Obs/bin/ObsDep/content/Powershell/Roles/Common/DeployDirectCommon.psm1
<###################################################
# # # Copyright (c) Microsoft. All rights reserved. # # # ##################################################> $HostFile = "$Env:SystemRoot\System32\Drivers\Etc\Hosts" # Set manually if needed $ENABLE_DEBUGGING = $false $DEBUG_CONNECTION_TYPE = '[DebugConnectionType]' $DEBUG_SERIAL_PORT = '[DebugSerialPort]' $DEBUG_SERIAL_BAUD_RATE = '[DebugSerialBaudRate]' $DEBUG_NET_PORT_MAP_STRING = '[DebugNetPortMapString]' $DEBUG_NET_HOST_IP = '[DebugNetHostIP]' $DEBUG_NET_KEY = '[DebugNetKey]' $DEBUG_NET_BUS_PARAMS = '[DebugNetBusParams]' $ENABLE_SERIAL_CONSOLE = $false $CONSOLE_SERIAL_PORT = '[ConsoleSerialPort]' $CONSOLE_SERIAL_BAUD_RATE = '[ConsoleSerialBaudRate]' # Starts all the services needed to intialize deployment on win PE function Set-WinPEDeploymentPrerequisites { $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop if (-not (Get-Command wpeutil*)) { Write-Warning "This script is intended to be execute in WinPE only." return } $null = wpeutil InitializeNetwork $null = wpeutil EnableFirewall $null = wpeutil WaitForNetwork $null = Start-Service -Name LanmanWorkstation } function New-NetworkDrive { param ( [Parameter(Mandatory=$true)] [string] $IPv4Address, [Parameter(Mandatory=$true)] [string] $HostName, [Parameter(Mandatory=$true)] [string] $ShareRoot, [Parameter(Mandatory=$true)] [PSCredential] $Credential, [Parameter(Mandatory=$true)] [string] $DriveLetter ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop # Add Host Entry $hostEntry = "$IPv4Address $HostName" if (-not (Get-Content $HostFile).Contains($hostEntry)) { Write-Verbose "Add host entry: '$hostEntry'." -Verbose $hostEntry | Out-File -FilePath $HostFile -Append -Encoding ascii } if (Get-PSDrive | Where-Object Name -eq $DriveLetter) { throw [System.InvalidOperationException]::new("The letter $DriveLetter is already assigned to an existing PSDrive.") } $maxRetries = 5 $retries = 1 $successful = $false while ($retries -le $maxRetries) { try { # Set PS Drive if (-not (Get-PSDrive | Where-Object Name -eq $DriveLetter)) { Write-Verbose "Create PSDrive '$DriveLetter' to '$ShareRoot'." -Verbose $null = New-PSDrive -Name $DriveLetter -PSProvider FileSystem -Root $ShareRoot -Credential $Credential -Persist -Scope Global $successful = $true break } } catch { Write-Warning $_ Write-Verbose "Failed to create PSDrive '$DriveLetter' to '$ShareRoot'. Sleep 60 seconds and retry $retries/$maxRetries." -Verbose Start-Sleep -Seconds 60 } $retries ++ } if ($successful) { Write-Verbose "Create PSDrive '$DriveLetter' to '$ShareRoot' successfully." -Verbose } else { throw "Failed to create PSDrive '$DriveLetter' to '$ShareRoot' after $maxRetries retries." } } # Returns back the SystemDrive function Set-DiskConfiguration { [CmdletBinding()] [OutputType([String])] param ( [Parameter(Mandatory=$true)] [string] $LogPath, [Parameter(Mandatory=$false)] [string] $BootDiskConfigPath, [Parameter(Mandatory=$false)] [bool] $ClearExisting=$true, [Parameter(Mandatory=$false)] [bool] $BootFromPhysicalDisk=$false ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop (Get-Date).ToString('yyyy/MM/dd HH:mm:ss') | Add-Content $LogPath "Reset the disks and clean them of all data." | Add-Content $LogPath if ($ClearExisting) { Get-Partition | Remove-Partition -Confirm:$false -ErrorAction SilentlyContinue # account for change in Reset-PhysicalDisk parameters in WinPE with Windows cumulative update $PDParam = @{} if ((Get-Command -Name 'Reset-PhysicalDisk').Parameters['Confirm']) { $PDParam.Add('Confirm',$false) } Get-PhysicalDisk | Reset-PhysicalDisk @PDParam Get-Disk | Where-Object PartitionStyle -ne RAW | ForEach-Object { $_ | Set-Disk -IsOffline:$false -ErrorAction SilentlyContinue $_ | Set-Disk -IsReadOnly:$false -ErrorAction SilentlyContinue $_ | Clear-Disk -RemoveData -RemoveOEM -Confirm:$false -ErrorAction SilentlyContinue } } Get-Disk | ForEach-Object { $_ | Set-Disk -IsReadOnly:$true -ErrorAction SilentlyContinue $_ | Set-Disk -IsOffline:$true -ErrorAction SilentlyContinue } Update-StorageProviderCache -DiscoveryLevel Full (Get-Date).ToString('yyyy/MM/dd HH:mm:ss') | Add-Content $LogPath "Select the disk to boot from." | Add-Content $LogPath Get-PhysicalDisk | Sort-Object DeviceId | Format-Table DeviceId, Model, BusType, MediaType, Size | Out-String | Add-Content $LogPath Get-Disk | Out-String | Add-Content $LogPath $allbootCandidateDisks = Get-PhysicalDisk if (-not $allbootCandidateDisks) { throw 'No suitable boot candidate disks found.' } # log the data about physical disks that filtering uses "All disks." | Add-Content $LogPath $allbootCandidateDisks | Sort-Object DeviceId | Select-Object FriendlyName,SerialNumber,BusType,DeviceId,Manufacturer,Model,MediaType,Size | Format-Table | Out-String | Add-Content $LogPath if ($bootDiskConfigPath -and (Test-Path $bootDiskConfigPath)) { "Boot disk configuration file '$bootDiskConfigPath' exists." | Add-Content $LogPath [xml] $config = Get-Content $bootDiskConfigPath $bootDiskConfigs = $config.disks.disk $filteredBootCandidateDisks = $null foreach ($bootDiskConfig in $bootDiskConfigs) { # only apply each filter if the previous filter did not return any disks if (-not $filteredBootCandidateDisks) { # log what if being used as a filter "Filter - BusType: $($bootDiskConfig.BusType), DeviceId: $($bootDiskConfig.DeviceId), Manufacturer: $($bootDiskConfig.Manufacturer), Model: $($bootDiskConfig.Model), MediaType: $($bootDiskConfig.MediaType), Size: $($bootDiskConfig.Size)" | Add-Content $LogPath $filteredBootCandidateDisks = $allbootCandidateDisks | Where-Object { ($_.BusType -like $bootDiskConfig.BusType) -and ($_.DeviceId -like $bootDiskConfig.DeviceId) -and ($_.Manufacturer -like $bootDiskConfig.Manufacturer) -and ($_.Model -like $bootDiskConfig.Model) -and ($_.MediaType -like $bootDiskConfig.MediaType) -and ($_.Size -like $bootDiskConfig.Size) } # if this filter returns disks, set the busTypeFilter so we can filter further for * below if ($filteredBootCandidateDisks) { $busTypeFilter = $bootDiskConfig.BusType } } else { break } } # if no filtered disks after attempting all filters, we must fail if (-not $filteredBootCandidateDisks) { throw 'After filtering, no suitable boot candidate disks found.' } "Filtered disks." | Add-Content $LogPath $filteredBootCandidateDisks | Sort-Object DeviceId | Select-Object FriendlyName,SerialNumber,BusType,DeviceId,Manufacturer,Model,MediaType,Size | Format-Table | Out-String | Add-Content $LogPath ############################################################################################### # Temporary; after OEM extention is workin E2E, it will be removed $allTypeString = "*" if ($busTypeFilter -eq $allTypeString) { $filteredBootCandidateDisks = $filteredBootCandidateDisks | Where-Object BusType -in 'SATA', 'SAS', 'RAID' } "Filtered disks after the bus type filter 'SATA', 'SAS', 'RAID'." | Add-Content $LogPath $filteredBootCandidateDisks | Out-String | Add-Content $LogPath ############################################################################################### $bootCandidateDisks = $filteredBootCandidateDisks } else { $bootCandidateDisks = $allbootCandidateDisks | Where-Object BusType -in 'SATA', 'SAS', 'RAID' } if (-not $bootCandidateDisks) { throw 'No suitable boot candidate disk found.' } $bootCandidateDisks = $bootCandidateDisks | Where-Object DeviceId -in (Get-Disk).Number $bootCandidateDisks = $bootCandidateDisks | Sort-Object Size, DeviceId foreach ($currentDisk in $bootCandidateDisks) { $found = $(Get-Disk -Number $currentDisk.DeviceId | Get-Partition | Where-Object {$_.Type -eq "System"}) if ($found) { "Found boot disk with system partition type" | Add-Content $LogPath $found | Out-String | Add-Content $LogPath $bootCandidateDisk = $currentDisk break } } if ($null -eq $bootCandidateDisk) { "Select the first candidate disk as boot disk" | Add-Content $LogPath $bootCandidateDisk = $bootCandidateDisks | Select-Object -First 1 } $bootDiskNumber = $bootCandidateDisk.DeviceId if (-not $bootDiskNumber) { throw 'Not able to get the boot disk number.' } "Disk $bootDiskNumber will be used for boot partition." | Add-Content $LogPath if (-not($ClearExisting)) { # Remove the disk partition Get-Partition -DiskNumber $bootDiskNumber | Remove-Partition -Confirm:$false -ErrorAction SilentlyContinue # Reset only the boot disk $PDParam = @{} if ((Get-Command -Name 'Reset-PhysicalDisk').Parameters['Confirm']) { $PDParam.Add('Confirm',$false) } $bootCandidateDisk | Reset-PhysicalDisk @PDParam $disk = Get-Disk | Where-Object Number -eq $bootDiskNumber | Where-Object PartitionStyle -ne RAW "Disk about to be cleared:" | Add-Content $LogPath $disk | Out-String | Add-Content $LogPath $disk | ForEach-Object { $_ | Set-Disk -IsOffline:$false -ErrorAction SilentlyContinue $_ | Set-Disk -IsReadOnly:$false -ErrorAction SilentlyContinue $_ | Clear-Disk -RemoveData -RemoveOEM -Confirm:$false -ErrorAction SilentlyContinue $_ | Set-Disk -IsReadOnly:$true -ErrorAction SilentlyContinue $_ | Set-Disk -IsOffline:$true -ErrorAction SilentlyContinue } } ############################################################################################### # Temporary for R730; after OEM extention is working E2E, this will be removed [9282124] $firstDisk = $bootCandidateDisk $secondDisk = $bootCandidateDisks | Where-Object { $($_.DeviceId -ne $bootCandidateDisk.DeviceId) -and $($_.Size -ge $bootCandidateDisk.Size) } | Sort-Object Size, DeviceId | Select-Object -First 1 if ($firstDisk.Size -eq $secondDisk.Size) { $secondDiskNumber = $secondDisk.DeviceId $ssdDisks = Get-PhysicalDisk | Where-Object BusType -in 'SATA', 'SAS', 'RAID', 'NVMe' | Where-Object MediaType -eq SSD $nonOnboardSsdDisks = $ssdDisks | Where-Object DeviceId -notin $firstDisk.DeviceId, $secondDisk.DeviceId | Sort-Object Size if ($nonOnboardSsdDisks -and ($secondDisk.Size -lt $nonOnboardSsdDisks[0].Size / 1.01)) { throw "Disk $secondDiskNumber appears to be a secondary on-board drive; it needs to be removed." } } ############################################################################################## wpeutil UpdateBootInfo | Add-Content $LogPath $remove = @(Get-Volume | Where-Object DriveType -ne Fixed) foreach ($item in $remove) { $vol = Get-CimInstance -ClassName Win32_Volume -Filter "DriveLetter = '$($item.DriveLetter):'" if ($null -ne $vol) { try { "Remove drive letter assignment '$($item.DriveLetter):' from '$($item.DriveType)'." | Add-Content $LogPath $vol | Set-CimInstance -Property @{DriveLetter=$null} } catch { "WARNING: Failed to remove drive letter assignment '$($item.DriveLetter):' from '$($item.DriveType)'." | Add-Content $LogPath } } } $peFirmwareType = (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control).PEFirmwareType # Returns 0x1 if the PC is booted into BIOS mode, or 0x2 if the PC is booted in UEFI mode. $isLegacyBoot = $peFirmwareType -eq 1 if ($isLegacyBoot) { "Create new partitions for Legacy Boot." | Add-Content $LogPath $null = Initialize-Disk -Number $bootDiskNumber -PartitionStyle MBR -ErrorAction SilentlyContinue if ($true -eq $BootFromPhysicalDisk) { $winPartition = New-Partition -DiskNumber $bootDiskNumber -Size 60GB -DriveLetter C -IsActive if (-not $winPartition) { throw 'Unable to create partition for physical drive OS