We need to allow access to some ports (like TCP 80/IIS) based on AD-Users.
So I activated IPSec through the Defender Firewall and made a rule "Allow TCP 80 for User domain\user" (there listens a standard blank IIS on port 80) for both, client and server.
Now, on the Win10 Client I open a cmd and do a "telnet <server-IP> <80>" which _works_.
However, when I open Iexplore, Firefox or Chrome and open http://<serverIP>, it doesn't.
After both attempts, I can see 2 connections in the IPSec/Firewall monitoring on the server. On is from the working telnet connection, the other is from the not working browser connection. They differ.
The working (telnet) one has as 1st. auth the Computername, and as 2nd auth the domain\User. As it should be.
The not working one has Domain\Computername$ as first and second(!) Auth, instead of the Domain User.