Obs/bin/ObsDep/content/Powershell/Roles/Common/VhdWim.psm1
using module ..\Common\MountedImage.psm1 Import-Module -Name "$PSScriptRoot\..\..\Common\Helpers.psm1" Import-Module -Name "$PSScriptRoot\..\..\Common\NetworkHelpers.psm1" Import-Module -Name "$PSScriptRoot\..\..\Common\StorageHelpers.psm1" Import-Module -Name "$PSScriptRoot\RoleHelpers.psm1" $azureStackNugetPath = Get-ASArtifactPath -NugetName "Microsoft.AzureStack.Role.SBE" Import-Module (Join-Path $azureStackNugetPath "content\CloudDeployment\Roles\OEM\OEM.psm1") -DisableNameChecking function Get-MountedDisk { Get-Disk | Where-Object Manufacturer -like 'Msft*' | Where-Object Model -like 'Virtual Disk*' } function Dismount-MountedDisk { Get-MountedDisk | ForEach-Object { Dismount-DiskImage -DevicePath $_.Path } } function Get-MountedDiskDriveLetter { Get-MountedDisk | Get-Partition | ForEach-Object DriveLetter } function New-VhdFromWim { param ( [Parameter(Mandatory=$true)] [string] $VhdPath, [Parameter(Mandatory=$true)] [string] $WimPath, [Parameter(Mandatory=$true)] [int] $WimImageIndex, [uint64] $SizeBytes = 40GB, [string[]] $DismFeaturesToInstall, [string[]] $ServerFeaturesToInstall, # Specifies if the VHD will be used for VHD boot rather than a primary boot device. # Do not set this if your VHD is going to be a primary boot disk on a VM. [switch] $VhdBoot, [switch] $Force ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop if (Test-Path $VhdPath) { # the other BVT disk (multi-node) is also a virtual disk but can not be dis-mounted (error will occur) # we have to target the only disk mapped to Vhd path Dismount-DiskImage -ImagePath $VhdPath if ($Force) { Remove-Item $VhdPath -Force } else { throw "VHD file $VhdPath already exists." } } # Try to start Hyper-V on the DVM $tryCount = 1 while (($tryCount -lt 4) -and ((Get-Service vmms).Status -ne "Running")) { Trace-Execution "Attempt #$tryCount to start VMMS on '$Env:COMPUTERNAME'" Start-Service vmms Start-Sleep 30 $tryCount++ } if ((Get-Service vmms).Status -ne "Running") { Trace-Error "Failed to start VMMS on $Env:COMPUTERNAME" } $null = New-VHD -SizeBytes $SizeBytes -Path $VhdPath -Dynamic $hwDetectionService = Get-Service -Name ShellHWDetection -ErrorAction Ignore if ($hwDetectionService) { Trace-Execution "Stopping ShellHWDetection Service" Stop-Service ShellHWDetection } else { Trace-Execution "ShellHWDetection Service was not running, no need to stop the service." } Trace-Execution "Mounting VHD from: $VhdPath" Mount-DiskImage -ImagePath $VhdPath # Attempt to start defender if not already running $service = Get-Service -Name "windefend" -ErrorAction SilentlyContinue if ($null -ne $service -and $service.Status -ine "Running") { $service | Start-Service -ErrorAction SilentlyContinue | Out-Null } try { $virtualDisk = Get-Disk | Where-Object Manufacturer -like 'Msft*' | Where-Object Model -like 'Virtual Disk*' | Where-Object PartitionStyle -like 'RAW' $diskNumber = $virtualDisk.Number Trace-Execution "Performing initialize on disk number: $diskNumber" Initialize-Disk -Number $diskNumber -PartitionStyle MBR $partition = New-Partition -DiskNumber $diskNumber -UseMaximumSize -AssignDriveLetter -IsActive if ($null -eq $partition) { throw "Failed to create new partition during the process of creating WinPE VHD from WIM." } $driveLetter = $partition.DriveLetter $driveName = $driveLetter + ':' $diskPath = $driveName + '\' $volume = Format-Volume -Partition $partition -FileSystem NTFS -Confirm:$false $null = New-PSDrive -PSProvider FileSystem -Root "FileSystem::$diskPath" -Name $driveLetter # set exclusion path when windefend is running if ($null -ne $service -and $service.Status -eq "Running") { Trace-Execution "Exclude mount folders $diskPath from Windows Defender scan to speed up configuration." Add-MpPreference -ExclusionPath $diskPath -ErrorAction SilentlyContinue } # Use a randomly generated log path because Expand-WindowsImage sometimes crashes because of not being able to write to default log file DISM.LOG. $dismLogPath = [IO.Path]::GetTempFileName() Trace-Execution "Using the following path for the DISM log: $dismLogPath" $null = Expand-WindowsImage -ImagePath $WimPath -ApplyPath $diskPath -Index $WimImageIndex -LogPath $dismLogPath if (-not $VhdBoot) { $null = bcdboot "$driveName\Windows" /S $driveName } } finally { if ($null -ne $service -and $service.Status -eq "Running") { Trace-Execution "Remove Windows Defender exclusions for paths $diskPath" Remove-MpPreference -ExclusionPath $diskPath -ErrorAction SilentlyContinue } Get-PSDrive | Where-Object Name -eq $driveLetter | Remove-PSDrive Dismount-DiskImage -ImagePath $VhdPath if ($hwDetectionService) { Start-Service ShellHWDetection Trace-Execution "Started ShellHWDetection Service" } else { Trace-Execution "ShellHWDetection Service was not previously running, no need to restart the service." } } if ($DismFeaturesToInstall) { Enable-WindowsOptionalFeature -FeatureName $DismFeaturesToInstall -Online -All } if ($ServerFeaturesToInstall) { Install-WindowsFeature -Vhd $VhdPath -Name $ServerFeaturesToInstall -IncludeAllSubFeature -IncludeManagementTools } } function New-WimFromVhd { param ( [Parameter(Mandatory=$true)] [string] $WimPath, [Parameter(Mandatory=$true)] [string] $VhdPath, [switch] $Force ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop Dismount-MountedDisk if (Test-Path $WimPath) { if ($Force) { Remove-Item $WimPath -Force } else { throw "WIM file $WimPath already exists." } } try { Mount-DiskImage -ImagePath $VhdPath $driveLetter = Get-MountedDiskDriveLetter $null = New-WindowsImage -ImagePath $WimPath -CapturePath "$driveLetter`:" -Name "CPS Host Backup" } finally { Dismount-DiskImage -ImagePath $VhdPath } } <# $newVhdFromWimParameters = @{ VhdPath = 'C:\CloudDeployment\Images\AD-DNS-DHCP.vhdx' WimPath = 'C:\CloudDeployment\Images\install.wim' WimImageIndex = 4 # Full server ServerFeaturesToInstall = 'DHCP', 'DNS', 'AD-Domain-Services' } New-VhdFromWim @newVhdFromWimParameters -Force $newVhdFromWimParameters = @{ VhdPath = 'C:\CloudDeployment\Images\Host.vhdx' WimPath = 'C:\CloudDeployment\Images\install.wim' WimImageIndex = 4 # Full server SizeBytes = 100GB } New-VhdFromWim @newVhdFromWimParameters -Force #> #Enable-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V-Offline, Microsoft-Hyper-V-Online -Online -all # Returns back username and password as array count 0 and 1 function Get-UsernameAndPassword { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [PSCredential] $Credential ) $networkCredential = $Credential.GetNetworkCredential() $username = $networkCredential.UserName # Replace any password single quotes with double quotes so that we dont break the powershell syntax $password = $networkCredential.Password.Replace("'","''") if (-not $networkCredential.Domain) { # Localhost is needed to create networkshares from winPE $username = 'Localhost\' + $networkCredential.UserName } elseif (-not $username.Contains('\')) { $username = $networkCredential.Domain + '\' + $networkCredential.UserName } $username $password } <# .Synopsis Function to output a path to a deploydirect file that is intended to run from a WinPE context on a booting machine. This must only run from the physical machine role. .Parameter DeployDirectPath The template deploydirect path. .Parameter UsePxeServerRole Whether the deployment script should attempt to communicate with the on-stamp PXE server or with the initial deployment DVM. .Parameter Parameters This object is based on the customer manifest. It contains the private information of the Key Vault role, as well as public information of all other roles. It is passed down by the