AzStackHciUpgrade/AzStackHci.Upgrade.Helpers.psm1
|
Import-LocalizedData -BindingVariable luTxt -FileName AzStackHci.Upgrade.Strings.psd1 Import-Module $PSScriptRoot\..\AzStackHciHardware\AzStackHci.Hardware.Helpers.psm1 -Force -DisableNameChecking -Global function Test-23H2 { <# .SYNOPSIS Test Windows OS is 23H2 .DESCRIPTION Test Windows OS is 23H2 .EXAMPLE PS C:\> Test-23H2 Test Windows OS is 23H2 on localhost. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { Import-Module "$PsScriptRoot\..\AzStackHciSoftware\AzStackHci.Software.Helpers.psm1" -Force $supportedVersion = Get-SupportOsVersion if ([string]::IsNullOrEmpty($supportedVersion)) { # Fall back to 23H2 greater and equal 8B (do 6B for now) Log-Info "Unable to determine the supported version. Please ensure all nodes are fully patched up to date." -ConsoleOut -Type WARNING $supportedVersion = '10.0.25398.1075' } $instanceResults = Test-OSVersion -PsSession $PsSession -MinimumVersion $supportedVersion foreach ($instanceResult in $instanceResults) { $instanceResult.Name = 'AzStackHci_Upgrade_23H2' $instanceResult.Title = 'Test Windows OS is 23H2' $instanceResult.DisplayName = 'Test Windows OS is 23H2' $instanceResult.Description = 'Checking Windows OS is 23H2' $instanceResult.Tags = @{} $instanceResult.Severity = 'CRITICAL' $instanceResult.Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/deploy/deployment-tool-install-os' $instanceResult.TargetResourceID = $instanceResult.TargetResourceName $instanceResult.TargetResourceType = 'OS' $instanceResult.HealthCheckSource = $ENV:EnvChkrId } return $instanceResults } catch { throw $_ } } function Test-HciCluster { <# .SYNOPSIS Test all nodes are part of the same cluster, nodes are up and cluster is not stretched #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession, [Parameter(Mandatory = $false)] [System.Collections.ArrayList] $IpPools ) try { $remoteOutput = @() $sb = { $clusterName = "" try { $clusterName = Get-Cluster | Select-Object -Expand Name # omitting -Cluster as this requires CredSSP $clusterNodes = Get-ClusterNode $clusterFaultDomainSiteName = Get-ClusterFaultDomain -Type Site | Select-Object -Expand Name $clusterIp = Get-ClusterGroup -Name 'Cluster Group' | Get-ClusterResource | Where-Object ResourceType -eq 'IP Address' | Get-ClusterParameter -Name Address | Select-Object -ExpandProperty Value $clusterHasIpv6 = [bool](Get-ClusterGroup -Name 'Cluster Group' | Get-ClusterResource | Where-Object ResourceType -eq 'IPv6 Address') } catch{} return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Cluster = $clusterName ClusterNodes = $clusterNodes ClusterFaultDomain = $clusterFaultDomainSiteName ClusterIP = $clusterIp ClusterHasIpv6 = $clusterHasIpv6 } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() # Check cluster exists foreach ($output in $remoteOutput) { if ([string]::IsNullOrEmpty($output.Cluster)) { $status = 'FAILURE' $detail = $luTxt.NoClusterFound -f $output.ComputerName Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.ClusterFound -f $output.ComputerName, $output.Cluster Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_Cluster_Exists' Title = 'Test Cluster Exists' DisplayName = 'Test Cluster Exists' Severity = 'CRITICAL' Description = 'Checking Cluster is installed' Tags = @{} Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/deploy/deployment-tool-install-os' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } # Check all nodes part of same cluster # ensure all cluster nodes are part of the same cluster if (($remoteOutput.Cluster | Sort-Object | Get-Unique).Count -eq 1) { $status = 'SUCCESS' Log-Info $detail } else { $status = 'FAILURE' Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_AllNodesInSameCluster' Title = 'Test All Nodes in Same Cluster' DisplayName = 'Test All Nodes in Same Cluster' Severity = 'CRITICAL' Description = 'Checking all nodes are part of the same cluster' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = 'Cluster' TargetResourceName = 'Cluster' TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = 'Cluster' Resource = 'Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params # Return if there is a failure at this point if ('FAILURE' -in $instanceResults.Status) { return $instanceResults } else { # Test all nodes are up Log-Info "Cluster Nodes:" Log-Info ($remoteOutput.ClusterNodes | Out-String) foreach ($node in $remoteOutput[0].ClusterNodes) { if ($node.State -ne 'Up') { $status = 'FAILURE' $detail = "Node $($node.Name) is not in 'Up' state." Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = "Node $($node.Name) is in 'Up' state." Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_ClusterNodeUp' Title = 'Test Cluster Node is up' DisplayName = "Test Cluster Node is up $($node.Name)" Severity = 'CRITICAL' Description = 'Checking cluster node is up' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $node.Name TargetResourceName = $node.Name TargetResourceType = 'ClusterNode' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = 'Cluster' Resource = 'ClusterNode' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } } # Make sure cluster is not stretched if (($output.ClusterFaultDomain | Sort-Object | Get-Unique).Count -gt 1) { $status = 'FAILURE' $detail = $luTxt.StretchedClusterEnabled -f $output.Cluster Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.StretchedClusterNotEnabled -f $output.Cluster Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_StretchedCluster' Title = 'Test Stretched Cluster' DisplayName = 'Test Stretched Cluster' Severity = 'CRITICAL' Description = 'Checking Stretched Cluster is enabled' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Stretched Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params if ('FAILURE' -in $instanceResults.Status) { return $instanceResults } #region Test cluster IP not in IPPools Log-Info "Make sure cluster IP is not in any of the provided IP pools." [String[]] $allClusterIpReturned = $remoteOutput.ClusterIP | Where-Object { -not [System.String]::IsNullOrEmpty($_) } [String] $clusterIpToCheck = $allClusterIpReturned[0] Log-Info "Cluster IP to validate: $($clusterIpToCheck)" $clusterIPNotInIpPoolStatus = 'SUCCESS' $clusterIP = [system.net.ipaddress]::Parse($clusterIpToCheck).GetAddressBytes() [array]::Reverse($clusterIP) $clusterIP = [system.BitConverter]::ToUInt32($clusterIP, 0) foreach($ipPool in $IpPools) { $StartingAddress = $ipPool.StartingAddress $EndingAddress = $ipPool.EndingAddress Log-Info "Checking IP pool with starting address