[CmdletBinding()] param ( [string]$OutFile, [string]$AltDownload, [string]$Proxy, [string]$AltHisEndpoint ) $ErrorActionPreference = 'Stop' $ProgressPreference = 'SilentlyContinue' $refVersion = [version] '4.5' $provider = 'Microsoft.HybridCompute' # Error codes used by azcmagent are in range of [0, 125]. # Installation scripts will use [127, 255]. Check install_linux_azcmagent.sh for the codes used for Linux script. $global:errorcode="AZCM0150" <# Throw a structured exception#> function Invoke-Failure { [CmdletBinding()] param( [Parameter(Mandatory=$true)] $Message, [Parameter(Mandatory=$true)] $ErrorCode, [Parameter(Mandatory=$false)] $Details ) $ex = new-object -TypeName System.Exception -ArgumentList @($Message) $ex.Data["Details"] = $details $ex.Data["ErrorCode"] = $errorcode throw $ex } function Test-AzureStackHCI() { [CmdletBinding()] param ( ) try { $product=Get-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion' -Name ProductName | select -ExpandProperty ProductName } catch { Write-Verbose -Message "Error $_ Unable to determine product SKU from registry" -Verbose # Will attempt to install anyway return $false } if ($product -eq 'Azure Stack HCI') { return $true } return $false } function Test-PowerShellVersion() { [CmdletBinding()] param ( ) Write-Verbose -Message "PowerShell version: $($PSVersionTable.PSVersion)" -Verbose return ($PSVersionTable.PSVersion -ge [Version]"3.0") } function Test-DotNetFramework() { [CmdletBinding()] param ( ) try { $installedVersion = [version] (Get-ItemProperty -LiteralPath 'HKLM:\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full' -Name Version | select -ExpandProperty Version) } catch { Write-Verbose -Message "Error $_ Unable to determine .NET Framework version" -Verbose # Will attempt to install anyway return $true } Write-Verbose -Message ".NET Framework version: $installedVersion" -Verbose if ($installedVersion -ge $refVersion) { return $true } return $false } function Test-IsAzure() { [CmdletBinding()] param ( ) Write-Verbose -Message "Checking if this is an Azure virtual machine" -Verbose try { if ($PSVersionTable.PSVersion -ge [Version]"6.0") { $response = Invoke-WebRequest -UseBasicParsing -Uri "http://169.254.169.254/metadata/instance/compute?api-version=2019-06-01" -Headers @{Metadata = "true"} -NoProxy -TimeoutSec 1 -ErrorAction SilentlyContinue } else { $response = Invoke-WebRequest -UseBasicParsing -Uri "http://169.254.169.254/metadata/instance/compute?api-version=2019-06-01" -Headers @{Metadata = "true"} -TimeoutSec 1 -ErrorAction SilentlyContinue } if ($null -ne $response -and $response.StatusCode -eq 200) { $content = ConvertFrom-Json $($response.Content.ToString()) if ($null -ne $content.resourceId) { Write-Verbose -Message "Azure check indicates that we are in Azure" -Verbose return $true } } } catch { Write-Verbose -Message "Error $_ checking if we are in Azure" -Verbose return $false } return $false } function Get-MsiLogSummary() { [CmdletBinding()] param( [Parameter(Mandatory=$true)] [string]$LogPath ) try { $LogPath = Resolve-Path $LogPath Write-Verbose -Message "Reading Logs from $LogPath" -Verbose $patterns = @( "Installation success or error status", "Product: Azure Connected Machine Agent" ); $regex = "(" + ($patterns -join ")|(" ) + ")" Write-Verbose -Message "Looking for Patterns: $regex" -Verbose $inCustomAction = $false $logCustomAction = $false $caOutput = new-object -TypeName System.Collections.ArrayList