400 status code means “Bad Request”. It means that this is not a server-side issue. There is something wrong with the request.
If the substatus code in IIS log had a value other than 0, it would be easier find the root cause. For example, If it was 1, it would mean “Invalid Destination Header”. If it was 2, it would mean “Invalid Depth Header” issue. Here is the full list of status codes.
In this case, substatus code was 0 but sc-win32-status value was 64. Code 64 refers to “The specified network name is no longer available”. After sending the response, IIS waits for ACK package from client. If the client resets the connection, you will see 64 code because it’s not a graceful connection close.
Check HTTPERR logs. The log I checked showed Timer_EntityBody error for the timestamp of the error in IIS logs:
Timer_EntityBody means “The connection expired before the request entity body arrived”. Either the client didn’t send the full request or the request was held on the way (there could be network issues).
Check if there are security software such as antivirus or network endpoint protection installed in the server. If there are, uninstall them and see how it goes (I don’t recommend disabling them for this test. Sometimes they continue to run in the background. Uninstalling is the best way of eliminating them from the troubleshooting)
Check with the third-party product support to find out if there is anything blocking the requests. The application might be initiating the connection but not completing it
Ask your Networking team to analyze the traffic between web server and client (Collecting and analyzing network trace would be helpful)