WCF service: The HTTP request is unauthorized with client authentication scheme 'Negotiate'

I have a WCF client in a VS2012 project that has the configuration:

<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="myServiceBehaviour">
                <serviceMetadata httpGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpEndpointBinding">
                <security mode="Transport">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
    <services>
        <service behaviorConfiguration="myServiceBehaviour"
                   name="xxx.Web.Mvc.Client.Services.MyService">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" contract="xxx.Wcf.IMyService">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
        </service>
    </services>
</system.serviceModel>

Within IIS 7.5, the service is set to use Windows authentication.

I'm using basicHttpBinding over HTTPS. My requirements are SSL, but I've ended up using Windows authentication to get it to work.

I have a quick and dirty console application with the following config:

<system.serviceModel>
    <bindings>
        <basicHttpBinding>
            <binding name="BasicHttpEndpoint">
                <security mode="Transport">
                    <transport clientCredentialType="Windows" />
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://dev.xxxx.local/xxxx.Web.Mvc.Client/services/MyService.svc"
            binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
            contract="MyService.IMyService" name="BasicHttpEndpoint" />
    </client>
</system.serviceModel>

This works fine, like a dream.

The same configuration (I thought) in a VB application:

<system.serviceModel>
<bindings>
  <basicHttpBinding>
    <binding name="BasicHttpEndpoint" sendTimeout="10:00:00"> <!-- See point 1 below -->
      <security mode="Transport">
        <transport clientCredentialType="Windows" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<client>
  <endpoint address="https://xxxx.inter.local/xxxx.Web.Mvc.Client/services/MyService.svc"
    binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
    contract="MyService.IMyService" name="BasicHttpEndpoint" />
</client>

Doesn't work, instead I get:

MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate oXIwcKADCg....igAwIBAaERMA8bDWlvbXZuZWRkZXYwMiQ='.

The service is clearly fine, it's just the client (and specifically the web site client) that is struggling.

Seemingly, the server is rejecting the authorisation from the web site client. The Negotiate response includes the token, I've ommitted for obvious reasons here, but you can see the structure.

How can I get this working? With the only requirement being it needs to be over SSL. I'd prefer to send credentials, but I'm not bothered. I didn't get very far using anonymous, anyway.

Points:

1. The sendTimeout setting is applied because for some reason when being called remotely from the web site client, execution takes over 1 minute and times out.