of $($StartingAddress) and ending address of $($EndingAddress)" $from = [system.net.ipaddress]::Parse($StartingAddress).GetAddressBytes() [array]::Reverse($from) $from = [system.BitConverter]::ToUInt32($from, 0) $to = [system.net.ipaddress]::Parse($EndingAddress).GetAddressBytes() [array]::Reverse($to) $to = [system.BitConverter]::ToUInt32($to, 0) if ($clusterIP -ge $from -and $clusterIP -le $to) { $clusterIPNotInIpPoolStatus = 'FAILURE' $clusterIPNotInIpPoolDetail = $luTxt.ClusterIPInIpPool -f $clusterIpToCheck, $StartingAddress, $EndingAddress Log-Info $clusterIPNotInIpPoolDetail -Type CRITICAL break } } if ($clusterIPNotInIpPoolStatus -eq 'SUCCESS') { $clusterIPNotInIpPoolDetail = $luTxt.ClusterIPNotInIpPool -f $clusterIpToCheck Log-Info $clusterIPNotInIpPoolDetail } $params = @{ Name = 'AzStackHci_Upgrade_ClusterIPExcludedFromIPPool' Title = 'Cluster IP excluded from IP pool' DisplayName = 'Cluster IP excluded from IP pool' Severity = 'CRITICAL' Description = 'The cluster IP sohuld not be part of the provided IP pool' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = 'Cluster' TargetResourceName = 'Cluster' TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $clusterIPNotInIpPoolStatus AdditionalData = @{ Source = 'Cluster' Resource = 'Cluster' Detail = $clusterIPNotInIpPoolDetail Status = $clusterIPNotInIpPoolStatus TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } Log-Info "Got validation result of Cluster IP not in IP pool: $clusterIPNotInIpPoolStatus" $instanceResults += New-AzStackHciResultObject @params #endregion #region Test cluster IP not ipv6 Log-Info "Make sure cluster group does not have IPv6 IP resource configured." if ($true -in $remoteOutput.clusterHasIpv6) { $clusterIPNotIpv6Status = 'FAILURE' $clusterIPIpv6Detail = $luTxt.ClusterIPResourceIpv6CheckFail Log-Info $clusterIPIpv6Detail -Type CRITICAL } else { $clusterIPNotIpv6Status = 'SUCCESS' $clusterIPIpv6Detail = $luTxt.ClusterIPResourceIpv6CheckPass Log-Info $clusterIPIpv6Detail } $params = @{ Name = 'AzStackHci_Upgrade_ClusterIPNotIpv6' Title = 'Test Cluster IP Resource is not IPv6' DisplayName = 'Test Cluster IP Resource is not IPv6' Severity = 'CRITICAL' Description = 'Check cluster IP does not have IPv6 address' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = 'Cluster' TargetResourceName = 'Cluster' TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $clusterIPNotIpv6Status AdditionalData = @{ Source = 'Cluster' Resource = 'Cluster' Detail = $clusterIPIpv6Detail Status = $clusterIPNotIpv6Status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params #endregion return $instanceResults } catch { throw $_ } } function Test-ClusterFunctionalLevel { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $clusterFunctionalLevel = Get-Cluster | Select-Object -Expand ClusterFunctionalLevel return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME ClusterFunctionalLevel = $clusterFunctionalLevel } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() $expectedClusterFunctionalLevel = 12 foreach ($output in $remoteOutput) { $detail = $luTxt.ClusterFunctionalLevel -f $output.ClusterFunctionalLevel, $output.ComputerName, $expectedClusterFunctionalLevel if ($output.ClusterFunctionalLevel -eq $expectedClusterFunctionalLevel) { $status = 'SUCCESS' Log-Info $detail } else { $status = 'FAILURE' Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_ClusterFunctionalLevel' Title = 'Test Cluster Functional Level' DisplayName = 'Test Cluster Functional Level' Severity = 'CRITICAL' Description = "Checking Cluster Functional Level is $expectedClusterFunctionalLevel" Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-RequiredWindowsFeature { <# .SYNOPSIS Test if the required Windows feature is installed .DESCRIPTION Test if the required Windows feature is installed .EXAMPLE PS C:\> Test-RequiredWindowsFeature Test if the required Windows feature is installed on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { # Can be dedup with windowsOptionalFeatureToCheck $windowsFeatureTocheck = @( "Failover-Clustering", "NetworkATC", "RSAT-AD-Powershell", "RSAT-Hyper-V-Tools", "Data-Center-Bridging", "NetworkVirtualization", "RSAT-AD-AdminCenter" ) $windowsOptionalFeatureToCheck = @( "Server-Core", "ServerManager-Core-RSAT", "ServerManager-Core-RSAT-Role-Tools", "ServerManager-Core-RSAT-Feature-Tools", "DataCenterBridging-LLDP-Tools", "Microsoft-Hyper-V", "Microsoft-Hyper-V-Offline", "Microsoft-Hyper-V-Online", "RSAT-Hyper-V-Tools-Feature", "Microsoft-Hyper-V-Management-PowerShell", "NetworkVirtualization", "RSAT-AD-Tools-Feature", "RSAT-ADDS-Tools-Feature", "DirectoryServices-DomainController-Tools", "ActiveDirectory-PowerShell", "DirectoryServices-AdministrativeCenter", "DNS-Server-Tools", "EnhancedStorage", "WCF-Services45", "WCF-TCP-PortSharing45", "NetworkController", "NetFx4ServerFeatures", "NetFx4", "MicrosoftWindowsPowerShellRoot", "MicrosoftWindowsPowerShell", "Server-Psh-Cmdlets", "KeyDistributionService-PSH-Cmdlets", "TlsSessionTicketKey-PSH-Cmdlets", "Tpm-PSH-Cmdlets", "FSRM-Infrastructure", "ServerCore-WOW64", "SmbDirect", "FailoverCluster-AdminPak", "Windows-Defender", "SMBBW", "FailoverCluster-FullServer", "FailoverCluster-PowerShell", "Microsoft-Windows-GroupPolicy-ServerAdminTools-Update", "DataCenterBridging", "BitLocker", "FileServerVSSAgent", "FileAndStorage-Services", "Storage-Services", "File-Services", "CoreFileServer", "SystemDataArchiver", "ServerCoreFonts-NonCritical-Fonts-MinConsoleFonts", "ServerCoreFonts-NonCritical-Fonts-BitmapFonts", "ServerCoreFonts-NonCritical-Fonts-TrueType", "ServerCoreFonts-NonCritical-Fonts-UAPFonts", "ServerCoreFonts-NonCritical-Fonts-Support", "ServerCore-Drivers-General", "ServerCore-Drivers-General-WOW64", "NetworkATC" ) $windowsFeatureNotInstalled = @() foreach ($featureName in $windowsFeatureToCheck) { if (-not (Get-WindowsFeature -Name $featureName | Where-Object InstallState -eq Installed)) { $windowsFeatureNotInstalled += $featureName } } $windowsOptionalFeatureNotEnabled = @() foreach ($featureName in $windowsOptionalFeatureToCheck) { if (-not (Get-WindowsOptionalFeature -Online -FeatureName $featureName | Where-Object State -eq Enabled)) { $windowsOptionalFeatureNotEnabled += $featureName } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME list = $windowsFeatureNotInstalled + $windowsOptionalFeatureNotEnabled result = ($windowsFeatureNotInstalled.Count -eq 0) -and ($windowsOptionalFeatureNotEnabled.Count -eq 0) } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.RequiredWindowsFeatureEnabled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $featureList = ($output.list) -join ', ' $detail = $luTxt.RequiredWindowsFeatureNotEnabled -f $featureList, $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Required_Windows_Features' Title = 'Test Required Windows features' DisplayName = 'Test Required Windows features' Severity = 'Critical' Description = 'Checks that all nodes have the required Windows features installed' Tags = @{} Remediation = "https://aka.ms/UpgradeRequirements" TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Required Windows features ' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-NetworkAtcIntents { <# .SYNOPSIS Test the required Network ATC intents are present and in heathy state .DESCRIPTION Test the required Network ATC intents are present and in heathy state .EXAMPLE PS C:\> Test-NetworkAtcIntents Test the required Network ATC intents are present and in heathy state. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $networkATC = [bool](Get-WindowsFeature -Name NetworkATC | Where-Object InstallState -eq 'Installed') return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $networkATC } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $hasError = $false $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcEnabled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $hasError = $true $detail = $luTxt.NetworkAtcNotEnabled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCFeature_Installed' Title = 'Test Network ATC feature is installed on the node' DisplayName = 'Test Network ATC feature is installed on the node' Severity = 'CRITICAL' Description = 'Checking Network ATC feature is enabled on the node' Tags = @{} Remediation = 'https://aka.ms/UpgradeNetworkATC' TargetResourceID = 'NetworkAtcFeature' TargetResourceName = 'NetworkAtcFeature' TargetResourceType = 'NetworkAtcFeature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } # If there is a node that doesn't have Network ATC enabled, then the cluster won't have proper network ATC intents configured. So no need to check further. if ($hasError) { return $instanceResults } # Check if the Network ATC service is running on the nodes $remoteOutput = @() $sb = { $atcService = Get-Service NetworkATC -ErrorAction SilentlyContinue $atcServiceRunning = $atcService -and $atcService.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $atcServiceRunning } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcServiceRunning -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.NetworkAtcServiceNotRunning -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCService_Running' Title = 'Test NetworkATC service is running on the node' DisplayName = 'Test NetworkATC service is running on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC service is running on the node' Tags = @{} Remediation = 'Make sure NetworkAtc service is running on the node. If not, start the service.' TargetResourceID = 'NetworkAtcService' TargetResourceName = 'NetworkAtcService' TargetResourceType = 'NetworkAtcService' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } # Check if the required Network ATC intents are present $remoteOutput = @() $sb = { $intents = Get-NetIntent -ErrorAction SilentlyContinue return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $intents } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $clusterNodesCount = (Get-ClusterNode).Count foreach ($output in $remoteOutput) { if ($null -eq $output.result) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcIntentsNotPresent -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCIntents_Present' Title = 'Test NetworkATC intents are present on the node' DisplayName = 'Test NetworkATC intents are present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC intents are present on the node' Tags = @{} Remediation = 'Make sure NetworkATC intents are properly configured on the node.' TargetResourceID = 'NetworkAtcIntents' TargetResourceName = 'NetworkAtcIntents' TargetResourceType = 'NetworkAtcIntents' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } else { $outputResultString = $output.result | Out-String log-info "Get-NetIntent returned from node $($output.ComputerName) : $outputResultString" $isManagementIntentPresent = $output.result | Where-Object { $_.IsManagementIntentSet -eq $true } $isStorageIntentPresent = $output.result | Where-Object { $_.IsStorageIntentSet -eq $true } if (-not $isManagementIntentPresent) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcManagementIntentNotPresent -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCManagementIntent_Present' Title = 'Test NetworkATC management intent is present on the node' DisplayName = 'Test NetworkATC management intent is present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC management intent is present on the node' Tags = @{} Remediation = 'Make sure NetworkATC management intent is properly configured on the node.' TargetResourceID = 'NetworkAtcManagementIntent' TargetResourceName = 'NetworkAtcManagementIntent' TargetResourceType = 'NetworkAtcManagementIntent' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } elseif (-not $isStorageIntentPresent -and $clusterNodesCount -gt 1) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcStorageIntentNotPresent -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCStorageIntent_Present' Title = 'Test NetworkATC storage intent is present on the node' DisplayName = 'Test NetworkATC storage intent is present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC storage intent is present on the node' Tags = @{} Remediation = 'Make sure NetworkATC storage intent is properly configured on the node if it is multi-node HCI system.' TargetResourceID = 'NetworkAtcStorageIntent' TargetResourceName = 'NetworkAtcStorageIntent' TargetResourceType = 'NetworkAtcStorageIntent' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } else { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcRequiredIntentsArePresent -f $output.ComputerName Log-Info $detail $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCRequiredIntents_Present' Title = 'Test NetworkATC required intents are present on the node' DisplayName = 'Test NetworkATC required intents are present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC required intents are present on the node' Tags = @{} Remediation = 'https://aka.ms/UpgradeNetworkATC' TargetResourceID = 'NetworkAtcIntents' TargetResourceName = 'NetworkAtcIntents' TargetResourceType = 'NetworkAtcIntents' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } } } # check if the intents on the nodes are in healthy state $remoteOutput = @() $sb = { $stopWatch = [diagnostics.stopwatch]::StartNew() $intentStatus = $null # NetworkATC might doing drift detection (every 15 min), and intent status might be at "Validating" state for a while. # So we will wait for some time to make sure we can get expected Success/Completed status. while ($stopWatch.Elapsed.TotalSeconds -lt 1080) { [PSObject[]] $intentStatus = Get-NetIntentStatus -ErrorAction SilentlyContinue [PSObject[]] $notCompletedOrNotSuccessIntents = $intentStatus | Where-Object { $_.ConfigurationStatus -ne 'Success' -or $_.ProvisioningStatus -ne 'Completed' } [PSObject[]] $failedIntents = $intentStatus | Where-Object { $_.ConfigurationStatus -eq 'Failed' } if (($notCompletedOrNotSuccessIntents.Count -eq 0) -or ($failedIntents.Count -gt 0)) { break } Start-Sleep -seconds 5 } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $intentStatus } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } foreach ($output in $remoteOutput) { $resultString = $output.result | Out-String log-info "Get-NetIntentStatus returned from node $($output.ComputerName) : $resultString" $failedIntents = $output.result | Where-Object { $_.ConfigurationStatus -ne 'Success' -or $_.ProvisioningStatus -ne 'Completed' } if ($null -ne $failedIntents) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcIntentsStatusNotHealthy -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = "AzStackHci_Upgrade_Test_NetworkATCIntent_HealthyState" Title = "Test NetworkAtc intent configuration and provisioning status" DisplayName = "Test NetworkAtc intent configuration and provisioning status" Severity = 'CRITICAL' Description = "Checking Test NetworkAtc intent configuration and provisioning status" Tags = @{} Remediation = "Use Get-NetIntentStatus cmdlet to check the status of the intent and take necessary action to fix the issue." TargetResourceID = "NetworkAtcIntents" TargetResourceName = "NetworkAtcIntents" TargetResourceType = "NetworkAtcIntents" Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "NetworkAtcIntents" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } elseif ($null -eq $output.result) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcIntentsStatusNull -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = "AzStackHci_Upgrade_Test_NetworkATCIntent_StatusNull" Title = "Test NetworkAtc intent configuration and provisioning status" DisplayName = "Test NetworkAtc intent configuration and provisioning status" Severity = 'CRITICAL' Description = "Checking Test NetworkAtc intent configuration and provisioning status" Tags = @{} Remediation = "Use Get-NetIntentStatus cmdlet to check the status of the intents and take necessary action to fix the issue." TargetResourceID = "NetworkAtcIntents" TargetResourceName = "NetworkAtcIntents" TargetResourceType = "NetworkAtcIntents" Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "NetworkAtcIntents" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } else { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcIntentsHealthy -f $output.ComputerName Log-Info $detail $params = @{ Name = "AzStackHci_Upgrade_Test_NetworkATCIntent_HealthyState" Title = "Test NetworkAtc intent configuration and provisioning status" DisplayName = "Test NetworkAtc intent configuration and provisioning status" Severity = 'CRITICAL' Description = "Checking Test NetworkAtc intent configuration and provisioning status" Tags = @{} Remediation = 'https://aka.ms/UpgradeNetworkATC' TargetResourceID = "NetworkAtcIntents" TargetResourceName = "NetworkAtcIntents" TargetResourceType = "NetworkAtcIntents" Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "NetworkAtcIntents" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } } return $instanceResults } catch { throw $_ } } function Test-TPMHealth { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $results = @() $results += Test-TpmVersion -PsSession $PsSession $results += Test-TpmProperties -PsSession $PsSession $results += Test-TpmCertificates -PsSession $PsSession $results | % { $_.Name = $_.Name -replace 'Hardware','Upgrade' $_.Severity = 'WARNING' } return $results } catch { throw $_ } } function Test-BitlockerSuspension { <# .SYNOPSIS Test if bitlocker is enabled but not in suspended state. .DESCRIPTION Test if bitlocker is enabled but not in suspended state. .EXAMPLE PS C:\> function Test-BitlockerSuspension Test if bitlocker is enabled but not in suspended state for all volumes. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) $remoteOutput = @() try { $sb = { try { $volumes = $null try { $volumes = Get-BitLockerVolume } catch { # Return test result as True/Pass because we dont want to fail test if bitlocker feature is not available. return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = "Could not fetch bitlocker volumes. Error: " + $_.Exception.Message error = $_.Exception.Message result = $true isBitlockerFeatureInstalled = $false } } $volumeDetails = "" $overallStatus = $true if($volumes) { $criticalVolumes = $volumes |? {$_.KeyProtector.KeyProtectorType -contains "Tpm"} foreach ($volume in $criticalVolumes) { # Get volume information $volumeInfo = Get-BitLockerVolume -MountPoint $volume.MountPoint $volumeMountPoint = $volumeInfo.MountPoint $volumeProtectionStatus = $volumeInfo.ProtectionStatus $volumeType = $volumeInfo.VolumeType # Check if BitLocker protection is enabled if($volumeInfo.ProtectionStatus -eq "On") { $overallStatus = $false } $volumeDetails += "Volume with mount point: $volumeMountPoint and type : $volumeType has a protection status of $volumeProtectionStatus. `n" } } else { $volumeDetails = "No bitlocker volumes found." } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $volumeDetails result = $overallStatus } } catch { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $volumeDetails + $_.Exception.Message error = $_.Exception.Message result = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info $output.Details if ($output.result -eq $true) { if(($output.isBitlockerFeatureInstalled -ne $null) -and ($output.isBitlockerFeatureInstalled -eq $false)) { $status = 'SUCCESS' $detail = $luTxt.BitlockerFeatureNotInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.BitlockerEncryptedVolumesSuspended -f $output.ComputerName Log-Info $detail } } else { $status = 'FAILURE' $detail = $luTxt.BitlockerEncryptedVolumesNotSuspended -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_BitlockerSuspension' Title = 'Test Bitlocker Suspension' DisplayName = 'Test Bitlocker Suspension' Severity = 'CRITICAL' Description = 'Checking if any volumes have bitlocker suspended.' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Security' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Bitlocker Suspension' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-WdacEnablement { <# .SYNOPSIS Test if WDAC is enabled .DESCRIPTION Test if WDAC is enabled .EXAMPLE PS C:\> function Test-WdacEnablement Test if WDAC is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $cipFiles = Get-ChildItem -Path "$env:SystemRoot\System32\CodeIntegrity\CiPolicies\Active" -Filter *.cip if ($cipFiles.Count -gt 0) { # Refresh the current policy and check if audit mode is enabled from the lastest event Invoke-CimMethod -Namespace 'root\Microsoft\Windows\CI' -ClassName 'PS_UpdateAndCompareCIPolicy' -MethodName 'Update' -Arguments @{FilePath = $cipFiles[0].FullName} | Out-Null $events = Get-WinEvent -LogName "Microsoft-Windows-CodeIntegrity/Operational" -ErrorAction SilentlyContinue $targetEvent = $events | Where-Object { ($_.Id -in @('3099','3096')) -and ($_.Message -imatch $cipFiles[0].BaseName) } | Sort-Object TimeCreated -Descending | Select-Object -First 1 $eventXml = [XML]$targetEvent.ToXml() $eventData = $eventXml.Event.EventData.Data $policyOptions = [System.Convert]::ToInt64($eventData[6].'#text', 16) # SYSTEM_INTEGRITY_POLICY_ENABLE_AUDIT_MODE 1 << 16 => 65536 $policyResult = (($policyOptions -band 65536) -eq 0) } else { # No WDAC policy file found $policyResult = $false } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $policyResult } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'FAILURE' $detail = $luTxt.WdacEnabled -f $output.ComputerName Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.WdacNotEnabled -f $output.ComputerName Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_WDACEnablement' Title = 'Test WDAC Enablement' DisplayName = 'Test WDAC Enablement' Severity = 'CRITICAL' Description = 'Checking if WDAC is enabled' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Security' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'WDAC Enablement' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-AzureSupportedCloudType { <# .SYNOPSIS Test if cluster is connected to Azure Public Cloud. .DESCRIPTION Upgrade is only supported for clusters connected to Azure Public Cloud. .EXAMPLE PS C:\> function Test-AzureSupportedCloudType .EXAMPLE #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) $sb= { try { if(Test-Path -Path "C:\Program Files\AzureConnectedMachineAgent\azcmagent.exe") { $overallStatus = $true $testDetails = "" $arcAgentStatus = Invoke-Expression -Command "& 'C:\Program Files\AzureConnectedMachineAgent\azcmagent.exe' show -j" # Parsing the status received from Arc agent $arcAgentStatusParsed = $arcAgentStatus | ConvertFrom-Json # Throw an error if the node is Arc enabled to any other cloud apart from Azure Public cloud. # Other supported values which are not supported for Upgrade : AzureUSGovernment , AzureChinaCloud if ([string]::IsNullOrEmpty($arcAgentStatusParsed.cloud)) { $overallStatus = $false $testDetails = "Unable to determine Azure cloud type. ARC Agent status read: [{0}]" -f $arcAgentStatus } elseif (($arcAgentStatusParsed.cloud -ne "AzureCloud")) { $overallStatus = $false $testDetails = "{0}: Arc Agent is connected to {1}: cloud, which is not supported for upgrade." -f $ENV:COMPUTERNAME,$arcAgentStatusParsed.cloud } } else { $overallStatus = $false $testDetails ="ARC agent installation cannot be found at : C:\Program Files\AzureConnectedMachineAgent\azcmagent.exe" } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $testDetails result = $overallStatus } } catch { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $_.Exception.Message result = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info $output.Details if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.CloudSupported -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.CloudNotSupported -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_SupportedCloud' Title = 'Test Supported Cloud Type' DisplayName = 'Test Supported Cloud Type' Severity = 'CRITICAL' Description = 'Checking if any node is connected to an unsupported cloud' Tags = @{} Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/concepts/system-requirements-23h2' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Azure Cloud' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } function Test-AzureStackHCIRegistrationState { <# .SYNOPSIS Test if cluster registration state is connected. .DESCRIPTION Upgrade is only supported for clusters which are succesfully registered to azure. .EXAMPLE PS C:\> function Test-AzureStackHCIRegistrationState .EXAMPLE #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) $sb= { $severity = 'CRITICAL' try { $hciRegCmdlet = Get-Command Get-AzureStackHCI -Type Cmdlet -ErrorAction Ignore if($null -ne $hciRegCmdlet) { $overallStatus = $true $testDetails = "" $clusterRegistrationStatus = $(Get-AzureStackHCI) if ($null -eq $clusterRegistrationStatus) { $overallStatus = $false $testDetails = "Unable to determine Cluster registration status: [{0}]" -f $clusterRegistrationStatus } elseif ($clusterRegistrationStatus.RegistrationStatus -ne "Registered") { $overallStatus = $false $testDetails = "{0}: Cluster Registration status is: {1} , expected status: 'Registered'" -f $ENV:COMPUTERNAME,$clusterRegistrationStatus.RegistrationStatus } } else { $overallStatus = $false $testDetails ="Unable to find 'get-azurestackhci' cmdlet. Azure Stack HCI cluster registration status can only be checked on an Azure Stack HCI node." } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $testDetails result = $overallStatus } } catch { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $_.Exception.Message result = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info $output.Details if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.CloudSupported -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.CloudNotSupported -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_ClusterRegistrationState' Title = 'Test Cluster Registration state' DisplayName = 'Test Cluster Registration state' Severity = 'CRITICAL' Description = 'Checking if the cluster is successfully registered to azure cloud' Tags = @{} Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/concepts/system-requirements-23h2' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Azure