From 00f029ea4918319b861237ba2f1179d26b42ef6b Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 31 Jan 2022 09:11:56 -0800
Subject: [PATCH 01/23] Identity Updating Troubleshooting guide

---
 .../Azure.Identity/TROUBLESHOOTING.md         | 438 ++++++++----------
 1 file changed, 195 insertions(+), 243 deletions(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 1c0233d28f28..34f1ba58aec7 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -1,270 +1,222 @@
-## Troubleshooting Azure Identity Authentication Issues
+# Troubleshooting Azure Identity Authentication Issues
 
-The Azure Identity SDK offers various `TokenCredential` implementations. The most common exceptions observed for failure scenarios
-are `CredentialUnavailableException`
-and `AuthenticationFailedException`.
-
-- `CredentialUnavailableException` indicates that the credential cannot execute in the current environment setup due to lack of required configuration.
-- `AuthenticationFailedException` indicates that the credential was able to run/execute but ran into an authentication issue from the server's end. This can happen
-  due to invalid configuration/details passed in to the credential at construction time.
-
-This troubleshooting guide covers mitigation steps to resolve these exceptions thrown by various `TokenCredential` implementations in the Azure Identity .NET client
-library.
+This troubleshooting guide covers failure investigation techniques, common errors for the credential types in the Azure Identity .NET client library, and mitigation steps to resolve these errors.
 
 ## Table of contents
+- [Handling Azure Identity Exceptions](#handling-azure-identity-exceptions)
+  - [AuthenticationFailedException](#authenticationfailedexception)
+  - [CredentialUnavailableException](#credentialunavailableexception)
+- [Finding Relevant Information in Exception Messages](#finding-relevant-information-in-exception-messages)
+- [Enabling and Configuring Logging](#enabling-and-configuring-logging)
+- [Troubleshooting DefaultAzureCredential Authentication Issues](#troubleshooting-defaultazurecredential-authentication-issues)
+- [Troubleshooting EnvironmentCredential Authentication Issues](#troubleshooting-environmentcredential-authentication-issues)
+- [Troubleshooting ClientSecretCredential Authentication Issues](#troubleshooting-clientsecretcredential-authentication-issues)
+- [Troubleshooting ClientCertificateCredential Authentication Issues](#troubleshooting-clientcertificatecredential-authentication-issues)
+- [Troubleshooting UsernamePasswordCredential Authentication Issues](#troubleshooting-usernamepasswordcredential-authentication-issues)
+- [Troubleshooting ManagedIdentityCredential Authentication Issues](#troubleshooting-managedidentitycredential-authentication-issues)
+  - [Azure Virtual Machine Managed Identity](#azure-virtual-machine-managed-identity)
+  - [Azure App Service and Azure Functions Managed Identity](#azure-app-service-and-azure-functions-managed-identity)
+- [Troubleshooting VisualStudioCodeCredential Authentication Issues](#troubleshooting-visualstudiocodecredential-authentication-issues)
+- [Troubleshooting VisualStudioCredential Authentication Issues](#troubleshooting-visualstudiocredential-authenticaton-issues)
+- [Troubleshooting AzureCliCredential Authentication Issues](#troubleshooting-azureclicredential-authentication-issues)
+- [Troubleshooting AzurePowerShellCredential Authentication Issues](#troubleshooting-azurepowershellcredential-authentication-issues)
+
+## Handling Azure Identity Exceptions
+
+### AuthenticationFailedException
+Errors arising from authentication can be raised on any service client method that makes a request to the service. This is because the first time the token is requested from the credential is on the first call to the service, and any subsequent calls might need to refresh the token. 
+
+In order to distinguish these failures from failures in the service client Azure Identity classes raise the `AuthenticationFailedException` with details to the source of the error in the exception message as well as possibly the error message. Depending on the application, these errors may or may not be recoverable.
+
+``` c#
+using Azure.Identity;
+using Azure.Security.KeyVault.Secrets;
+
+// Create a secret client using the DefaultAzureCredential
+var client = new SecretClient(new Uri("https://myvault.vault.azure.net/"), new DefaultAzureCredential());
+
+try
+{
+    KeyVaultSecret secret = await client.GetSecretAsync("secret1");
+}
+catch (AuthenticationFailedException e)
+{
+    Console.WriteLine($"Authentication Failed. {e.Message}");
+}
+```
+### CredentialUnavailableException
 
-- [Troubleshooting Default Azure Credential Authentication Issues](#troubleshooting-default-azure-credential-authentication-issues)
-- [Troubleshooting Environment Credential Authentication Issues](#troubleshooting-environment-credential-authentication-issues)
-- [Troubleshooting Service Principal Authentication Issues](#troubleshooting-service-principal-authentication-issues)
-- [Troubleshooting Username Password Authentication Issues](#troubleshooting-username-password-authentication-issues)
-- [Troubleshooting Mananged Identity Authenticaiton Issues](#troubleshooting-mananged-identity-authenticaiton-issues)
-- [Troubleshooting Visual Studio Code Authenticaiton Issues](#troubleshooting-visual-studio-code-authenticaiton-issues)
-- [Troubleshooting Visual Studio Authenticaiton Issues](#troubleshooting-visual-studio-authenticaiton-issues)
-- [Troubleshooting Azure CLI Authenticaiton Issues](#troubleshooting-azure-cli-authenticaiton-issues)
-- [Troubleshooting Azure Powershell Authenticaiton Issues](#troubleshooting-azure-powershell-authenticaiton-issues)
-
-## Troubleshooting Default Azure Credential Authentication Issues.
-
-### Credential Unavailable Exception
-
-The first time `DefaultAzureCredential` attempts to retrieve an access token it does so by sequentially invoking a chain of credentials.
-The `CredentialUnavailableException` in this scenario signifies that all the credentials in the chain failed to retrieve the token in the current environment
-setup/configuration. You need to follow the configuration instructions for the respective credential you're looking to use via `DefaultAzureCredential` chain, so
-that the credential can work in your environment.
-
-Please follow the configuration instructions in the `Credential Unavailable` section of the troubleshooting guidelines below for the respective
-credential/authentication type you're looking to use via `DefaultAzureCredential`:
-
-| Credential Type |    Troubleshooting Guide |
-| --- | --- |
-| Environment Credential |    [Environment Credential Troubleshooting Guide](#troubleshooting-environment-credential-authentication-issues) |
-| Managed Identity Credential |    [Managed Identity Troubleshooting Guide](#troubleshooting-managed-identity-authentication-issues) |
-| Visual Studio Code Credential |    [Visual Studio Code Troubleshooting Guide](#troubleshooting-visual-studio-code-authenticaiton-issues) |
-| Visual Studio Credential |    [Visual Studio Troubleshooting Guide](#troubleshooting-visual-studio-authenticaiton-issues) |
-| Azure CLI Credential |    [Azure CLI Troubleshooting Guide](#troubleshooting-azure-cli-authenticaiton-issues) |
-| Azure Powershell Credential |    [Azure Powershell Troubleshooting Guide](#troubleshooting-azure-powershell-authentication-issues) |
-
-## Troubleshooting Environment Credential Authentication Issues.
-
-### Credential Unavailable Exception
-
-#### Environment variables not configured
-
-The `EnvironmentCredential` supports Service Principal authentication and Username + Password Authentication. It requires that the environment variables below are
-properly configured and available to the application. This can mean that an application or its execution environment needs to be restarted to pick up changes to the
-environment.
-
-##### Service principal with secret
-
-| Variable Name |    Value |
-| --- | --- |
-AZURE_CLIENT_ID |    ID of an Azure Active Directory application. |
-AZURE_TENANT_ID     |ID of the application's Azure Active Directory tenant. |
-AZURE_CLIENT_SECRET |    One of the application's client secrets. |
-
-##### Service principal with certificate
-
-| Variable name    | Value |
-| --- | --- |
-AZURE_CLIENT_ID    | ID of an Azure Active Directory application. |
-AZURE_TENANT_ID    | ID of the application's Azure Active Directory tenant. |
-AZURE_CLIENT_CERTIFICATE_PATH |    Path to a PEM-encoded certificate file including private key (must be without password protection). |
-AZURE_CLIENT_SEND_CERTIFICATE_CHAIN |    (Optional) Send certificate chain in x5c header to support subject name / issuer based authentication. |
-
-##### Username and password
-
-| Variable name |    Value |
-| --- | --- |
-AZURE_CLIENT_ID |    ID of an Azure Active Directory application. |
-AZURE_USERNAME |    A username (usually an email address). |
-AZURE_PASSWORD | The associated password for the given username. |
-
-### Client Authentication Exception
-
-The `EnvironmentCredential` supports Service Principal authentication and Username + Password Authentication. Please follow the troubleshooting guidelines below for
-the respective authentication method.
-
-| Authentication Type |    Trobuleshoot Guide |
-| --- | --- |
-| Service Principal |    [Service Principal Auth Troubleshooting Guide](#troubleshooting-username-password-authentication-issues) |
-| Username Password |    [Username Password Auth Troubleshooting Guide](#troubleshooting-username-password-authentication-issues) |
-
-## Troubleshooting Username Password Authentication Issues
-
-### Two Factor Authentication Required Error
-
-The `UsernamePassword` credential works only for users whose two factor authentication has been disabled in Azure Active Directory. You can change the multi-factor
-authentication requirements in Azure Portal by following the
-steps [here](https://docs.microsoft.com/azure/active-directory/authentication/howto-mfa-userstates#change-the-status-for-a-user).
-
-## Troubleshooting Service Principal Authentication Issues
-
-### Invalid Argument Issues
-
-#### Client Id
-
-The Client Id is the application Id of the registered application / service principal in Azure Active Directory. It is a required parameter
-for `ClientSecretCredential` and `ClientCertificateCredential`. If you have already created your service principal then you can retrieve the client/app id by
-following the
-instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in). .
-
-#### Tenant Id
-
-The tenant id is a Globally Unique Identifier (GUID) that identifies your organization. It is a required parameter for `ClientSecretCredential`
-and `ClientCertificateCredential`. If you have already created your service principal then you can retrieve the client or application id by following the
-instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#get-tenant-and-app-id-values-for-signing-in). .
-
-### Client Secret Credential Issues
-
-#### Client Secret Argument
-
-The client secret is the secret string that the application uses to prove its identity when requesting a token. This can also can be referred to as an application
-password. If you have already created a service principal you can follow the
-instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret)
-to get the client secret for your application.
-
-### Client Certificate Credential Issues
-
-#### Client Certificate Argument
-
-The `Client Certificate Credential` accepts a `pfx` or `pem` certificate which is associated with your registered application/service principal. To create and
-associate a certificate with your registered app. please follow the
-instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-1-upload-a-certificate).
-
-### Create a new service principal
-
-Follow tne instructions [here](https://docs.microsoft.com/cli/azure/create-an-azure-service-principal-azure-cli) to create a new service principal.
-
-## Troubleshooting Managed Identity Authentication Issues
-
-### Credential Unavailable
-
-#### Connection Timed Out / Connection could not be established / Target Environment could not be determined.
-
-The endpoints required to support the Managed Identity credential are only available on Azure Hosted machines/servers. So ensure that you are running your
-application on an Azure Hosted resource. Currently Azure Identity SDK
-supports [Managed Identity Authentication](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/overview)
-in the below listed Azure Services. Ensure you're running your application in one of these environments and have enabled a Managed Identity on them by following the
-instructions at their configuration links below.
-
-Azure Service | Managed Identity Configuration
---- | --- |
-[Azure Virtual Machines](https://docs.microsoft.com/azure/virtual-machines/) | [Configuration Instructions](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)
-[Azure App Service](https://docs.microsoft.com/azure/app-service/overview) | [Configuration Instructions](https://docs.microsoft.com/azure/app-service/overview-managed-identity)
-[Azure Kubernetes Service](https://docs.microsoft.com/azure/aks) | [Configuration Instructions](https://docs.microsoft.com/azure/aks/use-managed-identity)
-[Azure Cloud Shell](https://docs.microsoft.com/azure/cloud-shell) | [Configuration Instructions](https://docs.microsoft.com/azure/cloud-shell/msi-authorization) |
-[Azure Arc](https://docs.microsoft.com/azure/azure-arc/) | [Configuration Instructions](https://docs.microsoft.com/azure/azure-arc/servers/security-overview#using-a-managed-identity-with-arc-enabled-servers)
-[Azure Service Fabric](https://docs.microsoft.com/azure/service-fabric) | [Configuration Instructions](https://docs.microsoft.com/azure/service-fabric/configure-existing-cluster-enable-managed-identity-token-service)
-
-## Troubleshooting Visual Studio Code Authentication Issues
-
-### Credential Unavailable
-
-#### Failed To Read VS Code Credentials / Authenticate via Azure Tools plugin in VS Code.
-
-The `VisualStudioCodeCredential` failed to read the credential details from the cache.
-
-The Visual Studio Code authentication is handled by an integration with the Azure Account extension. To use this form of authentication, ensure that you have
-installed the Azure Account extension, then use **View > Command Palette** to execute the **Azure: Sign In** command. This command opens a browser window and
-displays a page that allows you to sign in to Azure. After you've completed the login process, you can close the browser as directed. Running your application
-(either in the debugger or anywhere on the development machine) will use the credential from your sign-in.
-
-If you already had the Azure Account extension installed and had logged in to your account, try logging out and logging in again as that will re-populate the cache
-on the disk and potentially mitigate the error you're getting.
-
-#### Msal Interaction Required Error
-
-The `VisualStudioCodeCredential` was able to read the cached credentials from the cache but the cached token is likely expired. Log into the Azure Account extension
-via **View > Command Palette** to execute the **Azure: Sign In** command in the VS Code IDE.
-
-#### ADFS Tenant Not Supported
-
-The ADFS Tenants are not supported via the Azure Account extension in VS Code currently. The supported clouds are:
-
-Azure Cloud | Cloud Authority Host
---- | --- | 
-AZURE PUBLIC CLOUD | https://login.microsoftonline.com/
-AZURE GERMANY | https://login.microsoftonline.de/
-AZURE CHINA | https://login.chinacloudapi.cn/
-AZURE GOVERNMENT | https://login.microsoftonline.us/
-
-## Troubleshooting Visual Studio Authentication Issues
-
-### Credential Unavailable
-
-#### Failed To Read Credentials / Authenticate via Azure Service Authentication
-
-The `VisualStudioCredential` failed to read the credential details from the cache.
-
-The Visual Studio authentication is handled by helper utility called Microsoft.Asal.TokenService.exe. To use this form of authentication, ensure that you have signed
-in to your Azure account. To do so, select the `Tools > Options` menu to launch the Options dialog. Then navigate to the `Azure Service Authentication` options to
-sign in with your Azure Active Directory account. Running your application (either in the debugger or anywhere on the development machine) will use the credential
-from your sign-in.
-
-If you already had logged in to your account previously, try logging out and logging in again as that will re-populate the cache on the disk and potentially mitigate
-the error you're getting.
+The `CredentialUnavailableExcpetion` is a special exception type derived from `AuthenticationFailedException`. This exception type is used to indicate that the credential can’t authenticate in the current environment, due to lack of required configuration or setup. This exception is also used as a signal to chained credential types, such as `DefaultAzureCredential` and `ChainedTokenCredential`, that the chained credential should continue to try other credential types later in the chain.
 
