Testing Service c2WTS
+- Service c2WTS found
+- Service c2WTS is running
+- Path of service: C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe
+- Config File: C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe.config
+- Service Logon: SYSTEM\NT AUTHORITY
----- start of config file ----
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="windowsTokenService" type="Microsoft.IdentityModel.WindowsTokenService.Configuration.WindowsTokenServiceSection, Microsoft.IdentityModel.WindowsTokenService, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<startup>
<supportedRuntime version="v4.0" />
<supportedRuntime version="v2.0.50727" />
</startup>
<windowsTokenService>
<!--
By default no callers are allowed to use the Windows Identity Foundation Claims To NT Token Service.
Add the identities you wish to allow below.
-->
<allowedCallers>
<clear />
<add value="WSS_WPG" />
</allowedCallers>
</windowsTokenService>
</configuration>
----- end of config file ----
Retrieving security groups/users allowed to use the service from config file
+- WSS_WPG
Trying to login .........
Using provided credentials to login
***** c2WTS could not provide a valid Windows Token. Reason: WTS0003: The caller is not authorized to access the service.

Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Microsoft.IdentityModel.WindowsTokenService.S4UClient.IS4UService_dup.UpnLogon(String upn, Int32 pid)
at Microsoft.IdentityModel.WindowsTokenService.S4UClient.<>c__DisplayClass1.<UpnLogon>b__0(IS4UService_dup channel)
at Microsoft.IdentityModel.WindowsTokenService.S4UClient.CallService(Func`2 contractOperation)
at c2WTSTest.Form1.button2_Click(Object sender, EventArgs e)

Now Verifying if user WTC\Setup.MOSS has rights on c2WTS
+- User WTC\Setup.MOSS has no access to the service
*** Analysis Complete ***

05-11 23:02