If you get the SEC_E_UNKNOWN_CREDENTIALS error from AcquireCredentialsHandle() from a WCF application you need to check the certificate being used for the WCF communication.
SEC_E_UNKNOWN_CREDENTIALS is defined as:
#define SEC_E_UNKNOWN_CREDENTIALS _HRESULT_TYPEDEF_(0x8009030DL) and a return type of this indicates that the credentials are bad.
Also AcquireCredendtialsHandle() treats credentials as unknown if it does not get the provider name. If you land up getting this error, check if the certificate used in the communication contains a provider name or not. Setting the provider type and name with the certificate and/or credentials might fix the issue.
On pre version 4.0 of the .Net framework there was a design limitation in the data structures (The mapping from provider type to provider name maxed out at provider type 20. Since the AES provider is type 24, it didn’t get a name mapped.) That has been eliminated on the version 4.0 of the framework. So in framework versions less than 4.0, if you just specify the provider type and if it is less than 20, you do not have to specify the provider name.
Having said this if you need to use AES as the provider then there are two options:
1. Upgrade to 4.0 version of the framework.
2. If you are using a version less than 4.0 of the framework ensure that the credentials have a provider type and name.
More Information: The default provider type for CspParameters has changed. Before .Net Framework 3.5 SP1, the default provider type for CspParameters was PROV_RSA_FULL (Type 1). Now it's PROV_RSA_AES (Type 24) for all operating systems which support Microsoft Enhanced RSA and AES Cryptographic Provider. So if you do not set the provider type it will be set to 24 by default on OS's which support Microsoft Enhanced RSA and AES Cryptographic Provider. If you have to set the provider type to any other value that is less than 20 you need to explicitly set it in your code.
Support Escalation Engineer, Microsoft Developer Support