-#### Msal Interaction Required Error
+## Finding Relevant Information in Exception Messages
 
-The `VisualStudioCredential` was able to read the cached credentials from the cache but the cached token is likely expired. Log into the Azure Account extension
-via **View > Command Palette** to execute the **Azure: Sign In** command in the VS Code IDE.
+AuthenticationFailedException is thrown when unexpected errors occurred when a credential is authenticating. This can include errors received from requests to the AAD STS and often contains information helpful to diagnosis. Consider the following `AuthenticationFailedException` message.
 
-#### ADFS Tenant Not Supported
+![AuthenticationFailedException Message Example](./images/AuthFailedErrorMessageExample.png)
 
-The ADFS Tenants are not supported via the Azure Account extension in VS Code currently. The supported clouds are:
+This error contains several pieces of information:
 
-Azure Cloud | Cloud Authority Host
---- | --- | 
-AZURE PUBLIC CLOUD | https://login.microsoftonline.com/
-AZURE GERMANY | https://login.microsoftonline.de/
-AZURE CHINA | https://login.chinacloudapi.cn/
-AZURE GOVERNMENT | https://login.microsoftonline.us/
+- __Failing Credential Type__: The type of credential that failed to authenticate. This can be helpful when diagnosing issues with chained credential types such as `DefaultAzureCredential` or `ChainedTokenCredential`.
 
-## Troubleshooting Azure CLI Authentication Issues
+- __STS Error Code and Message__: The error code and message returned from the Azure AD STS. This can give insight into the specific reason the request failed. For instance in this specific case because the provided client secret is incorrect. More information on STS error codes can be found [here](https://docs.microsoft.com//azure/active-directory/develop/reference-aadsts-error-codes#aadsts-error-codes).
 
-### Credential Unavailable
+- __Correlation ID and Timestamp__: The correlation ID and call Timestamp used to identify the request in server-side logs. This information can be useful to support engineers when diagnosing unexpected STS failures.
 
-#### Azure CLI Not Installed.
+### Enabling and Configuring Logging
 
-The `AzureCliCredential` failed to execute as Azure CLI command line tool is not installed. To use Azure CLI credential, the Azure CLI needs to be installed, please
-follow the instructions [here](https://docs.microsoft.com/cli/azure/install-azure-cli) to install it for your platform and then try running the credential again.
+The Azure Identity library provides the same [logging capabilities](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/core/Azure.Core/samples/Diagnostics.md#logging) as the rest of the Azure SDK.
 
-#### Azure account not logged in.
+The simplest way to see the logs to help debug authentication issues is to enable the console logging.
 
-The `AzureCliCredential` utilizes the current logged in Azure user in Azure CLI to fetch an access token. You need to login to your account in Azure CLI
-via `az login` command. You can further read instructions to [Sign in with Azure CLI](https://docs.microsoft.com/cli/azure/authenticate-azure-cli). Once logged in
-try running the credential again.
+``` c#
+// Setup a listener to monitor logged events.
+using AzureEventSourceListener listener = AzureEventSourceListener.CreateConsoleLogger();
+```
 
-## Troubleshooting Azure Powershell Authenticaiton Issues
+All credentials can be configured with diagnostic options, in the same way as other clients in the SDK.
+
+``` c#
+DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
+{
+    Diagnostics =
+    {
+        LoggedHeaderNames = { "x-ms-request-id" },
+        LoggedQueryParameters = { "api-version" },
+        IsLoggingContentEnabled = true
+    }
+};
+```
 
-### Credential Unavailable
+> CAUTION: Requests and responses in the Azure Identity library contain sensitive information. Precaution must be taken to protect logs when customizing the output to avoid compromising account security.
+
+## Troubleshooting `DefaultAzureCredential` Authentication Issues
+
+| Error |Description| Mitigation |
+|---|---|---|
+|`CredentialUnavailableException` raised with message. "DefaultAzureCredential failed to retrieve a token from the included credentials."|All credentials in the `DefaultAzureCredential` chain failed to retrieve a token, each throwing a `CredentialUnavailableException` themselves|<ul><li>[Enable logging](#enabling-and-configuring-logging) to verify the credentials being tried, and get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshooting-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshooting-managedidentitycredential-authentication-issues)</li><li>[VisualStudioCodeCredential](#troubleshooting-visualstudiocodecredential-authentication-issues)</li><li>[VisualStudioCredential](#troubleshooting-visualstudiocredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshooting-azureclicredential-authentication-issues)</li><li>[AzurePowershellCredential](#troubleshooting-azurepowershellcredential-authentication-issues)</li></ul>|
+|`RequestFailedExcpetion` raised from the client with a status code of 401 or 403|Authentication succeeded but the authorizing Azure service responded with a 401 (Authenticate), or 403 (Forbidden) status code. This can often be caused by the `DefaultAzureCredential` authenticating an account other than the intended.|<ul><li>[Enable logging](#enabling-and-configuring-logging) to determine which credential in the chain returned the authenticating token.</li><li>In the case a credential other than the expected is returning a token, bypass this by either signing out of the corresponding development tool, or excluding the credential with the ExcludeXXXCredential property in the `DefaultAzureCredentialOptions`</li></ul>|
+
+## Troubleshooting `EnvironmentCredential` Authentication Issues
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|Environment variables aren't fully configured.|A valid combination of environment variables wasn't set.|Ensure the appropriate environment variables are set prior to application startup for the intended authentication method.<p/>  <ul><li>To authenticate a service principal using a client secret, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_SECRET` are properly set.</li><li>To authenticate a service principal using a certificate, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_CERTIFICATE_PATH` are properly set.</li><li>To authenticate a user using a password, ensure the variables `AZURE_USERNAME` and `AZURE_PASSWORD` are properly set.</li><ul>|
+
+## Troubleshooting `ClientSecretCredential` Authentication Issues
+`AuthenticationFailedException`
+  | Error Code | Issue | Mitigation |
+  |---|---|---|
+  |AADSTS7000215|An invalid client secret was provided.|Ensure the `clientSecret` provided when constructing the credential is valid. If unsure create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+  |AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).| 
+  |AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the specified `clientId` and `tenantId` are correct for your application registration.  For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
+
+## Troubleshooting `ClientCertificateCredential` Authentication Issues
+`AuthenticationFailedException`
+  | Error Code | Description | Mitigation |
+  |---|---|---|
+  |AADSTS700016|The specified application wasn’t found in the specified tenant.| Ensure the specified `clientId` and `tenantId` are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](ttps://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).
+
+
+## Troubleshooting `UsernamePasswordCredential` Authentication Issues
+`AuthenticationFailedException`
+| Error Code | Issue | Mitigation |
+|---|---|---|
+|AADSTS50126|The provided username or password is invalid|Ensure the `username` and `password` provided when constructing the credential are valid.|
+||||
+## Troubleshooting `ManagedIdentityCredential` Authentication Issues
+
+The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts that provide managed identity. Configuring the managed identity and troubleshooting failures varies from hosts. The below table lists the Azure hosts that can be assigned a managed identity, and are supported by the `ManagedIdentityCredential`.
+
+|Host Environment| | |
+|---|---|---|
+|Azure Virtual Machines and Scale Sets|[Configuration](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)|[Troubleshooting](#azure-virtual-machine-managed-identity)|
+|Azure App Service and Azure Functions|[Configuration](https://docs.microsoft.com/azure/app-service/overview-managed-identity)|[Troubleshooting](#azure-app-service-and-azure-functions-managed-identity)|
+|Azure Kubernetes Service|[Configuration]()|[Troubleshooting]()|
+|Azure Arc|[Configuration]()|[Troubleshooting]()|
+|Azure Service Fabric|[Configuration]()|[Troubleshooting]()|
+### Azure Virtual Machine Managed Identity
+
+`CredentialUnavailableException`
+
+| Error Message |Description| Mitigation |
+|---|---|---|
+|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified `clientId` is correct.<p/><p/>If using a system assigned identity, make sure it has been enabled properly. Instructions to enable the system assigned identity on an Azure VM can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
+|The request failed due to a gateway error.|The request to the IMDS endpoint failed due to a gateway error, 502 or 504 status code.|Calls via proxy or gateway aren’t supported by IMDS. Disable proxies or gateways running on the VM for calls to the IMDS endpoint `http://169.254.169.254/`|
+|No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|<ul><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
+|Multiple attempts failed to obtain a token from the managed identity endpoint.|Retries to retrieve a token from the IMDS endpoint have been exhausted.|<ul><li>Refer to inner exception messages for more details on specific failures. If the data has been truncated, more detail can be obtained by [collecting logs](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#logging).</li><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
+
+#### __Verifying IMDS is available on the VM__
+
+If you have access to the VM, you can verify the manged identity endpoint is available via the command line using curl. 
+
+```bash
+curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://management.core.windows.net&api-version=2018-02-01' -H "Metadata: true"
+```
+> Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
+### Azure App Service and Azure Functions Managed Identity
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|ManagedIdentityCredential authentication unavailable.|The environment variables configured by the App Services host weren’t present.|<ul><li>Ensure the managed identity has been properly configured on the App Service. Instructions for configuring the managed identity can be found [here](https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet).</li><li>Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verifying-the-app-service-managed-identity-endpoint-is-available) for instructions.</li></ul>|
+
+#### __Verifying the App Service managed identity endpoint is available__
+
+If you have access to SSH into the App Service, you can verify managed identity is available in the environment. First ensure the environment variables `MSI_ENDPOINT` and `MSI_SECRET` have been set in the environment. Then you can verify the managed identity endpoint is available using curl.
+```bash
+curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://management.core.windows.net&api-version=2018-02-01' -H "Metadata: true"
+```
+> Note that the output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
+
+## Troubleshooting `VisualStudioCodeCredential` Authentication Issues
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|Failed To Read VS Code Credentials<p/><p/>OR<p/>Authenticate via Azure Tools plugin in VS Code.|No Azure account information was found in the VS Code configuration.|<ul><li>Ensure the [Azure Account plugin](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) is properly installed</li><li>Use **View > Command Palette** to execute the **Azure: Sign In** command. This command opens a browser window and displays a page that allows you to sign in to Azure.</li><li>If you already had the Azure Account extension installed and had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
+|MSAL Interaction Required Error|The `VisualStudioCodeCredential` was able to read the cached credentials from the cache but the cached token is likely expired.|Log into the Azure Account extension via **View > Command Palette** to execute the **Azure: Sign In** command in the VS Code IDE.|
+## Troubleshooting `AzureCliCredential` Authentication Issues
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|Azure CLI not installed|The Azure CLI isn’t installed or couldn’t be found.|<ul><li>Ensure the Azure CLI is properly installed. Installation instructions can be found [here](https://docs.microsoft.com/cli/azure/install-azure-cli).</li><li>Validate the installation location has been added to the `PATH` environment variable.</li></ul>|
+|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|<ul><li>Log into the Azure CLI using the `az login` command. More information on authentication in the Azure CLI can be found [here](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli).</li><li>Validate that the Azure CLI can obtain tokens. See [below](#verifying-the-azure-cli-can-obtain-tokens) for instructions.</li></ul>|
+#### __Verifying the Azure CLI can obtain tokens__
+You can manually verify that the Azure CLI is properly authenticated, and can obtain tokens. First use the `account` command to verify the account which is currently logged in to the Azure CLI. 
+
+```bash
+az account show
+```
 
-#### Powershell not installed.
+Once you've verified the Azure CLI is using correct account, you can validate that it’s able to obtain tokens for this account.
 
-The `AzurePowerShellCredential` utilizes the locally installed `Powershell` command line tool to fetch an access token. Please ensure it is installed on your
-platform by following the instructions [here](https://docs.microsoft.com/powershell/scripting/install/installing-powershell) and then run the
-credential again.
+```bash
+az account get-access-token --output json --resource https://management.core.windows.net
+```
+>Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
 
-#### Azure Az Module Not Installed.
+<a name="TroubleshootAzurePowerShellCredential"></a>
+## Troubleshooting `AzurePowershellCredential` Authentication Issues
 
-The `AzurePowerShellCredential` failed to execute as Azure az module is not installed. To use Azure Powershell credential, the Azure az module needs to be
-installed, please follow the instructions [here](https://docs.microsoft.com/powershell/azure/install-az-ps)
-to install it for your platform and then try running the credential again.
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|PowerShell isn’t installed.|No local installation of PowerShell was found.|Ensure that PowerShell is properly installed on the machine. Instructions for installing PowerShell can be found [here](tps://docs.microsoft.com/powershell/scripting/install/installing-powershell).|
+|Az.Account module >= 2.2.0 isn’t installed.|The Az.Account module needed for authentication in Azure PowerShell isn’t installed.|Install the latest Az.Account module. Installation instructions can be found [here](https://docs.microsoft.com/powershell/azure/install-az-ps).|
+|Please run 'Connect-AzAccount' to set up account.|No account is currently logged into Azure PowerShell.|<ul><li>Login to Azure PowerShell using the Connect-AzAccount command. More instructions for authenticating Azure PowerShell can be found [here](https://docs.microsoft.com/powershell/azure/authenticate-azureps)</li><li>Validate that Azure PowerShell can obtain tokens. See [below](#verifying-azure-powershell-can-obtain-tokens) for instructions.</li></ul>|
 
-#### Azure account not logged in.
+#### __Verifying Azure PowerShell can obtain tokens__
+You can manually verify that Azure PowerShell is properly authenticated, and can obtain tokens. First use the `Get-AzContext` command to verify the account which is currently logged in to the Azure CLI. 
 
-The `AzurePowerShellCredential` utilizes the current logged in Azure user in Azure Powershell to fetch an access token. You need to login to your account in Azure
-Powershell via `Connect-AzAccount` command. You can further read instructions
-to [Sign in with Azure Powershell](https://docs.microsoft.com/powershell/azure/authenticate-azureps). Once logged in try running the credential again.
+```
+PS C:\> Get-AzContext
 
-#### Deserialization error.
+Name                                     Account             SubscriptionName    Environment         TenantId
+----                                     -------             ----------------    -----------         --------
+Subscription1 (xxxxxxxx-xxxx-xxxx-xxx... test@outlook.com    Subscription1       AzureCloud          xxxxxxxx-x...
+```
 
-The `AzurePowerShellCredential` was able to retrieve a response from the Azure Powershell when attempting to get an access token but failed to parse that response.
-In your local powershell window, run the following command to ensure that Azure PowerShell is returning an access token in correct format.
+Once you've verified Azure PowerShell is using correct account, you can validate that it’s able to obtain tokens for this account.
 
-```pwsh
-Get-AzAccessToken -ResourceUrl "<Scopes-Url>"
+```bash
+Get-AzAccessToken -ResourceUrl "https://management.core.windows.net"
 ```
-
-In the event above command is not working properly, follow the instructions to resolve the Azure Powershell issue being faced and then try running the credential
-again.
+>Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
\ No newline at end of file

From 4a5269454a25978b1aa801647ef9ee7a34031f80 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 09:41:18 -0800
Subject: [PATCH 02/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 34f1ba58aec7..39056744d23f 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -24,7 +24,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 ## Handling Azure Identity Exceptions
 
 ### AuthenticationFailedException
-Errors arising from authentication can be raised on any service client method that makes a request to the service. This is because the first time the token is requested from the credential is on the first call to the service, and any subsequent calls might need to refresh the token. 
+Exceptions arising from authentication errors can be raised on any service client method that makes a request to the service. This is because the the token is requested from the credential on the first call to the service and on any subsequent than need to refresh the token. 
 
 In order to distinguish these failures from failures in the service client Azure Identity classes raise the `AuthenticationFailedException` with details to the source of the error in the exception message as well as possibly the error message. Depending on the application, these errors may or may not be recoverable.
 

From c30af7433d58eeb05aee7bd7e3fa22e8d376b79f Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 09:41:34 -0800
Subject: [PATCH 03/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 39056744d23f..137f8ed28a89 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -26,7 +26,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 ### AuthenticationFailedException
 Exceptions arising from authentication errors can be raised on any service client method that makes a request to the service. This is because the the token is requested from the credential on the first call to the service and on any subsequent than need to refresh the token. 
 
-In order to distinguish these failures from failures in the service client Azure Identity classes raise the `AuthenticationFailedException` with details to the source of the error in the exception message as well as possibly the error message. Depending on the application, these errors may or may not be recoverable.
+To distinguish these failures from failures in the service client, Azure Identity classes raise the `AuthenticationFailedException` with details describing the source of the error in the exception message and possibly the error message. Depending on the application, these errors may or may not be recoverable.
 
 ``` c#
 using Azure.Identity;

From 6f3ff17d459c5e268e9e0653c9a7f4fe270816ea Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 09:41:50 -0800
Subject: [PATCH 04/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 137f8ed28a89..594914600275 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -50,7 +50,7 @@ The `CredentialUnavailableExcpetion` is a special exception type derived from `A
 
 ## Finding Relevant Information in Exception Messages
 
-AuthenticationFailedException is thrown when unexpected errors occurred when a credential is authenticating. This can include errors received from requests to the AAD STS and often contains information helpful to diagnosis. Consider the following `AuthenticationFailedException` message.
+`AuthenticationFailedException` is thrown when unexpected errors occurred while a credential is authenticating. This can include errors received from requests to the AAD STS and often contains information helpful to diagnosis. Consider the following `AuthenticationFailedException` message.
 
 ![AuthenticationFailedException Message Example](./images/AuthFailedErrorMessageExample.png)
 

From 9a00bdcc78866fb8c198932eaebc8ccd87b840a4 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 09:43:30 -0800
Subject: [PATCH 05/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 594914600275..d9133001209b 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -100,7 +100,7 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
-|Environment variables aren't fully configured.|A valid combination of environment variables wasn't set.|Ensure the appropriate environment variables are set prior to application startup for the intended authentication method.<p/>  <ul><li>To authenticate a service principal using a client secret, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_SECRET` are properly set.</li><li>To authenticate a service principal using a certificate, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_CERTIFICATE_PATH` are properly set.</li><li>To authenticate a user using a password, ensure the variables `AZURE_USERNAME` and `AZURE_PASSWORD` are properly set.</li><ul>|
+|Environment variables aren't fully configured.|A valid combination of environment variables wasn't set.|Ensure the appropriate environment variables are set **prior to application startup** for the intended authentication method.<p/>  <ul><li>To authenticate a service principal using a client secret, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_SECRET` are properly set.</li><li>To authenticate a service principal using a certificate, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_CERTIFICATE_PATH` are properly set.</li><li>To authenticate a user using a password, ensure the variables `AZURE_USERNAME` and `AZURE_PASSWORD` are properly set.</li><ul>|
 
 ## Troubleshooting `ClientSecretCredential` Authentication Issues
 `AuthenticationFailedException`

From 48017abf965dc3445c600fe29870c6ef181f5fa9 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 09:43:51 -0800
Subject: [PATCH 06/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index d9133001209b..ed06d9591df3 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -106,7 +106,7 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 `AuthenticationFailedException`
   | Error Code | Issue | Mitigation |
   |---|---|---|
-  |AADSTS7000215|An invalid client secret was provided.|Ensure the `clientSecret` provided when constructing the credential is valid. If unsure create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+  |AADSTS7000215|An invalid client secret was provided.|Ensure the `clientSecret` provided when constructing the credential is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
   |AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).| 
   |AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the specified `clientId` and `tenantId` are correct for your application registration.  For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
 

From 34ceb381ae4c0b9bdac0000e5eff77760ebe9e97 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 09:44:07 -0800
Subject: [PATCH 07/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index ed06d9591df3..7221ad4334d5 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -201,7 +201,7 @@ az account get-access-token --output json --resource https://management.core.win
 |---|---|---|
 |PowerShell isn’t installed.|No local installation of PowerShell was found.|Ensure that PowerShell is properly installed on the machine. Instructions for installing PowerShell can be found [here](tps://docs.microsoft.com/powershell/scripting/install/installing-powershell).|
 |Az.Account module >= 2.2.0 isn’t installed.|The Az.Account module needed for authentication in Azure PowerShell isn’t installed.|Install the latest Az.Account module. Installation instructions can be found [here](https://docs.microsoft.com/powershell/azure/install-az-ps).|
-|Please run 'Connect-AzAccount' to set up account.|No account is currently logged into Azure PowerShell.|<ul><li>Login to Azure PowerShell using the Connect-AzAccount command. More instructions for authenticating Azure PowerShell can be found [here](https://docs.microsoft.com/powershell/azure/authenticate-azureps)</li><li>Validate that Azure PowerShell can obtain tokens. See [below](#verifying-azure-powershell-can-obtain-tokens) for instructions.</li></ul>|
+|Please run 'Connect-AzAccount' to set up account.|No account is currently logged into Azure PowerShell.|<ul><li>Login to Azure PowerShell using the `Connect-AzAccount` command. More instructions for authenticating Azure PowerShell can be found [here](https://docs.microsoft.com/powershell/azure/authenticate-azureps)</li><li>Validate that Azure PowerShell can obtain tokens. See [below](#verifying-azure-powershell-can-obtain-tokens) for instructions.</li></ul>|
 
 #### __Verifying Azure PowerShell can obtain tokens__
 You can manually verify that Azure PowerShell is properly authenticated, and can obtain tokens. First use the `Get-AzContext` command to verify the account which is currently logged in to the Azure CLI. 

From 6a2b40b005f43ed4ae2993619bd0e281311c57e8 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 10:00:40 -0800
Subject: [PATCH 08/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 7221ad4334d5..db8c4ae1a98b 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -140,7 +140,7 @@ The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts
 
 | Error Message |Description| Mitigation |
 |---|---|---|
-|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified `clientId` is correct.<p/><p/>If using a system assigned identity, make sure it has been enabled properly. Instructions to enable the system assigned identity on an Azure VM can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
+|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a status code of 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified `clientId` is correct.<p/><p/>If using a system assigned identity, make sure it has been enabled properly. Instructions to enable the system assigned identity on an Azure VM can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
 |The request failed due to a gateway error.|The request to the IMDS endpoint failed due to a gateway error, 502 or 504 status code.|Calls via proxy or gateway aren’t supported by IMDS. Disable proxies or gateways running on the VM for calls to the IMDS endpoint `http://169.254.169.254/`|
 |No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|<ul><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
 |Multiple attempts failed to obtain a token from the managed identity endpoint.|Retries to retrieve a token from the IMDS endpoint have been exhausted.|<ul><li>Refer to inner exception messages for more details on specific failures. If the data has been truncated, more detail can be obtained by [collecting logs](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#logging).</li><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|

From db5c8974bd95ae2278ad2e245ba116fad200cbcf Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 15:40:50 -0800
Subject: [PATCH 09/23] fb

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md  |  16 +++++++++++++++-
 .../images/AuthFailedErrorMessageExample.png    | Bin 0 -> 72258 bytes
 2 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 sdk/identity/Azure.Identity/images/AuthFailedErrorMessageExample.png

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index db8c4ae1a98b..1bf1c5ad0c28 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -131,7 +131,7 @@ The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts
 |---|---|---|
 |Azure Virtual Machines and Scale Sets|[Configuration](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)|[Troubleshooting](#azure-virtual-machine-managed-identity)|
 |Azure App Service and Azure Functions|[Configuration](https://docs.microsoft.com/azure/app-service/overview-managed-identity)|[Troubleshooting](#azure-app-service-and-azure-functions-managed-identity)|
-|Azure Kubernetes Service|[Configuration]()|[Troubleshooting]()|
+|Azure Kubernetes Service|[Configuration](https://azure.github.io/aad-pod-identity/docs/)|[Troubleshooting](#azure-kubernetes-service-managed-identity)|
 |Azure Arc|[Configuration]()|[Troubleshooting]()|
 |Azure Service Fabric|[Configuration]()|[Troubleshooting]()|
 ### Azure Virtual Machine Managed Identity
@@ -167,12 +167,26 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
 ```
 > Note that the output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
 
+### Azure Kubernetes Service Managed Identity 
+#### Pod Identity For Kubernetes
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|No Managed Identity endpoint found|The application attempted to authenticate before an identity was assigned to its pod|Verify the pod is labeled correctly. This also occurs when a correctly labeled pod authenticates before the identity is ready. To prevent initialization races, configure NMI to set the Retry-After header in its responses (see [Pod Identity documentation](https://azure.github.io/aad-pod-identity/docs/configure/feature_flags/#set-retry-after-header-in-nmi-response)).
+
 ## Troubleshooting `VisualStudioCodeCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
 |Failed To Read VS Code Credentials<p/><p/>OR<p/>Authenticate via Azure Tools plugin in VS Code.|No Azure account information was found in the VS Code configuration.|<ul><li>Ensure the [Azure Account plugin](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) is properly installed</li><li>Use **View > Command Palette** to execute the **Azure: Sign In** command. This command opens a browser window and displays a page that allows you to sign in to Azure.</li><li>If you already had the Azure Account extension installed and had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
 |MSAL Interaction Required Error|The `VisualStudioCodeCredential` was able to read the cached credentials from the cache but the cached token is likely expired.|Log into the Azure Account extension via **View > Command Palette** to execute the **Azure: Sign In** command in the VS Code IDE.|
+
+## Troubleshooting `VisualStudioCredential` Authentication Issues
+`CredentialUnavailableException`
+| Error Message |Description| Mitigation |
+|---|---|---|
+|Failed To Read Credentials<p/><p/>OR<p/>Authenticate via Azure Service Authentication.|The `VisualStudioCredential` failed retrieve a token from the Visual Studio authentication utility `Microsoft.Asal.TokenService.exe`.|<ul><li>In Visual Studio select the `Tools > Options` menu to launch the Options dialog.</li><li>Navigate to the `Azure Service Authentication` options to sign in with your Azure Active Directory account.</li><li>If you already had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
+
 ## Troubleshooting `AzureCliCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
diff --git a/sdk/identity/Azure.Identity/images/AuthFailedErrorMessageExample.png b/sdk/identity/Azure.Identity/images/AuthFailedErrorMessageExample.png
new file mode 100644
index 0000000000000000000000000000000000000000..8d444bb9bfe6f11e635bdec99a45a10f1a127d44
GIT binary patch
literal 72258
zcmd?RXIN89^e(Ok1(BwrbO?$B5u{3Q0t(U<q?ZVYi1bb%MWv}!={<UA(tC%{I|ii~
zdT1fiYe)zXZuFe<``@qs``mB$1N(U<d+*t6)~s1;&3fPA!xMc?hRYn6&z(ERp!N8n
z;kk1cJkFi_%jFU^<(I_DXO!!?^WKJ<YUfH(T&tAE1xHmq)pO@6V(3n6FH+jH9*@nv
z&z)oJ{QY;n*Zu2@bLY--wH~TI3$WQ}2`c9A_N|+3-UWb}J=q^<->-Pz{pQ65mM)(1
zZW@yZ@7f;-3v)8D3N7Ba#OCsa*yC`{mM)kbWGATo`~gtaWQa}ug`M~t)xSd9`(}zO
z*xvE8(cBEV?l3goaJL_FylTCk;k)+Cm@wBwm`vUe%8|FuZz^njJzlt0SW{F)n4HeO
zrgrIO$dx}Aqro#;&Hox|m&9}X-thf<i_*gWKiBHI?D<U!{p@(7%D{L2Elrr@EgA_m
z6I_P3zN}=E;!YctuenDnv0Jpm{9mQ9(X)Gm{IaDEPEgpa9##8#$Q86v;cFG$<2|fo
z3cx`2zmYDrlE%wewxZrT#+{JRt)*^Fo3)M2CVqQiSFs-ivMzlwp^pDy>E2=t5cnX|
z{1g;i>5ML&FDmrMKxK$Y_7d)17-El%8vQ?C?0T(6&2=*{AX}SNks_u}w44q66dxLt
z{?_r@^X7IB@73I76P2TWgN{k0)fV!2YpsjffZlP1Ir15srr1bVKqn`j|KBN&e?aMq
zi&NU=>*3aHQ<u`gclCwWK|jktt;;F)n^QI8X;RLw&%%`tzK~>T#pY5foR)f`#wm}k
zS9;Gh`mU?-;BHv1#!D=lxA0P}Ia>u}PFL7#$~IXEl+`bO^mz1-nN_64p4WUYzB42_
zJQnX7&Cf{r&RUer+}F;zfTgH~je)&jz{&IWfZ&QZXZ@@m&C78*Yl@{NUs=~^*i)?j
z71b{H6Qz^$ZS|j~_<(a6KM&iSrb5u$Z#&77J+|T8wI0!W9`}@H9Fna~TKAT3a-%FQ
zD)yavXTZ43c2nbI5DdJNyP%u|JYMuLIN2@I+!$Tlj|5D1n<4LURo>gIQ*WSk-)ql3
z{8e$k#BJk-U{m-wt0w9Q-6NdQFI;z2jh)4XdPN7ta1_}OT(xi1$~u>7IroX%p@JBq
zHLhjJPWR93n549*y>GdHaVCs`vm+JjGF9z#(`w^qv3Zq0VQcp03wfmzzqyGD``(U*
zdzQ5!RS~;d=##l4AHv3DJcFa#`p=S^2VRhRAOyA)#DUDHm~IApUm71KP?R0FFvMVp
z+MKQnkBtELh2j)fH)k3o!Q74#I^&$ao1HzV<oLjv{k}2=8<Y+8{Qi<J3P)>w5x$LI
zM~f0$_PsbC_WZN(-zPp2@(A%Lzt(BOow8qK8W@i&l=<KQ1U1b)Y*8Mb6O2*Zd%U@Q
zZN$MKZLX`)uQs3YsM`28VJ>L9WA5HYrW&%=b=u^NNx^@s7!<t5vDM%-nn!}oP?`O(
zEi$ilnKT6PVM2n_-5LvQ8vgR1@ziYTWhDA|9aCHT&-xAyXhG-@7D^8TO5;Tq?g271
z-82DEA81yf6cK>FT_xrGbIjp3QxYqxy`*l=0?^xjk=5!71j^1~bB0pfADXueK`&1X
zzi$pa-SOho_@6PUQf%46Yw%v(7$*k;Mp|9aHHL231L%;2fybM5!DR|5vi8^Ietiyp
z?SDAw7%min$f-TH3z1z2VSe2T_g!~XIX2(%r6Z^V-`u>g;alvx{_~zotqyWnVY_*X
z>E)|{gCCmfd@~-M4ERqzUg;X?PcQIACdMl{=>pj}7ELGL90<de0oh~8o7NB6PhqOP
z-2PUZGJJiqpWVJa>0<4O+=daF@SmJ*G#MggUMAdPkR0HZkt}2ovj2Bs6DbyciAICg
z@~tfj*s{UUK?cH@GCbinoJ*R_$J?!N=nHJbrqLonT5hk8FSyK7U-@Wx-m=RCBld$(
zl+v6r<Y8wkew*l(H?TnfwfD`BBKHP_IujpdC*?=chrd;{y|f$DZI;>-RdQPmwecy$
zZAxQoE&%rd-^NLGq)56W!SauNL;@&2?G<epC$LgTO3QsPUm0HzdV`%!JH-PLwAFw=
zW7Bluf5d1q$R<?L*g>zakxZQgCCthYd+0QnUwpgF7I{bLTPUjy8^qZ6?35r1h8AwF
zdv%sRun_!joh03&ioSBMt=v|KYa%{OOQFbnLg2-S7#Nqx9Vz=VvVHh&)Xe&0o&kHv
z={krBxloSw>eFnF>(5|k6BecxH;H9Cl#ju^=Zn6C>^}7}MA;;A$Y74=2=B@)Dh1*&
zI*u7T7V-Tt<0j<snhbiIfQ8Wc_5GbrCK?b3ISTww<AyKVuKs<ITys^qbLav`b|=L=
zZ=m!U)0+{2YX#$jqODd2m6M3jQ>Uq7H(RN2j8Uk;<MgYc5_Y`vQeUKtyiaTdo84Z9
zv5(kGzB&_h+jA}li+C`(Kasc-&aT-P1Ai1L3*k|~n{U=~d9<BxN5iE)Lh|XgdMM8R
z2E-UoCbYIHU)x^IN0golwX;&<3hDhW$|N-Rg`*V|KaL-``2hAZw%T-}=iYx3zoJCs
zhjal9{U&u2WL_EoWTzvqEPh!XKzai0A}$i{wg2jX-O&qUjeHuTbU5+uYPiHx6Cu7b
z`x>a;CHvSC`UPLf#dyY5>%i4q9ccnSj4yswyqC*}lSP<;2?V*N=oBj;B;ZMG9KVy{
z`_r5vGD8$(Ke3RDtn&mYv>4^RznEgAFXx~N>&aI+U7gqQ?qPQv1J{^t%qw7y^mn36
z|67kgemi|0>8poA;&uVpt}>73i>PGiMh0fOJ5otmiJpI6V3rc+7?3MOkG`AX7ch%9
zw;Qw+G*~0$1u}g`;!G0^cP!|`n3W^8q6C%`_jU`}Y`u=8%(~m1E!qBp$R~uOy_#?K
z(QDe|5s#MZN|txAb&7G({WSGVgky?k0jL}YhK3XSUw?0~WGy|_<TgGwa=Mz;NI2r%
zZq~o3>{5tI+gTWTz#3fqDfBIucA3oSCWgFOxieOT;d8q3pP`y0K@azkp;zpH?PA`<
zg>bYGP>h#|wh6#?o9J~h`-%geU~1EP;J}%ADe2>P2|f@01ikl@8Wb0sVrv80?dC7r
zBq}+cyk>>Uy;80?jd^2Q_-|0#kD!-T8xn)L^VlTs1)+9ScI0(e$2r8)pXXG4ivV}`
z+u;Ar)rJHl<}ZmamCG13JJRkv`r<lWI}XaewjX}Bm<auJx94#8d`ZVY&)U`g;F0~`
zGQ4P$`Tt4x)O6)2{rsD{T>1aiB3(|rVt4mwz!Yf+C~G;KT2tBv8*H-v8&SqTQbzK=
zU@7K|7*hl%hQrNvR1PQXYe4^g%tR<KRQr;+Z$Q)D8F~AR8u3s1sa9-5S%PZ1+;eZT
zAHDleXo_pFyS!WER{fXezpwv!=;qw3eU-C)m3D!D)mOwy@l#ifdf{XooEl_&iiV$>
z?$G}0P1hb#;z8HgZaU@!NK7Jy{_{b*n%|DcZY^N{n@q5K!T%@T@y57-4W+X#inlk~
zY&|0{v?{x|p8C~bV8@|n|0N;#FE@S<(~c6$+v^^$W&Ae^;2!~R3@Z_=cJ9T=|BryQ
ze+2A~H&AAWMC73UlkN52o=h3=qhxpil9C#lP?oWWEG6w;T3ShWx7lO&BxYicGS}!p
zL^Zr+E8cP;@`_qyxKhyJv)}KqlbL@jDusuGK{lKx@D<+R?7(0_<z|Q(d$in2%3AB$
zachxvlV7N$+NBDK->Y~$26m9W^GD@fK2IQ_Ytaf@vAY_V#IGWczPXzqj)ojN;FO2G
zW+*A=IOq%y3jb%sdBKa9xnOTe$CN&&h8>}28^h${L%N$?_4D{p22SZ`@I3*z;n~>|
z;H*Ay`IBa0Fr)leGDWF97gek%HsW0K`xdc-?eXt<wBxwL;Q=G~!|O<O@Z-9vvk@Ip
z<8W?2vwy58MaBkpgk7UJ>9W&}7JS(msq7!~vE%4Ns^L%eheg@k$vaGEPkK0i&+(8{
zq%Yh4IeXq7wLgY4s`m5E{%`xE<a_V~P55=lpP%<50Q<y>*xxhNmDA7R;kP}<4Kc29
zn{Ax`M~|SBl-`)oKQj!}qjWJKRCWPDv1W?MX52*a7y#X$Y12(BK95739U+3t3Snmi
zxC-&lD=VxjE4%hLe+%?pYjohveo!kR=pPFeZ>7BbPe&=hO6m;E$%+g`w%?KbA1fUa
zg$*tB{v&-n(7El106!y85`T&t!Z0fT>GBABM#h|RLUjK3$9@lT-cmm0>TelSOiyA=
z{#n#^X|HPj(xjL@MVMl0%COE-{$%>%P8KC?KZKtB84|;*i_yQ8k(UTPJiJ8a->4c^
zrbv~_`}^({?_N{nULuK@MQF}%q)ec5>;EY3&v5@-x_n}xl-2zEGk-3+H2<eg<^Rrm
z#~YhhPt-jehfiCProSb!TOsNXpPFNYeoH9c{qKnXkv)Nr;sE}Un_?0Fms*m>)EQJv
z#f8wrg2HJxI)M-~el9;V5MfwOAmfS-Wxq(;YhOT^j?sKfTr_PhEF2WE9FvO{`f=tF
zqjl)3LTq3ArIVKm!Y6E3X6<oL7&SrzZ?x}nDV<Pces7|icpmpn=D4>GvjtF+Zdcl@
z_E38-M{z>r-I6*|uepQO=E1CgaDF&pm@`+|W3DaWP3dPzHs+V1=HKdYlpSXwe!Xbz
zrzNXz^wO+9;WYa>^)-4mCdDiI^2IUf&p?E=qV`eytm8N*ELsU`i7`T21`QBiK2eVL
zSHLP1qwB>sGV;!Y_^L#N#(lFuCyT6f8Yp+j66Zp(8N<nE0<YB4AyolQff+vX+nY|_
zXuvbJF1$~<UoX!z;6!=%;ia)_9n%*G0xGKj$IJvs0L;^do|^R5M*NF}`JyH=4mThk
zv-vENDU#+5s+k;!QK1`pjZ~r(FkaP9Hr5m#Zj}@&1r@%Yt|d1-t=~tHKOOjQt{t07
z8XU-Lw2p+FnMx846Nc$!C{owe<wJr32kP$K0qjk3^W0YX5uDRkJgDt!O`U3H3I3hJ
zXPa@)u=C`Morx$te)JB-ARDQdqKF7`J3}jS-tMRxKBQ?C$eNHb*%5lqsW1Db@Mp>T
zv5d<vKt4m{MK;DXlk-L|>CFX?c1{)*_nd{&!GD*~Gr&$YV!jI;+>NAqy~78J&rceN
z31jEbDLWieQ^>qfgvE<yyDH387r-An{w&=*7NBj^L;k>D8%^4_CH{yZX__opd1+zb
z-&Hq{=dQ6@eOD<pH!{}b9w(H&+-h7e4b@`PB!j-4+_?iN@(`gN@PA@(v~i=5IglyN
zcR{t%_J+#iSQ?5diX8q-5&MhEu;}XEegT9PpxedU(*3h-&&f5`5E?-|Jb@?YmTEpV
zmx+Q{YVC*nr{b+!n-f3$i6t>TW}dy=P&lUztl>;(L7gd-*+^sBVF7XKf{DG@_YRO5
z`|WTuf|+W$S2U+6N;T=H<kgpZwklI%)Dx8sPtmbO$+$$*!&5uiq3;t1uZOGaMzzW<
zY|bR6YL_hCR@X1fd;j{fuzW#$_D}<V{rAWNNUP+l*?MR(%tK}O=BLK_2p;`XJG0B%
z3ve4gixNfd1g31g=;WZNh(tN2l0}++%P&+l_R;3aiEHx1KQsZe>zbIaSnuu|rXf{!
zNni!~`$Jz5RGs(m`lpCenu5pQQ_qLfN|jZx>3&{~IeHrkTJa>x^<Ge5n>D>r%vOPJ
z7N6s#qi*U8JM8Z|XHSJb#IyqRg~KbhAF<xkuNE5<OI<vA*%)TkqDV;|4xA(mKe)A-
z*;C>57FaKm;goRq`s{U%)8eh)Yg8hW-NS6*`LKh@)O8c+Pv(vMtinPA=-mu6{*%4r
z_R-Fy)ZU$lQg*+G942m)ck`k+kHgZqfCeVG-~LLdo3ec}1%UOIbwDJ;O&SH!KaNW*
zNORFWuym@)+p#7&$D_ql8|ud9=yU*_9xTNJ*YHx&yHeY=u0@A#6Xhu^(Pwgq%P~tZ
z<;~fqqLy@N;~;eLDgxIhHL$vL<b~t%yr&2*-?!aHe#yWxnOg=@bW!t+Yuk?fQ?Hd3
zo#W9X6Cmpr`{0E-drgoH3u7G&s<M@(q|?cGS3Sd^P7iG4HiP|WU5I)dalgS0*JsLw
z<|547%#3!#vm*2dx*ck~%sBECJlQX~+j>R&K)7^dlw;JXmk}oca`UpLaeUy~^4!Wi
zt_2zQElekx8-_|GQ42BI8lgRH!l6xv5-2$Uk0b8W#WQyd(hM#;DgzL}npl{IIrZj&
z_$TuQRC&A_)vV)GL?t8Qg%k(`TO$;K#&s`h$;LCiPX5j+*Dizvq(U%a)nyjz`Edvp
zIY%s4Zb_i^j+dmPZ>Ko&rHJu1uqlq57J=}zag?1p>aIqPdP8g7F>_7mG?F~ocCsai
z&;hM=o3%hp*LyB?$d$$nL~|>w-M`l=OU6MMx0=BFD_JgR(XMvaiSjQfT$WOhS|9dG
zSh)#LQ)_MoC8@|lxmzUlQ0gNr9m_MQOa=8{kK{acRY{h$F6Jg-3H#s*pHHTYd$yh>
z8Cho3%bm*xM<rY{$zn5-D1kG+d^4Jp7H<($P<%1{+8Z$&(_*AHN$m(iT27TsV$>`>
zB5{V~ounh<Ob2E5maMc*^|owQOi<5wHpvxMN_z6PIa7Q`55fwXYuiT#X3=ZoTaI|~
zSC~h0_mEcyuc{CRudZJPmk09AKC>DX0JWNcau3^Ev}670IP<AG$Bc#fI<C&)GRZgj
zgW!maebVY++Q>AKqcUo}P)p;1;`*qzTY}>kHl|1`jnD3FyHtM%s7bu9y8l=d`SboS
z`{ye(L4ukyW1mO&hJC4F4d<0`r*FoXo_V9F7d!)~6B^EY^h+^xG=SW^zTf6s?1}#?
zUO~c6;#%(qn$ZHWxu;uCU%ZOv<O&8WsC?!0Z)jdpba>p|d2|>*x}A65gH6!T6KYP&
z+$$OG7LZx};dOtv?{k87VrOZhRR)bWa&D>7$xHb(BO7Mq3C*Hdm9l%^1d5MS0paZl
zcfxrGI*BBMW^Vg9eD{mo58NJ3cfL#GisJNuDkWIWs7Uu;*0d3Z7$H6NPA@W=%dE;1
zax;{({2P$U*t9HeSs|S4bYbo{ab%ctp}&<r+>?JY-Vr0hx?lIItwQTk^xMty9N-oD
zq)jWQTNBhk*(8&JT<UEyS+4iRZ7JJxoWJ6wnSaTa$^n^R*Tz<m<Sai#!ig5z;8|M6
za5&=Ya=8|V2*0{$@H6f!fMy;nSG+vP?WDkCZgTm@o&L*H0}&)$TP!bhO<d+`)Zj>x
zAz7>J{;rhz+aJ$<n)y8^^kQF)(7t*dlj~>Pv6#O#?K7;pg&Ta_9LLq*{?W{IF~E~O
zjdXD>LX2mWX4$-B4{=$>#kyPKRz?iYS_H$7+g{yvfPU;PwKdz7=W4RDR*mOsjz8~6
z>LZwy{NnUDc|OeKL*ttihPaUG%yA$twj@ub0(>N0UJbf-Z*#0|xb#?+FZcnqKimD2
zH!<x#TmW=}inonPP9n$r3KzJdK4;0{o0KS(N`*LXI|^}LiGX|MxwL1_70;j<5iWcR
zJqZ~GWsAJGck&R8SjwD@uwRo$p|N**Iuh@)+HT0B4lXCBy~-ItoeDFo^>R*rKVOEZ
zIM0}TSI8@Jokufkkto}g^*VhnaV^$cc5Br)c@J!!v!!aYDNiN__FoM@_!L!Ux;H<V
zrHvj4jwnmr2Xjhov!J-}u7MwrLDq{9E;xrz_sD!oqg%Aky%M5D;cP6%j8U1%YDv-c
zdaDwZM;G2<4?UE)w`6T3ivc~MSx!DNo0D@y7sSXaFKjeo+08AEpd{I{QP<4wZ{t^S
zo=dNaa?+a!UrFohJ$2mCHd`w!`{<VQy}&D648W8mztIahA;WyD&*|-Ahk2*ZIJV*7
zm9$JpiT038Sy><_?An90xgA?Gw)9Ak+oBZ3A7Fuuel52xn+)zo4(H3f`$W^Ea&#99
zNDlT9)>T}%pwl_{rjnT{HErkv<%_(ax%%Y0d=pSFbX1-PQvZ@YxaPz{&O<Q!@6|LW
z&Dm=zKkICL8WZ46JuNNtslVdFC*CYghl<kq+TpL-6WXxzb1cAI=DCzr-#3jKb3g?Q
zYc;<=2qEyomgGjrDHh~=$cV_oqSxv64&-Cwg8Nk%9d}!<wh=UEdU1))$a}}Ip+R|5
z<qk`>jv$SKqKwEsQ8Z*q7UACcB1C9mJ5;5o)Li-Nww1M~au2R^oe6yCD(~wq&Yd9j
z^%L@ZFSS)YEUr^dhfnH`Fazo2^F68Ok)2&sHgJaIG`7i8PuK%akO6jBVKESFo-wA>
zvd^40qXbC_@WRrJ7idvM%XSfPkcNh&G~zsjR6vU8On6}x_XW^~TWgH6Ebs!)YIn!r
zZyNgzItwCL!nCxv(sHk^m!UbM$!T&Ci1@d1O{RrhdMKcopn6L3?j1aj0_iWE<PV;Z
z*+CKH%Tg^(>i(wC&YR)&NT@}DpUY8ZPN^9Oml68gQSH;lB#E&&rseqcLBr@;Cnsq=
z@{;phV#g6lYaD>ub6c>>+;N&;L~@~TBY=*c>1%gz8cs$0r{&I_zub${3y5>X5X&J@
zUD*@yit?bYcsmtYo)_;N#J(Q}`*8*Yv6UYmK)IqDjwNF2nsb4#V3q0G0!V|)5e61=
z8_J$+D&jiWVS_-!coxJNmvWS}#N+-}2AiJ+_q`<E3x-ArI0=4L2RVA$Ksf4w4UC1O
z4JYw2BT7aSIVz?<uPblMY0Lk}5&fQ%%<tutUh$kQ+x#-3ckJ{{W6gTOA@}-ar@Woh
zhuZG#;k)?N{VSY~^du{~CA{ZY<41>t5lPYD`fVC`OGvA!cC;Tu_+0Pi&)yh@%r|o$
z_xR5;HoAR&^aFe1$zR(x>j*I|?T{8#ugk5rUaM4BT2x_PR11TmOj$g?%kcE=KQv9p
zbwu&|uXhADyoXB)I~mvEAC)eGrR50J+gilC`B)`=oamWEK;Vpz(ayti_HtLojKy9R
z6x{Eyw29O^*VaJhcy@U$Pv#dT>tgDaMz8@AJd*}}Bv}E_fQ^bBgTIhgFA>^jB=r7K
zwO)n)_7?oA$VKq)j7B}J<%1rBd{TspTd`h(Pr38Na-$4w33#i4?8(7v;DY2v%QU_`
zf)W?VKT-s&8;(}UpZvPfboPC{lEcf#mDlq#t|=<{ZC=ibt|0$~+|Tsk_Sh-{F`OOj
zc-qDKzK%bn6Q$4M$tBxcMP`>o7q*hwQzK%8Ppf1uB3x<=2#m)^KLO;O@b>UIx$gDd
zd^jn;z3#r1<yH$}&PML|;^`C``BMnD_im4NYF6p|F1y`)ktqwVu&C5R7U12<AaemQ
zT)MNP{hf1$aIjV3uo{~@_onsGyA|X!quNX+tyA{<y#P35=bqO)&T~i-W&0<i44dIp
zOi&KDS){;p^c2iwx0{s$F%&Zvh=S^P*1n_7SLvKuXkAMz#gm)P?+t6P^D1n356++R
z>-IXe3Uyn5q0;PWFo0$!x6pcTZoj75_e}EDagY0SSEpFWKymlsrhzI4QYjDue^`IL
zT4+=Xx#Ad06Oa7^@z^7eXSaX$;#=C|wzC_Hg_b>Z78f92f@DWEqd5oq1c*zp_g)?h
zJkc}}N&(7ke>OHsIleQVz2jui?sFC+El1FowClf2zIUz#12zCgVoxQthu<aaQqP@{
z=U0F1na73tX~3)Pdq>)DW7}fAr<_g=9D;b@iUENS?eqAXx1p!@zc^XT4|ReLE8q89
zPnUmD0T0=(hD#$Z^4*B+ydp`zB+Tmjsxfs`=*~E9)PTkyhA)Ob>%unFedi#6FgyR@
zGkrr4be^hxl#dlYqq{bGq#oVcJ22^p+xOk5IJKYY!96lf**Bj|15W26g<tZoO%ked
zVcpXg#U5g1x0@*)2*13a^$;W<T`ONmRz8F59K3e{>fDK9ZtMWEa0W7^sPpl6-|4#W
zmlt#FHJITQ&TvICGN$Q#2;zB{n1{e{+qpCJ?t|NH^UBh5Yyc1LuBQ0Fl;U%Jf-<VE
zov`CgR>;!Z56OBXDK1I$dVu4J-ghy6%N&Le2Lh<J{i&8~dy;_PLFtb{6y!k%xGSfx
zgdZbOM&@t&8-1=MP4i33)zZ30cXsgZmPE^M{H`hDuc}|dk6<4vIB-cdFYHq0g&v7r
zroTOZoNcA@*ESt9hvXp}h`g7)&W8g8%)gy-=M8u46s2Re_IV1u-&kC<FTvzEmAdL`
z>TA8YG51^?T^qv?+-(N4Q%(U>MIWo?krR%TkC!ude`U8zo(tB!KGji$aJ)7=@qDaw
z!L)A}CVj%Z1NAO+S&4nS5ViCZ=K38Y_3|t4b^#={3S_n^yBTRHa+aOO{*$`<?0vxE
zht;5^`j^+U3d~P(US)`7so~gZ_971)b{eOpsu9y}>ztZQiXN*_$49JD86w{zN{Mn9
z3N|r(?)kaKl{A=juLD5lC+PZ$HeCpK?|YHi&?`j|lg8gm7<O@1HVf@)t7c2JLg&)(
zBt$R7h&dMMV)*9j*ZYD5V!yQ!*IC4dn2`FMLJy-I1ze{rLP{OoV&~qX=>;wcU7R@e
zSInSDQ*oB==BUwgZ-Kx^JXEln5i$ddsr&mtxA(bUD?U{UZ8h(sEQXx~a9KfaN)<g~
z@scLx1AV|@(?j`!P9~M+Bq&;_UGe4ZV=Z^yg>@M}t2z(s2Y^cPla9CTAHBTYzLQ@(
zX%tf=k#zb8xO`s`Yd0Ct1PmO$gWnbEv!fztk0-Lf0Y<U68Ja18v5BT@*)*NF(FN8-
z&l*>8`AjyCj=Lpkx~=lYw@o7Tu20bj?V5dJhNZ0g_GPzZJ&@Prx=Qve?kbCME$<)v
z4Ed!_Sr6i{blJ|NBAv@BS-RH`8f3BxO;f*Mq$jy$bk)En)`3nKvupq#OR9;rxVDhE
z;X%*ZxOndYsATO`hT`?n!$|f7t(tMwRE<+S^T(OX>}NuU1SFwlo-;BJ^vP&qEzLZ%
zKP2((hXzn$`-N>vy*XghaRg+MS$$26w&T?wd`hUq#klSEoszF9FU5o_7Kh3%+Zzrq
z$CF}AC!S|O)(Y~Inpc81Vpf%|>r+@96&zkuBMzJo&%hV^O%81PR54<_k<+nNaZiwZ
zGa+HHHXEjorY|SgjrzdPmO6_G$^0Tn;v(ts@lMgWSm_Uw4bAs6+I-?*dGYy)IM~kM
zXHyQF+!xOIKvT0xnWx07%Y{W9DoT`9{4CY3*SVqqFm<ixr~a2#9jt)g#<n;;8P9NL
zF<H;<-!S#&t*GztL{xcUkjsvX>}n2jH>85v)fb1#Jwi2KR=Rfbs`K`BvBmP<8}U!!
z7%)U*xUw{WT72ZNhqtBuF~%U%4P#>*bSQjpTU)&E?y%Tl76)+LM5(H<mHyqS^V8qJ
z!yc;*(40EHG~m`$7=<PwN1T%UB|31t)#SdT$0RLSWy}sVGO6~6?&pao*A~V1bRXdm
zt<S65KbL3ck8Kpah(0s@I8r1cPQ&H#U`LOp*{+iZz~(OPK4*m%{f<g`)$?R~L$5L)
zedIpd=xdvMz7cL%W<OXm$9@BNjD&edSNhPF-K}6^JZ1)~vqFc2**py;K5}CtruY8<
zqL0(-ybSApu6PvzYz=*-^oTb;vOU@~e-tFn{<l$fGw^PYjsSJW&fS;aGX1HCFN=pR
zMSSWzeKImG>1!pFWAggiBHX8IN4cxspI1XL*>Y2<dcno;xWngL3*k^8r0un2<kwJB
zghHqL+_&}N<_59F7zv}n=3gHjW1){vdwL_ACLCWHde=*z#(m2TH+w8@LeZb*I0#cJ
zP;;%m`n<~r+r`QCbHO7ogagOS0XoM<x__BWig{9e)bh-k8mfy*oi;v33zweA^HR9#
zo4$bD)z?$WJ*`=L?M~)-+;11QdN|#SZ767L=nd&HU)1CFkh3@)kphOyUzf!uTbH60
zUc*gORGmh4NY|-p=!28;*UMUw%6=c<z7?zE&0N-Ov_@r5j~ew#+R~F6)9x!$nYB|F
z&o3G)QnprP&6o{ika(t#UE7yTv!?mf@t?n@yLlsU)w9Q0L8M+Si9*%(v&D^L4cJww
zF!91^*>I9zKXgK#HmG-eHRf)xA%uF>gayb>0ob5$=J-3TV5!;aZ+b=vCV1E~U;F4%
zJ58|TJNhP-FEMp-!xyI288g{?JeEL{gR9@^L@yZ7&4C31dfKX22g*<1AaK`}LyVTz
zyCNBF9d;hmr~6O)qyoydq0!r&D!U)%Q?LD_S`|mpk_+Uc;b2F4$ni7<2r+>>AcJ{k
z^pm76LYjdmJW{z))~DLR2D1D@>=A4e=?m?L=oFv}KW$lzxSV6h>%A9$M}NsVnCc3*
z3eU3qu-n1Q9Z1~@-v3(0OJ5~VC&o6J6KQP2&*Q`3HU;8r7u(Mjg$kbZvR+JA5qw`d
zp`8&BgLvxOA+4V`OK)jvt=2N#HEm)@uU*hg9@GWwW*(j^zc#?;mv|-cIWz$uoQGp0
zF5XZObM=)fP%N)YZMoHbS!CG}WV76NW&xHw{iFSzN&O{B#A<6}Y%r}*ne|1g`MwF>
zcx0hi7Q4{PCqSkKX|2>rD@p&%eY6cHd3AxIZ!YF3^t<1-0ByPqjlqTV<}k;ZwhUjB
zorC(V#(DNwX^9K15JZbepFiV>stV9pWK<6(tcQ*FqhR#ny4u3q#Y2cOp&3{Dr><If
zhJ-<rCy`V@AHmGOTQBV=-i85mO@Lij5G}siMB{fVr%pSOZ=HT5)^65^eB<`s4D$iQ
za<XnVpp(<GWagfe$Bfz~d6BK3=?nI}QOHJ}Che0avQot_EV+&0EnMK}o=TZar<B2;
z%pa+k6w7V&mHU=EL@~p9yo$xwDxh5NlhYM@h_r__E${Mx=ZnAcx>}kqz@tQ5*GT3B
z{DrfIeW!NmnHRx&t*>+Lk!#K?_wsahVMp>9p$`npM4vh$&Q5Tha3`0<zZ%6i9u5Qd
zihovuX6(O*rn5c9KXA-*9XG!0&g<M{UITSgklu+ZWOi)OKWnt5Y2~(ekjfta{A6zW
z8k5ab2D{edAT#UT)2l@xVdL)cN<EhjJu8eqz+%LQ?~f&dYPw*0@oi;)YmZl@Ts@5L
z!W_(WF!2Tj*(bH!b}E%YO*FY$)+C$4JuT}FhbMhIj){Iq8C8%MkK?Xv51RO;Nal*o
zH8>8{z1||-;(vTdKD~rnTD;`$N!b7%9V|H~d@ChTZ~1~Zvsm)bm~nJJ6|Tia+TF&2
znoL+-f+z<KPs&5j_z?Xm&YnE9j)dN$#)VgVQCOq6pbcSR)Qjin`qspF2+?_Es_#1&
zrJgD~a$DKc!%85lb!(~YS;KdwhzPz6><?Uw{8GvQlkGh&y!zy0bZPc_2A_KY(RE;L
z`)cxe%_%?b*<194NW8GW=-#Vc!J=8JqfcRIXhuwg^8g6dE$`s9^a~rK(;t3v)O<Dk
zI6K+I1g?}6E=OmN*W?J{=LVDta&w`Dtsvh9`?qRF8b@lmlLr>?7d5R$c<+tWAtMj&
z=@(~@apOMNWB1VavKq`ZH(@i=gXIbC88r@8Gosz6is(gRNYy%VX?<mC%ot@(DyUy_
zE6Rl&*LVIZb01xvo#N0OWe2H593ATq<0mT}20QQ+z&WJqo6B4?_~zW<=5*(zgk_zZ
z^?UV`T9=u6&zm;xw~X_v?0ch0$aHB}i~3q`9O{a_6PZH3GdeTi;@Z{fEscj=UT(+7
zSv?*eX$RP&wVjr?)Q^N=8+|GZ{l}D|ty*O6#$;8#NK?0}2~egfzcpH<Yk7~we%0gP
zsD0ZZN~gbno!X%i66a_jsM12a8Mk*O?D)8Pg9Ei5u`sPpOBWw!{=tf@Cm?6Y7~D+Z
zQ6i(&C%+o;ZlA>19D7|s*Cm_%v|hV_S{vYnk_A8s0!TP>!*QIzp0+Z>7Ixh^wviXa
zGR%d&1ugxQlpNezwy-@L!lVO@%NpnRFj&iS&h;WHE)ZM0?)Y|}vB)4-DuO&BRb}om
z2+24-O|HmF-f}=|SN4x<&WHx|g7>1-$w>V!pC2;=ABCmn=TGKqm)Rhb=cY5Pbr?!@
zf|a?b6gWR8as_wDx{bb>$q3cLie~)+JKC~6%q#5`acCB&AOsl`xj^c^JIR_E3@OkI
zU_($iy)Y!6PqcujCvgx>Yf_-N@;!nG6EZI~Y)K!|qwzkvsheI&qAh8Vc5qGeIa;6V
zc1qg93YZGw%6dK1_maKGG7;t7jHy#yDguZ+QZ{Py>>1|GJ~YzblQ;w3hFBD=$N&88
ziuB|lGZWpL9PomfUvF2{^pPgyi6bv*Y?Bsl2)p;)1U>!7avJKFT#EFLcpkyiUkoeJ
z+MkK8xcg8=>kY`&hPGGCI)4w4{_sr>cvE~gL<yTRwoJX5`{Bb6zs0B8***Y}3V%4n
z5Zm_V)8!cZy+r}Dg8rwR><?CzWkIZha-Rq@w+BZP0Fo|UP6566u@Ek=_%^nGC%NUk
z5U$yF2yKbFxqm%-?SiiZ_LWzT)Fl>Cq`Oh(%7IF_dtDzg0h!#CUsB3;@Kkv=gHJ_n
zQTd)}Z_gdy@v%B~xlCy<0>MdocCa*Y%CbNiLgIHMiRQ)ll?V@dQ87k?hQ#hqJov^%
zC4|ZcHpp^T=SDI~_iHmu4T+2Kxj{hGq^_m3GpS)N9BuFE?;_J)c(zrNL6f`UV;s3a
z@fIg_cfm<_w5ouueeeyZTNt7#bUXGccrVy$<fhHqoa-`=0`+_dA=u+&IVK3V20&|s
z%^k@T2z)#e1O0ZngO4(g>baoMbjGATb+a|Wtj{T1u`0_~d!3C;_S{yn18;>-TXuW*
zTpL-z2aWFdhm*ogeZXim5H6QI0zS!*JYBHTqC{^N%)!XAD?V+V(<4M6EB7teqBI)F
zJ?O5jzXB`~$}s3340p0*+*`+Lu)j|qfZtX0%4@c&Q^YRoq;=H=&a(~vt%vl?TTfy^
zEd$U^{;s|)de+zsY{7MZE7ux5WcWCU3um-B>vPT#3mU@weLnm{v7U`r{1hAPM|Dsl
z^_bwvg|4%|rm2C3Fo_39O5wa=o<oB}Qg&gdw^bvbmwrKRWhZ`itPS(RQk%~oFj7U_
zy&d;~{fMwPq_?6=%@Vz5<SxBX6O;ptZfMReKQ;^GI>Icw;Jle{qw@Dwo#FulkD3D(
z`_7Ovf<v)tHaZC}Ol~E^_a0g-{}}1HNwp?5Zt|UWWVexfP_g%pyzRs(6t<h5;f=St
z<qz76;IdN}Aq=paX~$A@gYb$+&LZsNxu(}X_6{tp(`(9!?cB$=cM-rYLQA%5AH7*>
zeE_3;(Slx;`1`Yii%AFKrhpmDK^UZq*XYG_!e_Uxg9;{i;EnsYAzo`|_?ACZ2gzRl
zz^!4Djd;z@<SS|3O+CN07A-F`SvIHlLS1*?p1KmRs~iA#rn>y1ZCiPjxsenkD-e)1
z19N3z%wZnY6i8?Lhu|#EII%n#DFKrlxt=Tfl=f!V>y^VDumN(wc*>=9lX}5U;=dyU
zc`RqxFE|8TnV8hc>dM22(0P$dAzr+Hv?1g$thlcW9kNA4f~sCdnP7Bp{>uY-Ul3}*
zQnd^qZb%ItpW?oY&+J&-C^Oicn?1|e!6_3ONOwZ6{5>p(%P;~Upof!F!|UEzG&}*H
zmE94Mt!srvYuPCx)ii(j9VX&aRE{id&%H;q1dQF0M=xdL!$6Vl4cMg64<E1m9eLPh
zuJnAP=X=!o{14yKWlUw}0_=$fy39px7a3J1DExm+1He5bh3=(st9w%k0!PI}F91A8
z05UB<x+D%Qci*h&6*=@I0s?rguA7U!*cfG=DCWFx7P|kN)kFzQCDJYvS5P7yazL)b
z!Ai3br4W&(jmkOitu_l*SyW-9*s{5tTY4vrG&b8swspWIW20#s*<Lp$y25nWvVbr6
z&G0Krwc9x?rbH16joiq!FFj#*rM#1ob2T;e(?{d9Bu2*U8>jQl<!kh^TT*NMWN>bN
zlTtUfh<>3fQmp7G>wZ-s#=Uh`Mf#*%-ehAgiS=gJ!FSFGV_eo?<+jJ)G-T_h4wYMj
z6gFzjvh1MPQ9XruU-+9+w%fGR?io!RE-h|zIi4NpP&XI2-m%6XefY7fxE=P`B)ZP=
z;BAz6lomhpP=MhoA!v{6`Ob4}>MBh9>^av$jnQG(?&+N#ZWA$muNz4%)aijQ6Q`m*
z$wxRe=zFEl8@(M6<;=nkW+Pk4V};Ge`Ti^ez&(Zbr4)u@tv#LJWGK~P@T*hEuPDi)
zOogH~;?glL^orB(`sc-9nxf>CoJ~rUCSSDCrH*uJyWq_skf<B!id9QDzEbR0zO$Qk
zSItMuXxer>4O$VK`0&8@06bmiUiP!p+7f}F(YQZv_1)X$izL{8+SM|Mo2E>){JJoA
z-nQRC##@yeFG<|koaO`tUvB>n+8|cx({)i9{cuYyf0P{OI>cMox>wI0>Dc?N5azxr
z$L9-`B}9NWit!BLlvjVSFZ26a>+8E++xj5jCtMtRyk=Tw8qPDN0zde1ihINb^N>kD
z#tiK{-~L;HQa}TYQ>Y*1fwX4*Iq0Dg-sIY_2wPh_+DPAgPs9GZ(m{Hk5-s?%>4loz
z7+L%VvQNFcWSw3sylj5U=~i#MU_@aK!$?*osEqU*vbB+wPTo!6FPnQmDBJjkTE)uh
z0FGBp2|-hP_g=<p2|r>{^BJTQZN5Swzfm}i7ZE9V^y999or6&Wv}StWdkLZ4ftzJt
z#d;iy6-wd<oXc9IiG^#<pkqpf3P&Lfn*EB<UI_X1F0XcfA91EgTxl8}{fAPPV)5eh
z6}teFL8kP-EzPv-i#*K6W2fA2+d#98t?fo4M|b4){__eHZr1tM%Q#C6$z<o=-{UfB
zx?w1K*^L+9P~RbWgVL296*~7>CP$9r4|)9iy#^KLlJd@qv$`GXoH{#lJMy3Jm)OTB
z`Q21>2>9Gxr&Xb0^ztlK;v{2mGm?Sj=U(W>$?0x<KAR|2u-CMlm9RS5Ad`?oVGi_}
