2.1 Transport

  • Article

The Distributed Component Object Model (DCOM) Remote Protocol [MS-DCOM] is used as the transport protocol.

This protocol uses DCOM to create and use DCOM object references to server objects.

Microsoft OCSP Administration Protocol clients initialize a connection to the server by creating and executing a DCOM activation request. As a result of this DCOM activation, the Microsoft OCSP Administration Protocol client can use the DCOM client to call the methods specified in this document. The activation process is detailed in [MS-DCOM] section 3.2.4.

The RPC version number for all interfaces MUST be 0.0.

[MS-DCOM] section 3.2.4.1 specifies the various elements that an application using DCOM passes to the DCOM client as part of the initial activation request. Below are the values that the Microsoft OCSP Administration Protocol sends to the DCOM layer.

General DCOM settings:

  • Server name (the application-supplied server name as specified in [MS-DCOM] section 3.2.4.2). The Microsoft OCSP Administration Protocol client sends the name of the Microsoft OCSP Administration Protocol server.

  • Class identifier (CLSID) of the object requested. This value is 6d5ad135-1730-4f19-a4eb-3f78e7c976bb.

  • Interface identifier(s) (IID) of interface(s) requested.

    • IOCSPAdminD: 784b693d-95f3-420b-8126-365c098659f2 (see section 1.9). Security settings ([MS-DCOM] section 3.2.4.1.1.2)

  • Security provider: RPC_C_AUTHN_GSS_NEGOTIATE (9) for a remote server and RPC_C_AUTHN_DEFAULT (0xFFFFFFFF) for a server on the local machine.

  • Authentication level: RPC_C_AUTHN_LEVEL_PKT_PRIVACY (6).

    When the security provider has the value of RPC_C_AUTHN_GSS_NEGOTIATE, there is a negotiation between the client and server security providers that results in either NTLM, as specified in [MS-NLMP], or Kerberos, as specified in [RFC4120] and [MS-KILE], being used as the authentication method.

    When the security provider has the value of RPC_C_AUTHN_DEFAULT, DCOM will choose an authentication method as specified in [MS-DCOM] section 3.2.4.2.

  • Impersonation level: RPC_C_IMP_LEVEL_IMPERSONATE (3).

    This means the server can use the client's security context while acting on behalf of the client, to access local resources such as files on the server.

  • Authentication identity and credentials: NULL.

Passing NULL authentication identity and credentials for the security provider means that the ORPC call uses the identity and credentials of the higher-layer application.

Default values, as specified in [MS-DCOM], are used for all DCOM inputs not specified above, such as security principal name (SPN), client and prototype context property buffers and their context property identifiers.