184.108.40.206 Generating a KERB_VERIFY_PAC_REQUEST Message
The server operating system MUST first assemble the KERB_VERIFY_PAC_REQUEST (section 220.127.116.11) structure by copying the signature values out of the privilege attribute certificate (PAC) ([MS-PAC] section 2.8) that the server operating system is verifying. The message type field MUST be set to 0x00000003 to make the server operating system ready to contact the DC.
This exchange MUST be layered on top of the Netlogon generic pass-through ([MS-NRPC] section 18.104.22.168). The server operating system MUST supply a KERB_VERIFY_PAC_REQUEST structure, packed as a single buffer, as the LogonData field. The PackageName field MUST be set to a UNICODE_STRING with a buffer of Kerberos.