can navigate through the file structure.

A 403 is forbidden, not page not found. Does the user you're trying to log in as have whatever permissions they need for your web application? You can try temporarily giving the user the %All role, and if that fixes the issue, you know for sure it's got something to do with permissions.