Secure Conversation Renew is not working from a .NET client because <ws:Instance> is missing in the SecurityContextToken.
Reading into the standard here -> http://docs.oasis-open.org/ws-sx/ws-secureconversation/v1.4/os/ws-secureconversation-1.4-spec-os.html
says the following:
"The initial issuance need not contain a wsc:Instance element, however, all subsequent issuances with different keys MUST have a wsc:Instance element with a unique value."
Also a reference seems to be required in the SecurityTokenRefernce according to this:
"If a specific key instance needs to be referenced, then the global attribute wsc:Instance is included in the <wsse:Reference> sub-element (only when using <wsc:Identifier> references)"
The attached patch works for us