What’s New and Changed

New Documentation

There are no new documents.

Updated Documentation

The following previously-released documents were updated on September 15, 2017 to reflect new functionality in the September 2017 release of Windows 10 and Windows Server Operating System and/or reflect content updates.

In additional, numerous documents were updated to add the latest product versions to the list of applicable products and product behavior notes.

Specification

Description

Release Date

[MC-PRCR]: Peer Channel Custom Resolver Protocol

Specifies the Peer Channel Custom Resolver Protocol, which is used for storage and retrieval of endpoint information of clients with access to a known service.

This document has been updated as follows:

• Included a revision of the Full WSDL section for ease of compilation. The peer, resolver, and PeerResolvers WSDLs were moved to separate subsections of the full WSDL and additional schemas were added.

September 2017

[MS-ADFSPIP]: Active Directory Federation Services and Proxy Integration Protocol

Specifies the Active Directory Federation Services Proxy and Web Application Proxy Integration Protocol. This protocol integrates Active Directory Federation Services with an authentication and application proxy to enable access to services located inside the boundaries of the corporate network for clients that are located outside of that boundary.

This document has been updated as follows:

• Added the "ErrorType" and "ErrorCode" fields to the request object for a serialized request with certificate. These fields are used to indicate a validation error. Also clarified and expanded the validation rules for end-user X509 certificate processing.

September 2017

[MS-ADTS]: Active Directory Technical Specification

Specifies the core functionality of Active Directory. Active Directory extends and provides variations of the Lightweight Directory Access Protocol (LDAP).

This document has been updated as follows:

• Added four rootDSE attributes: ConfigurableSettingsEffective, LDAPPoliciesEffective, msDS-ThreadStates, and msDS-ArenaInfo. These attributes specify configurable settings, LDAP administrative query policies, and memory and processor usage.

• Added support for msDS-ProcessLinksOperations, msDS-ProcessLinksAbandonOperation, and msDS-ProcessLinksScheduleOperation in Windows Server 2016. These attributes and operations are used for delayed link processing.

• Removed flags from the AD DS information for the msDS-User-Account-Control-Computed attribute that apply only to AD LDS: DEP, PNR, and AD.

• Updated the information about how the value of the schemaInfo attribute is constructed.

September 2017

[MS-CMRP]: Failover Cluster: Management API (ClusAPI) Protocol

Specifies the Failover Cluster: Management API (ClusAPI) Protocol, an RPC-based protocol that is used for remotely managing a cluster.

This document has been updated as follows:

• Added 19 new APIs, 20 new control codes, 16 new structures, and one new RPC context handle to define and support functionality around the new container type, cluster group sets.

• Added new values to enumerations and structures in four sections.

September 2017

[MS-CSSP]: Credential Security Support Provider (CredSSP) Protocol

Specifies the Credential Security Support Provider (CredSSP) Protocol, which enables an application to securely delegate a user's credentials from a client to a target server.

This document has been updated as follows:

• Revised the field descriptions of the TSRemoteGuardPackageCred structure (section 2.2.1.2.3.1) to include product behavior notes that describe Windows behavior. Specifically noted that CredSSP servers running Windows can use authentication packages provided by Microsoft and that in Windows, both logon credentials and supplemental credentials are required.

• Provided the structure for defining supplemental credentials in Windows.

September 2017

[MS-CSVP]: Failover Cluster and Validation Protocol (ClusPrep)

Specifies the Failover Cluster: Setup and Validation Protocol (ClusPrep), which remotely configures cluster nodes, cleans up cluster nodes, and validates that hardware and software settings are compatible with Failover Clustering.

This document has been updated as follows:

• Added a new role for the Failover Cluster Setup and Validation IClusterLogEx Remote Protocol server.

• Added five new methods and three new common data types.

September 2017

[MS-DHA]: Device Health Attestation Protocol

Specifies the Device Health Attestation Service Protocol, which enables the assessment of the attested boot state of devices. The outcome of the health assessment is included in a signed health certificate which can then be evaluated by other services to determine whether a device is meeting enterprise corporate policy for device health, or by third party services to identify jailbroken devices that should not receive content or access to certain resources.

This document has been updated as follows:

• Added details for version 4 of the protocol, including support for additional security features.

