If it is an option, I would simply reinstall the Web Console and IIS roles on that machine.
Will probably be faster than troubleshooting the actual issue I think.
Have you had any luck on this one? I have even stood up a new 2016 with only Management Server, Operations Console, and Web Server. Same repeatable issue.
Both the test-scom and the production scom have the web console installed on the management server. No SSO. And I get an error if I enter wrong username/password. The security and application event logs are quiet as the western front.
I tried to enable http for the site now. And then I get “The remote server returned an error: (404) Not Found.” when trying to login. According to the IIS logs the error comes from: /OperationsManager/css/node_modules/font-awesome/fonts/fontawesome-webfont.ttf