WSE3 web farm problem: "Key not valid for use in specified state"

I have a web service in ASP.NET 2.0 and WSE 3.0. It worked fine until I
setup a web farm with a hardware load balancer. The error I received is "Key
not valid for use in specified state". However, If I connect directly
without going through load balancer, then all servers work fine. I looked at
the client and servers WSE trace, and noticed that the sct was issued in
server1, and the actual request went to server2, like the following

Client output: RST
server1 input: RST
server1 output: RSTR
Client input: RSTR

Client output: Web Service Request
server2 input: Web Service Request ==> Exception: Key not valid for use in
specified state in (Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate11Assertion+ServiceInputFilter)
server2 output: ==> Exception thrown: Send security filter on the server
could not retrieve the operation protection requirements from the operation
state.

The WSE configuration uses X.509 Certificates with client authorization, the
following is my policy file, with stateful security context token enabled in
web.config.

--- Policy start ---

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy";>

<extensions>

<extension name="authorization"
type="Microsoft.Web.Services3.Design.AuthorizationAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

<extension name="mutualCertificate11Security"
type="Microsoft.Web.Services3.Design.MutualCertificate11Assertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

<extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />

</extensions>

<policy name="WSE">

<authorization>

<allow user="CN=Client" />

<deny user="*" />

</authorization>

<mutualCertificate11Security establishSecurityContext="true"
renewExpiredSecurityContext="true" requireSignatureConfirmation="true"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
requireDerivedKeys="true" ttlInSeconds="300">

<serviceToken>

<x509 storeLocation="LocalMachine" storeName="My"
findValue="CN=WebService" findType="FindBySubjectDistinguishedName" />

</serviceToken>

<protection>

<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />

<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />

<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />

</protection>

</mutualCertificate11Security>

<requireActionHeader />

</policy>

</policies>

--- Policy End ---

The following is the trace log in server2 when the request failed.

--- server2 input trace start ---
<inputMessage utc="5/10/2007 8:59:49 PM"
messageId="urn:uuid:9b1284d1-f19e-4509-b7f2-7178625ad545">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:xsd="http://www.w3.org/2001/XMLSchema";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<soap:Header>
<wsa:Action
wsu:Id="Id-51bb555b-d19f-47b8-9df9-755820211ad8">MyService:MyMethod</wsa:Action>
<wsa:MessageID
wsu:Id="Id-75188109-5078-4afa-a0f7-3431d05492e6">urn:uuid:9b1284d1-f19e-4509-b7f2-7178625ad545</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-379fbea5-7c5f-404d-a959-07604062a789">

<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To
wsu:Id="Id-6873c57a-40fd-475c-9418-f587f4544c9c">http://servers/MyService.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-bc117d74-f025-45cc-8048-c4ba7ceac781">
<wsu:Created>2007-05-10T21:01:46Z</wsu:Created>
<wsu:Expires>2007-05-10T21:06:46Z</wsu:Expires>
</wsu:Timestamp>
<wssc:SecurityContextToken
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";
wsu:Id="SecurityToken-60dd0d22-a479-4ab0-b02f-0c2c99f355ff">

<wssc:Identifier>urn:uuid:ac28f433-e1f5-48fe-ac9a-3d1e683467d8</wssc:Identifier>
<p:Cookie
xmlns:p="http://schemas.microsoft.com/wse/2005/03/StatefulSCT";>