September 2017

[MS-DHCPM]: Microsoft Dynamic Host Configuration Protocol (DHCP) Server Management Protocol

Specifies the Microsoft Dynamic Host Configuration Protocol (DHCP) Server Management Protocol, which defines the RPC interfaces that provide methods for remotely accessing and administering the DHCP server. This protocol is a client and server protocol based on RPC that is used in the configuration, management, and monitoring of a DHCP server.

This document has been updated as follows.

• Corrected instances of “DHCP_6937_INFO_VQ” to “DHCP_SUBNET_INFO_VQ” in Section 6, Appendix A: Full IDL.

September 2017

[MS-DRSR]: Directory Replication Service (DRS) Remote Protocol

Specifies the Directory Replication Service (DRS) Remote Protocol, an RPC protocol for replication and management of data in Active Directory.

This document has been updated as follows:

• Clarified information about which products implement which protocol roles and the circumstances under which this happens.

• Added processing to the pseudo-code of the ProcessLinkValue procedure to handle the case where the return value of GetDSNameFromAttrVal() is null.

• Added the SchemaInfo procedure, which provides more detailed information about how the value of the schemaInfo attribute is created.

September 2017

[MS-DSCPM]: Desired State Configuration Pull Model Protocol

Specifies the Desired State Configuration Pull Model Protocol, which is used to get a client's configuration and modules from the server and to report the client's status back to the server. The protocol depends on HTTP for the transfer of all protocol messages. With the Desired State Configuration Pull Model Protocol, binary data flows from the server to the client.

This document has been updated as follows:

• Added the new CertificateRotation request and the related DSC-certificateRotation response header field.

• Added PublicKey to the list of CertificateInformation values included in the Request Body details of RegisterDscAgent Version 2 messages.

September 2017

[MS-DTYP]: Windows Data Types

Describes the common data types used in the protocol specifications.

This document has been updated as follows:

• Added six well-known security identifiers (SIDs): KRBTGT S-1-5-21-<domain>-502; KEY_ADMINS S-1-5-21-<domain>-526; ENTERPRISE_KEY_ADMINS S-1-5-21-<domain>-527; ALLOWED_RODC_PASSWORD_REPLICATION_GROUP S-1-5-21-<domain>-571; DENIED_RODC_PASSWORD_REPLICATION_GROUP S-1-5-21-<domain>-572; ML_SECURE_PROCESS S-1-16-28672.

September 2017

[MS-ERREF]: Windows Error Codes

Describes the HRESULT values, Win32 error codes, and NTSTATUS values that are referenced in the protocol specifications throughout the Windows protocols documentation set.

This document has been updated as follows:

• Added a missing Win32 error code (0x000021BF

ERROR_DS_DRA_RECYCLED_TARGET).   

September 2017

[MS-FASP]: Firewall and Advanced Security Protocol

Specifies the Firewall and Advanced Security Protocol. The protocol manages firewall and advanced security components on remote computers.

This document has been updated as follows:

• Enabled new capability to generate Firewall rules based on FQBN (fully qualified binary name) and Compartment ID (Windows Server Containers).

• Added keywords to support the following scenarios:

• Secure Sockets interaction with Teredo.

• Media Agnostic USB for Wireless Docking.

September 2017

[MS-FSA]: File System Algorithms

Specifies File System Algorithms in terms of an abstract model for how an object store can be implemented to support the Server Message Block (SMB) Version 1.0 Protocol [MS-SMB] and the Server Message Block (SMB) Version 2.0 Protocol [MS-SMB2].

This document has been updated as follows:

• Updated the supported file systems for the following FSCTLs FSCTL_FILESYSTEM_GET_STATISTICS, FSCTL_SET_REPARSE_POINT, and FSCTL_SET_ZERO_ON_DEALLOCATION.

• Updated the supported object stores processing rules for FileCompressionInformation, FileStreamInformation, and FileValidDataLengthInformation.

September 2017

[MS-FSCC]: File System Control Codes

Specifies the File System Control Codes that define the network format of native Windows structures that may be used within other protocols.

This document has been updated as follows:

• Added new sections 2.8, 2.8.1, 2.8.2, 2.8.3, and 2.8.4 for SQL Server Remote Storage Profile [MS-SQLRS].

September 2017

[MS-HGSA]: Host Guardian Service Attestation Protocol

Specifies the Host Guardian Services Attestation (HGSA) protocol, one of two services that comprise the Host Guardian Service.  Host Guardian Service is a server role that provides security assurance for Shielded Virtual Machines (VMs) by ensuring that Shielded VMs can be run only on known and trusted fabric hosts that have a legitimate configuration. The other component service, the Key Protection Service, is specified in the [MS-KPS] protocol document.

