Error in /Service/Service.svc/bhb when open MDS Explorer

Hi! I get stuck when opening the MDS Explorer on MDS Server and already tried all suggestions from forums but have no progress.
I append my Environment, Log(IIS, MDS, Fiddler, UI) , and related config.
Hope you could give me some advice. Thank you! 

Environment

OS : Windows Server 2008 R2SQL : Microsoft SQL Server 2012 - 11.0.2100.60 (X64)
         Developer Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) (Hypervisor)
IIS7
Silverlight (64 bit) 5.1.20513
Browser : IE9 , FF22, Chrome 28
MDS Server is installed on VM, in Windows Domain 
Login user has system administration permission.

Application Pools Setting
MDS Application
(a) Managed Pipeline Mode = Integrated
(b) Identity = ApplicationPoolIdentity, 

UI Error Message

When opening MDS Explorer,  the UI popup error messages like this.

First error message window

WebException: [HttpWebRequest_WebException_RemoteServer]
Arguments:  NotFound Debugging resource strings are unavailable
-----------------------------------------------------
Second error message window (only show up in Firefox)

System.Reflection.TargetInvocationException: [Arg_TargetInvocationException]

Fiddler Log
seems I don't have permission to access the request URL : mdsdev:88/Service/Service.svc/bhb

HTTP Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Detailed Error Information
ModuleIIS Web Core
NotificationAuthenticateRequest
Handlersvc-Integrated-4.0
Error Code0x80070005
Requested URLhttp:  //   mdsdev:88/Service/Service.svc/bhb
Physical PathC:\Program Files\Microsoft SQL Server\110\Master Data Services\WebApplication\Service\Service.svc\bhb
Logon MethodNot yet determined
Logon UserNot yet determined
Failed Request Tracing Log DirectoryC:\inetpub\log

IIS Log

bhb again, not sure how to access it.

/Explorer/AttributeSL.aspx MID=1&VID=1&EID=3
/Service/Service.svc/bhb 

2013-07-21 13:14:24 W3SVC2 fe80::208e:fa0c:31e5:901%10 GET /ScriptResource.axd d=jzBYvlgjGckxbHmd645HrUCsak8pPcTsujxzxXp5gfykwH0og-wOaIEfQRCkVtHUZaU9O-WZs75NSCtNmb4qyzx09zzgZlqq_Hxfv_GJZEA_V7wJtJkFpfiSaTBMqU17icKQwTLbTKf4fmtiRlbLYQ2&t=ffffffffb9f9f042 88 domain\nick fe80::208e:fa0c:31e5:901%10 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:22.0)+Gecko/20100101+Firefox/22.0 mdsdev:88 200 0 0 1
2013-07-21 13:14:26 W3SVC2 fe80::208e:fa0c:31e5:901%10 GET /Explorer/AttributeSL.aspx MID=1&VID=1&EID=3 88 domain\nick fe80::208e:fa0c:31e5:901%10 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:22.0)+Gecko/20100101+Firefox/22.0 mdsdev:88 200 0 0 326
2013-07-21 13:14:27 W3SVC2 fe80::208e:fa0c:31e5:901%10 POST /Service/Service.svc/bhb - 88 domain\nick fe80::208e:fa0c:31e5:901%10 HTTP/1.1 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:22.0)+Gecko/20100101+Firefox/22.0 mdsdev:88 500 0 0 157

MDS Log

Only first two rows mention error, cannot figure out what they mean.

MDS Error: 0 : Service started successfully,  Assembly version: 11.0.0.0, file version: 11.0.2100.60 ((SQL11_RTM).120210-1917 )
    DateTime=2013-07-21T13:26:55.2677163Z
MDS Error: 0 : ApiContractVersion: 5102
    DateTime=2013-07-21T13:26:55.2686929Z
MDS Start: 1 : Service.InitializeExpirationStatus

My Settings

Authentication :
(a) MDS Website : Enable Windows Authentication. Disable Anonymous Authentication.

Under Windows Authentication > Advanced Settings > set Extended Protection = Accept or Required
(b) Service Folder :  Enable Windows Authentication. Enable Anonymous Authentication.

Web.config : 

In MDS Web.config, add policyEnforcement = WhenSupported

My Web.config

<system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior name="mdsWsHttpBehavior">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
          <serviceDebug includeExceptionDetailInFaults="false" />
          <serviceThrottling maxConcurrentSessions="400" />
          <dataContractSerializer maxItemsInObjectGraph="999999999" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="mdsWsHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
          <readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
          <security mode="Message">
            <message clientCredentialType="Windows" />
<transport clientCredentialType="Windows">
 <extendedProtectionPolicy policyEnforcement="WhenSupported" />
</transport>
          </security>
        </binding>
      </wsHttpBinding>
      <basicHttpBinding>
        <binding name="mdsBasicHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
          <readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Windows" />
<extendedProtectionPolicy policyEnforcement="WhenSupported" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="mdsWsHttpBehavior" name="Microsoft.MasterDataServices.Services.Service">
        <endpoint binding="wsHttpBinding" bindingConfiguration="mdsWsHttpBinding" bindingNamespace="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09" contract="Microsoft.MasterDataServices.Services.ServiceContracts.IService" />
        <endpoint address="bhb" binding="basicHttpBinding" bindingConfiguration="mdsBasicHttpBinding" bindingNamespace="http://schemas.microsoft.com/sqlserver/masterdataservices/2009/09" contract="Microsoft.MasterDataServices.Services.ServiceContracts.IService" />
      </service>
    </services>
  </system.serviceModel>

My applicationHost.config

 <location path="MDS">
        <system.webServer>
            <security>
                <authentication>
<basicAuthentication enabled="false" />
                    <windowsAuthentication enabled="true" useKernelMode="true">
                        <extendedProtection tokenChecking="Allow" />
                    </windowsAuthentication>
                    <anonymousAuthentication enabled="false" />
                </authentication>
            </security>
        </system.webServer>
    </location>
    <location path="MDS/Service">
        <system.webServer>
            <security>
                <authentication>
<basicAuthentication enabled="false" />
                    <anonymousAuthentication enabled="true" />
<!--anonymousAuthentication enabled="true" userName="" /-->
                    <windowsAuthentication enabled="true" />
                </authentication>
            </security>
        </system.webServer>
    </location>