Kerberos SSO is not redirecting when Captive Portal is enabled on Identity Awareness gateway
The HTTP service class differs from the HTTP protocol. Both the HTTP protocol and the HTTPS protocol use the HTTP service class.
Service Principal Names (SPNs) on DC servers have to be configured to use HTTP.
For more details, refer to Microsoft KB929650 - How to use SPNs when you configure Web applications that are hosted on Internet Information Services.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.