6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include updates to those products.

  • Windows NT

  • Windows 2000 Professional operating system

  • Windows XP operating system

  • Windows Server 2003 operating system

  • Windows Vista operating system

  • Windows 7 operating system

  • Windows 8 operating system

  • Windows Server 2008 R2 operating system

  • Windows Server 2012 operating system

  • Windows 10 operating system

  • Windows Server 2016 operating system

  • Windows Server 2019 operating system

  • Windows Server 2022 operating system

  • Windows SharePoint Services 2.0

  • Windows SharePoint Services 3.0

  • Microsoft SharePoint Foundation 2010

  • Microsoft SharePoint Foundation 2013

  • Microsoft SharePoint Server 2016

  • Microsoft SharePoint Server 2019

  • Microsoft SharePoint Server Subscription Edition

  • Windows 11 operating system

  • Windows Server 2025 operating system

Exceptions, if any, are noted in this section. If an update version, service pack or Knowledge Base (KB) number appears with a product name, the behavior changed in that update. The new behavior also applies to subsequent updates unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms "SHOULD" or "SHOULD NOT" implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term "MAY" implies that the product does not follow the prescription.

<1> Section 2.2.2.2.17.1: Microsoft Windows can present this error to the user as a disk full error.

<2> Section 2.2.2.2.17.1: Windows clients might interpret this as a "not found" error.

<3> Section 2.2.2.2.17.1: Some Windows clients explicitly ignore this error because it can be expected in certain cases; for example, caching operations or "most recently used" lists.

<4> Section 2.2.2.2.17.1: Windows clients generally ignore this error during bulk operations. This error is also generally ignored when removing files.

<5> Section 2.2.2.2.17.1: Windows will display an informational message rather than an error in this case.

<6> Section 2.2.2.2.18: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 ignore this parameter; versions 4.0 and 5.0 do not.

<7> Section 2.2.2.2.18: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 do not ignore this parameter; all other versions ignore it.

<8> Section 2.2.2.2.18: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 accept this parameter and require the requesting user to be a site administrator.

<9> Section 2.2.2.2.18: The FrontPage Server Extensions Remote Protocol versions 4.0 and 5.0 accept this parameter if source control is enabled.

<10> Section 2.2.2.2.19: The FrontPage Server Extensions Remote Protocol versions 4.0 and 5.0 accept this parameter.

<11> Section 2.2.4.5: Version 5.0 and 12.0 servers do not include vti_dirlateststamp (section 2.2.4.5) key for folders in create Url-Directory (section 2.2.2.2.16) and remove documents (section 3.1.5.3.13) methods.

<12> Section 2.2.4.12: FrontPage Server Extensions Remote Protocol Server versions 4.0 and 5.0 set a value here that reflects the underlying file system it stores documents in. Versions 6.0 and 12.0 always send 1 for this value.

<13> Section 2.2.4.13: The Windows client uses this metadata to avoid fetching the content of the file just to discover metatags with NAME="progid" and NAME="generator"; these are used to display icons for HTML files and to select an appropriate editor.

<14> Section 2.2.4.14: The FrontPage Server Extensions Remote Protocol version 5.0 does not return this key.

<15> Section 2.2.4.16: The FrontPage Server Extensions Remote Protocol version 5.0 does not include vti_sourcecontroltimecheckedout (section 2.2.4.16) metadata in the return values, when using the checkout document (section 3.1.5.3.2) method or get document (section 3.1.5.3.6) method to perform a short-term checkout.

<16> Section 2.2.4.17: The FrontPage Server Extensions Remote Protocol version 5.0 doesn’t return vti_thicketdir (section 2.2.4.17) as a BOOLEAN flag for a folder if the folder contains the supporting files for a thicket, but the service-relative URLs of the corresponding files.

<17> Section 2.2.4.19: The FrontPage Server Extensions Remote Protocol version 5.0 does not include this key.

<18> Section 2.2.4.19: Version 5.0 and 12.0 servers do not include vti_timecreated (section 2.2.4.19) key for folders in create Url-Directory (section 2.2.2.2.16) and remove documents (section 3.1.5.3.13) methods.

<19> Section 2.2.4.20: Version 5.0 and 12.0 servers do not include vti_timelastmodified (section 2.2.4.20) key for folders in create Url-Directory (section 2.2.2.2.16) and remove documents (section 3.1.5.3.13) methods.

<20> Section 2.2.4.20: The FrontPage Server Extensions Remote Protocol client for versions 4.0, 5.0, 6.0, and 12.0 uses this value when rendering a file's or folder's time last modified.

<21> Section 2.2.4.21: The FrontPage Server Extensions Remote Protocol Server version 5.0 does not include this key for folders. The FrontPage Server Extensions Remote Protocol Server versions 4.0, 6.0, and 12.0 do not include this key. The FrontPage Server Extensions Remote Protocol Client versions 4.0, 5.0, and 6.0 are not sensitive to this key.

