On-premise High-trust App and 401 (appredirect.aspx) for anomyous user

Hello,

I've developed a provider hosted App. The App can be used by authenticated and anonymous users. On my development platform the App is working in both cases as expected. Then I configured a new test Server (I did all the steps for high trusted Apps) and installed the new App (Register app, created a new package in Visual Studio, did the changes for the TokenHelper class and so on). Now, the App ist working for authenticated users only. For anonymous users the appredirect page is asking for credentials. The SharePoint log contains only a few Information about the problem:

client_id: i:0i.t|ms.sp.ext|..... and instance_id: https://xxx/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040 from query string
redirectLaunUrl after getting it from query string, web or app instance: https://remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
redirectLaunUrl after getting token replacement: https://remote-domain-app/Pages/AppPartPage.aspx?SPHostUrl=http%3A%2F%2FXXXXXXX%2FDE%2FSP2013Standard&SPHostTitle=SP2013%20Standard%20Layout&SPAppWebUrl=""&SPLanguage=de%2DCH&SPClientTag=1&SPProductNumber=15%2E0%2E4420%2E1017&wpId=g%5F5b8feaca%5F038f%5F473d%5F8001%5F0a91849f9a05&editmode=0&SenderId=1DD84F040
m_oauthAppId after NormalizeAppIdentifier() i:0i.t|ms.sp.ext|548......  Now getting app principal info.
decided that we need to do a POST to the app.
NOTHING MORE

The remote IIS web allows anonymous access and I can open the remote web site as anonymous user. Tried to set the the App Principal permission again, but without luck.  When the remote web is stopped the 401 error still exist - no other error.

I've no idea what I can check next.

-