Installation.' } $partition = New-Partition -DiskNumber $bootDiskNumber -UseMaximumSize -DriveLetter D } else { $partition = New-Partition -DiskNumber $bootDiskNumber -UseMaximumSize -AssignDriveLetter -IsActive } if (-not $partition) { throw 'Unable to create partition for OS Installation.' } $systemDrive = $partition.DriveLetter + ':' if ($true -eq $BootFromPhysicalDisk) { $null = Format-Volume -Partition $winPartition -FileSystem NTFS -Confirm:$false } $osVolume = Format-Volume -Partition $partition -FileSystem NTFS -Confirm:$false } else { "Create new partitions for UEFI." | Add-Content $LogPath $null = Initialize-Disk -Number $bootDiskNumber -ErrorAction SilentlyContinue $msrPartition = New-Partition -DiskNumber $bootDiskNumber -Size 128MB -GptType "{e3c9e316-0b5c-4db8-817d-f92df00215ae}" # MSR if ($true -eq $BootFromPhysicalDisk) { "Create partitions for Boot From Physical Disk scenario." | Add-Content $LogPath $winPartition = New-Partition -DiskNumber $bootDiskNumber -Size 60GB -DriveLetter C -GptType "{ebd0a0a2-b9e5-4433-87c0-68b6b72699c7}" # WIN if (-not $winPartition) { throw 'Unable to create partition for physical drive OS Installation.' } $sysPartition = New-Partition -DiskNumber $bootDiskNumber -Size 350MB -DriveLetter E -GptType "{c12a7328-f81f-11d2-ba4b-00a0c93ec93b}" # ESP } else { "Create partitions for Boot From Virtual Disk scenario." | Add-Content $LogPath $espPartition = New-Partition -DiskNumber $bootDiskNumber -Size 200MB -GptType "{c12a7328-f81f-11d2-ba4b-00a0c93ec93b}" # ESP $espPartition | Add-PartitionAccessPath -AccessPath Q: $null = format Q: /fs:FAT32 /v:EFS /Y } $osPartition = New-Partition -DiskNumber $bootDiskNumber -UseMaximumSize -DriveLetter D -GptType "{ebd0a0a2-b9e5-4433-87c0-68b6b72699c7}" # OS if (-not $osPartition) { throw 'Unable to create the required partitions for OS Installation.' } $osVolume = Format-Volume -Partition $osPartition -FileSystem NTFS -Confirm:$false $systemDrive = $osPartition.DriveLetter + ':' "System drive letter is set to '$($systemDrive)'" | Add-Content $LogPath if ($null -ne $winPartition) { $null = Format-Volume -Partition $sysPartition -FileSystem FAT32 -Confirm:$false $null = Format-Volume -Partition $winPartition -FileSystem NTFS -Confirm:$false $env:WINDOWS_DRIVE = $winPartition.DriveLetter + ':' "Windows OS drive letter is set to '$($env:WINDOWS_DRIVE)'" | Add-Content $LogPath } } return [string]$systemDrive } function Set-HostVHDBoot { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $BootVHDFilePath, [Parameter(Mandatory=$true)] [string] $UnattendPath, [Parameter(Mandatory=$true)] [string] $DeploymentId, [Parameter(Mandatory=$true)] [string] $SystemDrive, [Parameter(Mandatory=$false)] [string] $MacAddress=$null, [Parameter(Mandatory=$true)] [string] $LogPath, [Parameter(Mandatory=$false)] [switch] $AddDeploymentIdToken, [Parameter(Mandatory=$false)] [string] $HypervisorSchedulerType='Core' ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop try { "Mounting VHD '$BootVHDFilePath'." | Add-Content $LogPath $null = Mount-DiskImage -ImagePath $BootVHDFilePath $virtualDiskDriveLetter = Get-Disk | Where-Object BusType -like 'File Backed Virtual' | Get-Partition | Where-Object Size -gt 2Gb | ForEach-Object DriveLetter $bootDrive = $virtualDiskDriveLetter + ':\' # Workaround for issue where script cannot find drive $null = New-PSDrive -Name $virtualDiskDriveLetter -Root $bootDrive -PSProvider FileSystem if ($AddDeploymentIdToken) { # Add a token file at a predefined location to detect host has booted up. # This will be relevant only in case of one-node stamp when it goes through baremetal deployment using WinPE $tempPath = "$($bootDrive)CloudBuilderTemp" "Inject deploymentId file '$tempPath\$($DeploymentId).txt'." | Add-Content $LogPath $null = New-Item -Path $tempPath -ItemType Directory -Force $null = Set-Content -Path "$tempPath\$($DeploymentId).txt" -Value '' } "Use-WindowsUnattend file '$UnattendPath' for offline values." | Add-Content $LogPath $null = Use-WindowsUnattend -Path $bootDrive -UnattendPath $UnattendPath $unattendDirectory = "$($bootDrive)Windows\Panther\Unattend" "Inject Unattend file '$UnattendPath' to '$unattendDirectory'." | Add-Content $LogPath $null = New-Item -Path $unattendDirectory -ItemType Directory -Force if ($MacAddress) { $unattendContent = Get-Content $unattendPath "Writing MAC Address '$MacAddress' to Unattend file" | Add-Content $LogPath $unattendContent = $unattendContent.Replace('[MacAddress]', $MacAddress.Replace(':','-')) $null = Set-Content -Path "$unattendDirectory\unattend.xml" -Value $unattendContent } else { $null = Copy-Item -Path $unattendPath -Destination "$unattendDirectory\unattend.xml" } $computerName = Get-ComputerNameFromUnattend -UnattendPath "$unattendDirectory\unattend.xml" Set-Debugging -LogPath $LogPath -ComputerName $computerName $peFirmwareType = (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control).PEFirmwareType # Returns 0x1 if the PC is booted into BIOS mode, or 0x2 if the PC is booted in UEFI mode. $isLegacyBoot = $peFirmwareType -eq 1 if ($isLegacyBoot) { "Set BCD Boot Legacy." | Add-Content $LogPath bcdboot "$($bootDrive)Windows" /s $SystemDrive | Add-Content $LogPath } else { "Set BCD Boot UEFI." | Add-Content $LogPath bcdboot "$($bootDrive)Windows" /s Q: /f UEFI /d /addlast /v | Add-Content $LogPath # Remove invalid Windows Boot Manager entries, left from the previous deployment. $bcdFirmware = bcdedit /enum firmware $bcdFirmware | Add-Content $LogPath $bcdFirmware = $bcdFirmware -join "`n" if ($bcdFirmware -match 'identifier\s*({\w*-[0-9a-z-]*})[^-]*?description\s*Windows Boot Manager') { for ($i = 0; $i -lt $matches.Count; $i++) { if ($matches[$i] -like '{*') { bcdedit /delete $matches[$i] } } } bcdedit /enum firmware | Add-Content $LogPath } # https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/manage-hyper-v-scheduler-types "Setting hypervisor scheduler type to $HypervisorSchedulerType" | Add-Content $LogPath $bcdOutput = & bcdedit /set `{default`} hypervisorschedulertype $HypervisorSchedulerType | Out-String if (-not ($bcdOutput -ilike "*successfully*")) { throw "BCDEdit failed to update the hypervisor scheduler type. Output: $bcdOutput" } # Output boot store entries to validate settings $bcdEditEnum = & bcdedit /enum | Out-String $bcdEdit | Add-Content $LogPath } finally { $mountedImages = Get-DiskImage -ImagePath $BootVHDFilePath if ($mountedImages) { $null = Dismount-DiskImage -ImagePath $BootVHDFilePath } } } function Set-HostPhysicalDiskBoot { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $SystemDrive, [Parameter(Mandatory=$true)] [string] $UnattendPath, [Parameter(Mandatory=$true)] [string] $DeploymentId, [Parameter(Mandatory=$false)] [string] $MacAddress=$null, [Parameter(Mandatory=$true)] [string] $LogPath, [Parameter(Mandatory=$false)] [switch] $AddDeploymentIdToken, [Parameter(Mandatory=$false)] [string] $HypervisorSchedulerType='Core' ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop try { $bootDrive = $SystemDrive if ($AddDeploymentIdToken) { # Add a token file at a predefined location to detect host has booted up. # This will be relevant only in case of one-node stamp when it goes through baremetal deployment using WinPE $tempPath = "$($bootDrive)CloudBuilderTemp" "Inject deploymentId file '$tempPath\$($DeploymentId).txt'." | Add-Content $LogPath $null = New-Item -Path $tempPath -ItemType Directory -Force $null = Set-Content -Path "$tempPath\$($DeploymentId).txt" -Value '' } "Use-WindowsUnattend file '$UnattendPath' for offline values." | Add-Content $LogPath $null = Use-WindowsUnattend -Path $bootDrive -UnattendPath $UnattendPath $unattendDirectory = "$($bootDrive)Windows\Panther\Unattend" "Inject Unattend file '$UnattendPath' to '$unattendDirectory'." | Add-Content $LogPath $null = New-Item -Path $unattendDirectory -ItemType Directory -Force if ($MacAddress) { $unattendContent = Get-Content $unattendPath "Writing MAC Address '$MacAddress' to Unattend file" | Add-Content $LogPath $unattendContent = $unattendContent.Replace('[MacAddress]', $MacAddress.Replace(':','-')) $null = Set-Content -Path "$unattendDirectory\unattend.xml" -Value $unattendContent } else { $null = Copy-Item -Path $unattendPath -Destination "$unattendDirectory\unattend.xml" } $computerName = Get-ComputerNameFromUnattend -UnattendPath "$unattendDirectory\unattend.xml" Set-Debugging -LogPath $LogPath -ComputerName $computerName $peFirmwareType = (Get-ItemProperty HKLM:\SYSTEM\CurrentControlSet\Control).PEFirmwareType # Returns 0x1 if the PC is booted into BIOS mode, or 0x2 if the PC is booted in UEFI mode. $isLegacyBoot = $peFirmwareType -eq 1 if ($isLegacyBoot) { "Set BCD Boot Legacy." | Add-Content $LogPath bcdboot "$($bootDrive)\Windows" /s $bootDrive | Add-Content $LogPath } else { "Set BCD Boot UEFI." | Add-Content $LogPath bcdboot "$($bootDrive)\Windows" /s E: /f UEFI /v | Add-Content $LogPath bcdedit /enum firmware | Add-Content $LogPath } # https://docs.microsoft.com/en-us/windows-server/virtualization/hyper-v/manage/manage-hyper-v-scheduler-types "Setting hypervisor scheduler type to $HypervisorSchedulerType" | Add-Content $LogPath $bcdOutput = & bcdedit /set `{default`} hypervisorschedulertype $HypervisorSchedulerType | Out-String if (-not ($bcdOutput -ilike "*successfully*")) { throw "BCDEdit failed to update the hypervisor scheduler type. Output: $bcdOutput" } # Output boot store entries to validate settings $bcdEditEnum = & bcdedit /enum | Out-String $bcdEdit | Add-Content $LogPath } catch { throw $PSItem } } function Get-ComputerNameFromUnattend { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $UnattendPath ) # Get host name from unattend.xml $computerNameSearch = Get-ChildItem -Path $unattendPath | Select-String '\<ComputerName\>([^<]*)\<' $computerName = $computernameSearch.Matches.Groups[1].Value return $computerName } <# .Synopsis Function to test if an IP address is between two other IP addresses, inclusive .Parameter IPAddress The address to test. .Parameter BeginAddress The IP address at the begining of the range to test. .Parameter EndAddress The IP address at the begining of the range to test. .Example Test-IpAddressBetween -IPAddress 10.0.0.5 -BeginAddress 10.0.0.1 -EndAddress 10.0.0.10 Returns True #> function Test-IpAddressBetween { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [String] $IPAddress, [Parameter(Mandatory=$true)] [String] $BeginAddress, [Parameter(Mandatory=$true)] [String] $EndAddress ) # Convert all the addresses to Int32 $originalAddressBytes = ([IPAddress]$IPAddress).GetAddressBytes() [array]::Reverse($originalAddressBytes) $ipAddressInt = [System.BitConverter]::ToInt32($originalAddressBytes, 0) $originalAddressBytes = ([IPAddress]$BeginAddress).GetAddressBytes() [array]::Reverse($originalAddressBytes) $beginAddressInt = [System.BitConverter]::ToInt32($originalAddressBytes, 0) $originalAddressBytes = ([IPAddress]$EndAddress).GetAddressBytes() [array]::Reverse($originalAddressBytes) $endAddressInt = [System.BitConverter]::ToInt32($originalAddressBytes, 0) $ipAddressInt -le $endAddressInt -and $ipAddressInt -ge $beginAddressInt } function Get-LogFilePath { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $UnattendPath ) $computerName = Get-ComputerNameFromUnattend -UnattendPath $UnattendPath $logPath = [System.IO.Path]::GetDirectoryName($UnattendPath) $logFilePath = "$($logPath)\$($computerName).Log" return $logFilePath } function Set-Debugging { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $LogPath, [Parameter(Mandatory=$true)] [string] $ComputerName ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop if ($ENABLE_DEBUGGING) { Add-Content $LogPath "Current BCD settings:" bcdedit /enum | Add-Content $LogPath Add-Content $LogPath "Enabling debugging and setting dbgsettings..." bcdedit /debug '{default}' on | Add-Content $LogPath bcdedit /bootdebug '{default}' on | Add-Content $LogPath if ($DEBUG_CONNECTION_TYPE -eq 'serial') { bcdedit /dbgsettings serial debugport:$DEBUG_SERIAL_PORT baudrate:$DEBUG_SERIAL_BAUD_RATE | Add-Content $LogPath } elseif ($DEBUG_CONNECTION_TYPE -eq 'net') { $portMap = @{} $DEBUG_NET_PORT_MAP_STRING -split ';' | Where-Object { $_ } | ForEach-Object { $portRecord = $_ -split ',' $portMap.($portRecord[0]) = $portRecord[1] } $port = $portMap.$ComputerName Add-Content $LogPath "Port: $port" bcdedit /dbgsettings net hostip:$DEBUG_NET_HOST_IP port:$port key:$DEBUG_NET_KEY | Add-Content $LogPath bcdedit /set '{dbgsettings}' busparams "$DEBUG_NET_BUS_PARAMS" | Add-Content $LogPath } else { Add-Content $LogPath "Debugging connection type '$DEBUG_CONNECTION_TYPE' is not expected." } Add-Content $LogPath "Debug settings are now set:" bcdedit /enum | Add-Content $LogPath bcdedit /dbgsettings | Add-Content $LogPath } if ($ENABLE_SERIAL_CONSOLE) { Add-Content $LogPath "Current BCD settings:" bcdedit /enum | Add-Content $LogPath Add-Content $LogPath "Enabling Emergency Management Services..." bcdedit /ems '{default}' on | Add-Content $LogPath bcdedit /emssettings emsport:$CONSOLE_SERIAL_PORT emsbaudrate:$CONSOLE_SERIAL_BAUD_RATE | Add-Content $LogPath Add-Content $LogPath "EMS settings are now set:" bcdedit /enum | Add-Content $LogPath } } <# .Synopsis Function to get the local machine System Management BIOS Guid without dashes or brackets .Example Get-LocalSMBIOSGuid Returns 1742B000CD3611E10000AC162D024F2F #> function Get-LocalSMBIOSGuid { $smBiosGuid = Get-WmiObject Win32_ComputerSystemProduct UUID $smBiosGuid.UUID.Replace('-', '') } <# .Synopsis Function to get a path to the file that will contain the MAC address on a deploying machine .Example Get-MACAddressOutputPath -RemoteUnattendPath \\foo\bar Returns \\foo\bar\1742B000CD3611E10000AC162D024F2F.MACAddress.txt #> function Get-MACAddressOutputPath { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $RemoteUnattendPath ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop # Always use the smbios guid, since this is an externally discoverable identifier $smBiosGuid = Get-LocalSMBIOSGuid $macAddressOutputFilePath = $smBiosGuid | ForEach-Object { "$RemoteUnattendPath\$_.MACAddress.txt" } return $macAddressOutputFilePath } function Get-UnattendFilePath { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $RemoteUnattendPath ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $macAddress = Get-CimInstance Win32_NetworkAdapterConfiguration | Where-Object MACAddress | ForEach-Object MACAddress | ForEach-Object { $_ -replace ':', '-' } | Where-Object { "$remoteUnattendPath\$_.xml" | Where-Object {Test-Path $_} } if ($macAddress) { $unattendPath = $macAddress | ForEach-Object { "$RemoteUnattendPath\$_.xml" } } else { # No unattend file matching the MAC address was found, attempt to find an unattend file with the smbios guid instead $smBiosGuid = Get-LocalSMBIOSGuid $unattendPath = $smBiosGuid | ForEach-Object { "$RemoteUnattendPath\$_.xml" } } return $unattendPath } <# .Synopsis This function returns the node specific RemoteUnattend path e.g. when passed RemoteUnattend, we will get back RemoteUnattend\<NodeName>. If node's unattend files are in RemoteUnattend *and* RemoteUnattend\NodeName, we will return the path containing the latest files. This scenario can happen during the following sequence Old build + FRU X (writes to RemoteUnattend) + PnU (new build that writes to NodeName) + FRU X during PnU #> function Get-NodeSpecificRemoteUnattendPath { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $UnattendPathToResolve ) $macAddresses = Get-CimInstance Win32_NetworkAdapterConfiguration | Where-Object MACAddress | ForEach-Object MACAddress | ForEach-Object { $_ -replace ':', '-' } foreach ($macAddress in $macAddresses) { $unattendFile = Get-ChildItem -Path $UnattendPathToResolve -Include "$macAddress.xml" -Recurse -Force -File | Sort-Object LastWriteTime -Descending | Select-Object -First 1 if ($unattendFile) { return $unattendFile.Directory.FullName } } $smBiosGuid = Get-LocalSMBIOSGuid $unattendFile = Get-ChildItem -Path $UnattendPathToResolve -Include "$smBiosGuid.xml" -Recurse -Force -File | Sort-Object LastWriteTime -Descending | Select-Object -First 1 if ($unattendFile) { return $unattendFile.Directory.FullName } return $UnattendPathToResolve } function Get-BootDiskConfigPath { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $RemoteUnattendPath ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $macAddress = Get-CimInstance Win32_NetworkAdapterConfiguration | Where-Object MACAddress | ForEach-Object MACAddress | ForEach-Object { $_ -replace ':', '-' } | Where-Object { "$remoteUnattendPath\$_.BootDisk.xml" | Where-Object {Test-Path $_} } if ($macAddress) { $bootDiskConfigPath = $macAddress | ForEach-Object { "$RemoteUnattendPath\$_.BootDisk.xml" } } else { # No boot disk file matching the MAC address was found, attempt to find a boot disk file with the smbios guid instead $smBiosGuid = Get-LocalSMBIOSGuid $bootDiskConfigPath = $smBiosGuid | ForEach-Object { "$RemoteUnattendPath\$_.BootDisk.xml" } } return $bootDiskConfigPath } function Test-AzsHostTPMOwnership { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $LogPath ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop "Testing TPM ownership for AzureStack host" | Add-Content $LogPath try { "Getting Win32_TPM object in namespace root\cimv2\security\microsofttpm" | Add-Content $LogPath $tpmWMIObject = Get-WmiObject -Namespace "root\cimv2\security\microsofttpm" -Class Win32_TPM if ($null -eq $tpmWMIObject) { throw "Failed to get WMI object Win32_TPM" } "Calling TPM method IsOwned() to check if TPM is properly owned" | Add-Content $LogPath $tpmIsOwnedRet = $tpmWMIObject.IsOwned() if ($null -eq $tpmIsOwnedRet) { throw "Failed call to tpm method IsOwned()" } if ($tpmIsOwnedRet.ReturnValue -ne 0) { throw "Failed call to tpm method IsOwned(). ReturnValue is $($tpmIsOwnedRet.ReturnValue)" } if ($tpmIsOwnedRet.IsOwned -eq $true) { "TPM IsOwned() method confirmed that TPM is owned. No need to explicitly call TPM method TakeOwnerShip()" | Add-Content $LogPath return } "TPM is NOT owned. Will explicitly call TPM method TakeOwnerShip()" | Add-Content $LogPath "Calling TPM method TakeOwnerShip()" | Add-Content $LogPath $tpmTakeOwnerShipRet = $tpmWMIObject.TakeOwnerShip() if ($null -eq $tpmTakeOwnerShipRet) { throw "Failed call to TPM method TakeOwnerShip()" } if ($tpmTakeOwnerShipRet.ReturnValue -ne 0) { throw "Failed call to TPM method TakeOwnerShip(). ReturnValue is $($tpmTakeOwnerShipRet.ReturnValue)" } "Calling TPM method IsOwned() to check if TPM is properly owned after calling TPM method TakeOwnerShip()" | Add-Content $LogPath $tpmIsOwnedRet = $tpmWMIObject.IsOwned() if ($null -eq $tpmIsOwnedRet) { throw "Failed call to tpm method IsOwned()" } if ($tpmIsOwnedRet.ReturnValue -ne 0) { throw "Failed call to tpm method IsOwned(). ReturnValue is $($tpmIsOwnedRet.ReturnValue)" } if ($tpmIsOwnedRet.IsOwned -eq $false) { throw "Failure: TPM method IsOwned() shows that TPM is NOT owned even after calling TPM method TakeOwnerShip()" } "TPM is now owned after calling TPM method TakeOwnerShip()" | Add-Content $LogPath } catch { "Azs host test TPM ownership did not complete. Exception: $($_.Exception)" | Add-Content $LogPath "Test TPM ownership did not complete becaue of the following error/warning: $($_.Exception.Message)" | Add-Content $LogPath } } # Function Clear-AzsHostTPM # It is a precautionary mechanism to avoid issues with # TPM. If TPM could not be cleared # an error will be reported but deployment # should proceed. A common reason for TPM not to be cleared # is a host that requies user confirmation upon reboot. # In this case an error will be reported but deployment # should proceed function Clear-AzsHostTPM { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [string] $LogPath ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop (Get-Date).ToString('yyyy/MM/dd HH:mm:ss') | Add-Content $LogPath "Clear TPM for AzureStack host" | Add-Content $LogPath try { "Retrieving a WMI object win32_TPM in namespace root\cimv2\security\microsofttpm" | Add-Content $LogPath $tpmWMIObject = Get-WmiObject -Namespace "root\cimv2\security\microsofttpm" -Class Win32_TPM if ($null -eq $tpmWMIObject) { throw "Aborting clear TPM. Failed to retrieve TPM WMI object. Make sure TPM is available and ready." } "Checking status of TPM" | Add-Content $LogPath if ((!$tpmWMIObject.IsActivated_InitialValue) -or (!$tpmWMIObject.IsEnabled_InitialValue)) { throw "Aborting clear TPM. TPM is either not activated or is not enabled" } "Testing TPM ownership. Calling Test-AzsHostTPMOwnership" | Add-Content $LogPath Test-AzsHostTPMOwnership -LogPath $LogPath "Retrieving a new WMI win32_TPM object after testing ownership in namespace root\cimv2\security\microsofttpm" | Add-Content $LogPath $tpmWMIObject = Get-WmiObject -Namespace "root\cimv2\security\microsofttpm" -Class Win32_TPM if ($null -eq $tpmWMIObject) { throw "Aborting clear TPM. Failed to retrieve TPM WMI object. Make sure TPM is available and ready." } "Starting process to clear TPM" | Add-Content $LogPath "Calling WMI TPM method GetPhysicalPresenceConfirmationStatus() with Operation input parameter set to 22 (Enable + Activate + Clear + Enable + Activate)" | Add-Content $LogPath $physicalPresenceConfRet = $tpmWMIObject.GetPhysicalPresenceConfirmationStatus(22) if ($null -eq $physicalPresenceConfRet) { throw "Aborting clear TPM. Failed call to WMI TPM method GetPhysicalPresenceConfirmationStatus()" } "Checking ReturnValue of WMI TPM method GetPhysicalPresenceConfirmationStatus()" | Add-Content $LogPath "ReturnValue of WMI TPM method GetPhysicalPresenceConfirmationStatus() is $($physicalPresenceConfRet.ReturnValue)" | Add-Content $LogPath if ($physicalPresenceConfRet.ReturnValue -ne 0) { throw "Aborting clear TPM. Failed call to TPM method GetPhysicalPresenceConfirmationStatus() with ReturnValue $($physicalPresenceConfRet.ReturnValue)" } "Checking ConfirmationStatus of WMI TPM method GetPhysicalPresenceConfirmationStatus()" | Add-Content $LogPath "ConfirmationStatus of WMI TPM method GetPhysicalPresenceConfirmationStatus() is $($physicalPresenceConfRet.ConfirmationStatus)" | Add-Content $LogPath if ($physicalPresenceConfRet.ConfirmationStatus -ne 4) { throw "Aborting clear TPM. Call to WMI TPM method GetPhysicalPresenceConfirmationStatus() returned ConfirmationStatus $($physicalPresenceConfRet.ConfirmationStatus). Host may require user intervention or BIOS change to enable clear TPM." } "Clearing TPM by calling WMI TPM method SetPhysicalPresenceRequest() with request input parameter set to 22 (Enable + Activate + Clear + Enable + Activate)" | Add-Content $LogPath $physicalPresenceRequestRet = $tpmWMIObject.SetPhysicalPresenceRequest(22) if ($null -eq $physicalPresenceRequestRet) { throw "Aborting clear TPM. Failed call to WMI TPM method SetPhysicalPresenceRequest()" } "Checking ReturnValue of WMI TPM method SetPhysicalPresenceRequest()" | Add-Content $LogPath "ReturnValue of WMI TPM method SetPhysicalPresenceRequest() is $($physicalPresenceRequestRet.ReturnValue)" | Add-Content $LogPath if ($physicalPresenceRequestRet.ReturnValue -ne 0) { throw "Aborting clear TPM. Failed call to WMI TPM method SetPhysicalPresenceRequest() with ReturnValue $($physicalPresenceRequestRet.ReturnValue)" } "Clearing host TPM configuration has completed. Changes will be applied after reboot" | Add-Content $LogPath } catch { "Azs host clear TPM did not complete. Exception: $($_.Exception)" | Add-Content $LogPath "Clear TPM did not complete becaue of the following error/warning: $($_.Exception.Message)" | Add-Content $LogPath } } Export-ModuleMember -Function Get-BootDiskConfigPath Export-ModuleMember -Function Get-ComputerNameFromUnattend Export-ModuleMember -Function Get-LocalSMBIOSGuid Export-ModuleMember -Function Get-LogFilePath Export-ModuleMember -Function Get-MACAddressOutputPath Export-ModuleMember -Function Get-UnattendFilePath Export-ModuleMember -Function Get-NodeSpecificRemoteUnattendPath Export-ModuleMember -Function New-NetworkDrive Export-ModuleMember -Function Set-Debugging Export-ModuleMember -Function Set-DiskConfiguration Export-ModuleMember -Function Set-HostVHDBoot Export-ModuleMember -Function Set-HostPhysicalDiskBoot Export-ModuleMember -Function Set-WinPEDeploymentPrerequisites Export-ModuleMember -Function Test-IpAddressBetween Export-ModuleMember -Function Clear-AzsHostTPM # SIG # Begin signature block # MIInwQYJKoZIhvcNAQcCoIInsjCCJ64CAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDYHaoZD6xTLg+t # zYiJguVagZQN++DpOkb6FZmxUQevSaCCDXYwggX0MIID3KADAgECAhMzAAADTrU8 # esGEb+srAAAAAANOMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI5WhcNMjQwMzE0MTg0MzI5WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDdCKiNI6IBFWuvJUmf6WdOJqZmIwYs5G7AJD5UbcL6tsC+EBPDbr36pFGo1bsU # p53nRyFYnncoMg8FK0d8jLlw0lgexDDr7gicf2zOBFWqfv/nSLwzJFNP5W03DF/1 # 1oZ12rSFqGlm+O46cRjTDFBpMRCZZGddZlRBjivby0eI1VgTD1TvAdfBYQe82fhm # WQkYR/lWmAK+vW/1+bO7jHaxXTNCxLIBW07F8PBjUcwFxxyfbe2mHB4h1L4U0Ofa # +HX/aREQ7SqYZz59sXM2ySOfvYyIjnqSO80NGBaz5DvzIG88J0+BNhOu2jl6Dfcq # jYQs1H/PMSQIK6E7lXDXSpXzAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUnMc7Zn/ukKBsBiWkwdNfsN5pdwAw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMDUxNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAD21v9pHoLdBSNlFAjmk # mx4XxOZAPsVxxXbDyQv1+kGDe9XpgBnT1lXnx7JDpFMKBwAyIwdInmvhK9pGBa31 # TyeL3p7R2s0L8SABPPRJHAEk4NHpBXxHjm4TKjezAbSqqbgsy10Y7KApy+9UrKa2 # kGmsuASsk95PVm5vem7OmTs42vm0BJUU+JPQLg8Y/sdj3TtSfLYYZAaJwTAIgi7d # hzn5hatLo7Dhz+4T+MrFd+6LUa2U3zr97QwzDthx+RP9/RZnur4inzSQsG5DCVIM # pA1l2NWEA3KAca0tI2l6hQNYsaKL1kefdfHCrPxEry8onJjyGGv9YKoLv6AOO7Oh # JEmbQlz/xksYG2N/JSOJ+QqYpGTEuYFYVWain7He6jgb41JbpOGKDdE/b+V2q/gX # UgFe2gdwTpCDsvh8SMRoq1/BNXcr7iTAU38Vgr83iVtPYmFhZOVM0ULp/kKTVoir # IpP2KCxT4OekOctt8grYnhJ16QMjmMv5o53hjNFXOxigkQWYzUO+6w50g0FAeFa8 # 5ugCCB6lXEk21FFB1FdIHpjSQf+LP/W2OV/HfhC3uTPgKbRtXo83TZYEudooyZ/A # Vu08sibZ3MkGOJORLERNwKm2G7oqdOv4Qj8Z0JrGgMzj46NFKAxkLSpE5oHQYP1H # tPx1lPfD7iNSbJsP6LiUHXH1MIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGaEwghmdAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAANOtTx6wYRv6ysAAAAAA04wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIJIWoH7Y+riqrOTF2WH1gB+Z # PtD7r+ALFrlYAchHbZXzMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAY2VyEplQNig30UvpYGSpjw1GY3Fb/6vHbj1WGKX1cKs961aB6/TW5KlG # 86TiLq/+V+9dBKw/Wd0B0QXOcgYH7I6skbLdhog04bU18gvlPZqkfeqE51bX2bgn # OWHAHS1sixj0gRschHG34HFy79Yn4f/6aC1Lp4mE/gBtwQWFC+cLYsptXPddq5tm # iIL+aANIWE5fCbSFT4PUXgkhIxstOvnNORFV5ik9zMyNKADpOb83fpf1gmyLEhyv # yA08Tz0InH90ltI8QEpbuaQ7X39pD/tzDAV/4Vwd46Ye8luQeeWGEGLzwipuCJMk # vKhGE/Y6VqVKkgT9b5h9kgJq3KQ9NaGCFyswghcnBgorBgEEAYI3AwMBMYIXFzCC # FxMGCSqGSIb3DQEHAqCCFwQwghcAAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFYBgsq # hkiG9w0BCRABBKCCAUcEggFDMIIBPwIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDn+aV8TyVIvuZPGNMj2jFIevMr+vqc64dwX+m5ywd2BQIGZMmJxDQ3 # GBIyMDIzMDgwMzA4MjExMC42M1owBIACAfSggdikgdUwgdIxCzAJBgNVBAYTAlVT # MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK # ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVs # YW5kIE9wZXJhdGlvbnMgTGltaXRlZDEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046 # MDg0Mi00QkU2LUMyOUExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl # cnZpY2WgghF7MIIHJzCCBQ+gAwIBAgITMwAAAbJuQAN/bqmUkgABAAABsjANBgkq # hkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMjA5 # MjAyMDIyMDFaFw0yMzEyMTQyMDIyMDFaMIHSMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVy # YXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjA4NDItNEJF # Ni1DMjlBMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIC # IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyqJlMh17+VDisL4GaXl/9a6r # /EpPGt9sbbceh+ZD6pkA3gbI7vc8XfL04B+m3tB/aNyV1Y4ZQH4fMG7CWVjI/d/H # gxjzO+4C4HfsW+jK2c0LYMqdWtWUc5VwZQv0KeaEM0wDb+eySMh/YiiIb0nSotiv # x268d1An0uLY+r2C7JJv2a9QvrSiCyUI72CSHoWIQPAyvBSvxaNrqMWlROfLy2DQ # 3RycI3bDh8qSnmplxtRgViJwtJv/oDukcK1frGeOrCGYmiJve+QonJXFu4UtGFVf # Ef3lvQsd42GJ+feO+jaP7/hBXXSMSldVb6IL0GxO1Hr3G9ONTnVmA/sFHhgMRars # mzKVI6/kHlMdMNdF/XzhRHMWFPJvw5lApjuaoyHtzwnzDWwQzhcNQXZRk3Lzb01U # LMba190RdlofEXxGbGlBgHHKFnBjWui24hL6B83Z6r6GQBPeKkafz8qYPAO3MBud # +5eMCmB5mrCBxgnykMn7L/FTqi7MnPUG97lNOKGSIDvBCxB7pHrRmT10903PDQwr # meJHO5BkC3gYj3oWGOGVRZxRk4KS/8lcz84a7+uBKmVjB2Y8vPN8O1fK7L8YJTkj # iXTyDqKJ9fKkyChiSRx44ADPi/HXHQE6dlZ8jd9LCo1S+g3udxNP4wHhWm9/VAGm # mMEBBS6+6Lp4IbQwJU0CAwEAAaOCAUkwggFFMB0GA1UdDgQWBBSZ8ieAXNkRmU+S # MM5WW4FIMNpqcTAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBfBgNV # HR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Ny # bC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmwwbAYI # KwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAy # MDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMI # MA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEA3Ee27cXMhptoNtaq # zB0oGUCEpdEI37kJIyK/ZNhriLZC5Yib732mLACEOEAN9uqivXPIuL3ljoZCe8hZ # SB14LugvVm1nJ73bNgr4Qh/BhmaFL4IfiKd8DNS+xwdkXfCWslR89QgMZU/SUJhW # x72aC68bR2qRjhrJA8Qc68m5uBllo52D83x0id3p8Z45z7QOgbMH4uJ45snZDQC0 # S3dc3eJfwKnr51lNfzHAT8u+FHA+lv/6cqyE7tNW696fB1PCoH8tPoI09oSXAV4r # EqupFM8xsd6D6L4qcEt/CaERewyDazVBfskjF+9P3qZ3R6IyOIwQ7bYts7OYsw13 # csg2jACdEEAm1f7f97f3QH2wwYwen5rVX6GCzrYCikGXSn/TSWLfQM3nARDkh/fl # mTtv9PqkTHqslQNgK2LvMJuKSMpNqcGc5z33MYyV6Plf58L+TkTFQKs6zf9XMZEJ # m3ku9VBJ1aqr9AzNMSaKbixvMBIr2KYSSM21lnK8LUKxRwPW+gWS2V3iYoyMT64M # RXch10P4OtGT3idXM09K5ld7B9U6dcdJ6obvEzdXt+XZovi/U6Evb4nA7VPHcHSK # s7U72ps10mTfnlue13VFJUqAzbYoUEeegvsmzulGEGJoqZVNAag5v6PVBrur5yLE # ajjxWH2TfkEOwlL8MuhcVI8OXiYwggdxMIIFWaADAgECAhMzAAAAFcXna54Cm0mZ # AAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMK # V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 # IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0 # ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMyMjVa # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0BAQEF # AAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51yMo1 # V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY6GB9 # alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9cmmv # Haus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN7928 # jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDuaRr3t # pK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74kpEe # HT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2K26o # ElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5TI4C # vEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZki1ug # poMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9QBXps # xREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3PmriLq0C # AwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYE # FCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJlpxtT # NRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIBFjNo # dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9yeS5o # dG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBD # AEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZW # y4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5t # aWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAt # MDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0y # My5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/ypb+pc # FLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulmZzpT # Td2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM9W0j # VOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECWOKz3 # +SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4FOmR # sqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3UwxTSw # ethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPXfx5b # RAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVXVAmx # aQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGConsX # HRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU5nR0 # W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEGahC0 # HVUzWLOhcGbyoYIC1zCCAkACAQEwggEAoYHYpIHVMIHSMQswCQYDVQQGEwJVUzET # MBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMV # TWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJlbGFu # ZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOjA4 # NDItNEJFNi1DMjlBMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2 # aWNloiMKAQEwBwYFKw4DAhoDFQCOEn4R7JJF+fYoI2yOf1wX0BRJOqCBgzCBgKR+ # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMA0GCSqGSIb3DQEBBQUAAgUA # 6HVZkDAiGA8yMDIzMDgwMzA2MzkxMloYDzIwMjMwODA0MDYzOTEyWjB3MD0GCisG # AQQBhFkKBAExLzAtMAoCBQDodVmQAgEAMAoCAQACAhKvAgH/MAcCAQACAhTBMAoC # BQDodqsQAgEAMDYGCisGAQQBhFkKBAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEA # AgMHoSChCjAIAgEAAgMBhqAwDQYJKoZIhvcNAQEFBQADgYEArAhF0GBRgWTiLoS2 # 3/D3hy0RPnd4XsFhUqG6JUJNp3YxFH3f5gJAEkYNIfLcFf3ZMeP7soizhovgOfwW # O55TJiFv2QDYU85TFboo1CwTOJb07rzwrxBd7J3B3eoVcgNyeDGgQuAqqf/KhT7D # lJ7z24FAMuYmfSI33nP3+ELcYsoxggQNMIIECQIBATCBkzB8MQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt # ZS1TdGFtcCBQQ0EgMjAxMAITMwAAAbJuQAN/bqmUkgABAAABsjANBglghkgBZQME # AgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEEMC8GCSqGSIb3DQEJ # BDEiBCCLVwK+c4I15qd5Iy1M+y7qGXSwPZdLqnLYBkUQIQFDpzCB+gYLKoZIhvcN # AQkQAi8xgeowgecwgeQwgb0EIFN4zjzn4T63g8RWJ5SgUpfs9XIuj+fO76G0k8Ib # Tj41MIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAGy # bkADf26plJIAAQAAAbIwIgQgMJ2cVhxzMVm0QStmPygJ5H9D5SKhLv6pwroI12t+ # 08cwDQYJKoZIhvcNAQELBQAEggIAa2DeU25IotkkR7cyq6ygCiN7dLwQLqub1jG0 # /1ikkaFyHef/0urlgWtKgRWpYuXpe+VvOIxUFjyY3N06hFxAZZavxWWcV0YfKbEo # OgR8vWRkORVJrCn3k99XvJwWBkf5A66GtbrJsnm4B8W2nqd3xe0zZINKu+WeI+8M # H3HdmhZc4yrarEFT1sICC2GkuO2bKB9W7CMmDE/XYwJp6xM9faOrpQGIvdA3H7FF # YWI1jGoBLRAoTDZPuB/zvadFcapGfDmlOnHv8Q23jfpyiejq7MBL5y6nirBMj5V2 # yvMjm05fySoDsDzlw51pUYpXQQB0XF+BpN/SvQHCNWA9+pqxOnK3ODFdV1u1+/r/ # C+hJ/sMg7KLqGJG7ascwsjrmVfQ05N/LgjbzW25wJYI2IsYxTk1Kc1r2sA5lhjh6 # dngo1txwCYlGPfzpn8ubSm1VFKqnso+59KZGXc9z0A13OLf0vgCbxiQ4hwSCintm # XwItjKiM10ZytRHQ0FS5PAdr4byA47jCiwTYiIJ7vls+jIYkR+0ykqpkIuXK/26A # dFa3PSbeJHMbl28B296utozaC50OLRPPKx4FX5V1l8EYSe5HrLjcvt1YT5TGs/Sx # HlEulvJNk0zwTBrP0EYWz6q73EfX3O4WZt/D3UIoE7GtksVfVoyLglPCBO+AqJ2G # eOPNU2Q= # SIG # End signature block |