Error Using Certificate Authentication in WCF

I'm in a bit of a pickle!

I am getting the following error when deploying to one of my live servers which I haven't seen in previous installati开发者_StackOverflow中文版ons. This server is behind a hardware load balancer (BigIP) in our production environment which, as far as I can tell, is the only difference from previous deployments.

Cannot start impersonation because the SecurityContext for the UltimateReceiver role from the request message with the 'http://tempuri.org/ISomeService/GetStuff' action is not mapped to a Windows identity.

We are running Windows Server 2008 R2 (IIS 7.5), WCF 4.0 in a Classic Mode Application pool.

Below are what I think are the releveant snippets from my config file--there may be some typos where I changed the names to protect the guilty:

<service behaviorConfiguration="SomeServiceBehavior" name="SomeService">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpBindingCert" contract="ISomeService" />
</service>

<wsHttpBinding>
    <binding name="wsHttpBindingCert">
        <security mode="Transport">
            <transport clientCredentialType="Certificate" />
        </security>
    </binding>
</wsHttpBinding>

<behavior name="SomeServiceBehavior">
    <serviceMetadata httpsGetEnabled="false" />
    <serviceDebug includeExceptionDetailInFaults="false" />
    <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="ChainTrust" mapClientCertificateToWindowsAccount="True"/>
        </clientCertificate>
        <serviceCertificate findValue="somecert.domain.com" x509FindType="FindBySubjectName" storeName="My" storeLocation="LocalMachine" />
    </serviceCredentials>
</behavior>

Any help would be GREATLY appreciated.