2.1.2 Client
The client MUST use RPC over SMB, ncacn_np (as specified in [MS-RPCE]) or RPC over TCP, ncacn_ip_tcp (as specified in [MS-RPCE]) as the RPC protocol sequence to communicate with the server. The client MUST specify either "Simple and Protected GSS-API Negotiation Mechanism (SPNEGO)" (0x9) or "NT LAN Manager (NTLM)" (0xA), as specified in [MS-RPCE], as the Authentication Service. When using "SPNEGO" as the Authentication Service, the client SHOULD supply a service principal name (SPN) of "host/hostname" where hostname is the actual name of the server to which the client is connecting and host is the literal string "host/" (for more information, see [SPNNAMES]).
The RPC client MAY use an authentication level of RPC_C_AUTHN_LEVEL_PKT_PRIVACY.<1>