This document has been updated as follows:

• Clarified the role of the Windows Boot Counter Log (WBCL) in relation to the TCG standard has been clarified.

September 2017

[MS-IKEE]: Internet Key Exchange Protocol Extensions

Specifies the Internet Key Exchange (IKE) Protocol Extensions, which describe the extensions specified in [RFC2409].

This document has been updated as follows:

• Added details for missing vendor IDs in Section 1.7, Versioning and Capability Negotiation.

September 2017

[MS-KPS]: Key Protection Service Protocol

Specifies the Key Protection Service protocol, one of two services that comprise the Host Guardian Service. Host Guardian Service is a server role that provides security assurance for Shielded Virtual Machines (VMs) by ensuring that Shielded VMs can be run only on known and trusted fabric hosts that have a legitimate configuration. The other component service, the Attestation Service, is specified in the [MS-HGSA] protocol document.

This document has been updated as follows:

• Re-organized Section 2, Messages, for clarity.

September 2017

[MS-LCID]: Windows Language Code Identifier (LCID) Reference

Describes localizable information in Windows. It lists all language code identifiers (LCIDs) available in all versions of Windows.

This document has been updated as follows:

• Added two locales, Vatican City Italian and Spanish for Belize, and removed two deprecated Cantonese locale codes.

September 2017

[MS-LSAT]: Local Security Authority (Translation Methods) Remote Protocol

Specifies the Local Security Authority (Translation Methods) Remote Protocol, which is implemented in Windows-based products to translate identifiers for security principal between human-readable and machine-readable forms.

This document has been updated as follows:

• Added information about which products implement which protocol roles.

September 2017

[MS-MDE]: Mobile Device Enrollment Protocol

This document has been updated as follows:

• In Section 3.2, Interaction with Security Token Service (STS), a sentence was added to clarify the flow of the encodings and decodings.

September 2017

[MS-MDE2]: Mobile Device Enrollment Protocol Version 2

Specifies version 2 of the Mobile Device Enrollment Protocol (MDE), which enables enrolling a device with the DMS through an Enrollment Service (ES). The protocol includes the discovery of the Management Enrollment Service (MES) and enrollment with the ES.

This document has been updated as follows:

• Added support for additional ContextItem Name values.

September 2017

[MS-MDM]: Mobile Device Management Protocol

Specifies the Mobile Device Management Protocol (MDM), a subset of the Open Mobile Association (OMA) standard protocol, which provides a mechanism for managing devices previously enrolled into a management system through the Microsoft Mobile Device Management Enrollment Protocol [MS-MDE].

This document has been updated as follows:

• Added support for additional confidentiality and integrity checks to protect against Man in the Middle compromises.

September 2017

[MS-MWBF]: Microsoft Web Browser Federated Sign-On Protocol

Specifies the Microsoft Web Browser Federated Sign-On Protocol, which is primarily a restriction of the protocol that is specified in [WSFederation1.2] section 13. The restrictions are designed to enable greater interoperability by reducing the number of variations that must be implemented. This protocol also specifies minor additions to [WSFederation1.2] section 13 to handle common scenarios.

This document has been updated as follows:

• Added the mfa_max_age query parameter to the wsignin1.0 request message. This parameter specifies time limits for multiple factor authentication.

September 2017

[MS-NCNBI]: Network Controller Northbound Interface

Specifies the Network Controller Protocol, which is used by tenants and network administrators to control data center networking. Common tasks that would use these APIs include designing and monitoring a virtual network in a data center.

This document has been updated as follows:

• Included versioning information regarding the two supported versions, v1 and v2.

• Added property elements to indicate identifier properties such as range and size.

• Updated related JSON schemas.

September 2017

[MS-OAPX]: OAuth 2.0 Protocol Extensions

Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and login hints.

This document has been updated as follows:

• Added the mfa_max_age query parameter to the GET method for the /authorize endpoint. This query parameter specifies time limits for multiple factor authentication.

AD_FS_BEHAVIOR_LEVEL_3 has been added as the next AD FS behavior level.

• Added the tbidv2 POST body parameter that is sent from the token broker on the client, which indicates that the client is providing a referred token-binding ID to the AD FS server.

• Included the nonce, prompt, max_age, and id_token_hint query parameters in the URI definition of the GET method that is sent to the Authorization endpoint.

September 2017

[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients

Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to [RFC6749] (The OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients.

This document has been updated as follows:

• Added the krctx data structure, which transports a property that is used to authorize the OAuth logon certificate request.

• Added processing for the tbidv2 POST body parameter, which allows the client to provide a referred token-binding ID to the AD FS server.

September 2017

[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions

Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the end user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider metadata that enable the discovery of the issuer of access tokens and give additional information about provider capabilities.

This document has been updated as follows:

• Added the "winhello_cert_kr" value in the capabilties field of the OpenID Provider Metadata. This value indicates that the server supports the krctx parameter as part of the OAuth token request.

September 2017

[MS-RDPEAR]: Remote Desktop Protocol Authentication Redirection Virtual Channel

Specifies the Remote Desktop Protocol Authentication Redirection Virtual Channel that performs authentication over a Remote Desktop connection. By establishing a virtual channel between the source and the target devices, it can relay authentication requests received by the target device to the source device.

This document has been updated as follows:

• In several sections, changes were made to resolve inconsistencies between section 2 and the IDL in the Appendix.

• In several sections, corrected the mis-labelling of the RemoteCallKerbCreateApReqAuthenticator for the KerbCredIsoRemoteInput/KerbCredIsoRemoteOutput structures.

• New Sections 2.2.1.2.1, KERB_RPC_ENCRYPTION_KEY, and 2.2.1.3.1, MSV1_0_REMOTE_ENCRYPTED_SECRETS, were added to document structures used to negotiate opaque authentication with a CredSSP client and server. The IDL appendices, Sections 6.2 and 6.3, were also updated to reflect these structures.

September 2017

[MS-RDPEFS]: File System Virtual Channel Extension

Specifies the Remote Desktop Protocol: File System Virtual Channel Extension, which runs over a static virtual channel with the name RDPDR.

This document has been updated as follows:

• In Section 2.2.3.10, Server Drive Query Directory Request, changes were made to differentiate when STATUS_NO_MORE_FILES versus STATUS_NO_SUCH_FILE is returned. In particular, the description of InitialQuery was revised with an action to return a status (IoStatus) of STATUS_NO_SUCH_FILE when a non-zero value and no file is found, and the description of Path was revised to indicate that if the value of InitialQuery is zero, the contents of this field is ignored irrespective of the value of PathLength.

September 2017

[MS-RDPEGFX]: Remote Desktop Protocol: Graphics Pipeline Extension

Specifies the Remote Desktop Protocol: Graphics Pipeline Extension, a graphics protocol that is used to encodFSPIe graphics display data generated in a remote terminal server session so that the data can be sent from the server and received, decoded, and rendered by a compatible client. The net effect is that a desktop or an application running on a remote terminal server appears as if it is running locally.

This document has been updated as follows:

• Added support for capability sets, RDPGFX_CAPSET_VERSION101 and RDPGFX_CAPSET_VERSION104, for RDP 10.4.

• Added support for capability sets, RDPGFX_CAPSET_VERSION101 and RDPGFX_CAPSET_VERSION104.

• Added support for the capability set, RDPGFX_CAPSET_VERSION104.

• Added new Section 2.2.3.4, RDPGFX_CAPSET_VERSION101, to document the RDP version 10.1 Graphics Capability Set.

• Added new Section 2.2.3.7, RDPGFX_CAPSET_VERSION104, to document the RDP version 10.4 Graphics Capability Set.

September 2017

[MS-RDPEI]: Remote Desktop Protocol: Input Virtual Channel Extension

Specifies the Remote Desktop Protocol: Input Virtual Channel Extension, which is used to remote multitouch input frames from a terminal server client to a terminal server. Multitouch input frames are generated at the client, encoded, and sent to the server. Thereafter, these frames are received and decoded by the server and injected into the session associated with the remote user.

This document has been updated as follows:

• Added an optional supportedFeatures flag that specifies granular protocol features supported by the server.

• Changed the names of two touch initialization flags and added a new one, CS_READY_FLAGS_ENABLE_MULTIPEN_INJECTION. We also added an additional protocolVersion, RDPINPUT_PROTOCOL_V300.

• Changed the name of the contactId flag to deviceId and expanded its definition.

September 2017

[MS-RDPERP]: Remote Desktop Protocol: Remote Programs Virtual Channel Extension

Specifies the Remote Desktop Protocol: Remote Programs Virtual Channel Extension, an RDP feature that presents a remote application (running remotely on a RAIL server) as a local user application (running on the RAIL client machine).

