The inner exception is a much better source for this error message. The underlying message was

The NetworkCredentials provided were unable to create a Kerberos credential, see inner execption for details.

And from this exception the inner one’s detail was

InitializeSecurityContent failed. Ensure the service principal name is correct.

Adding clientCredentialType="None" solve this problem… by default it’s not None, but “Windows” which is relying on Kerberos.

<message clientCredentialType="None" negotiateServiceCredential="false" establishSecurityContext="false" />

Then,  I had the problem

The service certificate is not provided for target 'http://localhost:10000/Service1.svc'. Specify a service certificate in ClientCredentials.

So I found this post on StackOverflow and remove everything under security to add only the mode to the security node to None.

<security mode="None"/>