The client MUST direct RPC to use the Kerberos security provider and require mutual authentication, as specified in [MS-KILE] section 3.3.1. The server principal name MUST be the domain account of the server computer. For example, if the server's fully qualified domain name (FQDN) is "sample.corp.contoso.com", then the corresponding server principal name would be "email@example.com". See [MSFT-ADN] for more information. The client MUST also initialize an empty table of peer certificates.