Two sites same IIS server, RunImpersonation HttpClient passing empty NTLM credential

I have two sites on the same IIS instance. One uses HttpClient to request data from the other. They are both configured with Windows Authentication only. These are both ASPNET Core 3.1.

When I browse to the first site, it authenticates, but when it calls through to the other, it returns a 401. I validated that the user identity is correct.

var baseUri = new Uri(AppSettings.CurrentValue.MyBaseUrl);

var user = (WindowsIdentity)HttpContext.User.Identity;
WindowsIdentity.RunImpersonated(user.AccessToken, () =>
{
    AppContext.SetSwitch("System.Net.Http.UseSocketsHttpHandler", false);

    var credentialCache = new CredentialCache {{baseUri, "NTLM", CredentialCache.DefaultNetworkCredentials}};
    var httpClientHandler = new HttpClientHandler {Credentials = credentialCache};
    using HttpClient httpClient = new HttpClient(httpClientHandler) { BaseAddress = baseUri };
 
    var response = httpClient.GetAsync("/home/test").Result;
 
    var content = response.IsSuccessStatusCode
        ? response.Content.ReadAsStringAsync().Result
        : response.StatusCode.ToString();
}

Wireshark shows the call into the first site, /home/test1, and shows the user credentials being passed correctly,

GET /home/test1 HTTP/1.1 
HTTP/1.1 401 Unauthorized  (text/html)
GET /home/test1 HTTP/1.1 , NTLMSSP_NEGOTIATE
HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
GET /home/test1 HTTP/1.1 , NTLMSSP_AUTH, User: COMPANY\fbloggs

The same trace shows the jump to the second site, /home/test2, and shows null domain and username,

GET /home/test2 HTTP/1.1 
HTTP/1.1 401 Unauthorized  (text/html)
GET /home/test2 HTTP/1.1 , NTLMSSP_NEGOTIATE
HTTP/1.1 401 Unauthorized , NTLMSSP_CHALLENGE (text/html)
GET /home/test2 HTTP/1.1 , NTLMSSP_AUTH, ** User: \ **
    GET /home/test2 HTTP/1.1\r\n
        [Expert Info (Chat/Sequence): GET /home/test2 HTTP/1.1\r\n]
            [GET /home/test2 HTTP/1.1\r\n]
            [Severity level: Chat]
            [Group: Sequence]
        Request Method: GET
        Request URI: /home/test2
        Request Version: HTTP/1.1
    Connection: Keep-Alive\r\n
    Request-Id: |60fb71bd-482efe66c05094ec.1.\r\n
    Host: testserver\r\n
    Authorization: NTLM TlRMTVNTUAADAAAAAQDADEIAAAAAAAAAcwAAAAAAAABYAAAAAAAAAFgAAAAaABoAWAAzAAAABYqIogoAY0UAAAAPvaq0nk2I7YcqJmq01EbY20IASDTATGSAGVAALQBXAEUAQgAyADEAAA==\r\n
        NTLM Secure Service Provider
            NTLMSSP identifier: NTLMSSP
            NTLM Message Type: NTLMSSP_AUTH (0x00000003)
            Lan Manager Response: 00
            NTLM Response: Empty
            Domain name: NULL
            User name: NULL
            Host name: TESTSERVER
            Session Key: Empty
            Negotiate Flags: 0xa2888a05, Negotiate 56, Negotiate 128, Negotiate Version, Negotiate Target Info, Negotiate Extended Security, Negotiate Always Sign, Negotiate Anonymous, Negotiate NTLM key, Request Target, Negotiate UNICODE
            Version 10.0 (Build 17763); NTLM Current Revision 15
                Major Version: 10
                Minor Version: 0
                Build Number: 17763
                NTLM Current Revision: 15
            MIC: bdaab49e4d88ed872a266ab4d446d8db
HTTP/1.1 401 Unauthorized  (text/html)