Click here to Skip to main content
13,589,271 members
Click here to Skip to main content
Add your own
alternative version

Tagged as


1 bookmarked
Posted 12 Feb 2011
Licenced CPOL

WCF Secure Channel cannot be opened - Load Balancing with wsHttp Binding

, 12 Feb 2011
Rate this:
Please Sign up or sign in to vote.
WCF Secure Channel cannot be opened - Load Balancing with wsHttp Binding

When a WCF service generates the following error:

Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.

Inner Exception:

The request for security token has invalid or malformed elements.

This probably means that the service is running under a load balanced environment, and the WCF settings are not configured correctly. This error is intermittent because the load balancer may be landing on the same server, but when the request is sent to a different server the security token becomes invalid. When using the wsHttpBinding on a Load balanced environment , it is necessary to turn off the security context establishment. The establishSecurityContext attribute should be set to false. By default, this value is true. This needs to be added to both the host and client configurations.

The host configuration should look something like this:

<binding name="wsHttpBindingLB">
     <security mode="Message">
         <message clientCredentialType="Windows" establishSecurityContext="false"/>
    <behavior name="ozkary.SerBehavior">
    <serviceMetadata httpGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
<service behaviorConfiguration="ozkary.SerBehavior" name="ozkary.Service">
     <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBindingLB" 

<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />

The client configuration should look as follows:

   <binding name="wsHttpBindingLB">               
    <security mode="Message">                    
         <message clientCredentialType="Windows"  establishSecurityContext="false"/>
<endpoint  address="myService.svc" binding="wsHttpBinding"

        bindingConfiguration="wsHttpBindingLB" contract="ozkary.IService">               

Another approach to address this error is to add another endpoint and use BasicHttpBinding instead. This by default provides persistent connections, but if you do not want the persistent connection, it can be disabled by setting the KeepAliveEnabled attribute to false. To learn more about configuring WCF services in a load balanced environment, you can read the following from MSDN:

I hope this helps.


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

ozkar garcia
Architect OG-BITechnologies
United States United States

You may also be interested in...

Comments and Discussions

Questioni encounter the same error Pin
people8091126-Sep-11 16:19
memberpeople8091126-Sep-11 16:19 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Cookies | Terms of Use | Mobile
Web01-2016 | 2.8.180615.1 | Last Updated 13 Feb 2011
Article Copyright 2011 by ozkar garcia
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid