AzStackHciUpgrade/AzStackHci.Upgrade.Helpers.psm1
|
Import-LocalizedData -BindingVariable luTxt -FileName AzStackHci.Upgrade.Strings.psd1 Import-Module $PSScriptRoot\..\AzStackHciHardware\AzStackHci.Hardware.Helpers.psm1 -Force -DisableNameChecking -Global function Test-23H2 { <# .SYNOPSIS Test Windows OS is 23H2 .DESCRIPTION Test Windows OS is 23H2 .EXAMPLE PS C:\> Test-23H2 Test Windows OS is 23H2 on localhost. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { Import-Module "$PsScriptRoot\..\AzStackHciSoftware\AzStackHci.Software.Helpers.psm1" -Force $supportedVersion = Get-SupportOsVersion if ([string]::IsNullOrEmpty($supportedVersion)) { # Fall back to 23H2 greater and equal 8B (do 6B for now) Log-Info "Unable to determine the supported version. Please ensure all nodes are fully patched up to date." -ConsoleOut -Type WARNING $supportedVersion = '10.0.25398.1075' } $instanceResults = Test-OSVersion -PsSession $PsSession -MinimumVersion $supportedVersion foreach ($instanceResult in $instanceResults) { $instanceResult.Name = 'AzStackHci_Upgrade_23H2' $instanceResult.Title = 'Test Windows OS is 23H2' $instanceResult.DisplayName = 'Test Windows OS is 23H2' $instanceResult.Description = 'Checking Windows OS is 23H2' $instanceResult.Tags = @{} $instanceResult.Severity = 'CRITICAL' $instanceResult.Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/deploy/deployment-tool-install-os' $instanceResult.TargetResourceID = $instanceResult.TargetResourceName $instanceResult.TargetResourceType = 'OS' $instanceResult.HealthCheckSource = $ENV:EnvChkrId } return $instanceResults } catch { throw $_ } } function Test-HciCluster { <# .SYNOPSIS Test all nodes are part of the same cluster, nodes are up and cluster is not stretched #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession, [Parameter(Mandatory = $false)] [System.Collections.ArrayList] $IpPools ) try { $remoteOutput = @() $sb = { $clusterName = "" try { $clusterName = Get-Cluster | Select-Object -Expand Name # omitting -Cluster as this requires CredSSP $clusterNodes = Get-ClusterNode $clusterFaultDomainSiteName = Get-ClusterFaultDomain -Type Site | Select-Object -Expand Name $clusterIp = Get-ClusterGroup -Name 'Cluster Group' | Get-ClusterResource | Where-Object ResourceType -eq 'IP Address' | Get-ClusterParameter -Name Address | Select-Object -ExpandProperty Value $clusterHasIpv6 = [bool](Get-ClusterGroup -Name 'Cluster Group' | Get-ClusterResource | Where-Object ResourceType -eq 'IPv6 Address') } catch{} return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Cluster = $clusterName ClusterNodes = $clusterNodes ClusterFaultDomain = $clusterFaultDomainSiteName ClusterIP = $clusterIp ClusterHasIpv6 = $clusterHasIpv6 } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() # Check cluster exists foreach ($output in $remoteOutput) { if ([string]::IsNullOrEmpty($output.Cluster)) { $status = 'FAILURE' $detail = $luTxt.NoClusterFound -f $output.ComputerName Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.ClusterFound -f $output.ComputerName, $output.Cluster Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_Cluster_Exists' Title = 'Test Cluster Exists' DisplayName = 'Test Cluster Exists' Severity = 'CRITICAL' Description = 'Checking Cluster is installed' Tags = @{} Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/deploy/deployment-tool-install-os' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } # Check all nodes part of same cluster # ensure all cluster nodes are part of the same cluster if (($remoteOutput.Cluster | Sort-Object | Get-Unique).Count -eq 1) { $status = 'SUCCESS' Log-Info $detail } else { $status = 'FAILURE' Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_AllNodesInSameCluster' Title = 'Test All Nodes in Same Cluster' DisplayName = 'Test All Nodes in Same Cluster' Severity = 'CRITICAL' Description = 'Checking all nodes are part of the same cluster' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = 'Cluster' TargetResourceName = 'Cluster' TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = 'Cluster' Resource = 'Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params # Return if there is a failure at this point if ('FAILURE' -in $instanceResults.Status) { return $instanceResults } else { # Test all nodes are up Log-Info "Cluster Nodes:" Log-Info ($remoteOutput.ClusterNodes | Out-String) foreach ($node in $remoteOutput[0].ClusterNodes) { if ($node.State -ne 'Up') { $status = 'FAILURE' $detail = "Node $($node.Name) is not in 'Up' state." Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = "Node $($node.Name) is in 'Up' state." Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_ClusterNodeUp' Title = 'Test Cluster Node is up' DisplayName = "Test Cluster Node is up $($node.Name)" Severity = 'CRITICAL' Description = 'Checking cluster node is up' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $node.Name TargetResourceName = $node.Name TargetResourceType = 'ClusterNode' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = 'Cluster' Resource = 'ClusterNode' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } } # Make sure cluster is not stretched if (($output.ClusterFaultDomain | Sort-Object | Get-Unique).Count -gt 1) { $status = 'FAILURE' $detail = $luTxt.StretchedClusterEnabled -f $output.Cluster Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.StretchedClusterNotEnabled -f $output.Cluster Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_StretchedCluster' Title = 'Test Stretched Cluster' DisplayName = 'Test Stretched Cluster' Severity = 'CRITICAL' Description = 'Checking Stretched Cluster is enabled' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Stretched Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params if ('FAILURE' -in $instanceResults.Status) { return $instanceResults } #region Test cluster IP not in IPPools Log-Info "Make sure cluster IP is not in any of the provided IP pools." [String[]] $allClusterIpReturned = $remoteOutput.ClusterIP | Where-Object { -not [System.String]::IsNullOrEmpty($_) } [String] $clusterIpToCheck = $allClusterIpReturned[0] Log-Info "Cluster IP to validate: $($clusterIpToCheck)" $clusterIPNotInIpPoolStatus = 'SUCCESS' $clusterIP = [system.net.ipaddress]::Parse($clusterIpToCheck).GetAddressBytes() [array]::Reverse($clusterIP) $clusterIP = [system.BitConverter]::ToUInt32($clusterIP, 0) foreach($ipPool in $IpPools) { $StartingAddress = $ipPool.StartingAddress $EndingAddress = $ipPool.EndingAddress Log-Info "Checking IP pool with starting address of $($StartingAddress) and ending address of $($EndingAddress)" $from = [system.net.ipaddress]::Parse($StartingAddress).GetAddressBytes() [array]::Reverse($from) $from = [system.BitConverter]::ToUInt32($from, 0) $to = [system.net.ipaddress]::Parse($EndingAddress).GetAddressBytes() [array]::Reverse($to) $to = [system.BitConverter]::ToUInt32($to, 0) if ($clusterIP -ge $from -and $clusterIP -le $to) { $clusterIPNotInIpPoolStatus = 'FAILURE' $clusterIPNotInIpPoolDetail = $luTxt.ClusterIPInIpPool -f $clusterIpToCheck, $StartingAddress, $EndingAddress Log-Info $clusterIPNotInIpPoolDetail -Type CRITICAL break } } if ($clusterIPNotInIpPoolStatus -eq 'SUCCESS') { $clusterIPNotInIpPoolDetail = $luTxt.ClusterIPNotInIpPool -f $clusterIpToCheck Log-Info $clusterIPNotInIpPoolDetail } $params = @{ Name = 'AzStackHci_Upgrade_ClusterIPExcludedFromIPPool' Title = 'Cluster IP excluded from IP pool' DisplayName = 'Cluster IP excluded from IP pool' Severity = 'CRITICAL' Description = 'The cluster IP sohuld not be part of the provided IP pool' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = 'Cluster' TargetResourceName = 'Cluster' TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $clusterIPNotInIpPoolStatus AdditionalData = @{ Source = 'Cluster' Resource = 'Cluster' Detail = $clusterIPNotInIpPoolDetail Status = $clusterIPNotInIpPoolStatus TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } Log-Info "Got validation result of Cluster IP not in IP pool: $clusterIPNotInIpPoolStatus" $instanceResults += New-AzStackHciResultObject @params #endregion #region Test cluster IP not ipv6 Log-Info "Make sure cluster group does not have IPv6 IP resource configured." if ($true -in $remoteOutput.clusterHasIpv6) { $clusterIPNotIpv6Status = 'FAILURE' $clusterIPIpv6Detail = $luTxt.ClusterIPResourceIpv6CheckFail Log-Info $clusterIPIpv6Detail -Type CRITICAL } else { $clusterIPNotIpv6Status = 'SUCCESS' $clusterIPIpv6Detail = $luTxt.ClusterIPResourceIpv6CheckPass Log-Info $clusterIPIpv6Detail } $params = @{ Name = 'AzStackHci_Upgrade_ClusterIPNotIpv6' Title = 'Test Cluster IP Resource is not IPv6' DisplayName = 'Test Cluster IP Resource is not IPv6' Severity = 'CRITICAL' Description = 'Check cluster IP does not have IPv6 address' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = 'Cluster' TargetResourceName = 'Cluster' TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $clusterIPNotIpv6Status AdditionalData = @{ Source = 'Cluster' Resource = 'Cluster' Detail = $clusterIPIpv6Detail Status = $clusterIPNotIpv6Status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params #endregion return $instanceResults } catch { throw $_ } } function Test-ClusterFunctionalLevel { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $clusterFunctionalLevel = Get-Cluster | Select-Object -Expand ClusterFunctionalLevel return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME ClusterFunctionalLevel = $clusterFunctionalLevel } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() $expectedClusterFunctionalLevel = 12 foreach ($output in $remoteOutput) { $detail = $luTxt.ClusterFunctionalLevel -f $output.ClusterFunctionalLevel, $output.ComputerName, $expectedClusterFunctionalLevel if ($output.ClusterFunctionalLevel -eq $expectedClusterFunctionalLevel) { $status = 'SUCCESS' Log-Info $detail } else { $status = 'FAILURE' Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_ClusterFunctionalLevel' Title = 'Test Cluster Functional Level' DisplayName = 'Test Cluster Functional Level' Severity = 'CRITICAL' Description = "Checking Cluster Functional Level is $expectedClusterFunctionalLevel" Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Cluster' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Cluster' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-RequiredWindowsFeature { <# .SYNOPSIS Test if the required Windows feature is installed .DESCRIPTION Test if the required Windows feature is installed .EXAMPLE PS C:\> Test-RequiredWindowsFeature Test if the required Windows feature is installed on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { # Can be dedup with windowsOptionalFeatureToCheck $windowsFeatureTocheck = @( "Failover-Clustering", "NetworkATC", "RSAT-AD-Powershell", "RSAT-Hyper-V-Tools", "Data-Center-Bridging", "NetworkVirtualization", "RSAT-AD-AdminCenter" ) $windowsOptionalFeatureToCheck = @( "Server-Core", "ServerManager-Core-RSAT", "ServerManager-Core-RSAT-Role-Tools", "ServerManager-Core-RSAT-Feature-Tools", "DataCenterBridging-LLDP-Tools", "Microsoft-Hyper-V", "Microsoft-Hyper-V-Offline", "Microsoft-Hyper-V-Online", "RSAT-Hyper-V-Tools-Feature", "Microsoft-Hyper-V-Management-PowerShell", "NetworkVirtualization", "RSAT-AD-Tools-Feature", "RSAT-ADDS-Tools-Feature", "DirectoryServices-DomainController-Tools", "ActiveDirectory-PowerShell", "DirectoryServices-AdministrativeCenter", "DNS-Server-Tools", "EnhancedStorage", "WCF-Services45", "WCF-TCP-PortSharing45", "NetworkController", "NetFx4ServerFeatures", "NetFx4", "MicrosoftWindowsPowerShellRoot", "MicrosoftWindowsPowerShell", "Server-Psh-Cmdlets", "KeyDistributionService-PSH-Cmdlets", "TlsSessionTicketKey-PSH-Cmdlets", "Tpm-PSH-Cmdlets", "FSRM-Infrastructure", "ServerCore-WOW64", "SmbDirect", "FailoverCluster-AdminPak", "Windows-Defender", "SMBBW", "FailoverCluster-FullServer", "FailoverCluster-PowerShell", "Microsoft-Windows-GroupPolicy-ServerAdminTools-Update", "DataCenterBridging", "BitLocker", "FileServerVSSAgent", "FileAndStorage-Services", "Storage-Services", "File-Services", "CoreFileServer", "SystemDataArchiver", "ServerCoreFonts-NonCritical-Fonts-MinConsoleFonts", "ServerCoreFonts-NonCritical-Fonts-BitmapFonts", "ServerCoreFonts-NonCritical-Fonts-TrueType", "ServerCoreFonts-NonCritical-Fonts-UAPFonts", "ServerCoreFonts-NonCritical-Fonts-Support", "ServerCore-Drivers-General", "ServerCore-Drivers-General-WOW64", "NetworkATC" ) $windowsFeatureNotInstalled = @() foreach ($featureName in $windowsFeatureToCheck) { if (-not (Get-WindowsFeature -Name $featureName | Where-Object InstallState -eq Installed)) { $windowsFeatureNotInstalled += $featureName } } $windowsOptionalFeatureNotEnabled = @() foreach ($featureName in $windowsOptionalFeatureToCheck) { if (-not (Get-WindowsOptionalFeature -Online -FeatureName $featureName | Where-Object State -eq Enabled)) { $windowsOptionalFeatureNotEnabled += $featureName } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME list = $windowsFeatureNotInstalled + $windowsOptionalFeatureNotEnabled result = ($windowsFeatureNotInstalled.Count -eq 0) -and ($windowsOptionalFeatureNotEnabled.Count -eq 0) } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.RequiredWindowsFeatureEnabled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $featureList = ($output.list) -join ', ' $detail = $luTxt.RequiredWindowsFeatureNotEnabled -f $featureList, $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Required_Windows_Features' Title = 'Test Required Windows features' DisplayName = 'Test Required Windows features' Severity = 'Critical' Description = 'Checks that all nodes have the required Windows features installed' Tags = @{} Remediation = "https://aka.ms/UpgradeRequirements" TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Required Windows features ' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-NetworkAtcIntents { <# .SYNOPSIS Test the required Network ATC intents are present and in heathy state .DESCRIPTION Test the required Network ATC intents are present and in heathy state .EXAMPLE PS C:\> Test-NetworkAtcIntents Test the required Network ATC intents are present and in heathy state. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $networkATC = [bool](Get-WindowsFeature -Name NetworkATC | Where-Object InstallState -eq 'Installed') return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $networkATC } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $hasError = $false $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcEnabled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $hasError = $true $detail = $luTxt.NetworkAtcNotEnabled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCFeature_Installed' Title = 'Test Network ATC feature is installed on the node' DisplayName = 'Test Network ATC feature is installed on the node' Severity = 'CRITICAL' Description = 'Checking Network ATC feature is enabled on the node' Tags = @{} Remediation = 'https://aka.ms/UpgradeNetworkATC' TargetResourceID = 'NetworkAtcFeature' TargetResourceName = 'NetworkAtcFeature' TargetResourceType = 'NetworkAtcFeature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } # If there is a node that doesn't have Network ATC enabled, then the cluster won't have proper network ATC intents configured. So no need to check further. if ($hasError) { return $instanceResults } # Check if the Network ATC service is running on the nodes $remoteOutput = @() $sb = { $atcService = Get-Service NetworkATC -ErrorAction SilentlyContinue $atcServiceRunning = $atcService -and $atcService.Status -eq [System.ServiceProcess.ServiceControllerStatus]::Running return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $atcServiceRunning } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcServiceRunning -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.NetworkAtcServiceNotRunning -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCService_Running' Title = 'Test NetworkATC service is running on the node' DisplayName = 'Test NetworkATC service is running on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC service is running on the node' Tags = @{} Remediation = 'Make sure NetworkAtc service is running on the node. If not, start the service.' TargetResourceID = 'NetworkAtcService' TargetResourceName = 'NetworkAtcService' TargetResourceType = 'NetworkAtcService' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } # Check if the required Network ATC intents are present $remoteOutput = @() $sb = { $intents = Get-NetIntent -ErrorAction SilentlyContinue return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $intents } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $clusterNodesCount = (Get-ClusterNode).Count foreach ($output in $remoteOutput) { if ($null -eq $output.result) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcIntentsNotPresent -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCIntents_Present' Title = 'Test NetworkATC intents are present on the node' DisplayName = 'Test NetworkATC intents are present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC intents are present on the node' Tags = @{} Remediation = 'Make sure NetworkATC intents are properly configured on the node.' TargetResourceID = 'NetworkAtcIntents' TargetResourceName = 'NetworkAtcIntents' TargetResourceType = 'NetworkAtcIntents' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } else { $outputResultString = $output.result | Out-String log-info "Get-NetIntent returned from node $($output.ComputerName) : $outputResultString" $isManagementIntentPresent = $output.result | Where-Object { $_.IsManagementIntentSet -eq $true } $isStorageIntentPresent = $output.result | Where-Object { $_.IsStorageIntentSet -eq $true } if (-not $isManagementIntentPresent) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcManagementIntentNotPresent -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCManagementIntent_Present' Title = 'Test NetworkATC management intent is present on the node' DisplayName = 'Test NetworkATC management intent is present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC management intent is present on the node' Tags = @{} Remediation = 'Make sure NetworkATC management intent is properly configured on the node.' TargetResourceID = 'NetworkAtcManagementIntent' TargetResourceName = 'NetworkAtcManagementIntent' TargetResourceType = 'NetworkAtcManagementIntent' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } elseif (-not $isStorageIntentPresent -and $clusterNodesCount -gt 1) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcStorageIntentNotPresent -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCStorageIntent_Present' Title = 'Test NetworkATC storage intent is present on the node' DisplayName = 'Test NetworkATC storage intent is present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC storage intent is present on the node' Tags = @{} Remediation = 'Make sure NetworkATC storage intent is properly configured on the node if it is multi-node HCI system.' TargetResourceID = 'NetworkAtcStorageIntent' TargetResourceName = 'NetworkAtcStorageIntent' TargetResourceType = 'NetworkAtcStorageIntent' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } else { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcRequiredIntentsArePresent -f $output.ComputerName Log-Info $detail $params = @{ Name = 'AzStackHci_Upgrade_Test_NetworkATCRequiredIntents_Present' Title = 'Test NetworkATC required intents are present on the node' DisplayName = 'Test NetworkATC required intents are present on the node' Severity = 'CRITICAL' Description = 'Checking NetworkATC required intents are present on the node' Tags = @{} Remediation = 'https://aka.ms/UpgradeNetworkATC' TargetResourceID = 'NetworkAtcIntents' TargetResourceName = 'NetworkAtcIntents' TargetResourceType = 'NetworkAtcIntents' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Network ATC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } } } # check if the intents on the nodes are in healthy state $remoteOutput = @() $sb = { $stopWatch = [diagnostics.stopwatch]::StartNew() $intentStatus = $null # NetworkATC might doing drift detection (every 15 min), and intent status might be at "Validating" state for a while. # So we will wait for some time to make sure we can get expected Success/Completed status. while ($stopWatch.Elapsed.TotalSeconds -lt 1080) { [PSObject[]] $intentStatus = Get-NetIntentStatus -ErrorAction SilentlyContinue [PSObject[]] $notCompletedOrNotSuccessIntents = $intentStatus | Where-Object { $_.ConfigurationStatus -ne 'Success' -or $_.ProvisioningStatus -ne 'Completed' } [PSObject[]] $failedIntents = $intentStatus | Where-Object { $_.ConfigurationStatus -eq 'Failed' } if (($notCompletedOrNotSuccessIntents.Count -eq 0) -or ($failedIntents.Count -gt 0)) { break } Start-Sleep -seconds 5 } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $intentStatus } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } foreach ($output in $remoteOutput) { $resultString = $output.result | Out-String log-info "Get-NetIntentStatus returned from node $($output.ComputerName) : $resultString" $failedIntents = $output.result | Where-Object { $_.ConfigurationStatus -ne 'Success' -or $_.ProvisioningStatus -ne 'Completed' } if ($null -ne $failedIntents) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcIntentsStatusNotHealthy -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = "AzStackHci_Upgrade_Test_NetworkATCIntent_HealthyState" Title = "Test NetworkAtc intent configuration and provisioning status" DisplayName = "Test NetworkAtc intent configuration and provisioning status" Severity = 'CRITICAL' Description = "Checking Test NetworkAtc intent configuration and provisioning status" Tags = @{} Remediation = "Use Get-NetIntentStatus cmdlet to check the status of the intent and take necessary action to fix the issue." TargetResourceID = "NetworkAtcIntents" TargetResourceName = "NetworkAtcIntents" TargetResourceType = "NetworkAtcIntents" Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "NetworkAtcIntents" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } elseif ($null -eq $output.result) { $status = 'FAILURE' $detail = $luTxt.NetworkAtcIntentsStatusNull -f $output.ComputerName Log-Info $detail -Type CRITICAL $params = @{ Name = "AzStackHci_Upgrade_Test_NetworkATCIntent_StatusNull" Title = "Test NetworkAtc intent configuration and provisioning status" DisplayName = "Test NetworkAtc intent configuration and provisioning status" Severity = 'CRITICAL' Description = "Checking Test NetworkAtc intent configuration and provisioning status" Tags = @{} Remediation = "Use Get-NetIntentStatus cmdlet to check the status of the intents and take necessary action to fix the issue." TargetResourceID = "NetworkAtcIntents" TargetResourceName = "NetworkAtcIntents" TargetResourceType = "NetworkAtcIntents" Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "NetworkAtcIntents" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } else { $status = 'SUCCESS' $detail = $luTxt.NetworkAtcIntentsHealthy -f $output.ComputerName Log-Info $detail $params = @{ Name = "AzStackHci_Upgrade_Test_NetworkATCIntent_HealthyState" Title = "Test NetworkAtc intent configuration and provisioning status" DisplayName = "Test NetworkAtc intent configuration and provisioning status" Severity = 'CRITICAL' Description = "Checking Test NetworkAtc intent configuration and provisioning status" Tags = @{} Remediation = 'https://aka.ms/UpgradeNetworkATC' TargetResourceID = "NetworkAtcIntents" TargetResourceName = "NetworkAtcIntents" TargetResourceType = "NetworkAtcIntents" Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "NetworkAtcIntents" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } } return $instanceResults } catch { throw $_ } } function Test-TPMHealth { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $results = @() $results += Test-TpmVersion -PsSession $PsSession $results += Test-TpmProperties -PsSession $PsSession $results += Test-TpmCertificates -PsSession $PsSession $results | % { $_.Name = $_.Name -replace 'Hardware','Upgrade' $_.Severity = 'WARNING' } return $results } catch { throw $_ } } function Test-BitlockerSuspension { <# .SYNOPSIS Test if bitlocker is enabled but not in suspended state. .DESCRIPTION Test if bitlocker is enabled but not in suspended state. .EXAMPLE PS C:\> function Test-BitlockerSuspension Test if bitlocker is enabled but not in suspended state for all volumes. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) $remoteOutput = @() try { $sb = { try { $volumes = $null try { $volumes = Get-BitLockerVolume } catch { # Return test result as True/Pass because we dont want to fail test if bitlocker feature is not available. return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = "Could not fetch bitlocker volumes. Error: " + $_.Exception.Message error = $_.Exception.Message result = $true isBitlockerFeatureInstalled = $false } } $volumeDetails = "" $overallStatus = $true if($volumes) { $criticalVolumes = $volumes |? {$_.KeyProtector.KeyProtectorType -contains "Tpm"} foreach ($volume in $criticalVolumes) { # Get volume information $volumeInfo = Get-BitLockerVolume -MountPoint $volume.MountPoint $volumeMountPoint = $volumeInfo.MountPoint $volumeProtectionStatus = $volumeInfo.ProtectionStatus $volumeType = $volumeInfo.VolumeType # Check if BitLocker protection is enabled if($volumeInfo.ProtectionStatus -eq "On") { $overallStatus = $false } $volumeDetails += "Volume with mount point: $volumeMountPoint and type : $volumeType has a protection status of $volumeProtectionStatus. `n" } } else { $volumeDetails = "No bitlocker volumes found." } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $volumeDetails result = $overallStatus } } catch { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $volumeDetails + $_.Exception.Message error = $_.Exception.Message result = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info $output.Details if ($output.result -eq $true) { if(($output.isBitlockerFeatureInstalled -ne $null) -and ($output.isBitlockerFeatureInstalled -eq $false)) { $status = 'SUCCESS' $detail = $luTxt.BitlockerFeatureNotInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.BitlockerEncryptedVolumesSuspended -f $output.ComputerName Log-Info $detail } } else { $status = 'FAILURE' $detail = $luTxt.BitlockerEncryptedVolumesNotSuspended -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_BitlockerSuspension' Title = 'Test Bitlocker Suspension' DisplayName = 'Test Bitlocker Suspension' Severity = 'CRITICAL' Description = 'Checking if any volumes have bitlocker suspended.' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Security' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Bitlocker Suspension' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-WdacEnablement { <# .SYNOPSIS Test if WDAC is enabled .DESCRIPTION Test if WDAC is enabled .EXAMPLE PS C:\> function Test-WdacEnablement Test if WDAC is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $cipFiles = Get-ChildItem -Path "$env:SystemRoot\System32\CodeIntegrity\CiPolicies\Active" -Filter *.cip if ($cipFiles.Count -gt 0) { # Refresh the current policy and check if audit mode is enabled from the lastest event Invoke-CimMethod -Namespace 'root\Microsoft\Windows\CI' -ClassName 'PS_UpdateAndCompareCIPolicy' -MethodName 'Update' -Arguments @{FilePath = $cipFiles[0].FullName} | Out-Null $events = Get-WinEvent -LogName "Microsoft-Windows-CodeIntegrity/Operational" -ErrorAction SilentlyContinue $targetEvent = $events | Where-Object { ($_.Id -in @('3099','3096')) -and ($_.Message -imatch $cipFiles[0].BaseName) } | Sort-Object TimeCreated -Descending | Select-Object -First 1 $eventXml = [XML]$targetEvent.ToXml() $eventData = $eventXml.Event.EventData.Data $policyOptions = [System.Convert]::ToInt64($eventData[6].'#text', 16) # SYSTEM_INTEGRITY_POLICY_ENABLE_AUDIT_MODE 1 << 16 => 65536 $policyResult = (($policyOptions -band 65536) -eq 0) } else { # No WDAC policy file found $policyResult = $false } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $policyResult } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'FAILURE' $detail = $luTxt.WdacEnabled -f $output.ComputerName Log-Info $detail -Type CRITICAL } else { $status = 'SUCCESS' $detail = $luTxt.WdacNotEnabled -f $output.ComputerName Log-Info $detail } $params = @{ Name = 'AzStackHci_Upgrade_WDACEnablement' Title = 'Test WDAC Enablement' DisplayName = 'Test WDAC Enablement' Severity = 'CRITICAL' Description = 'Checking if WDAC is enabled' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Security' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'WDAC Enablement' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-AzureSupportedCloudType { <# .SYNOPSIS Test if cluster is connected to Azure Public Cloud. .DESCRIPTION Upgrade is only supported for clusters connected to Azure Public Cloud. .EXAMPLE PS C:\> function Test-AzureSupportedCloudType .EXAMPLE #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) $sb= { try { if(Test-Path -Path "C:\Program Files\AzureConnectedMachineAgent\azcmagent.exe") { $overallStatus = $true $testDetails = "" $arcAgentStatus = Invoke-Expression -Command "& 'C:\Program Files\AzureConnectedMachineAgent\azcmagent.exe' show -j" # Parsing the status received from Arc agent $arcAgentStatusParsed = $arcAgentStatus | ConvertFrom-Json # Throw an error if the node is Arc enabled to any other cloud apart from Azure Public cloud. # Other supported values which are not supported for Upgrade : AzureUSGovernment , AzureChinaCloud if ([string]::IsNullOrEmpty($arcAgentStatusParsed.cloud)) { $overallStatus = $false $testDetails = "Unable to determine Azure cloud type. ARC Agent status read: [{0}]" -f $arcAgentStatus } elseif (($arcAgentStatusParsed.cloud -ne "AzureCloud")) { $overallStatus = $false $testDetails = "{0}: Arc Agent is connected to {1}: cloud, which is not supported for upgrade." -f $ENV:COMPUTERNAME,$arcAgentStatusParsed.cloud } } else { $overallStatus = $false $testDetails ="ARC agent installation cannot be found at : C:\Program Files\AzureConnectedMachineAgent\azcmagent.exe" } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $testDetails result = $overallStatus } } catch { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $_.Exception.Message result = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info $output.Details if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.CloudSupported -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.CloudNotSupported -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_SupportedCloud' Title = 'Test Supported Cloud Type' DisplayName = 'Test Supported Cloud Type' Severity = 'CRITICAL' Description = 'Checking if any node is connected to an unsupported cloud' Tags = @{} Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/concepts/system-requirements-23h2' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Azure Cloud' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } function Test-AzureStackHCIRegistrationState { <# .SYNOPSIS Test if cluster registration state is connected. .DESCRIPTION Upgrade is only supported for clusters which are succesfully registered to azure. .EXAMPLE PS C:\> function Test-AzureStackHCIRegistrationState .EXAMPLE #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) $sb= { $severity = 'CRITICAL' try { $hciRegCmdlet = Get-Command Get-AzureStackHCI -Type Cmdlet -ErrorAction Ignore if($null -ne $hciRegCmdlet) { $overallStatus = $true $testDetails = "" $clusterRegistrationStatus = $(Get-AzureStackHCI) if ($null -eq $clusterRegistrationStatus) { $overallStatus = $false $testDetails = "Unable to determine Cluster registration status: [{0}]" -f $clusterRegistrationStatus } elseif ($clusterRegistrationStatus.RegistrationStatus -ne "Registered") { $overallStatus = $false $testDetails = "{0}: Cluster Registration status is: {1} , expected status: 'Registered'" -f $ENV:COMPUTERNAME,$clusterRegistrationStatus.RegistrationStatus } } else { $overallStatus = $false $testDetails ="Unable to find 'get-azurestackhci' cmdlet. Azure Stack HCI cluster registration status can only be checked on an Azure Stack HCI node." } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $testDetails result = $overallStatus } } catch { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = $_.Exception.Message result = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info $output.Details if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.CloudSupported -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.CloudNotSupported -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_ClusterRegistrationState' Title = 'Test Cluster Registration state' DisplayName = 'Test Cluster Registration state' Severity = 'CRITICAL' Description = 'Checking if the cluster is successfully registered to azure cloud' Tags = @{} Remediation = 'https://learn.microsoft.com/en-us/azure-stack/hci/concepts/system-requirements-23h2' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Azure Cloud' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } function Test-AksHciInstallState { <# .SYNOPSIS Test Windows Deduplication is enabled .DESCRIPTION Test Windows Deduplication is enabled .EXAMPLE PS C:\> Test-WindowsDeduplication Test if Windows Deduplication is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { Import-Module AksHci -ErrorAction SilentlyContinue $result = [bool](Get-Module AksHci) if($result) { try { $installState = (Get-AksHciConfig).AksHci.installState -ne "NotInstalled" if($installState) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "AksHci is installed" } } } catch { #NOOP } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $true error = "" } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.AksHciNotInstalled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.AksHciInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_AksHci' Title = 'Test AKS HCI install state' DisplayName = "Test AKS HCI install state on $($output.ComputerName)" Severity = 'CRITICAL' Description = 'Checking if AKS HCI is installed' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'AKS HCI' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-MocInstallState { <# .SYNOPSIS Test Windows Deduplication is enabled .DESCRIPTION Test Windows Deduplication is enabled .EXAMPLE PS C:\> Test-WindowsDeduplication Test if Windows Deduplication is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { Import-Module Moc -ErrorAction SilentlyContinue $result = [bool](Get-Module Moc) if($result) { try { $installState = (Get-MocConfig).installState -ne "NotInstalled" if($installState) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "Moc is installed" } } } catch { #NOOP } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $true error = "" } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.MocNotInstalled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.MocInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Moc' Title = 'Test MOC install state' DisplayName = "Test MOC install state on $($output.ComputerName)" Severity = 'CRITICAL' Description = 'Checking if MOC is installed' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'MOC' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-MocServicesInstallState { <# .SYNOPSIS Test Windows Deduplication is enabled .DESCRIPTION Test Windows Deduplication is enabled .EXAMPLE PS C:\> Test-WindowsDeduplication Test if Windows Deduplication is enabled on localhost. .EXAMPLE PS C:\> $Credential = Get-Credential -Message "Credential for $RemoteSystem" PS C:\> $RemoteSystemSession = New-PSSession -Computer #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $service = Get-Service -Name wssdcloudagent -ErrorAction SilentlyContinue if($null -ne $service) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "wssdcloudagent service is running" } } $service = Get-Service -Name wssdagent -ErrorAction SilentlyContinue if($null -ne $service) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "wssdagent service is running" } } $service = Get-Service -Name MocHostAgent -ErrorAction SilentlyContinue if($null -ne $service) { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $false error = "MocHostAgent service is running" } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME result = $true error = "" } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.result) { $status = 'SUCCESS' $detail = $luTxt.MocServicesNotInstalled -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.MocServicesInstalled -f $output.ComputerName Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_MocServices' Title = 'Test MOC services running' DisplayName = "Test MOC services running on $($output.ComputerName)" Severity = 'CRITICAL' Description = 'Checking MOC services running state' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Feature' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'MOC services' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-Language { <# .SYNOPSIS Test if the language is English-US #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $lang = Get-WinUserLanguageList return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Language = $lang } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { Log-Info "Langauges on $($output.ComputerName) :" Log-Info ($output.Language | Out-String) if ($output.Language.LanguageTag -like 'en-*') { $status = 'SUCCESS' $detail = $luTxt.LanguageEnglishUS -f $output.ComputerName Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.LanguageNotEnglishUS -f $output.ComputerName, $output.Language.LanguageTag Log-Info $detail -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_Language' Title = 'Test Language is English' DisplayName = 'Test Language is English' Severity = 'CRITICAL' Description = 'Checking if the language is English' Tags = @{} Remediation = "https://aka.ms/UpgradeRequirements" TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Language' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = "Language: $($output.Language.LanguageTag)" Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Test-Storage { [CmdletBinding()] param () try { $results = @() $poolConfigXml = [xml]'<StoragePool><Volumes><Volume Name="Infrastructure_1" Size="256GB" MinNodeCount="1" ></Volume></Volumes></StoragePool>' $results += Invoke-AzStackHciStorageValidation -PoolConfigXml $poolConfigXml -PassThru $results | % { $_.Name = $_.Name -replace 'AzStackHci_Storage','AzStackHci_Upgrade' } return $results } catch { throw $_ } } function Test-LCMVersion { <# .SYNOPSIS Test if the LCM version meets the minimum requirement .DESCRIPTION Test if the LCM version meets the minimum requirement .EXAMPLE PS C:\> function Test-LCMVersion Test if the LCM version meets the minimum requirement #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $remoteOutput = @() $sb = { $lcmControllerService = Get-CimInstance -ClassName Win32_Service | Where-Object { $_.Name -eq 'LcmController' } if ($lcmControllerService.State -eq "Running") { $lcmPathParts = $lcmControllerService.PathName -split '\\' $lcmNugetName = $lcmPathParts | Where-Object {$_ -like "Microsoft.AzureStack.Solution.LCMControllerWinService*"} if ($lcmNugetName -match '\.(\d+\.\d+\.\d+\.