<p:EncodedData>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAKovlp3KTE0ubFGHrKpYOrQAAAAACAAAAAAADZgAAqAAAABAAAADCOR6dq4CEcVS3aKRFEaDQAAAAAASAAACgAAAAEAAAAIXdjxkI97OK5X5kbWOF0GRYCwAAlOiL/Ih9TWF1V9beOJD1t0R/NWS04419iyqjA/SRozbk+5FjTN3EwfnDsz9IbqB89KL5e5mQ8aDPJyohh88lRzVfEoQ65UGa+KPz7SeGso3oaXwze4M7GjmdNlvcGmIOjwmwIfXZFM9jswwGWBr7CWMJd96CvyM7C2jBaHYkcbvyj4ntZe4pfBUfptyvmmQyzCzIvcB+4oPJ3I5VfxY1xJEAJrXzN396AXme4LoQ3Y5fkGeQKZgq4IpV99aiVWOjUwA3ENoAD3Uauh5cJXCnGvb6mNMjB4P7Il3dF2u6Cil4wjYm0Zm83Rw6vholTd+xRh9/TwWqx0Sa+R/3JBeloOnBgDqcGUnCtcP4USFQaTqIPnTh7tWZ7BdQQ7txZgyWk6odsDkvoAiUKEX+99joDcSYtBStXsS3E8lq8ufCqrx7M8AbuwLa0Pil++54dI7ZynXE3iewmeCVyZXwObH8MzzionooLGfmLX9bWP/wn1PvXrkhjIXacfxwB40XbYqk5g1uEJhMancGX6HnqHVBV+3DFRxf61OyLt0s9xNOUkVeZCy7eFyHP6C28WrxqitWeIz9CEke0sx4SGcFDo0eKSMvUi8Mak17BaNCsHY1Mffj2XzbUwXxBhUg8sXhpWsdsO4lmCOQ49oH5pco+t/amxcgJh5PePeWWaBztQTMsmIuY9UpcRXjKsKXwxIMpJtbDXDILrxoUX839mOVmDAfYSEKwyezoCHR0bHP3rfBXotNLSBpAWYhAiCwelF9vMQE2GzAxkzT0Ugk+rV29ckGsJEN3eqSdNQXZfIjP8qihzpOgJpxeLuO7FSLTIyVPvByN6B73jLvQSX9XX/qYs8r45GPwKu6loFDH83q365d6o3j9gDG5xUQrz7e7/G/icCfa2s3HsW9jq1C5J5YYBXREFu8A+a7l3yO+zrZmiZCCA/jAejs1yuoY6UW/v8KP7LIgKnQt2loHFinBnFNVktUT3sRCxTkYCeiHecUF/CqBh2BK78f1uXODfhQW5El2RdRFqhBqcbt1Iye7aZm8jvS1Hjyia3r9ssSsBCRPtb3Bami8hciWld0WNBybqADoEm/ATIIg633NooWmvBdS1gA+3IFdh1/j6LxGEHY8K8CmkJBY5agR/3uSM7RsnH7giLCamttAlq4mFgzKN9ZL1g5nvhiUV8628ImPM+vluXCFZZEl6xkh40rBnjIrWruMxmDe7Wp/5vFb7rZ/f5IZiIjJ1WCl2cdyrTiJZWTmG+vrWevN495SOZ44p7BxgNAVi5cZ7oI426z7W4w9pPysBGVVge3UJS3zxo63r5ghEk13Fr9UmKCRSMSWFsts/U+J+UB4remoeu1dPdkK8qLoa1taoXRzhEcMizPGLYft8WesgzK7OsclultWlNdnpScPlyfuRznNr5+hymklFMGnr1qDVmMO1/8vcVSEL9R1oDJvA35/iGhWLxbtrMb8lg6sv99HIN6LuyzH0DMI6WWlwkY6mW9lc6iyxyQk5FJEpsQ4F8uo1heT3hON6wdc6uPMQhyoSQJ/j4jGe52LmW1lnDat2rd26da/hQ8aUgCkZOFFnx/ryufNekJsxwBLZDM7/OcT90J0nigtazpAtcA4lKyGjVzRE3TU3DjYLRT9GoRFla7K/GRe1xsSUks8pHlD1a5QFJ3XwzfR8gadH3Owhbj33KTxWwke78HkQKwifijdSxLkvoDU1+ZhqzrOcilbl7GKiqm5lHYqAjq1cGbyYbxRmKDOZj/4hcNQHDuhHGl6/udDgWPHtADHcJo6HiJ2c6ln2KJX/sHyatof/Zc3++L9my2SQ/GNP4NOFIFM5BhC+XFzI8RJHvN9DCfwzFPLmPvx/z9ICOo/lv6q6Zz7wnqpDeo1XxU8/dIf9UCzYJWtLp4vfKGRWsfnQ4+/gHFU9BHyETQfYEGo3apWBNeCsrI0o/LrhRgwz6ch/EnLkktLG2SzvxHtwaaUXwyUjqwir6IxqeN9/QdiLaWJS7EV5mEsAh0V2Hs/55Riitx/IhHpxL6BEZibxhTauWWCKRhxiBBo4Y5FZ399xB0pxjObq4IxTXrmaTtCEiQGNLwb0rMD02DnoHpYbr0UAGYsBsax/aAjGHnZuOPi3YYZaVZdUqHXZ8MimlH7NfO8E6zY/OIc4Xm8xaenRBDnFzHWk4w9clM2YHApGJQpbjAb8HDNeXnUn1e/gZLYXv2ViexZ28m6XXoSKk114Kzy8WLVxAwSn+APcGmnp4I08WIFAIBVbwh/L5G+QpOP4TtaF2kIloOT/MXrKU+YOpD7LLMCijq371MZ5REPFW83f8JZG+NK61rdOTgo1hkI2TJzzg+J60P8RMS0xTAHF5Csr9WOrW/GClbgWUiiQU//HwN3sEWV/7xugvF2VxhGdnt/iftcv/vR8qw5wEY0XlbU0ZdZo6reXp/S87GYIUv8YYknlthP2SMrtdhsVKO7ka1HL4ZEAGIaY9xyleNuzv0cAfMBYTsgeLXFb4cmAmL0Zp1nkEiJ+Dw+4NUqVRfuAUE5xVpkANeebL2cJ57hRxOb31AiB1n1aI7FksvirIZxy7hNd1CX9H/2Q1G+rJ7ilTUKmWPGB2AV4kmlr4cUY5bXXROt7TrMgkil3GTnk4HOHBL+4WYTU8Ekgi6FbSCU7ghy91fK0fdr7bUUDM2HBM2iDXycyZzaiqjPr2Hv3JZFcQHONnsY7USQCGU3aW6MhzihziYkJk+ktYymjckuwOaZAlYKRksZuiBqAbdIwT7vZW/8FbL7HJjb7yVCs5jSTOVEMaX1YHfI6eFBWYAX4J7HOYcMULomd76EiNq7cch48IIwOqXXtPd0PNa9CAQlreXeawj1LK/7tUgIR7fSr7dRR9Yon0ABcgkOUlBnbUvHJ48h7EdLYcfEYX84G1fRCpQbMpgQGNQnE2a8eIE7lpiM0HiRBl4zPZzruJBpN/6mcCyy9vZgZdAx5BNpEdyIqJUMH9+gEljBEkdQsLQk0u0giPcRmnN8ESL4BfYjsKX1T+tMvIT9JODWti/kZLm032AXz6YvT7UJW4czvSs/GOFnEsw5pmrD12TnXBoyP+qcatFFgx0a7aUyiHjL5Ix336JPKKfFF01WFu11NmhDGvpLVw0EVpCJWhJ50TSWS5F7DT8ukI0KquWKjOVpRU0oqZVM+DJMdxL6rNNhz2YMSIiPW/ujW6chcJYeqmfsiaZbGhMulIoO2JVceW1duqYDMYj6HzgITDX6lO167Jd/ECEtFCcw/hkTWeAzqWctEuxAvSmLoSYMEU1m6lPN4mcxk9/4VBULvN4eDL5JC1fXTtZ1QJtI6phuUvQ9BhyJEtwGTe8tjpMsIQ4E3hFu4cMRzPQzpfnlv62FAkQzcbQZ1uwtsM5SeYTi7H6phPPWhPfrkYDQAgOwctNBZC/CtMn3sMKQ1UaEneGqi9h2BT8VIpPpP5dpPiUHQFTVuD910LOunqInp6VSJCeGaPPaaA3rQNNRiYkWBWvFsehP+/2gM76cXxYlB/yrYzFDMpAZONlF03Q+JM/JUfoza82qcW3LMVOE3ABjXEK6LqFOrI5x5n2Xet2TjakOLNuRIkuNqYNNjZ5HUoHsMWEFKfO967+tlwtUa3NeJu/mN1K2E8SPURJoDT5kGPjhALE9XCBdVSHbv1bTJCBnjwt41ThoPTkRgyFTZRyCm3jaRJDMXY0y2keuC4XGYH1EU4JJnmmsqsDoTnRI3w9cYhtoZXlfbN/viy5uk/RmUfoTKotYxwKYm3OO7CX8KlhorFmT6d04a78mCBNmd2TmGZBmoSv4s8zUZyHYKhYjYeCe5UGou9T8JYWEC49davgROoC8ymkVHwr/FmX6OJUbYRWmnJlVBBJMz2LFAAAACVqLApwNwjjsfoPnnyGePC+sWAd</p:EncodedData>
</p:Cookie>
</wssc:SecurityContextToken>
<wssc:DerivedKeyToken
wsu:Id="SecurityToken-c89f8737-6a0f-48ae-8b9b-a84c2d0a5177"
Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-60dd0d22-a479-4ab0-b02f-0c2c99f355ff"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>24</wssc:Length>
<wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
<wssc:Nonce>PkcVQuvQN2Qe/zkzo9zCqg==</wssc:Nonce>
</wssc:DerivedKeyToken>
<wssc:DerivedKeyToken
wsu:Id="SecurityToken-ac68c35f-35d8-47e5-aa26-3c624156c140"
Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-60dd0d22-a479-4ab0-b02f-0c2c99f355ff"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/sct"/>
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>32</wssc:Length>
<wssc:Label>WS-SecureConversationWS-SecureConversation</wssc:Label>
<wssc:Nonce>kF2ZSWYJzlUX9OsbbZWKVQ==</wssc:Nonce>
</wssc:DerivedKeyToken>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:DataReference URI="#Enc-505c5713-6749-4621-8355-c9cb8eaedcc0"/>
<xenc:DataReference URI="#Enc-7246c760-6fac-46af-b286-0d1ba4568eef"/>
</xenc:ReferenceList>
<xenc:EncryptedData Id="Enc-505c5713-6749-4621-8355-c9cb8eaedcc0"
Type="http://www.w3.org/2001/04/xmlenc#Element";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-ac68c35f-35d8-47e5-aa26-3c624156c140"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>

