I am trying to troubleshoot a problem with a third party web app, and the vendor refuses to investigate without Fiddler logs from a workstation.
The app is hosted locally on IIS in our network, and is using HTTPS issued by our domain CA. We are using NTLM and Negotiate authentication with kernel-mode auth enabled.
If I enable Fiddler decryption, external HTTPS sites work and decrypt without issue, but this site (and another internal IIS site with a similar configuration) prompt endlessly for credentials and/or return 401 unauthorized. I have searched and searched but can't find anything explaining how to solve this problem. The application pool is running under a domain service account per the vendor's setup directions.
I do see the NTLM and Negotiate headers in the request but something is clearly not right.
I am a sysadmin but I am not very experienced with IIS or web development so it may be something very obvious that I'm missing. Any help would be appreciated.