Slap some tracing on it! Traces are your best friend when debugging these things. I once had one client which couldn’t connect to our SSL-enabled service. Using tracing I found that someone had moved the system clock past our certificate expiry date. But I digress.
Enable all applicable trace sources and see if something interesting show up in the logs.
There’s an old (2005) but excellent post by Durgaprasad Gorti that you should check out. It’ll show you exactly what sources to add and in it he also shows some SSL traces using a custom validation callback.
Example app.config from the very same blog post:
<?xml version="1.0" encoding="UTF-8" ?>
<configuration>
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="System.Net">
<listeners>
<add name="MyTraceFile"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add
name="MyTraceFile"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="System.Net.trace.log"
/>
</sharedListeners>
<switches>
<add name="System.Net" value="Verbose" />
</switches>
</system.diagnostics>
</configuration>
Hopefully that’ll provide you with some more data.