<xenc:CipherValue>W29KdTw34FIvERCdWiOzGIl3FD9HKWwlxN/VYadXs5xN4tl/vpHmDw44wNmlI0+SuT616MJQBJYe440ggrRQxHoGhSFXgsjVHGy2t6eAejuQUvCgR3pecCgXk31AZp9Reg4kF16MlXaRS2h+AZNoitiH44OaI/xHo0bDtaW2mJcgWrjLlINIuoPeJEF7C13YoVLN2pMvedxHQ1VR5ynY6iqkHfcjwsm8YFuIbvc0iY5Cz6T3HVrXsVE5PiSNwKYxGTz5zrybLN16TNu34z6GOM8oBSG0oWESqGrtGjgUEwj8Y7ZpNQQaAzCUkQtmAAMi2eDwhO94f09DTyB7757p++7K0uzwqrAi4Z9QhgLd5DRHQw3nifuUoO8ZEKxcw8zRvpRXYnEuA5xXFbsh4oVisglste1k711damhvQJpRuPmfYCFWKN4lvuR9p5pmNFw4uQwaPte/cTVf5LaSvDGsm8ECgKseav0qh04ntruw9vavHtUN5491spDBwcYo6AWiMRageKDskeng5jRLn9LtsB56xp0uf9HHE5kPJ8gz83eviNGrmhkVMI4xylwbPcyCsuR6CdU/IhgP6zJh2/pxiiUqLAiVHkfvw+IMnoLuN9aUqoePEolsq2FHyPbaSM/YIkFTPMavoI40MX1TbL7ounoaa285/gUsGtI9P/O+OsJ3kuBbp+JZcDmwWMe6BSgRJ+i9DhKB5uVdN79CRJOkaMpeNAbLxA1kHeibGVXi1cOUiHd127Em8JxPFAIQ7bHUii5Nmft9G4qB3iQ9VTsLSD/ped2n0KmbmoxHPNtC/t0M8slldlLanr6oqHmynQH3GlDsFpkNZ8y5087SkV1twVqcPuiiAE/vfxYXxclB4viBtffK2UxlPfsFp7iC9qUj06MACm7MdGCfWyiaib1chJCFly5Kgml8ZNj/2yfgufmXHam72bIP/EpyO5ss/EsjHGAXcyvYv/mS4fwXlURmVqSM+AsxWmA1gawcabUAWhEM+MyxEX2g46u0hDdJLxBPfyclAxYKbIgcObx2Ebh4GgXSCcVAKq/EMsY2MX1RhvwZsJDzXo12YZ7wzK7Oj+BXeTNWI8Ccgv7CX7ckb8MkNurY5A2dA+sto3X65TFo1VIT6zPIMWCiBgApZLkGAV7XKv8+xUQLQfA55kPAwvQ4Bmug0QJR1V55ITl/lXWmJkWtTJwsiUic1p9gpOH3j5+gp9oK990p6coT6+fvb6PpPQSRosLSMV4+OYgQ/mGQuvMTFIpX+X1pGBTiCEpG9zMIocttAr03oTwcxcc4Kwq6jcH5RsPfYWprrh6M/ElOsBDLF473D63dvrX8w6K3fKGktd2I7pCkR1BkZe/qUQMmE09H+fAldTmkb0nC916EB+D8mhpA76AFHlqvqQcK9FCt/tDa4wwArEdK6cNoouXuVMzZXn1GSfbzrZuhKDijchCRrCHBez2k/1IgZqCWDVZZf8LxwuANHJiXT+x64bFPipBESSfFtHLgWJCFGWU99dH6xFm5ePJhN9ObpykTuP9zVhyyu5Ya238tWbAwjV6B+/CSnz0qCcgBiS5/FhhRfZKEFcBGmzEtZaSYds8T1n+715G6nuxndWcOld8HNOXCjW5PYUuWmBdDTfjA7GmQUXw8OuvWiT12xWgqM8dFCI6FQmerWRB/GcA2V7/WAXhy1GQLgA6ITT4nCYC64Bw9sG+BIQHk5gsh1+YVEVC+qSdWjw6FQdb3qopkvoh0IGCufb5nlmb7xgkGojQhn/L96/tHy0aj/yNfNv9fHLsF86r6k9Hcg1sMPP/kDTrL3ZIAmbSMgmB/cqj9Izl5haqhlRpoNG/hxZHSDJXr9rDHkBYLRg5RTG6zdRNzSa1LRJsxcDG1BQALvflqbwqoBmWf2y5O608bXLgtrNJ3pp4ueRzXN//I9uC2VS3gcmqyTj6JqgFITE/jaklWbbwz2WvQyqu+TCrYUVbezytn3djSJNuqDIxZtXbGun96A5yoaHPHn/nbmoJY7IXVyzAMM0MLhgLn0VQ+4t0IEV3144yvmrO1uGNdIszSAr7tw5OJPUJv39W46Aq6URS9/Ucr26Iud9uhR5mdThOhqwhPA+DPzk1aeEuPkUfPzpxuKDCjb4FLUML2HXI02yzXVcn85BA6s0Zs4q4pv2VhNK9KpTD0UsGQOjjf7cv8qtrzs+Q1jScNS9fgjQxwJcPXhlXU67ZhJ1khk/duxEGEUghvSsFqrGojpfG03cI34+h4RUhX8CPBvLq0RJ9eN06R31Rt0W5/Qf0qq8XXizu4QBnb+V7IUBybrl6+rFV00lDYxITvf7mKElgZaHZTjcY95A1GHDsAvPK1CFfki+pYsx2oClIlnktrg20PGs9l3nkE8M6BQbMUOyuiA4kk8roJr23p6+NFH5c/e00VNELU+brChzKBKsMBdskFD7tf6aXuJ8qJMmPCkXbN/PgskuXr0KGGaGqAtqdchkmSaeuwB8OyKGe1r3mKl1zpJQjf2KFnJyI3elNJpsT+WGJUEHQMwAUw5YA/BKyn/GZgfXGPdxSDXNuBZd8fkyJgYhOLVcOj1klJAZZ7DlWJ8HI41W3ScBYvjCCKI/ZJ5fvrCz80jce2OytRowO7vubLcXW6mrweI+xQim97fYa7jAGG+jAIcYrTPATuOtec13hult6SqCUhnENYVH6Nm4oDDny787frE7G/etB1h12sKfgWDlLNHeq0wVQAMTASQh/UfAidOfkym4JvfBCWcWJsjngp4HjAsFdRYCEKClBYbarZHAnH+0Q3BKUfNENWCDFvP+evNxNeQPE+BqJ3Xc7N3Dt8lstkzK+l4JWtx3ROgADAHrv2mnCJPeqAGjR9VmWJnNenymu+eZmF3H6LlRlhXwl0zGI/r4y99pKAg0BOKBCotLeJQdYyuysex9eNtQ1jjN0p2HxmyoFFQ8dcjacn4+P+EQoKEe/tsbf8vVVUXC4jWzPhpVYnwlKJ26kE+XhVGrRynWS434je2YThdSUOtREKSL1Y03phwm0i6R9FFQhk/NHY4IvER5NRGLldoUMtkG2sVKfaxfeCSvnJQQG+U7XojOSuoq9Z4VowPFWijuptzkd05weID4dAJqs75ehLNZ2f+v+VCsisz1S0IuVMkv5zu9cE8CsGy6ZQ5GqL2hy4tFzgU3DfyREGHI3p7VczdfsJmnST7DixG0y6uDCSmNwcriqQzUfGClTobvMSCV3/UXhp+S9AM41mmXs=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-81736880-996f-469a-8afd-d475fa8ef353">
<xenc:EncryptedData Id="Enc-7246c760-6fac-46af-b286-0d1ba4568eef"
Type="http://www.w3.org/2001/04/xmlenc#Content";
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#";>
<xenc:EncryptionMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-ac68c35f-35d8-47e5-aa26-3c624156c140"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk"/>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>

