wcf: WCF 4.5.0 and .NET Core 2.1 - NTLM authentication fails with "Authentication failed because the connection could not be reused"

Quick details

• Consistently getting on the second request System.ServiceModel.CommunicationException: Authentication failed because the connection could not be reused. on windows and linux while using NTLM.
• Client System.ServiceModel.Http version 4.5.0
• Client System.ServiceModel.Security version 4.5.0
• Client target framework netcoreapp2.1
• Client Platform: Windows 10 desktop and stretch linux in docker (with gss-ntlmssp-dev)
• Server Platform: Windows Server 2012 R2 - IIS 8.5 - WCF (not sure what version)
• Both using BasicHttpBinding and client using generated service proxy classes
• Both set to BasicHttpSecurityMode.TransportCredentialOnly and HttpClientCredentialType.Ntlm

The gist of this issue we’re seeing is that making multiple service calls with NTLM will fail with the exception “Authentication failed because the connection could not be reused”. Multiple calls seem to always fail - sometimes calls also fail the first time under some conditions. I’ve not had this issue with .NET core 2.1 HttpClient and manually coding SOAP requests. The client applications have been running without issues using .NET Core 2.0 and WCF 4.4.1 for a while now on windows and linux. I don’t believe this is a gss related issue, but it could be an environment issue on our part with the service we’re connecting to. The service we’re calling is a WCF web service setup using Dynamics AX and running in IIS 8.5 on Windows Server 2012 R2. I will probably need to keep working and develop a code sample (two docker containers, hopefully, or be able to pinpoint some other platform specific interplay)

Below is a full stack trace. There’s a lot of details to work through so I apologize for this hasty post and like I said I would like to add a code sample. But I just wanted to post this so if somebody saw it they could provide some context or insight so I can save some time when I am troubleshooting and trying to get down to a minimum viable code sample for posting here.

I have observed this behavior on both windows 10 (no container) and running in docker using the image microsoft/dotnet:2.1-aspnetcore-runtime-stretch-slim image with the gss-ntlmssp-dev package installed.

System.ServiceModel.CommunicationException: Authentication failed because the connection could not be reused. ---> System.Net.Http.HttpRequestException: Authentication failed because the connection could not be reused.
   at System.Net.Http.HttpConnection.DrainResponseAsync(HttpResponseMessage response)
   at System.Net.Http.AuthenticationHelper.SendWithNtAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean isProxyAuth, HttpConnection connection, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.AuthenticationHelper.SendWithAuthAsync(HttpRequestMessage request, Uri authUri, ICredentials credentials, Boolean preAuthenticate, Boolean isProxyAuth, Boolean doRequestAuth, HttpConnectionPool pool, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DecompressionHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts,
Boolean disposeCts)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpClientRequestChannel.HttpClientChannelAsyncRequest.SendRequestAsync(Message message, TimeoutHelper timeoutHelper)
   --- End of inner exception stack trace ---
   at System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(HttpRequestException requestException, HttpRequestMessage request, HttpAbortReason abortReason)
   at System.ServiceModel.Channels.HttpChannelFactory`1.HttpClientRequestChannel.HttpClientChannelAsyncRequest.SendRequestAsync(Message message, TimeoutHelper timeoutHelper)
   at System.ServiceModel.Channels.RequestChannel.RequestAsync(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.RequestChannel.RequestAsyncInternal(Message message, TimeSpan timeout)
   at System.Runtime.TaskHelpers.WaitForCompletionNoSpin[TResult](Task`1 task)
   at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs, TimeSpan timeout)
   at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(MethodCall methodCall, ProxyOperationRuntime operation)
   at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(MethodInfo targetMethod, Object[] args)
--- End of stack trace from previous location where exception was thrown ---
   at System.Reflection.DispatchProxyGenerator.Invoke(Object[] args)
   at generatedProxy_2.Create(CustomerCreateServiceCreateRequest )