To use basic auth with the XML collector you have to embed the username/password in the URL (or have them pulled from the asset record). If either contain a reserved character authentication will maybe fail. Particularly if the reserved character is '@'.
I've attempted to URL encode the offending characters which seems to work for most reserved characters, but the @ sign is troublesome since its used to terminate the user info part of the authority section of the URI. Decoding the sent base64 encoded credentials shows that the user info field gets truncated to the first occurrence of an @ sign.