SocketHttpHandler is failing NTLM authentication to proxy

[wfurt]

I essentially use example from #25366 When running on Windows using WinHTTPHandler it works just fine. On Linux I did verify my proxy setup using curl directly.

Note, that server expects NTLM directly instead of Negotiate/NTLM

HTTP/1.1 407 Proxy Authentication Required
Server: squid/3.5.12
Mime-Version: 1.0
Date: Thu, 08 Mar 2018 21:26:30 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3566
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Proxy-Authenticate: NTLM
X-Cache: MISS from CLRPERFTST003
X-Cache-Lookup: NONE from CLRPERFTST003:3128
Via: 1.1 CLRPERFTST003 (squid/3.5.12)
Connection: keep-alive

On Linux I tried to force NTLM in TryGetValidAuthenticationChallengeForScheme() and CheckIfProxySupportsConnectionAuth() and I got following trace.

System.ComponentModel.Win32Exception (0x80090020): GSSAPI operation failed with error - An invalid status code was supplied (Unknown error).
at System.Net.Security.NegotiateStreamPal.AcquireCredentialsHandle(String package, Boolean isServer, NetworkCredential credential) in /home/clruser/git/corefx/src/Common/src/System/Net/Security/NegotiateStreamPal.Unix.cs:line 313
at System.Net.NTAuthentication.Initialize(Boolean isServer, String package, NetworkCredential credential, String spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding) in /home/clruser/git/corefx/src/Common/src/System/Net/NTAuthentication.Common.cs:line 127
at System.Net.NTAuthentication..ctor(Boolean isServer, String package, NetworkCredential credential, String spn, ContextFlagsPal requestedContextFlags, ChannelBinding channelBinding) in /home/clruser/git/corefx/src/Common/src/System/Net/NTAuthentication.Common.cs:line 98
at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, CancellationToken cancellationToken) in /home/clruser/git/corefx/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/AuthenticationHelper.NtAuth.cs:line 57
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken) in /home/clruser/git/corefx/src/System.Net.Http/src/System/Net/Http/SocketsHttpHandler/HttpConnectionPool.cs:line 255

That was somewhat surprising as I did not have Kerberos configured and curl works fine.
On Windows I did not dig deeper but I don't see any response to initial 407.

[wfurt]

I test this on windows agains IIS. WinHttp Handler works but when I switch to SocketHandler, it tried but ends with 401 e.g. it will get rejected by server. Should I open separate issue for that @geoffkizer or do you want to track it together?