2.1.1 Server

The server interface is identified by UUID F6BEAFF7-1E19-4FBB-9F8F-B89E2018337C version 1.0, using the RPC dynamic endpoint EventLog. The server MUST specify RPC over TCP/IP (that is, ncacn_ip_tcp) as the RPC protocol sequence to the RPC implementation, as specified in [MS-RPCE]. The server MUST specify both the Simple and Protected GSS-API Negotiation Mechanism [MS-SPNG] (0x9) and Kerberos [MS-KILE] (0x10) as the RPC authentication service, as specified in [MS-RPCE].

The EventLog Remoting Protocol Version 6.0 allows any user to establish a connection to the RPC server. The server uses the underlying RPC protocol to retrieve the identity of the caller that made the method call, as specified in the second bullet of section 3.3.3.4.3 of [MS-RPCE]. The server SHOULD use this identity to perform method-specific access checks, as specified in section 3.1.4.

The server MAY require the client connection to specify an authentication level of at least packet-level authentication (0x4), as specified in [MS-RPCE] section 2.2.1.1.8. The server SHOULD require the connection to use the packet-privacy authentication level (0x6). <4>