WCF "Too many active security negotiations" error in production

Question

We have a WCF service that over 100 client sites make calls to. Today we started getting the

Exception: Server 'http://[url]/services/[service].svc/ws' sent back a     
fault indicating it is too busy to process the request. Please retry later. Please see the 
inner exception for fault details.
System.ServiceModel.FaultException: There are too many active security negotiations or 
secure conversations at the service. Please retry later.

The only information I could find is that I need to make the maxPendingSessions larger. But that would require changing the endpoint to a CustomBinding, which will be difficult because I'd have to push that to all of my client sites.

Is there some way I can just "reset" the number of security negotiations and such? This would give us time to change the client program to use the custom binding, because at the moment, our sites cannot talk to our server.
I've tried making a small change to the config file and saving, which should have restarted the service, but we're still getting errors.

Or is there some other way I could handle this?

Edit Here's my config:

<?xml version="1.0"?>
<configuration>
  <configSections>
    <section name="dataConfiguration" type="Microsoft.Practices.EnterpriseLibrary.Data.Configuration.DatabaseSettings,     Microsoft.Practices.EnterpriseLibrary.Data"/>
  </configSections>
  <connectionStrings>
  </connectionStrings>
    <system.web>
      <compilation debug="true" targetFramework="4.0"/>
      <authorization>
        <allow users="?"/>
      </authorization>
    </system.web>

  <system.diagnostics>
    <sources>
      <source name="System.ServiceModel" switchValue="Error" propagateActivity="true">
        <listeners>
          <add name="xml" />
        </listeners>
          </source>
    </sources>
    <sharedListeners>
      <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="D:\logs\log.txt" />
    </sharedListeners>
  </system.diagnostics>

  <system.serviceModel>
<diagnostics performanceCounters="All" />
        <services>
       <service name="WCFServiceLibrary.WCFService">
     <endpoint address="ws" binding="wsHttpBinding"     bindingConfiguration="WSHttpBinding_IWCFService"
      name="WSHttpEndpoint_IWCFService" contract="WCFServiceLibrary.IWCFService" />
     <endpoint address="basic" binding="basicHttpBinding"
              name="BasicHttpEndpoint_IWCFService"             contract="WCFServiceLibrary.IWCFService" />
     <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
   </service>
  </services>
    <bindings>
          <wsHttpBinding>
            <binding name="WSHttpBinding_IWCFService" 
            maxBufferPoolSize="524288" maxReceivedMessageSize="1048576">
        <readerQuotas maxDepth="32" maxStringContentLength="65536"     maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="Message">
            <message clientCredentialType="Certificate"     negotiateServiceCredential="true"
                algorithmSuite="Default" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
        <behaviors>
            <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <serviceCertificate findValue="CN=[url]" storeLocation="LocalMachine"     storeName="TrustedPeople" />
            <clientCertificate>
              <authentication revocationMode="NoCheck"     certificateValidationMode="PeerTrust" />
                </clientCertificate>
          </serviceCredentials>
          <serviceThrottling maxConcurrentCalls ="1001" maxConcurrentSessions="1001"     maxConcurrentInstances="1000" />
                    <serviceMetadata httpGetEnabled="true"/>
                    <serviceDebug     includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
            <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
    </system.serviceModel>
</configuration>

EDIT
We tried an iisreset and even restarted the server and it's still throwing the same error.

Answer 1

http://social.msdn.microsoft.com/Forums/en-GB/wcf/thread/a8f82f1d-e824-474e-84ef-b5e9ba7eca18

Problem is creating client but not using it (not calling any method on it).

http://litemedia.info/there-are-too-many-active-security-negotiations-or-secure-conversations-at-the-service

I spent 4 days investigating this in .NET 4.0 to realise it is NOT fixed.

Repro is easy:

ChannelFactory<IFoo> foo = new ChannelFactory<IFoo>("binding");
foo.Open();
foo.Close();

After 128 calls you get the error.

I do not know why it is not fixed but solution is to create the proxy when you are sure you need to call it. Increasing maxPending noy really useful as you might still hit the threashold.