WCF The nonce is invalid or replayed

Question

I have a WCF Service which uses a wsHttpBinding with a reliable session + message security + custom username validator.

Internally everyone who uses the demo application can retrieve custom fault exceptions.

catch (FaultException<EPIFault> fx)    -- break point on this works

externally a 3rd party vendor who is testing the application receives

catch (CommunicationException exception) - 3rd party vendor break point lands here

The service is hosted on HTTP port 80 using with Message Security. Server certificate is internally generated i.e.

<serviceCertificate findValue="*.au.mycompany.net"

Retrieving data works fine both internally/externally. Just Custom Faults are not being received. They only catch Communication Exceptions with the following message:

System.ServiceModel.CommunicationException: The underlying secure session has faulted     before the reliable session fully completed. The reliable session was faulted.\r\n\r\nServer stack trace: \r\n   at System.ServiceModel.Channels.ReliableRequestSessionChannel.SyncRequest.WaitForReply(TimeSpan timeout)\r\n   

MORE INFORMATION ADDED BELOW

Turned on WCF Auditing using serviceSecurityAudit & consistently get this message

The nonce is invalid or replayed

Temporarily fixed this using the custom binding below

Custom binding below

 <customBinding>
    <binding name="myCustomBinding" closeTimeout="00:15:00" openTimeout="00:15:00" receiveTimeout="00:15:00" sendTimeout="00:15:00">
      <reliableSession inactivityTimeout="00:15:00" maxRetryCount="8192"  maxPendingChannels="5" ordered="true"  />
      <transactionFlow />
      <security defaultAlgorithmSuite="Default" authenticationMode="SecureConversation"
       requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
       requireSecurityContextCancellation="false" requireSignatureConfirmation="false"
       canRenewSecurityContextToken="true">
        <secureConversationBootstrap defaultAlgorithmSuite="Default"
         authenticationMode="UserNameForCertificate"  requireDerivedKeys="true" allowInsecureTransport="true"
         includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
         requireSignatureConfirmation="false">
        </secureConversationBootstrap>
      </security>
      <sslStreamSecurity requireClientCertificate="false"/>
      <binaryMessageEncoding maxReadPoolSize="2147483647" maxSessionSize="2147483647" maxWritePoolSize="2147483647">
        <readerQuotas maxDepth="32" maxStringContentLength="2147483647"
        maxArrayLength="200000" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      </binaryMessageEncoding>
      <httpTransport decompressionEnabled="true" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" transferMode="Buffered"  ></httpTransport>
    </binding>
  </customBinding>