deployment engine. .Example New-DeployDirect -DeployDirectPath "$PSScriptRoot\DeployDirect.ps1" -UsePxeServerRole $false -Parameters $Parameters This will customize the template deploy direct file using entries from the parameters object, and will use the IP of the DVM in various locations. #> function New-DeployDirect { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [String] $DeployDirectPath, [Parameter(Mandatory=$true)] [bool] $UsePxeServerRole, [Parameter(Mandatory=$false)] [PSCredential] $PXEAccountCredential, [Parameter(Mandatory=$false)] [PSCredential] $VHDShareAccountCredential, [Parameter(Mandatory=$true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters, [Parameter(Mandatory=$false)] [bool] $UseVersionedWim = $true, [Parameter(Mandatory=$true)] [string] $HypervisorSchedulerType ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $cloudRole = $Parameters.Roles["Cloud"].PublicConfiguration $physicalMachinesRole = $Parameters.Roles["BareMetal"].PublicConfiguration $physicalMachinesRolePrivateInfo = $Parameters.Configuration.Role.PrivateInfo $securityInfo = $cloudRole.PublicInfo.SecurityInfo # # $PXEAccountCredential is the account used to write logs back to the PXE server or the DVM. It can be either specified by the caller of # this function, or (by default) the local administrator of the DVM. # # $VHDShareAccountCredential is the account used by WinPE to download the VHD to the local host. It can be either the local administrator of # the DVM, or an account specified by the caller of this function (mandatory when an on-stamp PXE server is used) # if ($UsePxeServerRole) { # For domain-joined PXE servers, using the local administrator is not an option, so credentials for both accounts must be specified if ($null -eq $PXEAccountCredential) { throw "Must specify PXEAccountCredential when using an on-stamp PXE server" } if ($null -eq $VHDShareAccountCredential) { throw "Must specify VHDShareAccountCredential when using an on-stamp PXE server" } } else { # For the DVM, we can use the local builtin administrator account, so explicit credentials are not needed $administratorUser = $securityInfo.LocalUsers.User | Where-Object Role -eq $physicalMachinesRolePrivateInfo.Accounts.BuiltInAdminAccountID if ($PXEAccountCredential -eq $null) { $PXEAccountCredential = $Parameters.GetCredential($administratorUser.Credential) } if ($VHDShareAccountCredential -eq $null) { $VHDShareAccountCredential = $Parameters.GetCredential($administratorUser.Credential) } } if ($UsePxeServerRole) { $pxeRole = $Parameters.Roles["PXE"].PublicConfiguration $pxeServerName = $pxeRole.Nodes.Node.Name $vmRoleDefinition = $Parameters.Roles["VirtualMachines"].PublicConfiguration $pxeNode = $vmRoleDefinition.Nodes.Node | Where-Object { $_.Name -eq $pxeServerName } $pxeIPAddress = @($pxeNode.NICs.NIC)[0].IPv4Address.Split("/")[0] } else { $deploymentMachineRole = $Parameters.Roles["DeploymentMachine"].PublicConfiguration $pxeIPAddress = $deploymentMachineRole.Nodes.Node.IPv4Address $pxeServerName = $Env:COMPUTERNAME } if ($UsePxeServerRole) { # Take image content from the PXE server $hostImageDir = "\\$pxeServerName\Images" } else { # Install Image is generated. $hostImageDir = $ExecutionContext.InvokeCommand.ExpandString($physicalMachinesRole.PublicInfo.VhdImageTargetDir.Path) if ($UseVersionedWim) { $hostImageDir = Get-AzSVersionedPath -Path $hostImageDir } if ($hostImageDir -like "*{*}*") { $clusterName = Get-ManagementClusterName $Parameters $hostImageDir = Get-SharePath $Parameters $hostImageDir $clusterName } } Trace-Execution "Using host image folder $hostImageDir for DeployDirect script" if ([Environment]::GetEnvironmentVariable("OSImageType") -eq "ISO") { Trace-Execution "OSImageType is ISO" $hostImagePath = $hostImageDir + '\' + $physicalMachinesRole.PublicInfo.InstallImage.ISOName Trace-Execution "Using host ISO $hostImagePath for DeployDirect script" # Copy SetupComplete.cmd script needed for ISO-based OS deployments to RemoteUnattend folder $isoSetupCompleteScript = "C:\CloudDeployment\Roles\Common\SetupComplete_ISO.cmd" if (Test-Path -Path $isoSetupCompleteScript) { Trace-Execution "Copy '$($isoSetupCompleteScript)' to RemoteUnattend folder" $dest = "C:\RemoteUnattend\SetupComplete.cmd" if (-not(Test-Path -Path (Split-Path -Path $dest -Parent))) { $null = New-Item -ItemType File -Path $dest -Force } Copy-Item -Path $isoSetupCompleteScript -Destination $dest -Force $version = ([string]($Parameters.Roles["Cloud"].PublicConfiguration.PublicInfo.Version)).Trim() # Add line to SetupComplete.cmd to create file on the host when deployment has completed Add-Content -Path $dest -Value "echo $version > C:\CloudBuilderTemp\$($physicalMachinesRole.PublicInfo.DeploymentGuid).txt" } else { Trace-Execution "Could not find 'C:\CloudDeployment\Roles\Common\SetupComplete_ISO.cmd'" } } else { Trace-Execution "OSImageType is VHD" if ($physicalMachinesRole.PublicInfo.InstallImage.Index) { $hostImagePath = $hostImageDir + '\' + $physicalMachinesRole.PublicInfo.InstallImage.VHDName } else { # Use the initial Image. $hostImagePath = $ExecutionContext.InvokeCommand.ExpandString($physicalMachinesRole.PublicInfo.InstallImage.Path) } Trace-Execution "Using host VHD $hostImagePath for DeployDirect script" } # This VHD should be unused $winPEVHDImagePath = $hostImageDir + '\' + $physicalMachinesRole.PublicInfo.BootImage.VHDName $deployScriptContent = Get-Content $DeployDirectPath $deployScriptContent = $deployScriptContent.Replace('[DeploymentGuid]', $physicalMachinesRole.PublicInfo.DeploymentGuid) $deployScriptContent = $deployScriptContent.Replace('[DVMIPAddress]', $pxeIPAddress) $deployScriptContent = $deployScriptContent.Replace('[DVMName]', $pxeServerName) $deployScriptContent = $deployScriptContent.Replace('[HostImagePath]',$hostImagePath) $deployScriptContent = $deployScriptContent.Replace('[WinPEVHDImagePath]', $winPEVHDImagePath) if ($UsePxeServerRole) { # On the PXE server C:\RemoteUnattend must be accessed as \\PXE\RemoteUnattend $deployScriptContent = $deployScriptContent.Replace('[RemoteUnattendShare]', "RemoteUnattend") } else { # Local administrator credentials are used on the DVM, so the C$ share is available $deployScriptContent = $deployScriptContent.Replace('[RemoteUnattendShare]', "C$\RemoteUnattend") } if (-not $hostImagePath.StartsWith('\\')) { # Used to create a host entry in WinPE. $deployScriptContent = $deployScriptContent.Replace('[HostShareIPAddress]', $pxeIPAddress) $deployScriptContent = $deployScriptContent.Replace('[HostShareName]', $pxeServerName) } else { # Get the IP and Hostname from the share. $shareComputerName = $hostImagePath.Substring(2).Split('\')[0] $shareIPv4 = Resolve-DnsName $shareComputerName | Where-Object QueryType -eq 'A' $ip = $null foreach ($shareIp in $shareIPv4.IPAddress) { $succcess = Test-Connection $shareIp -ErrorAction SilentlyContinue -ErrorVariable connectionError if ($succcess) { $ip = $shareIp break } else { Trace-Warning "Share endpoint failed with: $connectionError" } } Trace-Execution "Resolved: '$shareComputerName' to IP: '$ip'" # Used to create a host entry in WinPE $deployScriptContent = $deployScriptContent.Replace('[HostShareIPAddress]', $ip) $deployScriptContent = $deployScriptContent.Replace('[HostShareName]',$shareComputerName) } $user = Get-UsernameAndPassword -Credential $PXEAccountCredential Trace-Execution "Using the account '$($user[0])' for DVM share." $deployScriptContent = $deployScriptContent.Replace('[DVMUser]', $user[0]) $deployScriptContent = $deployScriptContent.Replace('[DVMPassword]', $user[1]) $deployScriptContent = $deployScriptContent.Replace('[HypervisorSchedulerType]', $HypervisorSchedulerType) if ($VHDShareAccountCredential) { $user = Get-UsernameAndPassword -Credential $vhdShareAccountCredential Trace-Execution "Using the account '$($user[0])' for host VHD share." $deployScriptContent = $deployScriptContent.Replace('[VHDSharePathUser]', $user[0]) $deployScriptContent = $deployScriptContent.Replace('[VHDSharePathPassword]',$user[1]) } else { Trace-Execution "Not setting host VHD share credentials." } $networkDefinition = Get-NetworkDefinitions -Parameters $Parameters $networks = $networkDefinition.Networks.Network $hostNicNetworkName = Get-NetworkNameForCluster -ClusterName "s-cluster" -NetworkName "HostNIC" foreach ($network in $networks) { if ($network.Name -eq $hostNicNetworkName) { $deployScriptContent = $deployScriptContent.Replace('[HostNetworkBeginAddress]', $network.IPv4.StartAddress) $deployScriptContent = $deployScriptContent.Replace('[HostNetworkEndAddress]', $network.IPv4.EndAddress) } } $deployScriptContent = $deployScriptContent.Replace('[RebootOnComplete]', '$true') $oneNodeRestore = [Environment]::GetEnvironmentVariable("OneNodeRestore", "Machine") Trace-Execution "OneNodeRestore: $($oneNodeRestore)" if (($UsePxeServerRole) -or (-not [System.String]::IsNullOrEmpty($oneNodeRestore))) { Trace-Execution "Setting ClearExistingStorage to false." $deployScriptContent = $deployScriptContent.Replace('[ClearExistingStorage]', '$false') } else { Trace-Execution "Setting ClearExistingStorage to true." $deployScriptContent = $deployScriptContent.Replace('[ClearExistingStorage]', '$true') } $isAnacortesBuild = [System.Environment]::GetEnvironmentVariable('ANACORTES_DEPLOYMENT', [System.EnvironmentVariableTarget]::Machine) if(((Get-Random -Maximum 100)% 2 -eq 0) -and ([System.String]::IsNullOrWhiteSpace($isAnacortesBuild))) { $deployScriptContent = $deployScriptContent.Replace('[IsOneDrive]', '$true') } else { $deployScriptContent = $deployScriptContent.Replace('[IsOneDrive]', '$false') } $newDeployDirectPath = "$PSScriptRoot\DeployDirectReplaced.ps1" Set-Content -Value $deployScriptContent -Path $newDeployDirectPath -Force return $newDeployDirectPath } function Test-SkipDriverInjection { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [bool] $SkipDriverInjection ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $driverPath = "$env:SystemDrive\CloudDeployment\Drivers" if ($skipDriverInjection) { Trace-Warning 'Driver injection will be skipped as instructed by $CloudBuilder.SkipDriverInjection setting.' } elseif (-not (Test-Path $driverPath)) { Trace-Execution "Driver injection will be skipped as the driver path '$driverPath' does not exist." $skipDriverInjection = $true } elseif (-not (Get-ChildItem $driverPath)) { Trace-Execution "Driver injection will be skipped as the driver path '$driverPath' does not contain any files." $skipDriverInjection = $true } elseif (-not (Get-ChildItem $driverPath -Filter *.inf -Recurse)) { Trace-Execution "Driver injection will be skipped as the driver path '$driverPath' does not contain any drivers (no *.inf files found)." $skipDriverInjection = $true } return $skipDriverInjection } function New-PxeUnattendFile { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [String] $ComputerName, [Parameter(Mandatory=$false)] [String] $SLPKey, [Parameter(Mandatory=$true)] [string] $MachineIdentifier, [Parameter(Mandatory=$true)] [PSCredential] $LocalAdministratorCredential, [Parameter(Mandatory=$false)] [String] $DomainJoinBlob, [Parameter(Mandatory=$false)] [String] $DomainFqdn, [Parameter(Mandatory=$false)] [PSCredential] $DomainAdminCredential, [Parameter(Mandatory=$false)] [PSCredential] $LocalAccountCredential, [Parameter(Mandatory=$false)] [PSCredential] $LocalCloudAdminCredential, [Parameter(Mandatory=$true)] [String] $UnattendFilePath, [Parameter(Mandatory=$true)] [String] $OutputPath ) $outputGuid = [Guid]::NewGuid(); if (-not [Guid]::TryParse($MachineIdentifier, [ref] $outputGuid)) { # $OFS which is a special variable in powershell . OFS stands for Output field separator . $ofs = '-' $MacAddressString = "$(([System.Net.NetworkInformation.PhysicalAddress]$MachineIdentifier).GetAddressBytes() | ForEach-Object {'{0:X2}' -f $_})" $MachineIdentifier = $MacAddressString } $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $unattendContent = (Get-Content $UnattendFilePath) $unattendContent = $unattendContent.Replace('[ComputerName]', $ComputerName) # Commented out code is not needed for AsZ reset # Clean up later to have AsZ specific method #if ($SLPKey) { # $unattendContent = $unattendContent.Replace('[SLPKey]', $SLPKey) #} #else { # $unattendContent = $unattendContent -replace '<ProductKey>.*</ProductKey>', '' #} $unattendContent = $unattendContent.Replace('[LocalAdministratorPassword]', [System.Security.SecurityElement]::Escape(([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($LocalAdministratorCredential.Password))))) #$unattendContent = $unattendContent.Replace('[LocalAdministratorName]', $LocalAdministratorCredential.UserName) # Multi-node tokens #$unattendContent = $unattendContent.Replace('[DomainJoinBlob]', $DomainJoinBlob) #$unattendContent = $unattendContent.Replace('[DomainFqdn]', $DomainFqdn) #if ($DomainAdminCredential) { # $unattendContent = $unattendContent.Replace('[DomainAdminUsername]', $DomainAdminCredential.UserName) # $unattendContent = $unattendContent.Replace('[DomainAdminPassword]', [System.Security.SecurityElement]::Escape(([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($DomainAdminCredential.Password))))) #} #if ($LocalAccountCredential) { # $unattendContent = $unattendContent.Replace('[LocalAccountUsername]', $LocalAccountCredential.UserName) # $unattendContent = $unattendContent.Replace('[LocalAccountPassword]', [System.Security.SecurityElement]::Escape(([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($LocalAccountCredential.Password))))) #} #if ($LocalCloudAdminCredential) { # $unattendContent = $unattendContent.Replace('[LocalCloudAdminUsername]', $LocalCloudAdminCredential.UserName) # $unattendContent = $unattendContent.Replace('[LocalCloudAdminPassword]', [System.Security.SecurityElement]::Escape(([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($LocalCloudAdminCredential.Password))))) #} $unattendFilePath = "$OutputPath\$MachineIdentifier.xml" if (Test-Path $unattendFilePath) { Remove-Item $unattendFilePath -Force } Set-Content -Value $unattendContent -Path "$OutputPath\$MachineIdentifier.xml" -Force } function New-WinPEImage { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [String] $DeployDirectPath, [Parameter(Mandatory=$false)] [bool] $UseVersionedWim = $true, [Parameter(Mandatory=$false)] [PSCredential] $PXEAccountCredential, [Parameter(Mandatory=$false)] [PSCredential] $VHDShareAccountCredential, [Parameter(Mandatory=$true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters, [Switch]$PostDeployment ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $physicalMachinesRole = $Parameters.Roles["BareMetal"].PublicConfiguration $physicalMachinesRolePrivateInfo = $Parameters.Configuration.Role.PrivateInfo $cloudRole = $Parameters.Roles["Cloud"].PublicConfiguration $OEMRole = $Parameters.Roles["OEM"].PublicConfiguration $OEMModel = $OEMRole.PublicInfo.UpdatePackageManifest.UpdateInfo.Model $clusterName = Get-ManagementClusterName $Parameters $winPEBootImage = $physicalMachinesRole.PublicInfo.BootImage if ($PostDeployment.IsPresent) { $UsePxeServerRole = $true $bootImageSrcDir = $physicalMachinesRolePrivateInfo.LibraryShareImageFolder.Path } else { $UsePxeServerRole = $false $bootImageSrcDir = $ExecutionContext.InvokeCommand.ExpandString($winPEBootImage.SrcDir) } if ($bootImageSrcDir -like "*{*}*") { $bootImageSrcDir = Get-SharePath $Parameters $bootImageSrcDir $clusterName } # Use versioned path if specified if ($UseVersionedWim) { $bootImageSrcDir = Get-AzSVersionedPath -Path $bootImageSrcDir } $bootImagePath = Join-Path $bootImageSrcDir $winPEBootImage.BaseImage $bootImageIndex = $winPEBootImage.Index $vhdTargetDirPath = $ExecutionContext.InvokeCommand.ExpandString($physicalMachinesRole.PublicInfo.VhdImageTargetDir.Path) if ($vhdTargetDirPath -like "*{*}*") { $vhdTargetDirPath = Get-SharePath $Parameters $vhdTargetDirPath $clusterName } # Use versioned path if specified if ($UseVersionedWim) { $vhdTargetDirPath = Get-AzSVersionedPath -Path $vhdTargetDirPath } $winpeVhdImagePath = Join-Path $vhdTargetDirPath -ChildPath $winPEBootImage.VHDName $mountPath = Join-Path -Path ([IO.Path]::GetTempPath()) -ChildPath ([Guid]::NewGuid()) if ($PostDeployment.IsPresent) { $wimStagingPath = Join-Path -Path ([IO.Path]::GetTempPath()) -ChildPath ([Guid]::NewGuid()) $GenerateWim = $true $GenerateVhd = $false } else { $wimStagingPath = $bootImageSrcDir $skipCopy = $true $Script:IsIdempotentRun = [Bool]::Parse($physicalMachinesRolePrivateInfo.ExecutionContext.IdempotentRun) $GenerateWim = ((-not $Script:IsIdempotentRun) -or (-not (Test-Path $winpeVhdImagePath))) $GenerateVhd = $GenerateWim } if ($GenerateWim) { # Attempt to start defender if not already running $service = Get-Service -Name "windefend" -ErrorAction SilentlyContinue if ($null -ne $service -and $service.Status -ine "Running") { $service | Start-Service -ErrorAction SilentlyContinue | Out-Null } # On virtual environments to avoid infra VM reboots change hypervisor scheduler type to Classic. # On physical enviornments the scheduler type will be Core if (IsVirtualAzureStack($Parameters)) { $hypervisorSchedulerType = "Classic" } else { $hypervisorSchedulerType = "Core" } try { $newDeployDirectPath = New-DeployDirect ` -DeployDirectPath $deployDirectPath ` -PXEAccountCredential $PXEAccountCredential ` -VHDShareAccountCredential $VHDShareAccountCredential ` -UsePxeServerRole $UsePxeServerRole ` -Parameters $Parameters ` -UseVersionedWim $UseVersionedWim ` -HypervisorSchedulerType $hypervisorSchedulerType Dismount-AllMountedImages if (-not (Test-Path $mountPath)) { $null = New-Item -Path $mountPath -ItemType Directory } if (-not (Test-Path $wimStagingPath)) { $null = New-Item -Path $wimStagingPath -ItemType Directory } # set exclusion path when windefend is running if ($null -ne $service -and $service.Status -eq "Running") { Trace-Execution "Exclude mount folders $mountPath and $wimStagingPath from Windows Defender scan to speed up configuration." Add-MpPreference -ExclusionPath $mountPath, $wimStagingPath -ErrorAction SilentlyContinue } Trace-Execution "Copying required content from '$bootImageSrcDir' to '$wimStagingPath'." if (-not $skipCopy) { $out = Robocopy.exe $bootImageSrcDir $wimStagingPath $physicalMachinesRole.PublicInfo.BootImage.BaseImage /R:2 /W:10 # Check for exit code. If exit code is greater than 7, it means an error occured while peforming a copy operation. if ($LASTEXITCODE -ge 8) { $message = "There were errors copying files from '$bootImageSrcDir' to '$wimStagingPath'. Robocopy exit code $LASTEXITCODE.`n" $message += ($out | Out-String) throw $message } } $wimStagingFile = Join-Path $wimStagingPath $physicalMachinesRole.PublicInfo.BootImage.BaseImage Trace-Execution "Mount '$wimStagingFile' to '$mountPath'." Mount-WindowsImageWithRetry -ImagePath $wimStagingFile -Path $mountPath -Index $bootImageIndex ######### This section is associated with Work Item 15253266 and should be removed after the data corruption bug is fixed. ######### Trace-Execution "Mount '$wimStagingFile' successful." $registryPath = Join-Path $mountPath "\Windows\System32\config\SYSTEM" reg load HKLM\OFFLINE $registryPath reg add "HKLM\OFFLINE\ControlSet001\Control\Session Manager\Memory Management" /v VerifyDrivers /t REG_SZ /d * /f reg add "HKLM\OFFLINE\ControlSet001\Control\Session Manager\Memory Management" /v VerifyDriverLevel /t REG_DWORD /d 0x89 /f reg unload HKLM\OFFLINE Trace-Execution "Temporary registry setting complete." ######### Copy-Item "$newDeployDirectPath" "$mountPath\DeployDirect.ps1" -Recurse -Force Copy-Item "$PSScriptRoot\..\Common\DeployDirectCommon.psm1" "$mountPath\DeployDirectCommon.psm1" -Recurse -Force Copy-Item "$PSScriptRoot\..\Common\startnet.cmd" "$mountPath\Windows\System32\startnet.cmd" -Recurse -Force Copy-Item "$PSScriptRoot\..\..\Common\Helpers.psm1" "$mountPath\Helpers.psm1" -Force Copy-Item "$PSScriptRoot\..\..\Common\Tracer.psm1" "$mountPath\Tracer.psm1" -Force Trace-Execution "Dismount and save mounted image." Dismount-WindowsImage -Path $mountPath -Save -Verbose:$false if (-not $skipCopy) { Trace-Execution "Copying updated boot image '$wimStagingFile' back to '$bootImageSrcDir'." $out = Robocopy.exe $wimStagingPath $bootImageSrcDir $physicalMachinesRole.PublicInfo.BootImage.BaseImage /R:2 /W:10 # Check for exit code. If exit code is greater than 7, it means an error occured while performing a copy operation. if ($LASTEXITCODE -ge 8) { $message = "There were errors copying files from '$wimStagingPath' to '$bootImageSrcDir'. Robocopy exit code $LASTEXITCODE.`n" $message += ($out | Out-String) throw $message } Remove-Item -Path $wimStagingFile -Force -Confirm:$false -ErrorAction Ignore } } finally { Dismount-AllMountedImages if ($null -ne $service -and $service.Status -eq "Running") { Trace-Execution "Remove Windows Defender exclusions for paths $MountPath and $wimStagingPath" Remove-MpPreference -ExclusionPath $MountPath, $wimStagingPath -ErrorAction SilentlyContinue } } if ($GenerateVhd) { Trace-Execution "Converting WIM image '$bootImagePath' to VHDBoot image '$winpeVhdImagePath'." $newVhdFromWimParameters = @{ WimPath = $BootImagePath VhdPath = $winpeVhdImagePath WimImageIndex = $BootImageIndex SizeBytes = 120GB VhdBoot = $true } New-VhdFromWim @newVhdFromWimParameters -Force -Verbose } } } <# Mounts the Wim file and injects desired content into it #> function Update-BootWimFile { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters, [Parameter(Mandatory=$false)] [bool] $UseVersionedWim = $true ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $cloudRole = $Parameters.Roles["Cloud"].PublicConfiguration Trace-Execution "Update boot.wim file" $physicalMachinesRole = $Parameters.Roles["BareMetal"].PublicConfiguration $virtualMachinesRole = $Parameters.Roles["VirtualMachines"].PublicConfiguration $clusterName = Get-ManagementClusterName $Parameters # Windows Update staging folder $windowsUpdateStagingFolder = $physicalMachinesRole.PublicInfo.WindowsUpdateStagingFolder.Path if ($windowsUpdateStagingFolder -like "*{*}*") { $windowsUpdateStagingFolder = Get-SharePath $Parameters $windowsUpdateStagingFolder $clusterName } else { $windowsUpdateStagingFolder = $ExecutionContext.InvokeCommand.ExpandString($windowsUpdateStagingFolder) } # Boot image $winPEBootImage = $physicalMachinesRole.PublicInfo.BootImage $bootImageSrcDir = $ExecutionContext.InvokeCommand.ExpandString($winPEBootImage.SrcDir) if ($bootImageSrcDir -like "*{*}*") { $bootImageSrcDir = Get-SharePath $Parameters $bootImageSrcDir $clusterName } if ($UseVersionedWim) { $bootImagePath = Join-Path -Path (Get-AzSVersionedPath -Path $bootImageSrcDir) -ChildPath $winPEBootImage.BaseImage } else { $bootImagePath = Join-Path $bootImageSrcDir $winPEBootImage.BaseImage } $bootImageIndex = $winPEBootImage.Index if (Test-Path -Path $bootImagePath) { # Get rid of any half-built previous WIM. Clear-ImageMount -Path $bootImagePath -AlternateFileServerName $clusterName } # Mount the WIM file $mountedImage = [MountedImage]::new($bootImagePath, $bootImageIndex) # Get the image build and associated drivers path $windowsBuild = $mountedImage.GetBuild() $driverPath = Get-OEMDriverPath -Parameter $Parameters -Build $windowsBuild # Update the WIM file try { # Whenever Build runs on a seed ring node, there is very limited disk space. # Use a scratch drive for applying KBs. [string[]] $seedRingNodeNames = $Parameters.Roles["SeedRing"].PublicConfiguration.Nodes.Node | ForEach-Object Name if ($seedRingNodeNames -icontains $env:COMPUTERNAME) { Import-Module -Name "$PSScriptRoot\..