<xenc:CipherValue>QfAlTGPPMbzgAelQ+3gNkANVHDyCxCqBB6mjrgHS/yUpvQV7ZWoink1xYrATKlggHXiRzZjNzczqaRChcJ855lajPKo0rwDYZz7rxeG4ET2oS0sXUfk3BJ7kni8AvDJMf1+CFd5GqnmYdUvI/TtTf+vUUyUPyv3maXXsHCqOrXAUggt74oyT5LL34Mbul7GC</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"/>
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Design.RequireSoapHeaderAssertion+RequireSoapHeaderFilter"/>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate11Assertion+ServiceInputFilter"/>
<processingStep description="Exception thrown: Key not valid for use in
specified state.
"> at System.Security.Cryptography.ProtectedData.Unprotect(Byte[]
encryptedData, Byte[] optionalEntropy, DataProtectionScope scope)
at
Microsoft.Web.Services3.Security.Cryptography.DataProtectionSecurityStateEncoder.DecodeSecurityState(Byte[] data)
at
Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager.DecodeTokenInfo(XmlElement encodedTokenInfo)
at
Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager.DecryptTokenInfo(SecurityContextToken sct, XmlElement encodedData)
at Microsoft.Web.Services3.Security.Tokens.SecurityContextToken.RecoverKey()
at Microsoft.Web.Services3.Security.Tokens.IssuedToken.get_Key()
at Microsoft.Web.Services3.Security.Tokens.IssuedToken.get_KeyBytes()
at Microsoft.Web.Services3.Security.Tokens.DerivedKeyToken.get_Key()
at
Microsoft.Web.Services3.Security.EncryptedData.ResolveDecryptionKey(String
algorithmUri, KeyInfo keyInfo)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt(XmlElement
encryptedElement)
at Microsoft.Web.Services3.Security.EncryptedData.Decrypt()
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)</processingStep>
</inputMessage>
--- server2 input trace end ---

