Connection of RpcProtocol "ncacn_ip_tcp" in Windows 7/10

Document ID : KB000108945
Last Modified Date : 07/08/2018
Show Technical Document Details
Question:
We temporarily install NT Dispatcher to Windows 7 and test connection of WinC - WinNTC. (We are using Plex r7.2.1 (Build 24.002).) 
WinC-WinNTC connection succeeded when ncacn_np was set to RpcProtocol in the [RemoteWinNT] section of the application's .ini file. 
However, if we set ncacn_ip_tcp to that RpcProtocol and test it, the connection fails and the following error message is output. 

----- 
An error occurred in the Microsoft RPC Runtime. The error returned was [0x5] 'Access for making the remote procedure call was denied.' 
----- 

Of course, IP address is set to System in the [RemoteWinNT] section of the application's .ini file, and the logon account for the dispatch service specifies a Windows user, not a "local system account". An error also occurs if we fix the port used by dispatch. We also verified on Windows 10, but the same error occurred. If the OS is not Windows Server, can not connect using ncacn_ip_tcp 's RpcProtocol? 

Additional information: 

When executing 'rpcping -t ncacn_ip_tcp' command in the Windows 7/10 command prompt, the following error occurs. 

----- 
C:\WINDOWS\system32>rpcping -t ncacn_ip_tcp 
Exception 5 (0x00000005) 
Number of records is: 1 
ProcessID is 3420 
System Time is: 7/23/2018 7:22:26:935 
Generating component is 2 
Status is 0x5, 5 
Detection location is 1750 
Flags is 0 
NumberOfParameters is 1 
Long val: 0x5 
----- 


This error does not occur when the command 'rpcping - t ncacn_np' is executed. In the case of Windows Server 2008R2/ 2012/2016, no error is generated even if the command 'rpcping - t ncacn_ip_tcp' is executed. Is there a problem with the use of the protocol 'ncacn_ip_tcp' in Windows 7/10?
Answer:
  • Considering the RPC Protocol 'ncacn_ip_tcp', setting WinC client and WinNTC dispatcher security ON would help in this regards. 

     

    - Enable Dispatcher Security and restart the Dispatcher.

    - Enabled Client application security as follows:

    --- Open application INI file

    --- Locate [RemoteWinNT] section and update following entries:

    --------- UseSecurity=True

    --------- SecurityLevel=6

     

    Note: Make sure to keep SecurityLevel higher or equal to Dispatcher security level.

     

    For more details please refer Plex help 'RPC Security Considerations'.

     

    Regarding RPCPing utility, there is slight differences in Windows client & Server operating considering RPC security.

    As mentioned, "rpcping -t ncacn_ip_tcp" fails with exception on Windows 7/10 but succeeds on Windows Server 2012/16.

     

    To make RPCPing utility working on Windows 7/10, pass the authentication parameters to RPCPing utility, e.g.

     

                     rpcping -t ncacn_ip_tcp -I "username,domain,password" -a connect -u 10


                     Note: -a: The security level, -u: Authentication scheme (NTLM is 10).