<22> Section 2.2.4.22: The FrontPage Server Extensions Remote Protocol versions 5.0 and 12.0 do not return this metakey.

<23> Section 2.2.4.23: FrontPage Server Extensions Remote Protocol Server versions 4.0 and 5.0 do not include this key, versions 6.0 and 12.0 do. FrontPage Server Extensions Remote Protocol Client versions 4.0 and 5.0 only consider information passed to the underlying HTTP authentication mechanism.

<24> Section 3.1.1.1: The FrontPage Server Extensions Remote Protocol versions 4.0 and 5.0 allow users to turn the source control sandbox off; versions 6.0 and 12.0 do not.

<25> Section 3.1.2.1: All Windows operating systems request a short-term checkout length of two minutes. The clients will attempt to renew the short-term checkout 10 seconds before it expires.

<26> Section 3.1.3.2.1: Windows Vista does not perform this GET and instead assumes the values shown in the example in section 3.1.3.2.2.

<27> Section 3.1.5.1: The FrontPage Server Extensions Remote Protocol versions 4.0, 5.0, and 12.0 do not fail the request and instead use the normal HTTP Content-Type header. This action has potential security implications (see section 5.1).

<28> Section 3.1.5.1: If the client does not include FrontPage in its User-Agent string Windows Server 2003, or Windows Server 2008 R2 will respond with the HTTP Content-Type as "text/html" and present more simplistic error strings.

<29> Section 3.1.5.2: Versions 4.0, 5.0, 6.0, and 12.0 of the FrontPage Server Extensions Remote Protocol server will treat unknown arguments as a syntax error if the method takes any parameters. For methods that take no parameters, such as server version (section 3.1.5.3.14), the FrontPage Server Extensions Remote Protocol server will ignore the parameters.

<30> Section 3.1.5.2: The FrontPage Server Extensions Remote Protocol server versions 5.0, 6.0, and 12.0 will erroneously return a badly formed response message body that is not compliant with [RFC2616] for method calls made without authentication that result in an HTTP 401 error response. FrontPage Server Extensions Remote Protocol server version 4.0 does not have this defect and does not emit a response message body with an HTTP 401 error response.

All of the methods listed in section 3.1.5.3 are known to have the defect in FrontPage Server Extensions Remote Protocol server versions 5.0, 6.0, and 12.0 when returning an HTTP 401 response, with the exceptions of get documents (section 3.1.5.3.7), server version (section 3.1.5.3.14), url to web url (section 3.1.5.3.16), and dialogview (section 3.1.5.3.17.1).

This is an example of the badly formed message body returned by version 5.0 of FrontPage Server Extensions from a typical method call made without authentication, in this case, "open service".

 <html dir="ltr">
 <HEAD>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" name="CharsetDefinition">
 </HEAD><body ID=idErr><p><H2>You are not authorized to view this page</H2></p>
  
 <p>You do not have permission to view this page using your current user account.<br>
 Please try the following:<br>
 <li>If you have another user account with a higher level of permission, click <br>
 your browser's Back button to try again using that account.
 </li><li>If you believe you should be able to view this page, contact the website administrator.</li></p>
  
 </body></html>
 <html><head><title>vermeer RPC packet</title></head>
 <body>
 <p>method=open service:5.0.2.6738
 <p>status=
 <ul>
 <li>status=917505
 <li>osstatus=0
 <li>msg=The user 'DOMAIN&#92;username' is not authorized to execute the 'Author Pages' method.
 <li>osmsg=
 </ul>
 </body>
 </html>
  

This is an example of the badly formed message body returned by version 12.0 of the FrontPage Server Extensions Remote Protocol; the result from version 6.0 is identical except for the version number reported in the method=open service line.

 <html dir="ltr">
 <HEAD>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" name="CharsetDefinition">
 </HEAD><body ID=idErr><p><H2>Access denied.</H2></p>
  
 <p>You do not have permission to perform this action or access this resource.</p>
  
 <!-- commentElt Access denied. --></body></html>
 <html><head><title>vermeer RPC packet</title></head>
 <body>
 <p>method=open service:12.0.0.4518
 <p>status=
 <ul>
 <li>status=917556
 <li>osstatus=0
 <li>msg=You are not authorized to execute this operation.
 <li>osmsg=
 </ul>
 </body>
 </html>

The response message body created by the FrontPage Server Extensions Remote Protocol server software exhibiting this defect is badly formed due to the presence of two separate <HTML> sections, which can cause unexpected behavior in an insufficiently robust client that attempts to render or otherwise make use of the body.

All existing FrontPage Server Extensions Remote Protocol clients ignore the message body, if any, returned with an HTTP 401 response. Since an update or future version of FrontPage Server Extensions Remote Protocol server might correct this defect, clients MUST ignore the message body.