\..\Roles\Common\Servicing\Scripts\Modules\HostTempDrive.psm1" $physicalHostName = Get-NodeRefNodeId $Parameters -RoleName "VirtualMachines" -NodeName $env:COMPUTERNAME $drive = New-ScratchDiskForNonHAVM -ComputerName $env:COMPUTERNAME -HyperVHosts @($physicalHostName) try { Trace-Execution "Running UpdateImageWithWindowsUpdates on a seed ring, using update scratch directory." # Inject Windows updates # TEMP: Ignore applicability check for packages when adding them to WinPE image. $mountedImage.UpdateImageWithWindowsUpdates($windowsUpdateStagingFolder, "$drive`:\UpdateTemp", $true) } finally { Remove-ScratchDiskForNonHAVM -ComputerName $env:COMPUTERNAME -HyperVHosts @($physicalHostName) } } else { # Inject Windows updates Trace-Execution "Injecting updates from non-seedring orchestrator." $mountedImage.UpdateImageWithWindowsUpdates($windowsUpdateStagingFolder) } # Inject drivers $skipDriverInjection = [Bool]::Parse($physicalMachinesRole.PublicInfo.SkipDriverInjection) $mountedImage.AddDriversToImage($driverPath, $skipDriverInjection) # Inject deployment content if ($Parameters.Configuration.Role.PrivateInfo.DeploymentContent) { $libraryShareNugetStorePath = Get-SharePath $Parameters $virtualMachinesRole.PublicInfo.LibraryShareNugetStoreFolder.Path $clusterName if (Test-Path -Path $libraryShareNugetStorePath) { $mountedImage.ExpandDeploymentArtifacts($Parameters.Configuration.Role.PrivateInfo.DeploymentContent, $libraryShareNugetStorePath) } else { $mountedImage.ExpandDeploymentArtifacts($Parameters.Configuration.Role.PrivateInfo.DeploymentContent) } } if ($UseVersionedWim) { # Get current or UpdateVersion in case of update $updateVersion = Get-InProgressUpdateVersion -Parameters $Parameters if ($null -ne $updateVersion) { $version = $updateVersion } else { $version = ([string]($cloudRole.PublicInfo.Version)).Trim() } $mountedImage.UpdateImageStatusFile($version, "BuildCompleted") } } finally { $mountedImage.Dispose() } } <# .SYNOPSIS Dismounts all the mounted images .DESCRIPTION Dismounts all the mounted images #> function Dismount-AllMountedImages { Import-Module Dism Clear-WindowsCorruptMountPoint $mountedImages = Get-WindowsImage -Mounted -Verbose:$false if ($mountedImages) { Trace-Execution "Found the following mounted images:`r`n$($mountedImages | Out-String)" Trace-Execution "Discard previously mounted images." $null = $mountedImages | ForEach-Object { $mountPath = $_.MountPath try { Trace-Execution "Unmounting '$mountPath'" Dismount-WindowsImage -Path $mountPath -Discard -Verbose:$false } catch { # It is possible we may have hit mount point invalid mount point state due to ECE failover # so applying remediation and retrying. See VSO 8588300 for more details. Trace-Execution "Failed to unmount '$mountPath' so unloading mounted keys and retrying" $mountPathKey = $mountPath.Replace('\','/') $(reg query HKLM) | ForEach-Object { if ($_ -like "*$mountPathKey*") { reg unload $_ } } Dismount-WindowsImage -Path $mountPath -Discard -Verbose:$false } } } # If the mounted image was undergoing a DISM operation while ECE service was failed over or crashed, # it's possible that the image is still mounted. We can look for any such disks mounted from the SU1FileServer # and clean them up. $mountedDisks = Get-Disk | Where-Object Location -match "SU1FileServer" if ($mountedDisks) { Trace-Execution "Found the following mounted disks:`r`n$($mountedDisks | Format-List Number, FriendlyName, Size, Location)" foreach ($disk in $mountedDisks) { Dismount-VHD -DiskNumber $disk.Number } } Import-Module Storage Get-Volume | Where-Object FileSystemLabel -eq 'Deployment' | ForEach-Object { Get-DiskImage -DevicePath $_.Path.TrimEnd('\') } | Dismount-DiskImage } <# .Synopsis Reliable atomic copy of file. .Description This function performs a reliable copy of a file by using temporary staging copy and hash validation mechanism. This function is designed to be re-entrant. #> function Copy-FileAtomic { [CmdletBinding()] param ( [Parameter(Mandatory = $true, HelpMessage="Literal path to the source file which is to be copied.")] [string] $SourceFilePath, [Parameter(Mandatory = $true, HelpMessage="Literal path to the destination file where the source file would be copied to.")] [string] $DestinationFilePath ) $destFile = Split-Path -path $DestinationFilePath -Leaf $destFolder = Split-Path -path $DestinationFilePath -Parent $newFileName = '{0}.new' -f $destFile $prevFileName = '{0}.prev' -f $destFile $newPath = Join-Path $destFolder $newFileName $prevPath = Join-Path $destFolder $prevFileName # Handle code re-entrancy if (Test-Path $prevPath) { if (Test-Path $DestinationFilePath) { Write-Verbose "Removing stale file: $prevPath" Remove-Item -Path $prevPath } else { Write-Verbose "Renaming stale file: $prevPath to $DestinationFilePath" Rename-Item -Path $prevPath -NewName $DestinationFilePath } } # Copy file to a temp file in destination folder Write-Verbose "Copying file $SourceFilePath to $newPath" Copy-Item -Path $SourceFilePath -Destination $newPath -Force -ErrorAction Stop # Validate copied staging file against original source file if ((Get-FileHash $SourceFilePath).hash -ne (Get-FileHash $newPath).hash) { throw "$newPath is not copied correctly." } # Handle atomicity and overwrite issues $overwrite = Test-Path $DestinationFilePath if ($overwrite) { Write-Verbose "Renaming existing destination file: $DestinationFilePath to $prevPath" Rename-Item -Path $DestinationFilePath -NewName $prevPath -ErrorAction Stop } Write-Verbose "Renaming new file: $newPath to $DestinationFilePath" Rename-Item -Path $newPath -NewName $DestinationFilePath -ErrorAction Stop if ($overwrite) { Write-Verbose "Removing stale file: $prevPath" Remove-Item -Path $prevPath } } <# .SYNOPSIS Copy base images into the verioned folder .DESCRIPTION Creates copies of the base images in the versioned folder. #> function New-VersionedImages { [CmdletBinding()] param ( [string] $InProgressImageFolder, [string] $BaseImageFolder, [string[]] $Images ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop # If the build folder exists, delete it and start again if (Test-Path $InProgressImageFolder) { Trace-Execution "Clean up old content as build did not complete during previous run." Remove-Item -Path $InProgressImageFolder -Recurse -Force } Trace-Execution "Creating build folder $InProgressImageFolder" $null = New-Item -Path $InProgressImageFolder -ItemType Directory -Force # Loop through all name of all the images needed foreach ($imageName in $Images) { $newImagePath = Join-Path -Path $InProgressImageFolder -ChildPath $imageName if (Test-Path $newImagePath) { Trace-Execution "The new image: $newImagePath already exists. Skipping creation of this image" } else { $sourceImagePath = Join-Path -Path $BaseImageFolder -ChildPath $imageName if (-not(Test-Path -Path $sourceImagePath)) { $sourceImagePath = Join-Path -Path 'C:\CustomArtifacts\Core\Image' -ChildPath $imageName if (-not(Test-Path -Path $sourceImagePath)) { throw "Unable to find '$($imageName)' in any known source image path." } } Trace-Execution "Copying source image at '$sourceImagePath' to destination image path '$newImagePath'." Copy-FileAtomic -SourceFilePath $sourceImagePath -DestinationFilePath $newImagePath -Verbose -ErrorAction Stop } } } <# .SYNOPSIS Get names of the images needed for deployment and updates .DESCRIPTION Creates copies of the base images in the versioned folder. .PARAMETER Parameters The EceInterfaceParameters object which is populated by ECE #> function Get-SourceImageNames { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters, [switch] $SkipWim, [switch] $SkipArtifacts ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $images = @() # Roles $physicalMachinesRole = $Parameters.Roles["BareMetal"].PublicConfiguration $virtualMachinesRole = $Parameters.Roles["VirtualMachines"].PublicConfiguration if ($SkipWim.IsPresent -eq $false) { # Image to be used for host # Boot Image (boot.wim) $bootImageName = $physicalMachinesRole.PublicInfo.BootImage.BaseImage if ($bootImageName) { $images += $bootImageName } } # Image to be used for host OS. $hostOSImageName = $physicalMachinesRole.PublicInfo.InstallImage.BaseImage if ($hostOSImageName -and $images -notcontains $hostOSImageName) { $images += $hostOSImageName } if (($SkipWim.IsPresent -eq $false) -and ([Environment]::GetEnvironmentVariable("OSImageType") -eq "ISO")) { $images += $physicalMachinesRole.PublicInfo.InstallImage.ISOName } # Identify names of the VHDs to be copied, update the base images to be used for the guest VMs $guestVMs = $virtualMachinesRole.Nodes.Node foreach ($vm in $guestVMs) { $osImageName = $vm.Vhds.Vhd | Where-Object Index -eq 0 | ForEach-Object Path if ($images -notcontains $osImageName) { # Add it to the array to avoid configuration of the same image multiple times $images += $osImageName } # Add Artifacts VHD to list of required images if specified in any VM role definition. $artifactsVhdName = $vm.Vhds.Vhd | Where-Object Path -eq "Artifacts.vhdx" | ForEach-Object Path if (![string]::IsNullOrEmpty($artifactsVhdName)) { Trace-Execution "Artifacts VHD '$artifactsVhdName' is requested by role definition of VM '$($vm.Name)'." Trace-Execution "SkipArtifacts switch is '$SkipArtifacts'." Trace-Execution "Current image list: '$images'." if (!$SkipArtifacts.IsPresent -and $images -notcontains $artifactsVhdName) { Trace-Execution "Add Artifacts VHD '$artifactsVhdName' to list of images required for deployment or update." $images += $artifactsVhdName Trace-Execution "Updated image list: '$images'." } } } $images = $images | where {$_ -inotmatch 'WindowsServerCore.vhdx'} return $images } # This function clears the mounted image. function Clear-ImageMount { param ( # This will be \\XXXX\XXVM_temp*.vhdx [Parameter(Mandatory=$true)] [Alias("UncPath")] [string] $Path, [switch] $DeleteImage, # If the path is on the file server this script will attempt to close any open SMB handles. # Doing so requires a PS session to the file server. However the file server name (SU1FileServer) can resolve # to changing IPs, which can break the underlying WinRM session. As a workaround, an alternate target server name # can be provided by the caller (typically the cluster name), which always resolves to the same IP address. [string] $AlternateFileServerName ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop # Check if file or its dism mount exists. if (-not (Test-Path $Path*)) { Trace-Execution "The specified image '$Path' does not exist, no cleanup is necessary." return } if (Get-WindowsImage -Mounted | Where-Object MountStatus -eq 'Invalid') { Trace-Execution "Clear corrupt WindowsImage/DISM mount points." $null = Clear-WindowsCorruptMountPoint -Verbose:$False } Get-Disk | Where-Object Location -like $Path | ForEach-Object { Trace-Execution "Dismount image mounted by Mount-DiskImage on the local host." Dismount-DiskImage -ImagePath $_.Location -Confirm:$false } if ((Get-ChildItem "$Path.dism*" -Force) -or ((Get-ChildItem -Path $Path).Extension -eq '.wim')) { Trace-Execution "The file appears to be mounted by Mount-WindowsImage command, attempting to dismount it gracefully." Get-WindowsImage -Mounted -Verbose:$False | Where-Object ImagePath -like $Path | ForEach-Object { if ($_.MountStatus -eq 'NeedsRemount') { $null = New-Item -Path $_.Path -ItemType Directory -Force Mount-WindowsImage -Path $_.Path -Remount -Verbose:$False } $null = Dismount-WindowsImage -Path $_.Path -Discard -Verbose:$False } } # Check if path points to a network share. $uri = [System.Uri]$Path if ($uri.IsUnc) { $serverName = $uri.Host # WinNextWorkaround: do not use SU1FileServer as the target name for remote sessions. Use the cluster name instead. if ($serverName -eq "SU1FileServer" -and $AlternateFileServerName) { Trace-Execution "WinNextWorkaround: Known issues with creating remote sessions to SU1FileServer. Connecting to $AlternateFileServerName instead." $serverName = $AlternateFileServerName } $sharePath = [System.IO.Path]::GetPathRoot($Path) $shareRelativePath = $Path.Replace($sharePath, '').TrimStart('\') Trace-Execution "Establish remote connection to file server '$serverName' to remove potential locks on the file '$Path'." Invoke-Command $serverName { $verbose = $using:VerbosePreference -eq [System.Management.Automation.ActionPreference]::Continue Trace-Execution "Get SMB file handles to '$using:shareRelativePath'." -Verbose:$verbose $smbOpenFiles = Get-SmbOpenFile | Where-Object ShareRelativePath -like "$using:shareRelativePath*" if ($smbOpenFiles) { Trace-Execution "Remove SMB file handles to $($smbOpenFiles.ShareRelativePath -join ', ')." -Verbose:$verbose $smbOpenFiles | Close-SmbOpenFile -Force -Verbose:$verbose } } } # If the mounted image was undergoing a DISM operation it's possible that the image is still mounted. # We can look for any such disks mounted from the SU1FileServer and clean them up. $mountedDisks = $null try { $mountedDisks = Get-Disk | Where-Object Location -match $Path } catch { Trace-Execution "Failed to get disk using location match. '$_' . Trying exact match." try { $mountedDisks = Get-Disk | Where-Object Location -eq $Path } catch { Trace-Execution "Failed to get disk using exact match. '$_'." } } try { if ($mountedDisks) { Trace-Execution "Found the following mounted disks:`r`n$($mountedDisks | Format-List Number, FriendlyName, Size, Location | Out-String)" foreach ($disk in $mountedDisks) { Dismount-VHD -DiskNumber $disk.Number } } } catch { Trace-Execution "Best-effort error during dismount share disks: $_" } if (Get-ChildItem "$Path.dism*" -Force) { Trace-Execution "Failed to dismount image gracefully, attempting to forcefully remove the file." $dismFilePath = Get-ChildItem "$Path.dism*" -Force Trace-Execution "Remove '$dismFilePath'." $dismFilePath | Remove-Item -Force } if ($DeleteImage -and (Test-Path $Path)) { Trace-Execution "Delete image '$Path'." Remove-Item -Path $Path -Force } } Export-ModuleMember -Function Add-GuestCluster Export-ModuleMember -Function Add-IDnsConfiguration Export-ModuleMember -Function Add-IPAddress Export-ModuleMember -Function Add-LoadBalancerToNetworkAdapter Export-ModuleMember -Function Add-NetworkAdapterToNetwork Export-ModuleMember -Function Clear-ImageMount Export-ModuleMember -Function ConnectPSSession Export-ModuleMember -Function ConvertFrom-IPAddress Export-ModuleMember -Function Convert-IPv4IntToString Export-ModuleMember -Function Convert-IPv4StringToInt Export-ModuleMember -Function ConvertTo-IPAddress Export-ModuleMember -Function ConvertTo-MacAddress Export-ModuleMember -Function ConvertTo-PrefixLength