Claims to Windows Token Service (C2WTS) - Unable to delegate the retrieved identity

Servers

ADFSSERVER
- Windows Server 2008 R2 Standard x64
- ADFS 2 RC

WEBSERVER
- Windows Server 2008 Standard x64
- Windows Identity Foundation
- Trusted for delegation
- Correct SPN configuration
- Delegates fine within ASP.Net (historically and currently)
- Claims to Windows Token Server (started and set to automatic)
- c2wtshost.exe.config: <add value="NT AUTHORITY\Network Service" />
- Local Security Policy: User Rights Assignment: Impersonate a client after auth: NETWORK SERVICE (among others)

Web Application

ClaimsBasedApplication
- Configured as a relying party in ADFS
- Recieves and presents all claims per the claim rules in ADFS (working great)
- App Pool: Integrated, 32bit=false, NetworkService
- Anonymous Auth: App pool identity
- SSL using domain cert (trusted on client but no chain verification)

Code

PublicFunction GetImpersonationText(ByVal claimsIdentity As IClaimsIdentity) AsStringDim builder AsNew StringBuilderDim result As ServiceReferences.ImpersonationTestProxy.SingleObjectResponseOfImpersonationResultBXe52vhv
Dim upn = GetClaim(claimsIdentity, System.IdentityModel.Claims.ClaimTypes.Upn)'Errors here !!!!!!!!!!!!!!!!!!!!!Using ctx = Microsoft.IdentityModel.WindowsTokenService.S4UClient.UpnLogon(upn).Impersonate()
            result = (New ServiceGateways.ImpersonationTestGateway).TestImpersonation()EndUsing

        builder.Append(GetHeaderText("IMPERSONATION RESULT"))
        builder.Append(GetObjectPropertiesText(result.TransferObject))
        builder.Append("<hr>")
        builder.Append(GetHeaderText("CALL INFORMATION"))
        builder.Append(GetObjectPropertiesText(result.CallInformation))Dim text = builder.ToStringReturn textEndFunction

 Error

[Win32Exception (0x80004005): No credentials are available in the security package]
   System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +10259418
   System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +539
   WebApplication1.ServiceReferences.ImpersonationTestProxy.IImpersonationTestService.TestImpersonation() +0
   WebApplication1.ServiceGateways.ImpersonationTestGateway.TestImpersonation() in C:\Source Control\Sandbox\ClaimsBasedApplication\1.0.0\ClaimsBasedApplication.UserInterface\ImpersonationTestGateway.vb:21
   WebApplication1.ObjectDisplayUtility.GetImpersonationText(IClaimsIdentity claimsIdentity) in C:\Source Control\Sandbox\ClaimsBasedApplication\1.0.0\ClaimsBasedApplication.UserInterface\ObjectDisplayUtility.vb:14
   WebApplication1._Default.Page_Load(Object sender, EventArgs e) in C:\Source Control\Sandbox\ClaimsBasedApplication\1.0.0\ClaimsBasedApplication.UserInterface\Default.aspx.vb:11
   System.Web.UI.Control.OnLoad(EventArgs e) +132
   System.Web.UI.Control.LoadRecursive() +66
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428