Cloud' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } function Test-AksHciInstallState { <# .SYNOPSIS Test Windows Deduplication is enabled .DESCRIPTION Test Windows Deduplication is enabled .EXAMPLE PS C:\> Test-WindowsDeduplication Test if Windows Deduplication is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { Import-Module AksHci -ErrorAction SilentlyContinue $result = [bool](Get-Module AksHci) if($result) { try { $installState = (Get-AksHciConfig).AksHci.installState -ne "NotInstalled" if($installState) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "AksHci is installed" } } } catch { #NOOP } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $true error = "" } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.AksHciNotInstalled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.AksHciInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_AksHci' Title = 'Test AKS HCI install state' DisplayName = "Test AKS HCI install state on $($output.ComputerName)" Severity = 'CRITICAL' Description = 'Checking if AKS HCI is installed' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'AKS HCI' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-MocInstallState { <# .SYNOPSIS Test Windows Deduplication is enabled .DESCRIPTION Test Windows Deduplication is enabled .EXAMPLE PS C:\> Test-WindowsDeduplication Test if Windows Deduplication is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { Import-Module Moc -ErrorAction SilentlyContinue $result = [bool](Get-Module Moc) if($result) { try { $installState = (Get-MocConfig).installState -ne "NotInstalled" if($installState) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "Moc is installed" } } } catch { #NOOP } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $true error = "" } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.MocNotInstalled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.MocInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Moc' Title = 'Test MOC install state' DisplayName = "Test MOC install state on $($output.ComputerName)" Severity = 'CRITICAL' Description = 'Checking if MOC is installed' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'MOC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-MocServicesInstallState { <# .SYNOPSIS Test Windows Deduplication is enabled .DESCRIPTION Test Windows Deduplication is enabled .EXAMPLE PS C:\> Test-WindowsDeduplication Test if Windows Deduplication is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $service = Get-Service -Name wssdcloudagent -ErrorAction SilentlyContinue if($null -ne $service) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "wssdcloudagent service is running" } } $service = Get-Service -Name wssdagent -ErrorAction SilentlyContinue if($null -ne $service) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "wssdagent service is running" } } $service = Get-Service -Name MocHostAgent -ErrorAction SilentlyContinue if($null -ne $service) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "MocHostAgent service is running" } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $true error = "" } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.MocServicesNotInstalled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.MocServicesInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_MocServices' Title = 'Test MOC services running' DisplayName = "Test MOC services running on $($output.ComputerName)" Severity = 'CRITICAL' Description = 'Checking MOC services running state' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'MOC services' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-Language { <# .SYNOPSIS Test if the language is English-US #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $lang = Get-WinUserLanguageList return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Language = $lang } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info "Langauges on $($output.ComputerName) :" Log-Info ($output.Language | Out-String) if ($output.Language.LanguageTag -like 'en-*') { $status = 'SUCCESS' $detail = $luTxt.LanguageEnglishUS -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.LanguageNotEnglishUS -f $output.ComputerName, $output.Language.LanguageTag Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Language' Title = 'Test Language is English' DisplayName = 'Test Language is English' Severity = 'CRITICAL' Description = 'Checking if the language is English' Tags = @{} Remediation = "https://aka.ms/UpgradeRequirements" TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Language' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "Language: $($output.Language.LanguageTag)" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-Storage { [CmdletBinding()] param () try { $results = @() $poolConfigXml = [xml]'<StoragePool><Volumes><Volume Name="Infrastructure_1" Size="256GB" MinNodeCount="1" ></Volume></Volumes></StoragePool>' $results += Invoke-AzStackHciStorageValidation -PoolConfigXml $poolConfigXml -PassThru $results | % { $_.Name = $_.Name -replace 'AzStackHci_Storage','AzStackHci_Upgrade' } return $results } catch { throw $_ } } function Test-LCMVersion { <# .SYNOPSIS Test if the LCM version meets the minimum requirement .DESCRIPTION Test if the LCM version meets the minimum requirement .EXAMPLE PS C:\> function Test-LCMVersion Test if the LCM version meets the minimum requirement #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $lcmControllerService = Get-CimInstance -ClassName Win32_Service | Where-Object { $_.Name -eq 'LcmController' } if ($lcmControllerService.State -eq "Running") { $lcmPathParts = $lcmControllerService.PathName -split '\\' $lcmNugetName = $lcmPathParts | Where-Object {$_ -like "Microsoft.AzureStack.Solution.LCMControllerWinService*"} if ($lcmNugetName -match '\.(\d+\.\d+\.\d+\.