Get-Content $LogPath | % { # log interesting lines if ( ($_ -match $regex)) { $_ # output to pipeline } # Wix custom actions start with "Calling custom Action". Gather the log from the CA till we see if it passed # At the end, log that output only if it failed with "returned actual error" if ($_ -match "Calling custom action") { $inCustomAction = $true $logCustomAction = $false } if ($_ -match "MSI \(s\)") { $inCustomAction = $false } if ($_ -match "returned actual error") { $logCustomAction = $true } if ($inCustomAction) { $null = $caOutput.Add($_) } else { if($logCustomAction) { $caOutput # output saved lines to pipeline } $caOutput.Clear() } } } catch { # This code is optional so if something goes wrong we'll just swallow the error and have no details Write-Verbose -Message "Error while parsing MSI log: $_" -Verbose } } function Send-Failure { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.Exception] $Error, [Parameter(Mandatory = $true)] [string] $ErrorCode, [Parameter(Mandatory = $false)] [string] $AltHisEndpoint ) $hisEndpoint = "https://gbl.his.arc.azure.com" if ($env:CLOUD -eq "AzureUSGovernment") { $hisEndpoint = "https://gbl.his.arc.azure.us" } elseif ($env:CLOUD -eq "AzureChinaCloud") { $hisEndpoint = "https://gbl.his.arc.azure.cn" } elseif ($env:CLOUD -eq "AzureStackCloud") { if ($AltHisEndpoint) { $hisEndpoint = $AltHisEndpoint } else { Write-Warning "error in Send-Failure due to invalid his endpoint." return } } $message = "$Error" if ($Error.Data["Details"]) { $message = $Error.Data["Details"] } $message = $message.Substring(0, [Math]::Min($message.Length, 500)) if ( $env:PROVIDER_NAMESPACE ) { $provider = $env:PROVIDER_NAMESPACE } $logBody = @{subscriptionId="$env:SUBSCRIPTION_ID";resourceGroup="$env:RESOURCE_GROUP";tenantId="$env:TENANT_ID";location="$env:LOCATION";correlationId="$env:CORRELATION_ID";authType="$env:AUTH_TYPE";operation="onboarding";namespace="$provider";osType="windows";messageType="$ErrorCode";message="$message";} try { Invoke-WebRequest -UseBasicParsing -Uri "$hisEndpoint/log" -Method "PUT" -Body ($logBody | ConvertTo-Json) -ErrorAction SilentlyContinue } catch {} } # Based on the MSI error code, we may have some hint to provide as to the issue # See https://learn.microsoft.com/en-us/windows/win32/msi/error-codes function Get-MsiErrorDetails() { [CmdletBinding()] param( $exitCode ) $message = (net helpmsg $exitCode) -join "" $hint = "" $errorCode = "AZCM0149" # exitCode is the return value from msiexec. errorCode is the error code of the script switch($exitCode) { 1603 { # ERROR_INSTALL_FAILURE $hint = "A fatal error occurred during installation" $errorCode = "AZCM0156" } 1633 { # ERROR_INSTALL_PLATFORM_UNSUPPORTED $hint = "Unsupported: Azure Connected Machine Agent is only compatible with X64 operating systems" $errorCode = "AZCM0153" } } return [PSCustomObject]@{ Message = $message Hint = $hint ErrorCode = $errorCode } } function CheckRSOPLogonRights { # Checks RSOP to see if a group policy may prevent himds from running # Support PS 1-2 for initial requirements check even though PS4 is required for product if ($PSVersionTable.PSVersion.Major -ge 3) { $securitySettings = Get-CimInstance -Namespace "root/RSOP/Computer" -ClassName "RSOP_SecuritySettings" -ErrorAction SilentlyContinue -ErrorVariable "rsoperror" } else { $securitySettings = Get-WmiObject -Namespace "root/RSOP/Computer" -Class "RSOP_SecuritySettings" -ErrorAction SilentlyContinue -ErrorVariable "rsoperror" } if ($rsoperror -ne $null) { Write-Warning "Unable to retrieve RSOP data to check local security policy." return } # Find the RSOP results for SeLogonAsAService, might be empty $logonAsServicePolicy = $securitySettings | Where-Object { $_.UserRight -eq "SeServiceLogonRight" } $logonAsServicePrincipals = $logonAsServicePolicy | Select-Object -ExpandProperty AccountList # If the list is empty, contains NT SERVICE\ALL SERVICES (default), or contains NT SERVICE\himds then our service can run if ($logonAsServicePrincipals -and ` $logonAsServicePrincipals -notcontains "NT SERVICE\ALL SERVICES" -and ` $logonAsServicePrincipals -notcontains "NT SERVICE\himds" -and ` $logonAsServicePrincipals -notcontains "S-1-5-80-4215458991-2034252225-2287069555-1155419622-2701885083") { Write-Warning "The local security policy on this system will prevent the agent from loading. Contact your Group Policy administrator to ensure 'NT SERVICE\ALL SERVICES' is included in any Group Policy Objects that configure the Logon as a Service User Rights Assignment. See https://aka.ms/ArcServerURA for more information." Write-Warning "GPO ID: $($logonAsServicePolicy.GPOID)" } } function Check-Physical-Memory() { [CmdletBinding()] param ( ) $memory = systeminfo | Select-String '^Total Physical Memory' Write-Verbose -Message "$memory" -Verbose } function Download-With-Retries() { [CmdletBinding()] param ( [Parameter(Mandatory=$true)][string]$downloadUri, [Parameter(Mandatory=$false)][int]$maxAttempts = 3 ) $attempts=1 do { try { if (([Uri]$downloadUri).Scheme -in @("https","http")) { Write-Verbose -Message "Downloading agent package from $downloadUri to $msiFile" -Verbose # It's a web site, download it if ($Proxy) { Invoke-WebRequest -UseBasicParsing -Proxy $Proxy -Uri $downloadUri -OutFile $msiFile } else { Invoke-WebRequest -UseBasicParsing -Uri $downloadUri -OutFile $msiFile } } else { # This could be a UNC path or a local file, just try and copy it Write-Verbose -Message "Copying agent package from $downloadUri to $msiFile" -Verbose Copy-Item $downloadUri $msiFile } return } catch { $attempts++ Write-Verbose -Message "Download failure: $_ ..Retrying..." -Verbose } } while ($attempts -le $maxAttempts) Invoke-Failure -ErrorCode "AZCM0148" -Message "Download of $downloadUri failed: $_" } try { #Check if PowerShell is running as administrator if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) { Invoke-Failure -Message "This script must be run as an administrator." -ErrorCode "AZCM0155" } # Ensure TLS 1.2 is accepted. Older PowerShell builds (sometimes) complain about the enum "Tls12" so we use the underlying value [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 3072 # Ensure TLS 1.3 is accepted, if this .NET supports it (older versions don't) try { [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor 12288 } catch {} Write-Verbose -Message "Installing Azure Connected Machine Agent" -Verbose Check-Physical-Memory $hci = Test-AzureStackHCI if ($hci) { Invoke-Failure -Message "This server is running Azure Stack HCI and should be connected to Azure Arc using the built-in registration experience: https://aka.ms/install-arc-on-hci-host" -ErrorCode "AZCM0152" } $validPowerShell = Test-PowerShellVersion if (-Not $validPowerShell) { Invoke-Failure -Message "Azure Connected Machine Agent requires PowerShell version 4.0 or later" -ErrorCode "AZCM0154" } $validFramework = Test-DotNetFramework if (-Not $validFramework) { Invoke-Failure -Message "Azure Connected Machine Agent requires .NET Framework version $refVersion or later" -ErrorCode "AZCM0151" } $inAzure = Test-IsAzure if ($inAzure) { $override = [System.Environment]::GetEnvironmentVariable("MSFT_ARC_TEST", [System.EnvironmentVariableTarget]::Machine) if ('true' -eq $override) { Write-Warning '''Running on an Azure Virtual Machine with MSFT_ARC_TEST set. Azure Connected Machine Agent is designed for use outside Azure. This virtual machine should only be used for testing purposes. See https://aka.ms/azcmagent-testwarning for more details. ''' } else { Invoke-Failure -ErrorCode "AZCM0147" -Message '''Cannot install Azure Connected Machine agent on an Azure Virtual Machine. Azure Connected Machine Agent is designed for use outside Azure. To connect an Azure VM for TESTING PURPOSES ONLY, see https://aka.ms/azcmagent-testwarning for more details. ''' } } CheckRSOPLogonRights # Download the package $msiFile = Join-Path "$env:Temp" "AzureConnectedMachineAgent.msi" if ($AltDownload) { $downloadUri = $AltDownload } else { $downloadUri = "https://aka.ms/AzureConnectedMachineAgent" } Download-With-Retries -downloadUri $downloadUri # Install the package $logFile = Join-Path -Path "$env:Temp" -ChildPath "installationlog.txt" $argList = @("/i", "$msiFile" , "/l*v", "$logFile", "/qn", "REBOOT=ReallySuppress") Write-Verbose -Message "Installing agent package" -Verbose $exitCode = (Start-Process -FilePath msiexec.exe -ArgumentList $argList -Wait -Passthru).ExitCode if ($exitCode -ne 0) { # Treat ERROR_SUCCESS_REBOOT_INITIATED (1641) and ERROR_SUCCESS_REBOOT_REQUIRED (3010) as success if ($exitCode -eq 1641 -Or $exitCode -eq 3010) { Write-Warning -Message "Installation succeeded but a reboot is required to complete the installation." Write-Verbose -Message "Msiexec returned: $exitCode - treating it as success" -Verbose } else { $details = (Get-MsiErrorDetails $exitCode) $logInfo = ((Get-MsiLogSummary "$logFile") -join "`n") Invoke-Failure -Message "Installation failed: [$exitCode]: $($details.Message) $($details.Hint)`: See $logFile for additional details." -ErrorCode $details.ErrorCode -Details $logInfo } } # Check if we need to set proxy environment variable if ($PSBoundParameters.ContainsKey("Proxy")) { if ($Proxy) { Write-Verbose -Message "Setting proxy configuration: $Proxy" -Verbose & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent" config set proxy.url ${Proxy} } else { Write-Verbose -Message "Clearing proxy configuration" -Verbose & "$env:ProgramW6432\AzureConnectedMachineAgent\azcmagent" config clear proxy.url } } } catch { $code = $_.Exception.Data.ErrorCode $details = $_.Exception.Data.Details if(!$code) { $code = "AZCM0150" } # default if we do not have some more specific error if ($OutFile) { [ordered]@{ status = "failed" error = [ordered]@{ message = $_.Exception.Message code = $code details = $details } } | ConvertTo-Json | Out-File $OutFile } Write-Error $_ -ErrorAction Continue if ($details) { Write-Output "Details: $details" } Send-Failure $_.Exception $code $AltHisEndpoint exit 1 } # Installation was successful if we got this far if ($OutFile) { [ordered]@{ status = "success" message = "Installation of azcmagent completed successfully" } | ConvertTo-Json | Out-File $OutFile } Write-Host "Installation of azcmagent completed successfully" exit 0 # SIG # Begin signature block # MIIoLQYJKoZIhvcNAQcCoIIoHjCCKBoCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCAbMjtLnmbgtDU1 # 2jbGnyzwGflyglQA9LRbYmN9HySThKCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGg0wghoJAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIKQWCNC/Wzk2/izApFdNpown # tTQLI9NROxcBRjrKNB4ZMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAZPwDgq47uuajkdt/J1ZresIlioaNcEYybg3TcVbDU8dWiTH5cvr6/WI5 # JPqe93X07dOttF0HfZBiwye35KbY6DX5m4PhQAQ3EsJypq1UBQkexOfhwFTfPEIM # AUtTWzJqCPDaoA4q2pIGW0hIFSWtunPsYW8DiulHDEOl7mYyr15PTfZjdsxtNNnd # ohzwnE9cwXS7ucrDki/0MUqqZ7sg+LSagXILVV/EYlcYCaloTpDL3d0phrE4qXng # JjALK+6QCbcz7i50zUkyrOVmZI4isHkkVu65FQAXd16VlBFLQbVyNLs/Ahoay18W # NKroOQr99+AIJnWiX6QLdvJk4ybKZaGCF5cwgheTBgorBgEEAYI3AwMBMYIXgzCC # F38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq # hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCAly0SZyQEd2R6FeOeVGx/x3iRgiZDqY3FFcUw7eGZnYwIGZfxpRhNA # GBMyMDI0MDMyNzE4MzY0MS40NjhaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzcwMy0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg # ghHtMIIHIDCCBQigAwIBAgITMwAAAeqaJHLVWT9hYwABAAAB6jANBgkqhkiG9w0B # AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMzEyMDYxODQ1 # MzBaFw0yNTAzMDUxODQ1MzBaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z # MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046MzcwMy0wNUUwLUQ5NDcxJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQC1C1/xSD8gB9X7Ludoo2rWb2ksqaF65QtJkbQpmsc6 # G4bg5MOv6WP/uJ4XOJvKX/c1t0ej4oWBqdGD6VbjXX4T0KfylTulrzKtgxnxZh7q # 1uD0Dy/w5G0DJDPb6oxQrz6vMV2Z3y9ZxjfZqBnDfqGon/4VDHnZhdas22svSC5G # HywsQ2J90MM7L4ecY8TnLI85kXXTVESb09txL2tHMYrB+KHCy08ds36an7IcOGfR # mhHbFoPa5om9YGpVKS8xeT7EAwW7WbXL/lo5p9KRRIjAlsBBHD1TdGBucrGC3TQX # STp9s7DjkvvNFuUa0BKsz6UiCLxJGQSZhd2iOJTEfJ1fxYk2nY6SCKsV+VmtV5ai # PzY/sWoFY542+zzrAPr4elrvr9uB6ci/Kci//EOERZEUTBPXME/ia+t8jrT2y3ug # 15MSCVuhOsNrmuZFwaRCrRED0yz4V9wlMTGHIJW55iNM3HPVJJ19vOSvrCP9lsEc # EwWZIQ1FCyPOnkM1fs7880dahAa5UmPqMk5WEKxzDPVp081X5RQ6HGVUz6ZdgQ0j # cT59EG+CKDPRD6mx8ovzIpS/r/wEHPKt5kOhYrjyQHXc9KHKTWfXpAVj1Syqt5X4 # nr+Mpeubv+N/PjQEPr0iYJDjSzJrqILhBs5pytb6vyR8HUVMp+mAA4rXjOw42vkH # fQIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFCuBRSWiUebpF0BU1MTIcosFblleMB8G # A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG # Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy # MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w # XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy # dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD # AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQAog61WXj9+/nxVbX3G37KgvyoNAnuu2w3H # oWZj3H0YCeQ3b9KSZThVThW4iFcHrKnhFMBbXJX4uQI53kOWSaWCaV3xCznpRt3c # 4/gSn3dvO/1GP3MJkpJfgo56CgS9zLOiP31kfmpUdPqekZb4ivMR6LoPb5HNlq0W # bBpzFbtsTjNrTyfqqcqAwc6r99Df2UQTqDa0vzwpA8CxiAg2KlbPyMwBOPcr9hJT # 8sGpX/ZhLDh11dZcbUAzXHo1RJorSSftVa9hLWnzxGzEGafPUwLmoETihOGLqIQl # Cpvr94Hiak0Gq0wY6lduUQjk/lxZ4EzAw/cGMek8J3QdiNS8u9ujYh1B7NLr6t3I # glfScDV3bdVWet1itTUoKVRLIivRDwAT7dRH13Cq32j2JG5BYu/XitRE8cdzaJmD # VBzYhlPl9QXvC+6qR8I6NIN/9914bTq/S4g6FF4f1dixUxE4qlfUPMixGr0Ft4/S # 0P4fwmhs+WHRn62PB4j3zCHixKJCsRn9IR3ExBQKQdMi5auiqB6xQBADUf+F7hSK # ZfbA8sFSFreLSqhvj+qUQF84NcxuaxpbJWVpsO18IL4Qbt45Cz/QMa7EmMGNn7a8 # MM3uTQOlQy0u6c/jq111i1JqMjayTceQZNMBMM5EMc5Dr5m3T4bDj9WTNLgP8SFe # 3EqTaWVMOTCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg # M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF # dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6 # GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp # Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu # yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E # XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0 # lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q # GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ # +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA # PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw # EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG # NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV # MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK # BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG # 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x # M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC # VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449 # xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM # nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS # PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d # Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn # GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs # QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL # jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL # 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNQ # MIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn # MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjM3MDMtMDVFMC1EOTQ3MSUwIwYDVQQD # ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQCJ # 2x7cQfjpRskJ8UGIctOCkmEkj6CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA6a7QYTAiGA8yMDI0MDMyNzE3MDUz # N1oYDzIwMjQwMzI4MTcwNTM3WjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDprtBh # AgEAMAoCAQACAi5IAgH/MAcCAQACAhJMMAoCBQDpsCHhAgEAMDYGCisGAQQBhFkK # BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ # KoZIhvcNAQELBQADggEBADCEkFplTWl770CLD9eN/EzVy13RD1Mz/tikKAW5HNVv # HZ+TY0P1FOHUo63SCLyX8rPHuvOktHwOYkyHyUFkV4nEbMxfs4ves/AJnEMLwi4S # ffGBVgq7mimE1agUkWBhfK+PoJk2XOKvybi/PyA7++RMrQtXa7D+Ru11uhSritVC # pDYW/DmxbF0oIgAuRIyKa6d0RgQmFFSJbVbIBaTru/UoR7ezGKJVG2CMeiqv1rdY # 9Hirs57bRaQkT3gCUgHMu8UfOiTOdCbp7pZrk0jl+QiLo36YTwYzFiBrYW0Vjk0D # NU35yMBDM5PMOPZtnCj3sSc8Fmta0Q3aj+REwDpHmf4xggQNMIIECQIBATCBkzB8 # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1N # aWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAeqaJHLVWT9hYwABAAAB # 6jANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE # MC8GCSqGSIb3DQEJBDEiBCCNUVHRnc6V/8aiqM+61pSFVigrY8Le+CGAXN+CPM/9 # dTCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EICmPodXjZDR4iwg0ltLANXBh # 5G1uKqKIvq8sjKekuGZ4MIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAHqmiRy1Vk/YWMAAQAAAeowIgQgWQ5d2SdQ/WMGOWei9tQ128lJ # vjVfHs9/UdsIiMD1o4IwDQYJKoZIhvcNAQELBQAEggIAFGDaXCQNHrnifF++YcgV # z2+RqUZFEOnvK6abU7vTQmbCCK1JJJnHKvPpQM9te/7MaCU2JZ4Gp7MT2k0/Rsg3 # goCpoQJu1q8hFiTKXmnx4/qYWqUE+kCfBpaV7ePsQHbZnyIucnhIOg6i2F4Q3NwO # N+gIZr6Ed0Dfsto4AySXVk9jKQGBqLxeDUiD73GpdPOt6U7RjHTNcb+4lkoNjZUY # zU9NuhAQtRdXfJiv55cr8vSJhtIJf3tMPjPzrx9C8IFTdMprDDICMLAFseYsGT4a # wCPiqAu0A+5S7BRXDz2Fgk8nMhIuxnWylvgMhvVvK9p1OxHw/Lli43ZCdrOYDn0f # J1EMz6vEVXcYlEiQ0NvNejxCfJaQmmWBSuJHM/2geOaFjjg86HDlJuEb0YR//nfa # VyUSju7LujltvZPiFAo2iT3IUhvbX884vJzIahm0O3sQGVH2nNKRShOmq5opjzw6 # C3ywkS555dY74KvlaT/sjOZajBrIkXEpKr7kXkQqPHIxDFp5jZPghw48nX2d3EfP # sFP9R4z1iERfoVTO2D/ckeqqE3vnDr1DelJxS4UBNme41eSgibmlySmMIaYpw6N/ # C6jpJar6ayr/qrnSd33a1+L322bHsMbUxekhz0mg0MwQ+PCDQIl9YZam+E0xyR8a # Pye/v3/UAkPN5FngyrnRAv8= # SIG # End signature block