This document has been updated as follows:

• Added information about the handling of the TS_RAIL_CLIENTSTATUS_POWER_DISPLAY_REQUEST_SUPPORTED flag.

• Added a new bit, E, to the RailSupportLevel field. This bit represents the TS_RAIL_LEVEL_HANDSHAKE_EX_SUPPORTED flag and indicates whether or not the client/server supports the HandshakeEx PDU.

• Added three optional flags, OverlayDescription, TaskbarButton, and EnforceServerZOrder to handle these respective features.

• Added the WINDOW_ORDER_FIELD_ICON_OVERLAY value to the Hdr flag.

• Added the TS_RAIL_ORDER_POWER_DISPLAY_REQUEST value to the orderType field.

• Added the TS_RAIL_CLIENTSTATUS_POWER_DISPLAY_REQUEST_SUPPORTED value to the Flags field.

• Added the TS_RAIL_ORDER_HANDSHAKE_EX_FLAGS_EXTENDED_SPI_SUPPORTED value to the railHandshakeFlags field.

• Added the following values to the SystemParam and Body fields: SPI_SETCARETWIDTH, SPI_SETSTICKYKEYS, SPI_SETTOGGLEKEYS, SPI_SETFILTERKEYS. These accessibility features are further documented in new sections (described below).

• Added the following values to the Flags field: HCF_HIGHCONTRASTON, HCF_AVAILABLE, HCF_HOTKEYACTIVE, HCF_CONFIRMHOTKEY, and HCF_HOTKEYSOUND.

• Added new Section 2.2.2.4.3, Filter Keys System Information Structure (TS_FILTERKEYS), to document the new Filter Keys accessibility feature.

• Added new Section 2.2.2.4.4, Toggle Keys System Information Structure (TS_TOGGLEKEYS), to document the new Toggle Keys accessibility feature.

• Added new Section 2.2.2.4.5, Sticky Keys System Information Structure (TS_STICKYKEYS), to document the new Sticky Keys accessibility feature.

• Added new Section 2.2.2.13.1, Power Display Request PDU (TS_RAIL_ORDER_POWER_DISPLAY_REQUEST), to handle support for display-required power request syncing in the Client Information PDU.

• Added new Section 3.2.5.2.11.1, Processing Power Display Request PDU, to handle an RDP client's display-required power request status.

• Added new Section 3.3.5.2.10.1, Sending Power Display Request PDU, to handle display-required power request changes in a remote RDP session.

• Added new Section 4.8.1, TS_RAIL_ORDER_POWER_DISPLAY_REQUEST, which provides a network capture example of the Server Power Display Request PDU (TS_RAIL_ORDER_POWER_DISPLAY_REQUEST).

September 2017

[MS-RPCE]: Remote Procedure Call Protocol Extensions

Specifies the Remote Procedure Call Protocol Extensions, a set of extensions to the DCE Remote Procedure Call 1.1 Specification, as specified in [C706]. These extensions add new capabilities to the DCE 1.1: RPC Specification, allow for more secure implementations to be built, and, in some cases, place additional restrictions on the DCE RPC Specification.

This document has been updated as follows:

• Added rpc_auth_3 as a PDU type in Section 2.2.2.3, PFC_SUPPORT_HEADER_SIGN Flag.

September 2017

[MS-RRP]: Windows Remote Registry Protocol

Specifies the Windows Remote Registry Protocol, a remote procedure call (RPC)-based client/server protocol that is used to remotely manage a hierarchical data store such as the Windows registry.

This document has been updated as follows:

• Included a new registry path on 64-bit versions of Windows Server: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search.

• Changes have been made in the Abstract Data Model description to clarify the use of key types and symbolic links.  Message processing updates include substantial changes to the BaseRegCreateKey and BaseRegOpenKey methods. All Windows specific information has been moved to the Product Behavior appendix.

September 2017

[MS-RSVD]: Remote Shared Virtual Disk Protocol

Specifies the Remote Shared Virtual Disk Protocol, which supports accessing and manipulating virtual disks stored as files on an SMB3 file server. This protocol enables opening, querying, administering, reserving, reading, and writing the virtual disk objects, providing for flexible access by single or multiple consumers. It also provides for forwarding of SCSI operations, to be processed by the virtual disk.

