Self-hosted WCF service and Loopback check

The server is in workgroup (not domain). The self-hosted WCF service is configured with Windows security. Binding is netTcpBinding.

<security mode="Transport">
    <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
</security>

The WCF client runs on the same server.

A server certificate is used to encrypt traffic (probably it does not matter)

I implemented a simple test program. Everything works fine.

But when I implement it in our product, client cannot login. In event log I see an Audit Failure:

Failure Information:
Failure Reason: An Error occured during Logon
Status: 0xc000006d
Sub Status: 0x0

By googling I located this page for workaround: http://support.microsoft.com/kb/896861

After disable loopback check in registry, the logon succeed.

But I don't want to disable loopback check security in production environment. I need to find out the cause of this problem.

My question is: why my test program works fine but the product, which exposes multiple endpoints, hits the problem with loopback check security? Is there some WCF component/configuration that causes this problem?

More info: For testing I created a simple wcf client against my product. The test client call is authenticated successfully with loopback check enabled. Seems to me the problem is at wcf client side... Any idea?

Found my issue: I used a self-signed certificate with CN="WCF Security". The endpoints on both server and client have "identity" defined as:

<identity>
    <dns value="WCF Security" />
</identity>

After changing to

<dns value="localhost" />

or even completely removing "identity", logon now succeeds without disabling Loopback Check Security.

I don't fully understand the relationship between the endpoint identity and certificate CN though.