<31> Section 3.1.5.3.1: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 servers ignore this parameter. Versions 4.0 and 5.0 respond to the parameters with a rpc_stats return value with information about how much time the command spent running, waiting, and so on. The information returned is only useful for debugging purposes and is not considered part of the protocol.

<32> Section 3.1.5.3.2: The FrontPage Server Extensions Remote Protocol version 5.0 server does not return error (0x0009000E) if the force bit1 is not set to Refresh short-term checkout, and a short-term checkout exists.

<33> Section 3.1.5.3.2: The FrontPage Server Extensions Remote Protocol versions 5.0 will instead throw a status error stating, "Illegal parameter value for parameter 'timeout'".

<34> Section 3.1.5.3.4: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 do not have the notion of an executable directory. Version 4.0 servers create a server directory with execution set to "Scripts and Executables".

<35> Section 3.1.5.3.5: The FrontPage Server Extensions Remote Protocol server versions 5.0, 6.0 and 12.0 ignore the listHiddenDocs parameter value and always return information for hidden documents.

<36> Section 3.1.5.3.6: The FrontPage Server Extensions Remote Protocol version 5.0 returns a status error when get_option is "chkoutNonExclusive" and does not checkout the file exclusively.

<37> Section 3.1.5.3.6: The FrontPage Server Extensions Remote Protocol versions 5.0 will instead throw a status error stating, "Illegal parameter value for parameter 'timeout'".

<38> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol server version 12.0 does not return the contents of the shared borders directory when listBorders (section 3.1.5.3.8) is true.

<39> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol server version 12.0 includes the child site folders in the urldirs return value when listChildWebs (section 3.1.5.3.8) is false.

<40> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol clients send listDerived=false in the request and do not request the contents of a _derived folder. The FrontPage Server Extensions Remote Protocol server version 12.0 does not return the list of files when listDerived (section 3.1.5.3.8) is true.

<41> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol clients do not send this value; Version 6.0 and 12.0 servers will ignore this value if it is received. Version 5.0 servers do not ignore this value and return the task list files if they exist.

<42> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol version 12.0 always returns the document information and metadata even when listFiles is FALSE.

<43> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol version 5.0 doesn’t omit document_list, but returns an empty DOCUMENT-LIST-RETURN-TYPE (section 2.2.2.2.13) when listFiles is set as FALSE.

<44> Section 3.1.5.3.8: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 servers return an empty DOCUMENT-LIST-RETURN-TYPE if the platform parameter is sent. The FrontPage Server Extensions Remote Protocol versions 4.0 and 5.0 enumerate a folder (not accessible in the URL namespace) that the platform parameter identifies. The default configuration has folders named "WinI386" and "all". Server administrators can install modules into these folders or create new sibling directories.

<45> Section 3.1.5.3.9: The FrontPage Server Extensions Remote Protocol version 12.0 move document (section 3.1.5.3.9) method does not create a missing parent folder when rename_option sets createdir.

<46> Section 3.1.5.3.9: The FrontPage Server Extensions Remote Protocol versions 5.0 and 12.0 move document (section 3.1.5.3.9) method does not create the folder when put_option sets createdir.

<47> Section 3.1.5.3.10: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 ignore this parameter.

<48> Section 3.1.5.3.12: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 do not support this behavior; however, versions 4.0 and 5.0 do.

<49> Section 3.1.5.3.13: The FrontPage Server Extensions Remote Protocol versions 6.0 and 12.0 do not support this behavior; however, versions 4.0 and 5.0 do.

<50> Section 3.1.5.3.13: The FrontPage Server Extensions Remote Protocol versions 5.0, 6.0, and 12.0 send an empty METADICTs, and version 4.0 send the METADICT that existed before the document was deleted.

<51> Section 3.1.5.3.13: The FrontPage Server Extensions Remote Protocol version 6.0 send an empty METADICTs, and versions 4.0, 5.0, and 12.0 send the METADICT that existed before the document was deleted.

<52> Section 3.1.5.3.14: The following table specifies which version of the FrontPage Server Extensions Remote Protocol is contained in each version of Windows.

Revision summary

In-box FPSE server

Other supported FPSE servers

Windows NT 3.51

None

None

Windows NT 4.0

None

None

Windows XP operating system (x86)

4.0

None

Windows XP 64-Bit Edition

None

None

Windows Server 2003 operating system (x86)

5.0

5.0, 6.0, 12.0

Windows Server 2003 (x64)

None

6.0, 12.0

Windows Server 2003 R2

Microsoft FrontPage Server Extensions, Windows SharePoint Services 3.0

5.0, 6.0, 12.0

Windows Vista

None

None

Windows Server 2008 operating system

12.0

5.0

<53> Section 3.1.5.3.17.1: Windows Vista only supports the Windows SharePoint Services dialogview aspect of the FrontPage Server Extensions Remote Protocol. All other aspects of the protocol are deprecated in favor of WebDAV. For more information about WebDAV, see [MS-WDV].