This document has been updated as follows:

• Updated the processing rules for the SVHDX_TUNNEL_SRB_STATUS_RESPONSE, SVHDX_TUNNEL_SCSI_REQUEST, SVHDX_TUNNEL_SCSI_RESPONSE, SVHDX_OPEN_DEVICE_CONTEXT, SVHDX_OPEN_DEVICE_CONTEXT_RESPONSE, SVHDX_OPEN_DEVICE_CONTEXT_V2, and SVHDX_OPEN_DEVICE_CONTEXT_V2_RESPONSE structures.

September 2017

[MS-SAMR]: Security Account Manager (SAM) Remote Protocol (Client-to-Server)

Specifies the Security Account Manager (SAM) Remote Protocol (Client-to-Server), which supports printing and spooling operations that are synchronous between client and server.

This document has been updated as follows:

• For WDIGEST_CREDENTIALS construction, revised hash values into their proper order and adjusted the character case of the "Digest" literal string.

September 2017

[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3

Specifies the Server Message Block (SMB) Protocol Versions 2 and 3, which support the sharing of file and print resources between machines and extend the concepts from the Server Message Block Protocol.

This document has been updated as follows:

• Added the Share Redirect Error Response and the SMB2_TREE_CONNECT Request Extension.

• Updated the processing rules for the Signature field in the SMB2 Packet Header.

• Updated the processing rules for OutputBufferLength and BufferLength.

September 2017

[MS-TCC]: Tethering Control Channel Protocol

Specifies the Tethering Control Channel Protocol, which enables the sharing of the network connection for a server with one or more clients.

This document has been updated as follows:

• Included additional values for enumerations and new structures for encryption – for example, when the request for tethering is successful, but there is no pairing relationship between the server and the client.

September 2017

[MS-TLSP]: Transport Layer Security (TLS) Profile

Specifies the Transport Layer Security (TLS) Profile, which is the authentication option to the Telnet protocol as a generic method for negotiating an authentication type and mode, including determining whether encryption should be used and whether credentials should be forwarded.

This document has been updated as follows:

• Added support for TLS 1.1 and TLS 1.2 in Windows Server 2008 SP2.

September 2017

[MS-TSGU]: Terminal Services Gateway Server Protocol

Specifies the Terminal Services Gateway Server Protocol, which is a mechanism to transport data-link layer (L2) frames on a Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS) connection.

 

This document has been updated as follows:

 

• The Microsoft Windows implementation of RDG server now supports the NT LAN Manager (NTLM) mode on Windows Server 2016 Servicing Update 7C and the Windows Server operating system release of Windows Server Core. The additions updates listed below are for use with a new HTML5 Remote Desktop web client, expected to be released in October or November, 2017.

• New Section 2.2.3.3, Custom URL query parameters, has been added to document query parameters. These parameters provide an alternative to the custom HTTP headers defined in section 2.2.3.2, and their values are included in a query string as a part of the RDG server URL.

• In Section 2.2.5.3.2, a new value has been added to the HTTP_EXTENDED_AUTH enumeration, HTTP_EXTENDED_AUTH_SSPI_NTLM, which indicates that an RDG client requested NTLM authentication through the extended authentication protocol sequence.

• New Section 2.2.5.3.10, Custom HTTP Authentication Scheme Names, has been added to document scheme names used to identify custom authentication schemes. These are used in the HTTP WWW-Authenticate and Authorization headers.

• New Section 3.3.5.3, NTLM Extended Authentication, has been added to describe a variation of the RDG protocol connection sequence, used when the client and server agree to use the NTLM extended authentication mode.

• New Sections 3.3.5.3.1, During HTTP and WebSocket Transport Setup, and 3.3.5.3.2, During Version and Capability Negotiation, describe the processing events and sequencing rules when using NTLM extended authentication. In addition, in 2.2.6.1, Common Return Codes, a new return value has been added, SEC_E_LOGON_DENIED, returned when client authentication fails during NTLM extended authentication.

September 2017

[MS-WCFESAN]: WCF-Based Encrypted Server Administration and Notification Protocol

Specifies the WCF-Based Encrypted Server Administration and Notification Protocol, which enables the protocol client to monitor and manage the protocol server in the same network.

This document has been updated as follows:

• Added descriptions for 241 attributes and elements in 164 sections.

• Added new sections for four complex types, two simple types, and one operation.

• Corrected the spelling of element names in two sections.

September 2017

Specification

Description     

Release Date

Show: