Negotiate, NTLM issue when consuming WCF from VS Extension

Hi

I'm getting the following error when calling WCF service from Visual Studio extension:

The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'.

Wierd thing is that when I'm debugging my extension in the Experimental Instance everythink works fine, but when I publish it and install extension on normal VS instance, I get mentioned error on each call.

Service is hosted on WIndows Server 2008 R2 Standard with SP1 and IIS 7.5

Server config:

<wsHttpBinding><binding name="WSHttpBinding_HTTPS" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="10000000" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false"><readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /><reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><security mode="Transport"><transport clientCredentialType="Windows" proxyCredentialType="None" realm="" /><message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true" /></security></binding></wsHttpBinding>

Client code:

var binding = new WSHttpBinding
{
    Security =
    {
        Mode = SecurityMode.Transport,
        Transport =
        {
            ClientCredentialType = HttpClientCredentialType.Windows,
            ProxyCredentialType = HttpProxyCredentialType.None
        },
        Message =
        {
            ClientCredentialType = MessageCredentialType.Windows,
            NegotiateServiceCredential = true,
            AlgorithmSuite = SecurityAlgorithmSuite.Default,
            EstablishSecurityContext = true
        }
    }
};


var endpoint = new EndpointAddress(new Uri(ServiceUrl), EndpointIdentity.CreateSpnIdentity(""));

var channelFactory = new ChannelFactory<IService>(binding, endpoint);
if (channelFactory.Credentials != null)
{
    channelFactory.Credentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials;
    channelFactory.Credentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
}
_service = channelFactory.CreateChannel();

Thanks in advance.