I am tying to launch a process in Chromium sandbox with App Container enabled, I didn't change any settings, so it's just a normal startup and it, actually, works well on my Windows 11 system, however on Windows Server 2019 Datacenter, version 10.0.17763 I am getting access denied error (the application was unable to start correctly: 0xc0000022) during startup of the child (target) process. I can't debug this process because it fails before main function somewhere during loading dependencies process. Here are some screenshots with more details. 
I asked ChatGPT 4 to help, but it gave very generic response like update your system, disable antivirus, check container permissions, execute icacls, which is not installed on the Datacenter machine.
The most interesting part is base.dll and some other libraries are successfully read and subsequently passed to QueryFileMapping, QueryNameInformationFile and QuerySecurityFile actions, however the same workflow with libc++.dll located in the same build directory is different.
This happens only if application container is applied (by calling config->AddAppContainerProfile(package_name, true) which detects that container with such a name has been found and "opens" it, gets sid, initializes container base classes in broker process.
I also tried to launch the target process without broker (without alternate dektop, lower token) by a special AppContainer launcher app and it worked good.
Also I can see the following warnings in the output:
> ReturnHr(2) tid(2534) 800700B7 Cannot create a file when that file already exists.
> onecore\base\appmodel\identity\lib\packageidentity.cpp(85)\kernelbase.dll!773561DB: (caller: 612C9D3A) ReturnHr(3) tid(2534) 800700B7 Cannot create a file when that file already exists.
> Msg:[Moniker test_env DispName Chrome Sandbox]
> onecore\ds\security\gina\profile\profext\appcontainer.cpp(1808)\profext.dll!612C9D55: (caller: 612CA83F) LogHr(1) tid(2534) 800700B7 Cannot create a file when that file already exists.
> Msg:[Name test_env display Chrome Sandbox]
>
but I believe those are just telling that app container already exists. Please help to resolve this issue, thanks in advance.