Monday, March 1, 2010

Dealing With The 'Unrecognized Element 'extendedProtectionPolicy'' Exception

Recently I began using Windows 7 Ultimate in addition to VS.NET 2008. I had to refresh a reference to an existing WCF service which did just fine. However, upon deploying the application back out to the production Windows Server 2003 server, I began to see the following exception being thrown:

"Unrecognized element 'extendedProtectionPolicy' "

I actually could have seen this listed as a 'Warning' prior to compile with the following message as well:

"The element 'transport' cannot contain child element 'extendedProtectionPolicy' because the parent element's content model is empty."

This is all in reference to the following configuration element that appeared in my client's .config file in regards to the WCF service being consumed:

Regardless of where the issue is noticed, it appears this is caused by the usage of multiple platforms. It appears that the configuration is only created when consuming the service on my Windows 7 development box, but then not recognized by other platforms such as Windows Server 2003. The 'ExtendedProtection' configuration as I understand is to help prevent attacks during the credential challange process. However due to its staged rolluot, it is not fully supported and hence the above errors are generated.

The fix? Simple for the time being. Just remove the tag and redeploy the configuration. Depending on the configuration, it may be embedded between a set of "Transport" tags. If this is the case remove the inner "extendedProtectionPolicy" tag, and shorthand the end of the transport tag "/>"


  1. Thanks for posting this. Had the same problem and your solution did the trick!

  2. That really helped, thanks

  3. Ran into the same problem.

    It's a pretty big issue in fact. Odd that it isn't resolved.

    Thanks for the advice. Will try fix shortly on other dev's machine.

  4. Maybe this could help:


  5. Not quite. My development environment is VS 2008 running on Windows Server 2003. I had to refresh the service definition for a WCF client test app which was successfully tested from my dev environment as well as from a Windows 7 platform. The error didn't show up until we moved the test client to our production Windows Server 2003 environment.

    So the issue is not limited to VS on Windows 7.

  6. You literally just saved my life... Thanks :D

  7. Hi This is Faisal,
    Thanks for needful, Comments