Anyone has any idea what's wrong here, or any pointer to configure WSE to
work with web farm?

Bryan

.

Relevant Pages

  • Re: How to call Web Service Securely
    ... Maybe I am complicating WSE too much - can you point me to a simple ... you could provide a logon screen in the client app and create a NetworkCredential ... tokens - but that is tied to .NET 2.0 ... make a web method via dialup to my IIS Web Service. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Web Services, Security, X.509
    ... We have a smart client application which consumes an internet-facing ... (At this time the web service and the client use ... WSE 3.0 and it is working ... Finally, if a X.509 certificate is required, which certificate is the ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • had to elevate ASPNET account user rights assignment
    ... I have a client running in our office and asp.net web service ... I finally got the wse 2.0 enabled asp.net web service ... authenticate my username and password as cleartext? ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Problem invoking WSE 2.0 enabled WebService
    ... Yes I mean secure web service implemented with WSE. ... enabled web service by manually creating the security header from the ... you can not consume it from a client application that ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: VBA access to WSE web service?
    ... \par Yes, you're right, COM interop is one possible approach as long as the client machine also has .net framework and WSE installed... ... \par Microsoft Online Support ... \par Subject: Re: VBA access to WSE web service? ... \par>Regarding on the calling WSE protected XML Webservice through Office ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
Loading