Export-ModuleMember -Function ConvertTo-SubnetMask Export-ModuleMember -Function Dismount-AllMountedImages Export-ModuleMember -Function Dismount-MountedDisk Export-ModuleMember -Function Expand-DeploymentArtifacts Export-ModuleMember -Function Expand-NugetContent Export-ModuleMember -Function Expand-UpdateContent Export-ModuleMember -Function Get-BareMetalCredential Export-ModuleMember -Function Get-BroadcastAddress Export-ModuleMember -Function Get-ClusterShare Export-ModuleMember -Function Get-ClusterShareNames Export-ModuleMember -Function Get-DomainCredential Export-ModuleMember -Function Get-DomainIPMapping Export-ModuleMember -Function Get-ExecutionContextNodeName Export-ModuleMember -Function Get-GatewayAddress Export-ModuleMember -Function Get-HostUpdateShare Export-ModuleMember -Function Get-InProgressUpdateVersion Export-ModuleMember -Function Get-IsVirtualNetworkAlreadyConfigured Export-ModuleMember -Function Get-JeaSession Export-ModuleMember -Function Get-LocalCsvPathFromSharePath Export-ModuleMember -Function Get-MacAddress Export-ModuleMember -Function Get-MacAddressString Export-ModuleMember -Function Get-MountedDisk Export-ModuleMember -Function Get-MountedDiskDriveLetter Export-ModuleMember -Function Get-NCAccessControlList Export-ModuleMember -Function Get-NCCredential Export-ModuleMember -Function Get-NCGateway Export-ModuleMember -Function Get-NCGatewayPool Export-ModuleMember -Function Get-NCIPPool Export-ModuleMember -Function Get-NCLoadBalancer Export-ModuleMember -Function Get-NCLoadbalancerManager Export-ModuleMember -Function Get-NCLoadBalancerMux Export-ModuleMember -Function Get-NCLogicalNetwork Export-ModuleMember -Function Get-NCLogicalNetworkSubnet Export-ModuleMember -Function Get-NCMACPool Export-ModuleMember -Function Get-NCNetworkInterface Export-ModuleMember -Function Get-NCNetworkInterfaceInstanceId Export-ModuleMember -Function Get-NCNetworkInterfaceResourceId Export-ModuleMember -Function Get-NCPublicIPAddress Export-ModuleMember -Function Get-NCServer Export-ModuleMember -Function Get-NCSwitch Export-ModuleMember -Function Get-NCVirtualGateway Export-ModuleMember -Function Get-NCVirtualNetwork Export-ModuleMember -Function Get-NCVirtualServer Export-ModuleMember -Function Get-NCVirtualSubnet Export-ModuleMember -Function Get-NetworkAddress Export-ModuleMember -Function Get-NetworkDefinitionForCluster Export-ModuleMember -Function Get-NetworkDefinitions Export-ModuleMember -Function Get-NetworkMap Export-ModuleMember -Function Get-NetworkNameForCluster Export-ModuleMember -Function Get-PortProfileId Export-ModuleMember -Function Get-RangeEndAddress Export-ModuleMember -Function Get-ScopeRange Export-ModuleMember -Function Get-ServerResourceId Export-ModuleMember -Function Get-SharePath Export-ModuleMember -Function Get-SourceImageNames Export-ModuleMember -Function Get-StorageEndpointName Export-ModuleMember -Function Get-UsernameAndPassword Export-ModuleMember -Function Initialize-ECESession Export-ModuleMember -Function Invoke-ECECommand Export-ModuleMember -Function Invoke-PSDirectOnVM Export-ModuleMember -Function Invoke-ScriptBlockInParallel Export-ModuleMember -Function Invoke-ScriptBlockWithRetries Export-ModuleMember -Function Invoke-WebRequestWithRetries Export-ModuleMember -Function IsIpPoolRangeValid Export-ModuleMember -Function IsIpWithinPoolRange Export-ModuleMember -Function JSONDelete Export-ModuleMember -Function JSONGet Export-ModuleMember -Function JSONPost Export-ModuleMember -Function Mount-WindowsImageWithRetry Export-ModuleMember -Function New-ACL Export-ModuleMember -Function New-Credential Export-ModuleMember -Function New-DeployDirect Export-ModuleMember -Function New-LoadBalancerVIP Export-ModuleMember -Function New-NCAccessControlList Export-ModuleMember -Function New-NCAccessControlListRule Export-ModuleMember -Function New-NCBgpPeer Export-ModuleMember -Function New-NCBgpRouter Export-ModuleMember -Function New-NCBgpRoutingPolicy Export-ModuleMember -Function New-NCBgpRoutingPolicyMap Export-ModuleMember -Function New-NCCredential Export-ModuleMember -Function New-NCGateway Export-ModuleMember -Function New-NCGatewayPool Export-ModuleMember -Function New-NCGreTunnel Export-ModuleMember -Function New-NCIPPool Export-ModuleMember -Function New-NCIPSecTunnel Export-ModuleMember -Function New-NCL3Tunnel Export-ModuleMember -Function New-NCLoadBalancer Export-ModuleMember -Function New-NCLoadBalancerBackendAddressPool Export-ModuleMember -Function New-NCLoadBalancerFrontEndIPConfiguration Export-ModuleMember -Function New-NCLoadBalancerLoadBalancingRule Export-ModuleMember -Function New-NCLoadBalancerMux Export-ModuleMember -Function New-NCLoadBalancerMuxPeerRouterConfiguration Export-ModuleMember -Function New-NCLoadBalancerOutboundNatRule Export-ModuleMember -Function New-NCLoadBalancerProbe Export-ModuleMember -Function New-NCLoadBalancerProbeObject Export-ModuleMember -Function New-NCLogicalNetwork Export-ModuleMember -Function New-NCLogicalNetworkSubnet Export-ModuleMember -Function New-NCLogicalSubnet Export-ModuleMember -Function New-NCMACPool Export-ModuleMember -Function New-NCNetworkInterface Export-ModuleMember -Function New-NCPublicIPAddress Export-ModuleMember -Function New-NCServer Export-ModuleMember -Function New-NCServerConnection Export-ModuleMember -Function New-NCServerNetworkInterface Export-ModuleMember -Function New-NCSlbState Export-ModuleMember -Function New-NCSwitch Export-ModuleMember -Function New-NCSwitchPort Export-ModuleMember -Function New-NCVirtualGateway Export-ModuleMember -Function New-NCVirtualNetwork Export-ModuleMember -Function New-NCVirtualServer Export-ModuleMember -Function New-NCVirtualSubnet Export-ModuleMember -Function New-NCVpnClientAddressSpace Export-ModuleMember -Function New-PxeUnattendFile Export-ModuleMember -Function New-VersionedImages Export-ModuleMember -Function New-VhdFromWim Export-ModuleMember -Function New-WimFromVhd Export-ModuleMember -Function New-WinPEImage Export-ModuleMember -Function NormalizeIPv4Subnet Export-ModuleMember -Function PublishAndStartDscConfiguration Export-ModuleMember -Function PublishAndStartDscForJea Export-ModuleMember -Function Remove-LoadBalancerFromNetworkAdapter Export-ModuleMember -Function Remove-NCAccessControlList Export-ModuleMember -Function Remove-NCCredential Export-ModuleMember -Function Remove-NCGateway Export-ModuleMember -Function Remove-NCGatewayPool Export-ModuleMember -Function Remove-NCIPPool Export-ModuleMember -Function Remove-NCLoadBalancer Export-ModuleMember -Function Remove-NCLoadBalancerMux Export-ModuleMember -Function Remove-NCLogicalNetwork Export-ModuleMember -Function Remove-NCMACPool Export-ModuleMember -Function Remove-NCNetworkInterface Export-ModuleMember -Function Remove-NCPublicIPAddress Export-ModuleMember -Function Remove-NCServer Export-ModuleMember -Function Remove-NCSwitch Export-ModuleMember -Function Remove-NCVirtualGateway Export-ModuleMember -Function Remove-NCVirtualNetwork Export-ModuleMember -Function Remove-NCVirtualServer Export-ModuleMember -Function Remove-PortProfileId Export-ModuleMember -Function Set-MacAndIPAddress Export-ModuleMember -Function Set-NCConnection Export-ModuleMember -Function Set-NCLoadBalancerManager Export-ModuleMember -Function Set-PortProfileId Export-ModuleMember -Function Set-PortProfileIdHelper Export-ModuleMember -Function Test-IPConnection Export-ModuleMember -Function Test-NetworkMap Export-ModuleMember -Function Test-PSSession Export-ModuleMember -Function Test-SkipDriverInjection Export-ModuleMember -Function Test-WSManConnection Export-ModuleMember -Function Trace-Error Export-ModuleMember -Function Trace-Execution Export-ModuleMember -Function Trace-Warning Export-ModuleMember -Function Update-BootWimFile Export-ModuleMember -Function Update-JEAEndpointsForUpdate Export-ModuleMember -Function Update-NCCredential Export-ModuleMember -Function Update-NCServer Export-ModuleMember -Function Update-NCVirtualServer Export-ModuleMember -Function Wait-Result Export-ModuleMember -Function Wait-VirtualNetwork # SIG # Begin signature block # MIIoRgYJKoZIhvcNAQcCoIIoNzCCKDMCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBW7frEEy9LDFln # B2FNjd9HOu0VLVpEEoWhT/Q9gxCqrqCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGiYwghoiAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIAbqGo6n2JnnkcMzo9PLqhAP # L3WelPHJNNUXriYNKJpJMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAxxAQWVsPbn5XhBXVCUsjRW3Mm531K59ua3NM2dbURPCnIn5nSBWLnj4N # YGGg5iOONQ1wzDId1fdESuh+vz3fTHV395zv8ihMPU6vVD/d9VkP7w0yELJU/xYi # EVLGX+ah5g4DF4LamMCbvIy+FdfHOuSw3rlN/mdvcyOmtU8opFimj9y92XqvH9HZ # 2H91dbEQu1vo0Nc5bHKxlfGEzab0h9681210P8/cyw+rcD0N3b6ubEZaQFVd0dLM # XD1RBZhlWeONYncSiLosCUX/fx9lUBjJGDd+37OUJfT52A+B+A+HFk0cbznkB702 # hVkKjqc6meXJpYqMiAenHciUBzyCJ6GCF7AwghesBgorBgEEAYI3AwMBMYIXnDCC # F5gGCSqGSIb3DQEHAqCCF4kwgheFAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFaBgsq # hkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCBWKfWFNKcgy+CyKxBFqMovFYnfDkgt4ZLd+FmcwTuc/QIGZut9Kno0 # GBMyMDI0MTAwOTAxMTM0OS4wMDVaMASAAgH0oIHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo2RjFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaCCEf4wggcoMIIFEKADAgECAhMzAAAB/Bigr8xpWoc6AAEAAAH8MA0G # CSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTI0 # MDcyNTE4MzExNFoXDTI1MTAyMjE4MzExNFowgdMxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9w # ZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjZGMUEt # MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp1DAKLxpbQcPVYPHlJHy # W7W5lBZjJWWDjMfl5WyhuAylP/LDm2hb4ymUmSymV0EFRQcmM8BypwjhWP8F7x4i # O88d+9GZ9MQmNh3jSDohhXXgf8rONEAyfCPVmJzM7ytsurZ9xocbuEL7+P7EkIwo # OuMFlTF2G/zuqx1E+wANslpPqPpb8PC56BQxgJCI1LOF5lk3AePJ78OL3aw/Ndlk # vdVl3VgBSPX4Nawt3UgUofuPn/cp9vwKKBwuIWQEFZ837GXXITshd2Mfs6oYfxXE # tmj2SBGEhxVs7xERuWGb0cK6afy7naKkbZI2v1UqsxuZt94rn/ey2ynvunlx0R6/ # b6nNkC1rOTAfWlpsAj/QlzyM6uYTSxYZC2YWzLbbRl0lRtSz+4TdpUU/oAZSB+Y+ # s12Rqmgzi7RVxNcI2lm//sCEm6A63nCJCgYtM+LLe9pTshl/Wf8OOuPQRiA+stTs # g89BOG9tblaz2kfeOkYf5hdH8phAbuOuDQfr6s5Ya6W+vZz6E0Zsenzi0OtMf5RC # a2hADYVgUxD+grC8EptfWeVAWgYCaQFheNN/ZGNQMkk78V63yoPBffJEAu+B5xlT # PYoijUdo9NXovJmoGXj6R8Tgso+QPaAGHKxCbHa1QL9ASMF3Os1jrogCHGiykfp1 # dKGnmA5wJT6Nx7BedlSDsAkCAwEAAaOCAUkwggFFMB0GA1UdDgQWBBSY8aUrsUaz # hxByH79dhiQCL/7QdjAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBf # BgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmww # bAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0El # MjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUF # BwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAT7ss/ZAZ0bTa # FsrsiJYd//LQ6ImKb9JZSKiRw9xs8hwk5Y/7zign9gGtweRChC2lJ8GVRHgrFkBx # ACjuuPprSz/UYX7n522JKcudnWuIeE1p30BZrqPTOnscD98DZi6WNTAymnaS7it5 # qAgNInreAJbTU2cAosJoeXAHr50YgSGlmJM+cN6mYLAL6TTFMtFYJrpK9TM5Ryh5 # eZmm6UTJnGg0jt1pF/2u8PSdz3dDy7DF7KDJad2qHxZORvM3k9V8Yn3JI5YLPuLs # o2J5s3fpXyCVgR/hq86g5zjd9bRRyyiC8iLIm/N95q6HWVsCeySetrqfsDyYWStw # L96hy7DIyLL5ih8YFMd0AdmvTRoylmADuKwE2TQCTvPnjnLk7ypJW29t17Yya4V+ # Jlz54sBnPU7kIeYZsvUT+YKgykP1QB+p+uUdRH6e79Vaiz+iewWrIJZ4tXkDMmL2 # 1nh0j+58E1ecAYDvT6B4yFIeonxA/6Gl9Xs7JLciPCIC6hGdliiEBpyYeUF0ohZF # n7NKQu80IZ0jd511WA2bq6x9aUq/zFyf8Egw+dunUj1KtNoWpq7VuJqapckYsmvm # mYHZXCjK1Eus7V1I+aXjrBYuqyM9QpeFZU4U01YG15uWwUCaj0uZlah/RGSYMd84 # y9DCqOpfeKE6PLMk7hLnhvcOQrnxP6kwggdxMIIFWaADAgECAhMzAAAAFcXna54C # m0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZp # Y2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMy # MjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51 # yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY # 6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9 # cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN # 7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDua # Rr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74 # kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2 # K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5 # TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZk # i1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9Q # BXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3Pmri # Lq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUC # BBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJl # pxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y # eS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUA # YgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # 1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIw # MTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/yp # b+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulm # ZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM # 9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECW # OKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4 # FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3Uw # xTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPX # fx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVX # VAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGC # onsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU # 5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEG # ahC0HVUzWLOhcGbyoYIDWTCCAkECAQEwggEBoYHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo2RjFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaIjCgEBMAcGBSsOAwIaAxUATkEpJXOaqI2wfqBsw4NLVwqYqqqggYMw # gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQsF # AAIFAOqvr74wIhgPMjAyNDEwMDgxMzE4NTRaGA8yMDI0MTAwOTEzMTg1NFowdzA9 # BgorBgEEAYRZCgQBMS8wLTAKAgUA6q+vvgIBADAKAgEAAgIaLQIB/zAHAgEAAgIU # sjAKAgUA6rEBPgIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAow # CAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUAA4IBAQAEAnaF4fTA # XxZBtpscWKV1QQe1WFCg7AcIhB/9zWVZZMCwsFTuszZztk9qXqFlSeqvCaovRP2c # 1U1r/NgBpID9fgeFizzz1IV7NX0TGgTrGqPQ7geHwE4CRXFhQKpdUBNk3Il8Y0x+ # dzvUx4IIyAViC36PkZmGRwbHYIPFaxeLJiK1ziJaUyf3m55c4m8mhX/u7RcVDiC/ # txcIDBTPc2dGj2ZSnSaQrSzEGt5zcYVX/C/tPA+PAJa/cDNW1xp3uWNQbrvfjRAD # D7RIpOhV5gAaQ7aodtCR6gNLqu4oiGzyr2cZg5Cx8rU/rp9MzhOOPDCPo251+UEK # Ou8SFhsjmUtJMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAH8GKCvzGlahzoAAQAAAfwwDQYJYIZIAWUDBAIBBQCgggFKMBoG # CSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgGJPOAEId # N6vIkTjmWzrkcb/j4HaIN9kA/YC1Va2BcWUwgfoGCyqGSIb3DQEJEAIvMYHqMIHn # MIHkMIG9BCCVQq+Qu+/h/BOVP4wweUwbHuCUhh+T7hq3d5MCaNEtYjCBmDCBgKR+ # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB/Bigr8xpWoc6AAEA # AAH8MCIEIMxYfNmHhx9iKzrkDVNqTQiVCk7BuKPik5Q9vehPX2zcMA0GCSqGSIb3 # DQEBCwUABIICAF+PeL2MBIFRzg//3lqTvyZIwQrrXn7cSQJwpAIGUSMVMNiXvMOd # neLBci4LBqSDkfdy9f7R0n5GagPvSI5cNi52Y/f1UuA4m7IFZcN/T8Lrx08CAaW0 # 9f/1VEm/yd5C5cmfVKNKQ/TtriAqOimPwt8Ge2wh7i+iaOCbjB6MgrigOWp60OlR # u5KZgSaQXN49RPeKJDDbvqmiGB8piZ47g2z4SBAyueK7XlLWYqR7OMNFqjRAPxt/ # ExGBCXECv3MyaSxdAOmBfyl3If6qjQIxOw5zutgYMtLMyXkdif5W0JXKy+aJ/8iu # q+fkmIhZ+z2QUAJG66mpRNYPD2GlFv7IVKCYq7JTi2QdABeOFjnXTCZzmMVlq7pj # mRkEZ1srx0XwMpgUKjk5NkE8B2VLckCeW5OBBYKwGOCmkDeDuiC3c5AinEOJAyGk # iwL6TNWPsM6ZAPiz1v9QiBEjBY2xSClMI1ehaF7e8BrAKGvQrknZ2X1QE7k+1zHT # q/6U1jV3dl2MsVlA2XSB5dOBQ1EwP0sTXl8Tt05BEPbpNfw0HLneLsfWaeej8S33 # USqOWrd8cnl7NJpPnuPPP+8Y/ccB3YnhV+CqRJeidA/eAt9mFrqkXYTHciWnGuMq # EFgXJ689OQnpOt1GdukHFYXh5Ued2vbQZvlF6qBBA27yUwIZEH6AVOiv # SIG # End signature block |