I have an WPF app, which uses SSLStream to connect to server and send/receive some messages. My code is largerly based on this example (SslTcpClient): https://msdn.microsoft.com/en-us/library/system.net.security.sslstream(v=vs.110).aspx.

This worked fine for months. However, after getting this windows update (Cumulative Update for Windows 10 version 1511 and Windows Server 2016 Technical Preview 4: June 14, 2016 - https://support.microsoft.com/en-us/kb/3163018). My app started to report this exception:

System.Security.Authentication.AuthenticationException: A call to SSPI failed, see inner exception. ---> System.ComponentModel.Win32Exception: The Local Security Authority cannot be contacted
   --- End of inner exception stack trace ---
at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Net.Security.SslStream.AuthenticateAsClient(String targetHost, X509CertificateCollection clientCertificates, SslProtocols enabledSslProtocols, Boolean checkCertificateRevocation)
at MyAPP.Core.Services.Network.Impl.SslTcpClient.ClientSideHandshake()
at MyAPP.Core.Services.Network.Impl.SslTcpClient.Connect()
at MyAPP.Core.Services.Impl.MessageService.SendMessage(String message)

What can I do ?

This means the other side is using another version of TLS and you are using an older version.
Set up security attribute to TLS12 before making the connection. This is a widely known problem, as many providers start using TLS12 (e.g. paypal,amazon and so on).

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;

Here is the solution, set in the registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman] "ClientMinKeyBitLength"=dword:00000200

as noted here

If you are using SslStream, then you need to explicitly set the TLS version in the AuthenticateAsClient call, for example:

ssl.AuthenticateAsClient(url, null, SslProtocols.Tls12, false);