\d+)$') { $lcmVersion = $matches[1] } else { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = "Fail to extract Controller service version." hasVersion = $false } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME lcmVersion = $lcmVersion hasVersion = $true } } else { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = "LCM Controller service is not in running state." hasVersion = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.hasVersion -eq $false) { $status = 'FAILURE' $detail = $luTxt.LCMVersionNotAvailable -f $output.ComputerName, $output.Details Log-Info $detail -Type CRITICAL } else { $minLcmVersion = "10.2408.0.537" Log-Info "LCM controllver minimum version requirement is $minLcmVersion" $lcmVersion = $output.lcmVersion Log-Info "LCM controllver version on $($output.ComputerName) : $lcmVersion" $minVersion = [System.Version]$minLcmVersion $version = [System.Version]$lcmVersion # Compare versions if ($version -ge $minVersion) { $status = 'SUCCESS' $detail = $luTxt.LCMVersionMeetMinRequirement -f $output.ComputerName, $lcmVersion, $minLcmVersion Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.LCMVersionNotMeetMinRequirement -f $output.ComputerName, $lcmVersion, $minLcmVersion Log-Info $detail -Type CRITICAL } } $params = @{ Name = 'AzStackHci_Upgrade_Minimum_LCM_Version' Title = 'Test LCM Version meets minimum requirement' DisplayName = 'Test LCM Version meets minimum requirement' Severity = 'Critical' Description = 'Checks that all nodes have the minimum LCM version' Tags = @{} Remediation = "https://aka.ms/UpgradeRequirements" TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'LCMService' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'LCM Version' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Get-SupportOsVersion { try { Log-Info "Getting the supported OS version" $nugetPath = Get-ASArtifactPath -NugetName Microsoft.AzureStack.Solution.Deploy.ProductNugets $xmlPath = Join-Path -Path $nugetPath -ChildPath ProductNugets.xml Log-Info "Reading the xml file from $xmlPath" [xml]$xml = Get-Content -Path $xmlPath Log-info "Getting the OS version from the xml file $xmlPath" $osVersion = $xml| Select-Xml -XPath "//NuGetPackage[@Name='Microsoft.AzureStack.OSUpdates']" | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty RequiredVersion Log-info "Found supported OS version: $osVersion" return $osVersion } catch { Log-Info "Failed to get the supported OS version. Error: $_" -Type WARNING } } function Test-FreeMemory { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $RequiredMemoryGB = 8 # Required for ARB VM $severity = 'CRITICAL' $remoteOutput = @() $sb = { $AvailableMemoryGB = [System.Math]::Round((Get-WmiObject -Class Win32_OperatingSystem).FreePhysicalMemory * 1KB / 1GB,2) return (New-Object psobject -Property @{ AvailableMemoryGB = $AvailableMemoryGB ComputerName = $ENV:COMPUTERNAME } ) } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { $dtl = $luTxt.AvailableMemory -f $output.ComputerName, [System.Math]::Round($output.AvailableMemoryGB,2), ($RequiredMemoryGB) if ($output.AvailableMemoryGB -gt $RequiredMemoryGB) { $status = 'SUCCESS' Log-Info $dtl } else { $status = 'FAILURE' Log-Info $dtl -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_FreeMemory' Title = 'Test Free Memory' DisplayName = 'Test Free Memory' Severity = $severity Description = 'Checking if there is enough free memory' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Memory' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Memory' Detail = $dtl Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } Export-ModuleMember -Function Test-* # SIG # Begin signature block # MIIoRgYJKoZIhvcNAQcCoIIoNzCCKDMCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCATAX93EsDJoMyG # 0C8qvHpXf6PCltO88auThf3sRIfqbqCCDXYwggX0MIID3KADAgECAhMzAAAEBGx0 # Bv9XKydyAAAAAAQEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTE0WhcNMjUwOTExMjAxMTE0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC0KDfaY50MDqsEGdlIzDHBd6CqIMRQWW9Af1LHDDTuFjfDsvna0nEuDSYJmNyz # NB10jpbg0lhvkT1AzfX2TLITSXwS8D+mBzGCWMM/wTpciWBV/pbjSazbzoKvRrNo # DV/u9omOM2Eawyo5JJJdNkM2d8qzkQ0bRuRd4HarmGunSouyb9NY7egWN5E5lUc3 # a2AROzAdHdYpObpCOdeAY2P5XqtJkk79aROpzw16wCjdSn8qMzCBzR7rvH2WVkvF # HLIxZQET1yhPb6lRmpgBQNnzidHV2Ocxjc8wNiIDzgbDkmlx54QPfw7RwQi8p1fy # 4byhBrTjv568x8NGv3gwb0RbAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU8huhNbETDU+ZWllL4DNMPCijEU4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMjkyMzAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIjmD9IpQVvfB1QehvpC # Ge7QeTQkKQ7j3bmDMjwSqFL4ri6ae9IFTdpywn5smmtSIyKYDn3/nHtaEn0X1NBj # L5oP0BjAy1sqxD+uy35B+V8wv5GrxhMDJP8l2QjLtH/UglSTIhLqyt8bUAqVfyfp # h4COMRvwwjTvChtCnUXXACuCXYHWalOoc0OU2oGN+mPJIJJxaNQc1sjBsMbGIWv3 # cmgSHkCEmrMv7yaidpePt6V+yPMik+eXw3IfZ5eNOiNgL1rZzgSJfTnvUqiaEQ0X # dG1HbkDv9fv6CTq6m4Ty3IzLiwGSXYxRIXTxT4TYs5VxHy2uFjFXWVSL0J2ARTYL # E4Oyl1wXDF1PX4bxg1yDMfKPHcE1Ijic5lx1KdK1SkaEJdto4hd++05J9Bf9TAmi # u6EK6C9Oe5vRadroJCK26uCUI4zIjL/qG7mswW+qT0CW0gnR9JHkXCWNbo8ccMk1 # sJatmRoSAifbgzaYbUz8+lv+IXy5GFuAmLnNbGjacB3IMGpa+lbFgih57/fIhamq # 5VhxgaEmn/UjWyr+cPiAFWuTVIpfsOjbEAww75wURNM1Imp9NJKye1O24EspEHmb # DmqCUcq7NqkOKIG4PVm3hDDED/WQpzJDkvu4FrIbvyTGVU01vKsg4UfcdiZ0fQ+/ # V0hf8yrtq9CkB8iIuk5bBxuPMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGiYwghoiAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAQEbHQG/1crJ3IAAAAABAQwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIEvBCB8SQjxYMWX3pKkVK1iC # N5xWH51WYSjG7XMCEsgeMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEACRhhcNV2MPWcFxz/sMditFnBXPN2W/XyUzarZkAqhHTOsAhgyP2QgOl5 # jxgdMmrqjxPBgJnanALjD1dfAnFNExfZD0lnex4qQCVG1rPmheQv4Zz9pNjDWuVK # QCTnB0VEHpGEEJpf/J+SdBHu8jDPAPaDok3z69bg0pF24O+ZVG4qlzvTX1gAsl9k # YXp/tsJbwnf4DDRDbEzUMihYoGx4UTLG90CM1Hf7ie4N4GsemqMuLsAE8ZP43RHJ # f5Mc1BfPm0tntAoh61n9O9pHcw3h7r0/zBtomq9wxRtrR6zKbe6iDoLP8pSKDPs0 # Sg0g0asBgsXg80i3uOTpGAIC48e7yKGCF7AwghesBgorBgEEAYI3AwMBMYIXnDCC # F5gGCSqGSIb3DQEHAqCCF4kwgheFAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFaBgsq # hkiG9w0BCRABBKCCAUkEggFFMIIBQQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCBe1P/GWb0ds18ZO3vJwAIH1UQtd1I0kXCExNUSrDUtbgIGZ0or4Oa0 # GBMyMDI0MTIwNDE1MDM0NC4xMzZaMASAAgH0oIHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo1MjFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaCCEf4wggcoMIIFEKADAgECAhMzAAACAAvXqn8bKhdWAAEAAAIAMA0G # CSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9u # MRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRp # b24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMB4XDTI0 # MDcyNTE4MzEyMVoXDTI1MTAyMjE4MzEyMVowgdMxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9w # ZXJhdGlvbnMgTGltaXRlZDEnMCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjUyMUEt # MDVFMC1EOTQ3MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl # MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr1XaadKkP2TkunoTF573 # /tF7KJM9Doiv3ccv26mqnUhmv2DM59ikET4WnRfo5biFIHc6LqrIeqCgT9fT/Gks # 5VKO90ZQW2avh/PMHnl0kZfX/I5zdVooXHbdUUkPiZfNXszWswmL9UlWo8mzyv9L # p9TAtw/oXOYTAxdYSqOB5Uzz1Q3A8uCpNlumQNDJGDY6cSn0MlYukXklArChq6l+ # KYrl6r/WnOqXSknABpggSsJ33oL3onmDiN9YUApZwjnNh9M6kDaneSz78/YtD/2p # Gpx9/LXELoazEUFxhyg4KdmoWGNYwdR7/id81geOER69l5dJv71S/mH+Lxb6L692 # n8uEmAVw6fVvE+c8wjgYZblZCNPAynCnDduRLdk1jswCqjqNc3X/WIzA7GGs4HUS # 4YIrAUx8H2A94vDNiA8AWa7Z/HSwTCyIgeVbldXYM2BtxMKq3kneRoT27NQ7Y7n8 # ZTaAje7Blfju83spGP/QWYNZ1wYzYVGRyOpdA8Wmxq5V8f5r4HaG9zPcykOyJpRZ # y+V3RGighFmsCJXAcMziO76HinwCIjImnCFKGJ/IbLjH6J7fJXqRPbg+H6rYLZ8X # BpmXBFH4PTakZVYxB/P+EQbL5LNw0ZIM+eufxCljV4O+nHkM+zgSx8+07BVZPBKs # looebsmhIcBO0779kehciYMCAwEAAaOCAUkwggFFMB0GA1UdDgQWBBSAJSTavgkj # Kqge5xQOXn35fXd3OjAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBf # BgNVHR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3Bz # L2NybC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmww # bAYIKwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29m # dC5jb20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0El # MjAyMDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBYGA1UdJQEB/wQMMAoGCCsGAQUF # BwMIMA4GA1UdDwEB/wQEAwIHgDANBgkqhkiG9w0BAQsFAAOCAgEAKPCG9njRtIqQ # +fuECgxzWMsQOI3HvW7sV9PmEWCCOWlTuGCIzNi3ibdLZS0b2IDHg0yLrtdVuBi3 # FxVdesIXuzYyofIe/alTBdV4DhijLTXtB7NgOno7G12iO3t6jy1hPSquzGLry/2m # EZBwIsSoS2D+H+3HCJxPDyhzMFqP+plltPACB/QNwZ7q+HGyZv3v8et+rQYg8sF3 # PTuWeDg3dR/zk1NawJ/dfFCDYlWNeCBCLvNPQBceMYXFRFKhcSUws7mFdIDDhZpx # qyIKD2WDwFyNIGEezn+nd4kXRupeNEx+eSpJXylRD+1d45hb6PzOIF7BkcPtRtFW # 2wXgkjLqtTWWlBkvzl2uNfYJ3CPZVaDyMDaaXgO+H6DirsJ4IG9ikId941+mWDej # kj5aYn9QN6ROfo/HNHg1timwpFoUivqAFu6irWZFw5V+yLr8FLc7nbMa2lFSixzu # 96zdnDsPImz0c6StbYyhKSlM3uDRi9UWydSKqnEbtJ6Mk+YuxvzprkuWQJYWfpPv # ug+wTnioykVwc0yRVcsd4xMznnnRtZDGMSUEl9tMVnebYRshwZIyJTsBgLZmHM7q # 2TFK/X9944SkIqyY22AcuLe0GqoNfASCIcZtzbZ/zP4lT2/N0pDbn2ffAzjZkhI+ # Qrqr983mQZWwZdr3Tk1MYElDThz2D0MwggdxMIIFWaADAgECAhMzAAAAFcXna54C # m0mZAAAAAAAVMA0GCSqGSIb3DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UE # CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z # b2Z0IENvcnBvcmF0aW9uMTIwMAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZp # Y2F0ZSBBdXRob3JpdHkgMjAxMDAeFw0yMTA5MzAxODIyMjVaFw0zMDA5MzAxODMy # MjVaMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH # EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV # BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwMIICIjANBgkqhkiG9w0B # AQEFAAOCAg8AMIICCgKCAgEA5OGmTOe0ciELeaLL1yR5vQ7VgtP97pwHB9KpbE51 # yMo1V/YBf2xK4OK9uT4XYDP/XE/HZveVU3Fa4n5KWv64NmeFRiMMtY0Tz3cywBAY # 6GB9alKDRLemjkZrBxTzxXb1hlDcwUTIcVxRMTegCjhuje3XD9gmU3w5YQJ6xKr9 # cmmvHaus9ja+NSZk2pg7uhp7M62AW36MEBydUv626GIl3GoPz130/o5Tz9bshVZN # 7928jaTjkY+yOSxRnOlwaQ3KNi1wjjHINSi947SHJMPgyY9+tVSP3PoFVZhtaDua # Rr3tpK56KTesy+uDRedGbsoy1cCGMFxPLOJiss254o2I5JasAUq7vnGpF1tnYN74 # kpEeHT39IM9zfUGaRnXNxF803RKJ1v2lIH1+/NmeRd+2ci/bfV+AutuqfjbsNkz2 # K26oElHovwUDo9Fzpk03dJQcNIIP8BDyt0cY7afomXw/TNuvXsLz1dhzPUNOwTM5 # TI4CvEJoLhDqhFFG4tG9ahhaYQFzymeiXtcodgLiMxhy16cg8ML6EgrXY28MyTZk # i1ugpoMhXV8wdJGUlNi5UPkLiWHzNgY1GIRH29wb0f2y1BzFa/ZcUlFdEtsluq9Q # BXpsxREdcu+N+VLEhReTwDwV2xo3xwgVGD94q0W29R6HXtqPnhZyacaue7e3Pmri # Lq0CAwEAAaOCAd0wggHZMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUC # BBYEFCqnUv5kxJq+gpE8RjUpzxD/LwTuMB0GA1UdDgQWBBSfpxVdAF5iXYP05dJl # pxtTNRnpcjBcBgNVHSAEVTBTMFEGDCsGAQQBgjdMg30BATBBMD8GCCsGAQUFBwIB # FjNodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL0RvY3MvUmVwb3NpdG9y # eS5odG0wEwYDVR0lBAwwCgYIKwYBBQUHAwgwGQYJKwYBBAGCNxQCBAweCgBTAHUA # YgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU # 1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2Ny # bC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIw # MTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0w # Ni0yMy5jcnQwDQYJKoZIhvcNAQELBQADggIBAJ1VffwqreEsH2cBMSRb4Z5yS/yp # b+pcFLY+TkdkeLEGk5c9MTO1OdfCcTY/2mRsfNB1OW27DzHkwo/7bNGhlBgi7ulm # ZzpTTd2YurYeeNg2LpypglYAA7AFvonoaeC6Ce5732pvvinLbtg/SHUB2RjebYIM # 9W0jVOR4U3UkV7ndn/OOPcbzaN9l9qRWqveVtihVJ9AkvUCgvxm2EhIRXT0n4ECW # OKz3+SmJw7wXsFSFQrP8DJ6LGYnn8AtqgcKBGUIZUnWKNsIdw2FzLixre24/LAl4 # FOmRsqlb30mjdAy87JGA0j3mSj5mO0+7hvoyGtmW9I/2kQH2zsZ0/fZMcm8Qq3Uw # xTSwethQ/gpY3UA8x1RtnWN0SCyxTkctwRQEcb9k+SS+c23Kjgm9swFXSVRk2XPX # fx5bRAGOWhmRaw2fpCjcZxkoJLo4S5pu+yFUa2pFEUep8beuyOiJXk+d0tBMdrVX # VAmxaQFEfnyhYWxz/gq77EFmPWn9y8FBSX5+k77L+DvktxW/tM4+pTFRhLy/AsGC # onsXHRWJjXD+57XQKBqJC4822rpM+Zv/Cuk0+CQ1ZyvgDbjmjJnW4SLq8CdCPSWU # 5nR0W2rRnj7tfqAxM328y+l7vzhwRNGQ8cirOoo6CGJ/2XBjU02N7oJtpQUQwXEG # ahC0HVUzWLOhcGbyoYIDWTCCAkECAQEwggEBoYHZpIHWMIHTMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJzAlBgNVBAsTHm5TaGllbGQgVFNTIEVT # Tjo1MjFBLTA1RTAtRDk0NzElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAg # U2VydmljZaIjCgEBMAcGBSsOAwIaAxUAjJOfLZb3ivipL3sSLlWFbLrWjmSggYMw # gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQsF # AAIFAOr6mPAwIhgPMjAyNDEyMDQwOTAxMzZaGA8yMDI0MTIwNTA5MDEzNlowdzA9 # BgorBgEEAYRZCgQBMS8wLTAKAgUA6vqY8AIBADAKAgEAAgIbuwIB/zAHAgEAAgIS # SDAKAgUA6vvqcAIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAow # CAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBCwUAA4IBAQBHgNG/1vgC # NVLC+4luI4uHBRgVj6v2+QIyujWPIQ1dYxsj+nuYd1iFcM8Bey5HGWHIVdgcAfp1 # kCncg7ZB/JYPUisBgmkhM1rFXE8zfj/hE2AM+YLaW1A3/jqlZJoArwhypDJyrCy8 # DpKnF7uzFGxmz96jr1f0cFYNMp827FWQvC+9ZwQo/DBcCq45A+5BfKrzuChDGJxA # SdVj2VRQQ6VcZiwmP84KxEaM6msBDQOrnL5xZznPHG84rDoRidGGGRqAdzW/4ooV # TvKjM//RaMxOCXZ8FJTqo423D8+mOd2P4WClH2glk/6TQZ49qaeaYKQzPqKsgLta # YClDCHdUsQloMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAIAC9eqfxsqF1YAAQAAAgAwDQYJYIZIAWUDBAIBBQCgggFKMBoG # CSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg7R1ltIby # fD1ovBxy6gH7i9Rb/I75AJRfOi/xMdhNgOMwgfoGCyqGSIb3DQEJEAIvMYHqMIHn # MIHkMIG9BCDUyO3sNZ3burBNDGUCV4NfM2gH4aWuRudIk/9KAk/ZJzCBmDCBgKR+ # MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT # HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAACAAvXqn8bKhdWAAEA # AAIAMCIEIMaU6J1dp6uAu7CgFTMZBBbh4Qo+kpwMyZSFgys4/zMDMA0GCSqGSIb3 # DQEBCwUABIICACxnQly8yE3YzlB30dV/OYLrLtox8VYARBLMQ4pwsaDwc+R1bMrY # AyI6+LeU7TvRS38RBlkd+kNusfTAF1iAXM4Hxov1W+25mtSKHZ9+hRqovmdUCfF9 # 6vQxusoz8mrkGJoduJ7+veb71uKc2m3HBEarQRVW8HfSG+OeRZGYpI6/WddXfJrV # T5ekW+LC8dDfhHQREFEXZbHz1MfbvhiGkLjzzD7HIaolc+3bIFh2UhvYDCze3Wvk # ayXmtAvmUECcKEdlYbcsbPkDXtxiC721fUgjx4ETfNsE/+3kNV9PgJnkdnanG90Y # 7Cki51S2g1/p3OQrQCeaG2gu+flhv+I5Y0xAr1CeXDOE+7MgR6IIATGYPhLOqa5l # jgpfQuKS+e+guFyPU/+WDSbUiTFTwhc/P0e/wGbeLd6kTonMZF0DDxv9hNGlcXft # A1YrRypj18N+exWoZ3EqN4/Hz5NIHcA7I65zb4Y3tAusvTj+65HgmaDxFyw8/SNM # tAJm4moL5M4aoivssNjOzU35lS1PuvdMTM26xFSZ0LU4mdeXrewBa0yPMOBCyo56 # M21buYAnMWOFqSh6e2abGGPii4V2MbIuwhBMrKgxz1JcZgiW007C4aW4sctpIpQZ # ++5r3y1q0d5wqHGaExGqOuFZ6Nlnp48Vh148Xw8DK0w/j3IMNd/erSNk # SIG # End signature block |