WCF "Too many active security negotiations" error in production

We have a WCF service that over 100 client sites make calls to. Today we started getting the

Exception: Server 'http://[url]/services/[service].svc/ws' sent back a     
fault indicating it is too busy to process the request. Please retry later. Please see the 
inner exception for fault details.
System.ServiceModel.FaultException: There are too many active security negotiations or 
secure conversations at the service. Please retry later.

The only information I could find is that I need to make the maxPendingSessions larger. But that would require changing the endpoint to a CustomBinding, which will be difficult because I'd have to push that to all of my client sites.

Is there some way I can just开发者_C百科 "reset" the number of security negotiations and such? This would give us time to change the client program to use the custom binding, because at the moment, our sites cannot talk to our server.

I've tried making a small change to the config file and saving, which should have restarted the service, but we're still getting errors.

Or is there some other way I could handle this?

Edit Here's my config:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings,     Microsoft.Practices.EnterpriseLibrary.Data"/>
  </configSections>
  <connectionStrings>
  </connectionStrings>
    <system.web>
      <compilation debug="true" targetFramework="4.0"/>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>

  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel" switchValue="Error" propagateActivity="true">
        <listeners>
          <add name="xml" />
        </listeners>
          </source>
    </sources>
    <sharedListeners>
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="D:\logs\log.txt" />
    </sharedListeners>
  </system.diagnostics>

  <system.serviceModel>
<diagnostics performanceCounters="All" />
        <services>
       <service name="WCFServiceLibrary.WCFService">
     <endpoint address="ws" binding="wsHttpBinding"     bindingConfiguration="WSHttpBinding_IWCFService"
      name="WSHttpEndpoint_IWCFService" contract="WCFServiceLibrary.IWCFService" />
     <endpoint address="basic" binding="basicHttpBinding"
              name="BasicHttpEndpoint_IWCFService"             contract="WCFServiceLibrary.IWCFService" />
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
   </service>
  </services>
    <bindings>
          <wsHttpBinding>
            <binding name="WSHttpBinding_IWCFService" 
            maxBufferPoolSize="524288" maxReceivedMessageSize="1048576">
        <readerQuotas maxDepth="32" maxStringContentLength="65536"     maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="Message">
            <message clientCredentialType="Certificate"     negotiateServiceCredential="true"
                algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
        <behaviors>
            <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <serviceCertificate findValue="CN=[url]" storeLocation="LocalMachine"     storeName="TrustedPeople" />
            <clientCertificate>
              <authentication revocationMode="NoCheck"     certificateValidationMode="PeerTrust" />
                </clientCertificate>
          </serviceCredentials>
          <serviceThrottling maxConcurrentCalls ="1001" maxConcurrentSessions="1001"     maxConcurrentInstances="1000" />
                    <serviceMetadata httpGetEnabled="true"/>
                    <serviceDebug     includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
            <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
    </system.serviceModel>
</configuration>

EDIT

We tried an iisreset and even restarted the server and it's still throwing the same error.

http://social.msdn.microsoft.com/Forums/en-GB/wcf/thread/a8f82f1d-e824-474e-84ef-b5e9ba7eca18

Problem is creating client but not using it (not calling any method on it).

http://litemedia.info/there-are-too-many-active-security-negotiations-or-secure-conversations-at-the-service

I spent 4 days investigating this in .NET 4.0 to realise it is NOT fixed.

Repro is easy:

ChannelFactory<IFoo> foo = new ChannelFactory<IFoo>("binding");
foo.Open();
foo.Close();

After 128 calls you get the error.

I do not know why it is not fixed but solution is to create the proxy when you are sure you need to call it. Increasing maxPending noy really useful as you might still hit the threashold.

Since it seems you're not using a custom service factory then you're not creating a singleton service hosted in IIS. The issue may be related to setting your service to run multi-threaded. Unless your service contains code that depends/manages multiple threads, you should configure the service instanciation to be single threaded. Set ConcurrencyMode = Single and remove the serviceThrottling element from the config to use the built-in WCF defaults for these. If the exceptions go away then you're done. Otherwise, you'll know it wasn't the multi-threaded configuration or the service throttling settings.