The server MUST register with RPC over SMB named pipes (protocol sequence ncacn_np, as specified in [MS-RPCE]) transport using at least one of the well-known endpoints specified in section 1.9. Server implementations SHOULD support the \\pipe\protected_storage endpoint<6>, and MAY support the \\pipe\ntsvcs endpoint.<7>
The server MUST indicate to the RPC runtime that it is to negotiate security contexts using the SPNEGO Protocol. The server SHOULD request the RPC runtime to reject any unauthenticated connections.<8>
This protocol MUST indicate to the RPC runtime that it is to reject a NULL unique or full pointer with nonzero conformant value, as specified in [MS-RPCE] section 22.214.171.124.126.96.36.199.
This protocol MUST indicate to the RPC runtime via the strict_context_handle attribute that it is to reject use of context handles created by a method of a different RPC interface than this one, as specified in [MS-RPCE] section 188.8.131.52.184.108.40.206.
The server MUST initialize its current ClientWrap key pair identifier and its set of ClientWrap key pairs from persisted storage.