Jonathan, there are some issues with child sites and authentication that I haven't fully been able to work out yet. What OS/IIS version is the server running just to make sure it's not related to the problem?
Okay now onto child portals.I don't remember if I ever tested with the parent portal not having AD enabled and a child portal having it enabled but this is something I'll check over the weekend but if I find that doesn't work I do have a few ideas on a work around that I'll post later if needed (and after I've tested them). What I think might be happening is the following and I'll put it in a quote box just to separate from the rest of the post:
Three or four different core procedures call the OnAuthenticateRequest procedure in the AD code on a page load (global.asax, a couple of the .axd files, etc.). It's been awhile since I last looked at it but, as I remember it, when I've stepped through the the code there was never a clear indication of what was calling the code (ie: how do I know if
http://www.domain.com/child is really a child portal and not a sub-page of the main portal?). So when ...../windowssignin.aspx is called it's always referencing the parent site first then the core code later redirects it to the proper portal.
In your case I think it's erroring out because AD isn't turned on on your parent site. There's a couple of ways I can think of to get around it but it depends on how important it is to you that the users automatically login. If it is okay that your users manually login then comment out the <add name="Authentication"...../> line in the <httpModules> section of your web.config. That will stop the provider from attempting to log users in automatically. However they can still login manually by selecting the Windows Login button when they follow the generic login link on the site.
The other way I need to test before I put it out there and I'm not at a location right now where I can easily test my theory (ie: restore the db if I'm really, really, really wrong).