Asked By Soren Dreijer
20-Nov-09 12:07 PM
In order to make RPC interfaces more secure by default, Microsoft introduced
the RestrictRemoteClients registry key that you can use to modify the
behavior of all RPC interfaces on a system.
On Windows XP SP2, the default value for this key is 1, which means access
to all RPC interfaces is restricted and all anonymous calls are rejected by
the RPC runtime.
We're doing mutual authentication using SChannel over RPC and are having
problems on Windows XP. We get an access denied error when trying to connect
to the RPC server. Setting RestrictRemoteClients to 0 causes everything to
work.
I am wondering what is causing the RPC call to fail, however, since we *are*
doing authenticated calls (mutual authentication with certificates). Can
anybody elaborate a bit on the RestrictRemoteClients setting in Windows XP
SP2 and suggest the best way to get around the restrictions?
Thanks!