The OP provided a WireShark capture showing that the server requested a certificate using the HTTPS CertificateRequest
message and the client then immediately FIN
d the connection.
After configuring the server not to request a client certificate, the problem went away.
Using Fiddler also would make the problem disappear because, unless you configure it to do so, Fiddler will never request a client certificate from the browser.
I’m wondering if only the affected client machine had a matching certificate and/or whether the withCredentials
flag on the CORS XHR request is relevant in this scenario.