The OP provided a WireShark capture showing that the server requested a certificate using the HTTPS CertificateRequest message and the client then immediately FINd the connection.
After configuring the server not to request a client certificate, the problem went away.
Using Fiddler also would make the problem disappear because, unless you configure it to do so, Fiddler will never request a client certificate from the browser.
I’m wondering if only the affected client machine had a matching certificate and/or whether the withCredentials flag on the CORS XHR request is relevant in this scenario.