7 Appendix B: Product Behavior
The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.
Windows 8 operating system
Windows Server 2012 operating system
Windows 8.1 operating system
Windows Server 2012 R2 operating system
Windows 10 operating system
Windows Server 2016 operating system
Windows Server 2019 operating system
Windows Server 2022 operating system
Windows 11 operating system
Windows Server 2025 operating system
Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.
Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.
<1> Section 2.2.2.1: Windows Server 2012 operating system and later set the undefined Flags field bits to arbitrary values.
<2> Section 3.1.3: Windows Server 2012 sets this value to 0x00010001. Windows Server 2012 R2 operating system and later set this value to 0x00020000.
<3> Section 3.1.4: Windows Server 2022 and earlier do not support this opnum and return RPC_S_PROCNUM_OUT_OF_RANGE when called.
<4> Section 3.1.4: If the authentication level is not RPC_C_AUTHN_LEVEL_PKT_PRIVACY or RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, Windows Server 2012 operating system and later will fail the call with ERROR_ACCESS_DENIED.
Windows Server 2012 operating system and later will fail the call with ERROR_NOT_AUTHENTICATED if the authentication service is not equal to one of the following values:
RPC_C_AUTHN_GSS_KERBEROS
RPC_C_AUTHN_GSS_NEGOTIATE
RPC_C_AUTHN_WINNT
<5> Section 3.1.4.3: Windows Server 2012 operating system operating system fail the request with ERROR_NOT_FOUND.
<6> Section 3.1.4.6: Windows Server 2022 and earlier do not support this opnum and return RPC_S_PROCNUM_OUT_OF_RANGE when called.
<7> Section 3.1.5.1: Windows Server 2012 R2 operating system and later server use a 30-second time-out.
<8> Section 3.1.6.1: Windows-based servers will send a single notification for NetNames that are aliases of each other.
<9> Section 3.2.2: Windows 8.1 operating system and later and Windows Server 2012 R2 operating system and later use a default of 180 seconds.
<10> Section 3.2.3: Windows 8 and Windows Server 2012 clients set WitnessClientVersion to 0x00010001; Windows 8.1 operating system and later and Windows Server 2012 R2 operating system and later clients set WitnessClientVersion to 0x00020000.
<11> Section 3.2.4.1: By default, Windows 8 operating system and later and Windows Server 2012 operating system and later set the authentication level tospecify RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and the authentication service to RPC_C_AUTHN_GSS_NEGOTIATE.
Windows 10 v1607 operating system and later and Windows Server 2016 and later compose Service Principal Name (SPN) in the format, e.g., “CIFS/<ClusterNetworkName>”, as specified in [SPNNAMES] to be passed to the authentication layer. Windows 10 v1511 operating system and earlier and Windows Server 2012 R2 and earlier, obtain the SPN in the format, e.g., “node@contoso.com”, as specified in [MS-RPCE] section 2.2.1.3.4.
<12> Section 3.2.4.1: By default, Windows 8 operating system and later and Windows Server 2012 operating system and later set the authentication level to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY and the authentication service to RPC_C_AUTHN_GSS_NEGOTIATE.
<13> Section 3.2.4.1: Windows uses the fully qualified domain name (FQDN) of the local computer to identify the client.
<14> Section 3.2.4.1: Windows 8.1 operating system and later and Windows Server 2012 R2 operating system and later use a default KeepAliveTime value of 120 seconds.
<15> Section 3.2.4.1: Windows clients retry the registration every 60 seconds.
<16> Section 3.2.4.1: Windows uses the fully qualified domain name (FQDN) of the local computer to identify the client.
<17> Section 3.2.4.1: Windows clients return the registration every 60 seconds.
<18> Section 3.2.4.3: Windows Server 2025 and Windows 11, version 24H2 operating system clients call WitnessrUnRegisterEx method. If the method fails with RPC_S_PROCNUM_OUT_OF_RANGE, the client will call WitnessrUnRegister method.