\d+)$') { $lcmVersion = $matches[1] } else { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = "Fail to extract Controller service version." hasVersion = $false } } return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME lcmVersion = $lcmVersion hasVersion = $true } } else { return New-Object PSObject -Property @{ ComputerName = $ENV:COMPUTERNAME Details = "LCM Controller service is not in running state." hasVersion = $false } } } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { if ($output.hasVersion -eq $false) { $status = 'FAILURE' $detail = $luTxt.LCMVersionNotAvailable -f $output.ComputerName, $output.Details Log-Info $detail -Type CRITICAL } else { $minLcmVersion = "10.2408.0.537" Log-Info "LCM controllver minimum version requirement is $minLcmVersion" $lcmVersion = $output.lcmVersion Log-Info "LCM controllver version on $($output.ComputerName) : $lcmVersion" $minVersion = [System.Version]$minLcmVersion $version = [System.Version]$lcmVersion # Compare versions if ($version -ge $minVersion) { $status = 'SUCCESS' $detail = $luTxt.LCMVersionMeetMinRequirement -f $output.ComputerName, $lcmVersion, $minLcmVersion Log-Info $detail } else { $status = 'FAILURE' $detail = $luTxt.LCMVersionNotMeetMinRequirement -f $output.ComputerName, $lcmVersion, $minLcmVersion Log-Info $detail -Type CRITICAL } } $params = @{ Name = 'AzStackHci_Upgrade_Minimum_LCM_Version' Title = 'Test LCM Version meets minimum requirement' DisplayName = 'Test LCM Version meets minimum requirement' Severity = 'Critical' Description = 'Checks that all nodes have the minimum LCM version' Tags = @{} Remediation = "https://aka.ms/UpgradeRequirements" TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'LCMService' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'LCM Version' Detail = $detail Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } function Get-SupportOsVersion { try { Log-Info "Getting the supported OS version" $nugetPath = Get-ASArtifactPath -NugetName Microsoft.AzureStack.Solution.Deploy.ProductNugets $xmlPath = Join-Path -Path $nugetPath -ChildPath ProductNugets.xml Log-Info "Reading the xml file from $xmlPath" [xml]$xml = Get-Content -Path $xmlPath Log-info "Getting the OS version from the xml file $xmlPath" $osVersion = $xml| Select-Xml -XPath "//NuGetPackage[@Name='Microsoft.AzureStack.OSUpdates']" | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty RequiredVersion Log-info "Found supported OS version: $osVersion" return $osVersion } catch { Log-Info "Failed to get the supported OS version. Error: $_" -Type WARNING } } function Test-FreeMemory { [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.Management.Automation.Runspaces.PSSession[]] $PsSession ) try { $RequiredMemoryGB = 8 # Required for ARB VM $severity = 'CRITICAL' $remoteOutput = @() $sb = { $AvailableMemoryGB = [System.Math]::Round((Get-WmiObject -Class Win32_OperatingSystem).FreePhysicalMemory * 1KB / 1GB,2) return (New-Object psobject -Property @{ AvailableMemoryGB = $AvailableMemoryGB ComputerName = $ENV:COMPUTERNAME } ) } if ($PsSession) { $remoteOutput += Invoke-Command -ScriptBlock $sb -Session $PsSession } else { $remoteOutput += Invoke-Command -ScriptBlock $sb } $instanceResults = @() foreach ($output in $remoteOutput) { $dtl = $luTxt.AvailableMemory -f $output.ComputerName, [System.Math]::Round($output.AvailableMemoryGB,2), ($RequiredMemoryGB) if ($output.AvailableMemoryGB -gt $RequiredMemoryGB) { $status = 'SUCCESS' Log-Info $dtl } else { $status = 'FAILURE' Log-Info $dtl -Type CRITICAL } $params = @{ Name = 'AzStackHci_Upgrade_FreeMemory' Title = 'Test Free Memory' DisplayName = 'Test Free Memory' Severity = $severity Description = 'Checking if there is enough free memory' Tags = @{} Remediation = 'https://aka.ms/UpgradeRequirements' TargetResourceID = $output.ComputerName TargetResourceName = $output.ComputerName TargetResourceType = 'Memory' Timestamp = [datetime]::UtcNow Status = $status AdditionalData = @{ Source = $output.ComputerName Resource = 'Memory' Detail = $dtl Status = $status TimeStamp = [datetime]::UtcNow } HealthCheckSource = $ENV:EnvChkrId } $instanceResults += New-AzStackHciResultObject @params } return $instanceResults } catch { throw $_ } } Export-ModuleMember -Function Test-* # SIG # Begin signature block # MIIoLQYJKoZIhvcNAQcCoIIoHjCCKBoCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCATAX93EsDJoMyG # 0C8qvHpXf6PCltO88auThf3sRIfqbqCCDXYwggX0MIID3KADAgECAhMzAAAEBGx0 # Bv9XKydyAAAAAAQEMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjQwOTEyMjAxMTE0WhcNMjUwOTExMjAxMTE0WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQC0KDfaY50MDqsEGdlIzDHBd6CqIMRQWW9Af1LHDDTuFjfDsvna0nEuDSYJmNyz # NB10jpbg0lhvkT1AzfX2TLITSXwS8D+mBzGCWMM/wTpciWBV/pbjSazbzoKvRrNo # DV/u9omOM2Eawyo5JJJdNkM2d8qzkQ0bRuRd4HarmGunSouyb9NY7egWN5E5lUc3 # a2AROzAdHdYpObpCOdeAY2P5XqtJkk79aROpzw16wCjdSn8qMzCBzR7rvH2WVkvF # HLIxZQET1yhPb6lRmpgBQNnzidHV2Ocxjc8wNiIDzgbDkmlx54QPfw7RwQi8p1fy # 4byhBrTjv568x8NGv3gwb0RbAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQU8huhNbETDU+ZWllL4DNMPCijEU4w # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMjkyMzAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAIjmD9IpQVvfB1QehvpC # Ge7QeTQkKQ7j3bmDMjwSqFL4ri6ae9IFTdpywn5smmtSIyKYDn3/nHtaEn0X1NBj # L5oP0BjAy1sqxD+uy35B+V8wv5GrxhMDJP8l2QjLtH/UglSTIhLqyt8bUAqVfyfp # h4COMRvwwjTvChtCnUXXACuCXYHWalOoc0OU2oGN+mPJIJJxaNQc1sjBsMbGIWv3 # cmgSHkCEmrMv7yaidpePt6V+yPMik+eXw3IfZ5eNOiNgL1rZzgSJfTnvUqiaEQ0X # dG1HbkDv9fv6CTq6m4Ty3IzLiwGSXYxRIXTxT4TYs5VxHy2uFjFXWVSL0J2ARTYL # E4Oyl1wXDF1PX4bxg1yDMfKPHcE1Ijic5lx1KdK1SkaEJdto4hd++05J9Bf9TAmi # u6EK6C9Oe5vRadroJCK26uCUI4zIjL/qG7mswW+qT0CW0gnR9JHkXCWNbo8ccMk1 # sJatmRoSAifbgzaYbUz8+lv+IXy5GFuAmLnNbGjacB3IMGpa+lbFgih57/fIhamq # 5VhxgaEmn/UjWyr+cPiAFWuTVIpfsOjbEAww75wURNM1Imp9NJKye1O24EspEHmb # DmqCUcq7NqkOKIG4PVm3hDDED/WQpzJDkvu4FrIbvyTGVU01vKsg4UfcdiZ0fQ+/ # V0hf8yrtq9CkB8iIuk5bBxuPMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGg0wghoJAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAQEbHQG/1crJ3IAAAAABAQwDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIEvBCB8SQjxYMWX3pKkVK1iC # N5xWH51WYSjG7XMCEsgeMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEACRhhcNV2MPWcFxz/sMditFnBXPN2W/XyUzarZkAqhHTOsAhgyP2QgOl5 # jxgdMmrqjxPBgJnanALjD1dfAnFNExfZD0lnex4qQCVG1rPmheQv4Zz9pNjDWuVK # QCTnB0VEHpGEEJpf/J+SdBHu8jDPAPaDok3z69bg0pF24O+ZVG4qlzvTX1gAsl9k # YXp/tsJbwnf4DDRDbEzUMihYoGx4UTLG90CM1Hf7ie4N4GsemqMuLsAE8ZP43RHJ # f5Mc1BfPm0tntAoh61n9O9pHcw3h7r0/zBtomq9wxRtrR6zKbe6iDoLP8pSKDPs0 # Sg0g0asBgsXg80i3uOTpGAIC48e7yKGCF5cwgheTBgorBgEEAYI3AwMBMYIXgzCC # F38GCSqGSIb3DQEHAqCCF3AwghdsAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFSBgsq # hkiG9w0BCRABBKCCAUEEggE9MIIBOQIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCBe1P/GWb0ds18ZO3vJwAIH1UQtd1I0kXCExNUSrDUtbgIGZ4j8Wl/f # GBMyMDI1MDEyNjA3MjUwMS4zNTVaMASAAgH0oIHRpIHOMIHLMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1l # cmljYSBPcGVyYXRpb25zMScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTIwMC0w # NUUwLUQ5NDcxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2Wg # ghHtMIIHIDCCBQigAwIBAgITMwAAAecujy+TC08b6QABAAAB5zANBgkqhkiG9w0B # AQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD # VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0yMzEyMDYxODQ1 # MTlaFw0yNTAzMDUxODQ1MTlaMIHLMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25z # MScwJQYDVQQLEx5uU2hpZWxkIFRTUyBFU046OTIwMC0wNUUwLUQ5NDcxJTAjBgNV # BAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIiMA0GCSqGSIb3DQEB # AQUAA4ICDwAwggIKAoICAQDCV58v4IuQ659XPM1DtaWMv9/HRUC5kdiEF89YBP6/ # Rn7kjqMkZ5ESemf5Eli4CLtQVSefRpF1j7S5LLKisMWOGRaLcaVbGTfcmI1vMRJ1 # tzMwCNIoCq/vy8WH8QdV1B/Ab5sK+Q9yIvzGw47TfXPE8RlrauwK/e+nWnwMt060 # akEZiJJz1Vh1LhSYKaiP9Z23EZmGETCWigkKbcuAnhvh3yrMa89uBfaeHQZEHGQq # dskM48EBcWSWdpiSSBiAxyhHUkbknl9PPztB/SUxzRZjUzWHg9bf1mqZ0cIiAWC0 # EjK7ONhlQfKSRHVLKLNPpl3/+UL4Xjc0Yvdqc88gOLUr/84T9/xK5r82ulvRp2A8 # /ar9cG4W7650uKaAxRAmgL4hKgIX5/0aIAsbyqJOa6OIGSF9a+DfXl1LpQPNKR79 # 2scF7tjD5WqwIuifS9YUiHMvRLjjKk0SSCV/mpXC0BoPkk5asfxrrJbCsJePHSOE # blpJzRmzaP6OMXwRcrb7TXFQOsTkKuqkWvvYIPvVzC68UM+MskLPld1eqdOOMK7S # bbf2tGSZf3+iOwWQMcWXB9gw5gK3AIYK08WkJJuyzPqfitgubdRCmYr9CVsNOuW+ # wHDYGhciJDF2LkrjkFUjUcXSIJd9f2ssYitZ9CurGV74BQcfrxjvk1L8jvtN7mul # IwIDAQABo4IBSTCCAUUwHQYDVR0OBBYEFM/+4JiAnzY4dpEf/Zlrh1K73o9YMB8G # A1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1UdHwRYMFYwVKBSoFCG # Tmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3JsL01pY3Jvc29mdCUy # MFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggrBgEFBQcBAQRgMF4w # XAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY2Vy # dHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3J0MAwG # A1UdEwEB/wQCMAAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwgwDgYDVR0PAQH/BAQD # AgeAMA0GCSqGSIb3DQEBCwUAA4ICAQB0ofDbk+llWi1cC6nsfie5Jtp09o6b6ARC # pvtDPq2KFP+hi+UNNP7LGciKuckqXCmBTFIhfBeGSxvk6ycokdQr3815pEOaYWTn # HvQ0+8hKy86r1F4rfBu4oHB5cTy08T4ohrG/OYG/B/gNnz0Ol6v7u/qEjz48zXZ6 # ZlxKGyZwKmKZWaBd2DYEwzKpdLkBxs6A6enWZR0jY+q5FdbV45ghGTKgSr5ECAOn # LD4njJwfjIq0mRZWwDZQoXtJSaVHSu2lHQL3YHEFikunbUTJfNfBDLL7Gv+sTmRi # DZky5OAxoLG2gaTfuiFbfpmSfPcgl5COUzfMQnzpKfX6+FkI0QQNvuPpWsDU8sR+ # uni2VmDo7rmqJrom4ihgVNdLaMfNUqvBL5ZiSK1zmaELBJ9a+YOjE5pmSarW5sGb # n7iVkF2W9JQIOH6tGWLFJS5Hs36zahkoHh8iD963LeGjZqkFusKaUW72yMj/yxTe # GEDOoIr35kwXxr1Uu+zkur2y+FuNY0oZjppzp95AW1lehP0xaO+oBV1XfvaCur/B # 5PVAp2xzrosMEUcAwpJpio+VYfIufGj7meXcGQYWA8Umr8K6Auo+Jlj8IeFS6lSv # KhqQpmdBzAMGqPOQKt1Ow3ZXxehK7vAiim3ZiALlM0K546k0sZrxdZPgpmz7O8w9 # gHLuyZAQezCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZI # hvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # MjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAy # MDEwMB4XDTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMC # VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV # BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRp # bWUtU3RhbXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC # AQDk4aZM57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25Phdg # M/9cT8dm95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPF # dvWGUNzBRMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6 # GnszrYBbfowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBp # Dco2LXCOMcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50Zu # yjLVwIYwXE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3E # XzTdEonW/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0 # lBw0gg/wEPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1q # GFphAXPKZ6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ # +QuJYfM2BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PA # PBXbGjfHCBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkw # EgYJKwYBBAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxG # NSnPEP8vBO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARV # MFMwUQYMKwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWlj # cm9zb2Z0LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAK # BggrBgEFBQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMC # AYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvX # zpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20v # cGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYI # KwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG # 9w0BAQsFAAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0x # M7U518JxNj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmC # VgADsAW+iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449 # xvNo32X2pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wM # nosZiefwC2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDS # PeZKPmY7T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2d # Y3RILLFORy3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxn # GSgkujhLmm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+Crvs # QWY9af3LwUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokL # jzbaukz5m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL # 6Xu/OHBE0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggNQ # MIICOAIBATCB+aGB0aSBzjCByzELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEn # MCUGA1UECxMeblNoaWVsZCBUU1MgRVNOOjkyMDAtMDVFMC1EOTQ3MSUwIwYDVQQD # ExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiMKAQEwBwYFKw4DAhoDFQCz # cgTnGasSwe/dru+cPe1NF/vwQ6CBgzCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1w # IFBDQSAyMDEwMA0GCSqGSIb3DQEBCwUAAgUA60AAQTAiGA8yMDI1MDEyNjAwMjg0 # OVoYDzIwMjUwMTI3MDAyODQ5WjB3MD0GCisGAQQBhFkKBAExLzAtMAoCBQDrQABB # AgEAMAoCAQACAg9mAgH/MAcCAQACAhLlMAoCBQDrQVHBAgEAMDYGCisGAQQBhFkK # BAIxKDAmMAwGCisGAQQBhFkKAwKgCjAIAgEAAgMHoSChCjAIAgEAAgMBhqAwDQYJ # KoZIhvcNAQELBQADggEBAFeGmelZ+0AezCL5oDUGDLTv9/pxzgQZ5T9E+p2Y5o0C # /0QSeYB30PwCe8zvklu2ABnw5ulvvPoHC/EiqCFC5c6Qkn8AUrP8Hah6rKgOKu31 # ejqvQWsGfg5AZqkzx2pnsZufHuWFRvjdLpk6eBmeT5Eg/9Sj3gI+J5fWe9SVJxHK # j7IT2TnlStAeKd2e7zxNJVKhv0/ctUXAPDOc5cvwe1n6WO3Fe49+sm5sqhHwKgKK # KQhv2iZYr8wQtP+84OLdwwCAMYvqKK7ysNDj5KPsHShEuC1nOnauSV05IJPNmX9c # 8Yj53q/a9qpn2cQ7AwIhbxHKsNimUmN25am92dckm0UxggQNMIIECQIBATCBkzB8 # MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk # bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1N # aWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAAecujy+TC08b6QABAAAB # 5zANBglghkgBZQMEAgEFAKCCAUowGgYJKoZIhvcNAQkDMQ0GCyqGSIb3DQEJEAEE # MC8GCSqGSIb3DQEJBDEiBCCAbNS6uFAEK0oi3VD7kfj+3hRooAvhuX07qJrYF5bo # MDCB+gYLKoZIhvcNAQkQAi8xgeowgecwgeQwgb0EIOU2XQ12aob9DeDFXM9UFHeE # X74Fv0ABvQMG7qC51nOtMIGYMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB # IDIwMTACEzMAAAHnLo8vkwtPG+kAAQAAAecwIgQgbdKLgKviyzteSpWq/Y0aBE04 # XMDcYvGa8BkVu21zs3wwDQYJKoZIhvcNAQELBQAEggIAbwwhqDZUXkAO2w4X2EoH # WUxwVIjXYIJellff1y7xFVAFJzCUoje/5jAotg1qASSxYDeO+a19gxX45EDpT0dw # PX0pXDggdnqhYGlHvKxuR9Y02YLZRoaLl6M08cko8GE2e/nCesN6b0tEK/fYMT9S # M70cZ8kVFwtSZLpowruzyrnyFD7Mig2Atis7KGSI1Jg2GNYpQzBfTbm+tPdDEbT0 # x53SXh16nD9I31gt+BHnKw5ydv4oCln3LXYilYe51+XfC2lOCOAJ1Xq3X9Yc239R # 9y59fRqbhNRbvDV0TjZXB8ysbyZiiXAW5dR7RS3h/vTP336kAkXP4pxXKNz0biZy # I7z/KPrMUPYpNdzKRW14xnQMhXf9qpHONpjk224teQ4BhOKwOJ34rlanYkW57d9w # lzseA4n+wvCkwqOrUfTBGU3MJtrn2AJumiwOBbdY7yMP5xSaYb+Au8f1t0nKVHvN # 3mJS35f5NGmf+YgxYmmzQik6VdXbK2htJWcypvbcdAMJzHIsvirUFBdu5GuWohLZ # 5xy7MsjjLQx28mFk2tm6l1T0dGla+/O9eRG6MI12pFPgbgAz7BiCTw8ikTxwXDJq # l0uM0BpS3Vj8xegQ/1WsvL2e14aEpbHYtRSGVPZecSRJdswH71ODJk/KmCa7wC4r # lzJHIa/dKzYpql5hT8SGsSU= # SIG # End signature block |