2.1 Transport
The client and server MUST communicate over RPC using named pipes over the Server Message Block (SMB) Protocol. The SMB version, capabilities, and authentication used for this connection are negotiated between the client and server when the connection is established, as specified in [MS-SMB] and [MS-SMB2].
The server MUST listen for requests on at least one of the well-known endpoints, \\pipe\protected_storage and \\pipe\ntsvcs. Server implementations SHOULD listen on the \\pipe\protected_storage endpoint<1>, and MAY listen on \\pipe\ntsvcs<2>. All features of this protocol that are supported by a given server MUST be supported on all of the endpoints on which that server listens.
The client SHOULD attempt to connect to the \\pipe\protected_storage endpoint first, and if this fails, it SHOULD connect to the \\pipe\ntsvcs endpoint instead.<3>
The server interface MUST be identified by universal unique identifier (UUID) [3dde7c30-165d-11d1-ab8f-00805f14db40], version 1.0.
The server MUST use the RPC security extensions specified in [MS-RPCE], in the manner specified in sections 3.1.3 and 3.1.4. It MUST support the use of SPNEGO [MS-SPNG] [RFC4178] to negotiate security providers, and it MUST register one or more security packages that can be negotiated using this protocol.<4>