.NET Framework secure .NET remoting tcp channel fails after upgrade W11 client PC to 24H2

Question

Since upgrading to Windows 11 24H2 on their client PC’s, our customers complain that they cannot use our C# client application (DTC) anymore. The DTC application was running fine on a previous Windows 11 version (and on any other OS). Our DTC application is in place for a long time with multiple released versions where the latest is released in June 2024 without any issues. DTC is a C# application using .NET Remoting from .NET Framework 4.8 to communicate with a Server using a secure TCP-client-channel. When running DTC on W11-24H2 execution of any .NET remoting method (defined on the interface) results in a security exception: “Description: Either the target name is incorrect or the server has rejected the client credentials” It seems related to the credentials (username/password) used in the client channel properties. In our case the client attempts to connect to the server as an anonymous (empty username/password) user (NT AUTHORITY\ANONYMOUS LOGON). We looked on the internet (and asked Copilot) for solutions but could not find a satisfying answer. Note that the DTC application did run correctly before upgrading to Windows 11 24H2 !!

The DTC C# code snippet creating the secure client channel:

IDictionary sinkProperties = new Hashtable();
sinkProperties["typeFilterLevel"] = "Full";
BinaryClientFormatterSinkProvider binaryClientFormatterSinkProvider = new BinaryClientFormatterSinkProvider(sinkProperties, providerData: null);
IDictionary channelProperties = new Hashtable();
channelProperties["timeout"] = timeoutSeconds * 1000;
channelProperties["username"] = "";
channelProperties["password"] = "";
channelProperties["name"] = "secured";
_clientTcpChannelSecured = new TcpClientChannel(channelProperties, binaryClientFormatterSinkProvider);
ChannelServices.RegisterChannel(_clientTcpChannelSecured, ensureSecurity: true);

The configuration file on server side contains:

  <system.runtime.remoting>
    <application name="RemotingService">
      <lifetime leaseTime="20D" sponsorshipTimeout="1H" renewOnCallTime="1D" leaseManagerPollTime="1H" />
      <service>
        <wellknown type="RemotingService.ClientRemote, RemotingService.WinService" objectUri="ClientRemote" mode="SingleCall" displayName="Remoting Service" />
      </service>
      <channels>
        <channel name="secured" ref="tcp" secure="true" port="8087">
          <serverProviders>
            <formatter ref="binary" typeFilterLevel="Full" />
          </serverProviders>
        </channel>
      </channels>
    </application>
  </system.runtime.remoting>

Question: Is there any setting (registry/policy etc.) within Windows 11 24H2 to resolve this and get DTC operational again? Maybe another approach to use (anonymous) credentials in setting up a secure Client-TCP-channel? An answer is very appreciated and would solve our customers reported MAJOR issues on short terms.

The expected behavior was that .NET Remoting approach we used and worked before Windows 11 24H2 as client would continue working. Note that problem was also already identified in new coming Windows Server 2025 context