AEM Dispatcher on IIS 10 with Windows Authentication NTLM - authentication problem when Dispatcher cache enabled

I have strange problem with AEM Dispatcher running on Windows Server 2019 on IIS 10 with Windows Authentication turned on.

When AEM Dispatcher is configured to cache static files, the website can be accessed using Chrome, IE, Edge from Windows. It doesn't work using Firefox. Windows Authentication keeps asking about credentials and loads only start.html without static files. IIS gives response code 401.2 for static files stored on server's disk. Additionally it doesn't work using any web browser from Linux / Mac OS.

When dispatcher is configure to does not cache files the website can be accessed using all of mentioned browsers either from Windows and Linux / MacOS. Authentication is over NTLM using Windows Authentication.

Technical details:

• Website configuration on IIS:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <clear />
            </rules>
        </rewrite>
        <serverRuntime authenticatedUserOverride="UseWorkerProcessUser" />
        <security>
            <authentication>
                <windowsAuthentication enabled="true" useKernelMode="true" useAppPoolCredentials="false">
                    <extendedProtection tokenChecking="Require" />
                    <providers>
                        <clear />
                        <add value="Negotiate" />
                        <add value="NTLM" />
                    </providers>
                </windowsAuthentication>
            </authentication>
        </security>
        <caching enabled="true" enableKernelCache="true" />
    </system.webServer>
</configuration>

• Dispatcher version: dispatcher-iis-windows-x64-ssl1.1-4.3.3
• NTFS permissions are configured accorging do AEM documentation: app pool identity has Modify permissions on application home directory and Read & Execute on folder in which are Dispatcher handler (disp_iis.dll) located, DOC
• Client from which I test access the website is not a member of a domain, I use domain user credentials in form domain\user (NTLM behind scene)
• Any changes in Firefox about:config provided in Firefox documentation doesn't help. Additionally if cache is disabled in Dispatcher it works fine, so it probably is not a problem with browser config
• When in Windows Authentication there is only NTLM provider (without Negotiate), and Dispatcher cache is enabled, Windows Authentication keeps asking about credentials and gives 401.1
• Communication is over NTLMv2 but I've also tried using NTLMv1 and it doesn't matter
• I've tried to disable useKernelMode and Extended Protection - it doesn't make difference
• In AEM Logs there is only request for start.htlm logged when trying to reach website, it looks like another requests doesn't pass through Windows Authentication

Have anyone of you had similar problem or have any idea how to resolve it? Thank you in advance.

Update:

Addidional tests showed that request is successfully authenticated by WindowsAuthenticationModule and then it is handled by Dispatcher ISAPI Extension. When in request header there is "Authorization: Negotiate" it works fine (it still use NTLM behind the scene). It authenticates only once. When there is Authorization: NTLM it successfully authenticates once, then dispatcher ISAPI Extension handles request, changes handler to NewHandlerName="StaticFile and WindowsAuthenticationModule starts and try to euthenticate twice and throws error:

ModuleName="WindowsAuthenticationModule", Notification="AUTHENTICATE_REQUEST", HttpStatus="401", HttpReason="Unauthorized", HttpSubStatus="1", ErrorCode="No credentials are available in the security package (0x8009030e)", ConfigExceptionInfo=""