3.2.3 Initialization

The client creates an RPC connection to the server by using the details specified in section 2.1 and with the following additional requirements:

• The client MUST establish a security context with an authentication level of Integrity (as defined in [MS-SPNG] section 3.1.1) for all messages except the SYNC_VOLUMES message when a SyncType type of CREATE_VOLUME or CLAIM_VOLUME is specified, as defined in section 3.2.5.3. In those cases, the client MUST use an authentication level of Confidentiality, also defined in section 3.1.1 of [MS-SPNG].

• The client MUST call a server that is running on a DC, within the client's domain, by using the domain controller locator specified in [MS-ADTS] section 6.3.

• The client MUST establish the RPC connection under a user account with a user principal name (UPN) in which the user account name is composed of the computer's MachineID, appended with a dollar sign ($). That user account must be a UF_SERVER_TRUST_ACCOUNT or a UF_WORKSTATION_TRUST_ACCOUNT. For more information on the user object and UserAccountControl bit field, see section 3.1.1.

When the client is started, it MUST create entries in the ClientVolumeTable for each volume that is to be tracked.<13> Initialization of those entries in the ClientVolumeTable is defined in section 3.2.6.6.