z(*N|^Qw>xeW)U#<8*sASn0*+nEQ0^#6z|R(6C$qEX3m}9gOawYI?$v34YW(GqO>2#
zElTXcr=u24ELs`XdI&Vjt*$d{i{|pK15uDmL5m**!X%A1>+XB#9c%FNA<nFtA}fYj
z15?wLYf7rPI`dqy<r48>tIWP@_zdR^0lf!|c~o6mc)A&dpEm|g?>4I{($Ot<4xXer
zmlh1y-4x+-O6Qq3#P^;;*!BS7TH@N=mWUg@gEd-HbY44^SY!qtKs?95IzVpmJq8Fb
z@I!bl-wf@~^g1f<6H3HfOQJc05H?ee**brf^#4TjF;0Hb%ssI%b5_XN9=#b=uYZII
zZ$}gnxRwVOIrWy_u#E;4@hv~htSdl>tfSeU^+qL>TA0@-b#~mM84+mCTtYrzKSFp(
zCl0<)l^5^g&MSL=EIG1+cL+?Tf>s~1@74?H2RD1Q)^C?L-s$%lJL%~P?5QZQv8VpQ
zwC89$6>X%s>RiIz>r~sm*1w*R==?-ZX2Eo!99*2tdGyKx8XO5xA~h#1t7ia@i1Lyx
zoCyihyy%(zzgqH;&;Tx+Hk8+aKO?c1bP>VmL{Cx_OB=x{N<`uLQ0jMeFK@99e%tyK
zXRWKf)pc(*<kM?~9LH6&<BJO6d|BPyQnQ0Tv5NZqK?=`%qqz&L&nGuf{AnngPQ`kQ
z{;dpiRMI_5mJUx9`)_GdbU1G}94hnX!AP?k1_|9J;n$Nx@D#GZyv5yUxxMjcHd_X%
zP{nO&*Qx7v2a}Dy&Jr2^oHB0oUyjX4a+A`De9^e|o47ko$#UdpvfJ;MoCXLKUdTsZ
zN4NczZ#R1ki@9=Q=)D53Cp+Y-(ik2|Xv!&$e#Yqes$1=?>;~Rga=23WfvcJ-BHp`N
zASP2ll)oW)?@j5lPrsEuCGPUOIvX@p9w|$?ae7Xe;j}9yG%bETibSKI9eHi4JThYc
zW`3GT8XbXZ7K8)MyP<lcEsNy2!K!61*E+q)p&vc=X#;4^Wl<q}+K&7YaonKF*Ewmt
zXT2fpo^CpfWmdEwh_d|fwD)|jmr?XH1*yhT&~IDFBk}2V<dlmwG*XG;tmGeXG<dj9
z8L>kBJ_3*CA=Wkh&RTidD`=wu1@MEHhw#$P`-v(dbXbGX{b<>quh4r(wPNDRn`UmV
zJ*L)6`|7hCNc!NFQLA|Jk{1zzJ^1`EK01~rX4nXYB|Sly`ji~F46f>akcA$!<vT_1
zTVYy){3~FKq=WlPG#-6-3Bpcm&doO6zUK;R)xjH9s2};q9yZDLeL?9S@wYJ&)NelK
zNxXVbgy!ygRDE1bDSX0gSon9Oq2~F5%X$lmGh76Igw;M1HCH0{5@4e15j%ql@8{+M
zA`5z1O+ByO3x0hFwdBPxSt{deu^i(eI2mZ}VNlfin*uNsa}sCJ!9G?5*jZkyOaK^A
z2mrfRdX^o*1c}=q@jOvwuBZg!*cX{|Pv*4deWwN$Q3$kn=``58&ygQLy@pz}ob{-#
zuh8}0L?Zxs%=o=FP)A29XSMY$Iy!Z$7Y@7>JeF+1si8N$)-^K!%0XQKqLep9jnidR
zhL#!FXx<aXZ3Mo)r6JqoM&RSZ^#h!$`HeLY?jRlv+>C7tw?FO6eO&qX;GyvHE5e~G
z10?mm`<3YXcB$9G%E#!)s#)D9+hxbcpH!MOvJ3;PcjO(gRm48n6Nt+EK9>EV`z{5e
zPjB{E9$${mwy`sR8{@w4UWdbmMHb^|!M3-uzc&5cQdq<(aR=M(35sVp+TFZ~9*!=8
z(TscU;58u_xB3-qW?WG>9t`A(t~`&e^e9kdTmI1jR$|XBJ15Gj5O~V*5VWD3liGp1
zp_$spOj!Ii_&(xT@Ymhekh<g8uvNjM@}Pj^5opI0-u9q#D?XkzR$$Rc`UJVv5T2}F
zc*cuK>ZSPf6CS{@3P6ws{k_I>-oagB$>szR7r$*(@7DN6{Us1!wI;W{o!mJnm`lSC
zu>!>;QAUhp*n8oyD<7%|;nc$NBLSKtYNm@pi&M3%*$K)hg3MTYXazEch@_WO+B>>U
z@2hFW1skQcD#Ya6BR1l)SX8zgJrZu_jrqNi&0V*VF>+=8YEKso$@>Hu{1ppSov3;C
zh#lGS^;b&XWvTbh3m$iLBMpSM%$oPGd+VJ!BX!lDcMOXkD91Fs4YoG$z0PB_{LH2$
zE}y3_Bb%!LB^B=erXcL;KurF16xu)=`5Y`j-zzJs%#g9269qhqWG++pc`s;g(X<Cn
zuZGqAuwJ}^S=xU=gz=dU>k&`pMQs;6I;(X?lM|5aEI@+CkofB<zY;-)_tP5sZZ<rE
z;PbeXP6_?N{I^SUor{BgN=wq57&^HwTOy`3-e%|y{y7z**4KcPl>F@MK7FoZMQc)_
zcNy#M{K%lRX}I#xXY4LPAImVccF!x9d?|k9e6Vuwh<0Ls>B282JLvoU_}6>~t$s=Z
zb=O>%dNx%=yoKXaJjb`i<hS<IUT4pD=45gE4I6SiXtAiT-=c3aIMHRxEqhas@^Y$f
zAL&mV#|W7+A>og6M~z`n`2y*U{kIYLA82T4v$C$XiZD|H(RJrY_gfI;?8?%#p)gfY
z7NY`?g9Raw<$#2E@<1oOj&hhP<sYv`po6)T4fLSTBMnsW^yMcE5@%ny<9U3qFYSNS
z>F*wNjXhS&fNAp}hw7j4KoG3xqE^i{Fm;9`w_fhTV9G!?n$D__fpp*S{%SPZ`b1Ed
zaoNG5zb=yTi<+KU!R0FFf{zlA(C*9U^=`ZlxH#l1tlYY*K4}Um{K1){m+}m2d16I%
z&iR}iw&K3w-a*Q(-b()MBn^GW2V^g>ZhP>+h~Bu7h>Ccw$4{+W>4tM&CO$i)IOjH`
zaIjxq_9D$;!-=ZXEh*a5!%X-pYY5R|1_o8uCQXJUYia|OSlm+lw7|kJEz_w1^ys6h
zpIIJyUOT=|*Fd^7X(I=lcS?0YDtb^gW)qDypnzqmROs$%fJRBUReJxALs;<qG|Z~b
zlQUAVCb!n13aPN=pSA-YT(z)l!Q+iC;~Wyxo=?|U!BuBvLeJAle${PTOd2@vIu!=D
z>9OrGZteUPFs)pj;21GnW7YDe)$}eL>AoL-khoQqUhZQEEgp7WYwXQ}%PxW&`^tuO
zw8CQxLL+=z=}yZl@AqdvEGWB(n#89Vf)rc;Qx}1(FJ3mr#yw@V_bD@wYtBd`Jzxs7
z-TfZSwcL_$#s<n_L!f7rT2S;Bt*#@4O(1JeJ~P4k=Sz<Yn?P-Q<uXn=$Z5_&(U{+7
zE&sITjWVPB(SeVU(AO5Nov=AD?jpvp&)uN^HT*=blEQCLq~x!^vSS#LSPH(sT@;f$
zER#jqG@4INXap{iPL_sYhgFo*7Lvn?lEfr+GIc@g>EW~}v4@J&7|*j;(~1_qzJFK|
z0~Mz9Ljk>*kl6C4#vci-XQ%CTdx#3?Mn&(tvO;}1Y{I-H>Pt8e2V^ic1g3Jb(}}Mj
zc!;i)_(U;`p_B+SQwH1^%E8nccrII>wesn~C<Xe}<N?2+B-Smz2?WODl&v2p#Gz5Q
ziSWEghTmoIhN;z6$l$K8we~(GKWC!QF;-F?-?__?omsOzD6|I$-(+XMp-}PJjmBsd
z(vO&*nj^WxUqppem5VcNC;)zmG_{LeED~}>msJ-j=OWqW316wosiV*Zb~@;S-R1f|
z9{#21?Uin{LZT}J<tp=|S!06Z=HT;GfJ;d1X>a|SKO6V97ro!OvFVNJ3!Bw4Kfaz~
zPPhEmvvK6(?XsAV-P4)d#~Z4<;FgoU!C+B_Ko<(nxs@K78yN>ete87y-hd1W_E+ni
zvW0r$Yx1)KUqhQIpkhS&N_6mCSA+7cDn|sg_ON$&(=+l%(@U#;#3=!zLL8u%lm>)Y
zk&v^?9mUp7(!`|UAPw&QFGYEr4Pe%UDOXlrTok9wPuSGcnJ^yk@+Zm!8o)`T?J`iG
z*KM|o-TL_5=#6@FzPj~lfKRW(0SYda{jGFL{Lq7)6=_Ru2b`$x)P!e_OsdXozl+%i
zowC!EwUPsOr2LbR!4!rM?p>J@Kc6~dD|6sL&8#3s-kmxuSn<J>gve=ad#qAO*g{Uc
zeql_)X&9&5*V9q8QtLnbnYt5a)48L=-Q{=#YEY_Yp3>z*Ubk$7^wnBb%zepH`Il{r
zGz`^OQHe--Ph6(|&&@Y}p-<!e20yp-6D5bLh_UL7w8-4kHw%M{G~nlrSKu}Le&ltL
z_>SZfEq{aG=X{F_SwRqSVk2d$%I?plT#-bPxS#cELNypZ>fQg<w5XWcE|?Xm>x{_k
zz}2kM)Gx)TC=&}`qf4#Z(cH@4;*^ujoKDSF!A$nII6+UtescwQBI=I3zJC>~=(%H`
z6X`1?rvXTMx}u_c=tQUnlkS2rHu+%=Bg4TX&5mQ@2zXd@Q1o;cg1m~L9JZSc+HPq_
z<0$`MpeUxg%9Ar*<BKE}BX{5L!=$r5qk7ET8G4-by3w+W?{_dh67S!QfNiVgmLetB
z3@+<?sjbj3?`w~WX2k>ZF@TeKnqYSiBpF|Z)}%h5)Qn)82+f{?R-sAhliQ}k{G~M1
zu#=BkP3P(54sz+I48ypn>x+A;+OJUEq5eQG9I%oHgK{654{56mvW5Xw3fgyEf{peh
zB0Z<=v8lI5W5dA?S0)*=mx9IC*oMy3w&AI{EmKS^4WKF-TaF&d-4_rkv5zoaySdKg
zqk{Y_3$dKf!I9nlG#WXcoL<ePGD^pewvozxCp43GVx8ZIs;22VilV@5`xV-KJqj>i
ze(L9IEPp5fvLzI-ZvlNx{>uE#X6W(Z>)|Y=W=QS)%2g0DBWNi~rl<1V-#T8cKDp1;
zTs1g(coqCM%nWVFAVKP*?zJ~mjF*tR9bG+xe16H4^B|WdqyGT%CRxwO_Q|8$rZ!-H
zA~g;Br1nMXM+c%+4`+a0ZYk}1vZFjnloRy#iD?xyE5(x9N;`o}n=hwpU3GvZY+i;M
zT+}H{N(WE4UsARsbP~&{gKuUf*QzF9lesYjAsUgEgAtOVPCmu0ZKKK8XGSqXxI4o+
z>^>be+sI>T%$kE0Ug3RokRc&@_N%=ZHR-3w$pefHV$q_YHM2)qp_f<a=@e2#Ld(!A
zdbXS--VbIv!j5}w)ltsRUp&n*u)ny^Yfti&h_XLOsjcjYjdT%D`Ju9_K13nMCy&*&
z*hy~>4W<l7eunwx%8bC*j1ZTRt2xY6sBbbDE5Pc*fJ^_2ys!R>atr^}gMvZmL8+k>
zC8RrqLG%bxqJV_N(1>(OBT`Ct!|0(Tq-%&lx&$N#X&8FQp@#wP9`t<gy6gT2_x|7y
zxMt0I=Y8M(?EO5S+WDU1lF?eMlovzG=G|$0wV+RA`RTUXdnJdT{pGx2OrfErcTJ)T
z$^#lWPZ*sqY-{@LX<qmH+dGWG^wW+4UvJ}DIYsO^{;|zTTX_*XXTP&l@uifd`;?N9
zd0jAu+T*|6HVd(>D*+&ULOiKtUB7v(`8LD5iI+J+QGvefa?QO_W)JEu7&GJE4CqO}
zNL$PrLYrl+R)vMD7?GMuvyVPvsxRrR)!X^;!JefR=tn6%E%5$z<rF=|hbS?a$9e_e
zs>BUMSR@|UNqcY21wl#0-~0L^J?Rny_}#~kD2jfK20vVc;%}6_hF@(CKf>puGVmSa
zx4nHJ9${UfyP<BfdKQv4fKQUBN>Mw}K^&YlOe}o{Ao8LlkuG7bN@<czZ*Dz{WQh)X
zZwoX*#qQZH6VIyB&^h&0F)-*G3#qI~V!5e}IHTuQ;|%8Pv4G;?{ot%HhT79CQ}q)O
z@j<r)>`1IFF{=+jp7{a=M4Rn$JeGqqPPd@gsEA9`s`Z!;gsQfk$r^;pQ1P6jY!vkf
z&1YO5#6uy<KShwcS-b&f@f#5SuCme4+g9pbGqF7+>j_W6Y)1Kom9g^Ji5R>=Z^rrO
z*%;LmajP52$(bsY&EZ62r2~691KaYUjrd1QY1{5GV^=(0AFti=wlc{Nc9;MzDtl2&
zSTXOqog#swo{z@oQhuH13AmR7doP!y^!)C$d+)yPJTWn<q08`De!_GOiFYl@B)K1$
zban`sa64}+_*N4s{64M(T7OJ6y1(!E7pa|@Pc_);F#^A6)<R%-Bd=65iOCkRs)FEy
ze-yQHn&0{j@vgVnu3o|OGS)Fk@ZhO^4=bGR6AN;T34Qn*8MBa(sqQC}q>W51UCfD>
zy&KZ!bGkFzAheIU5@w?HOMB@Pa^5KfyQMGi^O1Rv>IRe98WtXX+d81s86g4g_kNnN
z;;dRRJh0;E@1Z0w-{8gpz8Lniv1Y<fHiKcrzBTQt$T6ffAIq3&`1|o>rc;39z9}Ux
zWq^7(JI#KCsQd7Xa_t3MrGtjokY>q{b&^}G7Fmtj*NU#A^xo-hDYNO5M9CEbChf02
z;^_f0iX1|JZ=Lkd$)c0z-^P5?`$qvIB8VR+3J<@5hF+`)!4&FhGd|y@A?K_NK}1n_
zWC=c{#_@NEIgh&ai4`wBD~M70N&)O|aL%J~eC{s%vIo}CDHE!ngVBt!G|s0nbdE8B
z-@1}DYiM@dCZBl?UH;|HvQ~{){x@Wm<>+Xn3i;~Tkg6>Y(8sKdT8jkhsNcpZJpFm$
z4fB04)bG0tJ4<jGVCEr<?P2(28^#@U*6Q~><$18svLrD>X#8j6@&o#n2@a+MZ14}S
zmr5eX45(9v{SX?rEiB!<ccnJhPlHi;xRc%Cin{!Cs4;RdBLhp}jweuPsTsG#J)2G5
z|EQ0gW~O-PowSq2>-_!1>$TOgStj&Me0__r%;jnO2djP#nC$-7@5TKKQ=}QIqMM;(
z7f3Vmiy-0nz9&_=QV^$oZw@JU@hctunBau~PqjjxS<45H(mpRubRS4b&WOt;MK&{s
z3a%T@>hIosH0jFF`cl*CFzEEJ6Xmz1f{LN46r`Ums`NMCXf7MQ9h5Zb+=<9&AStbo
zA*op>q05jA;pTCchg6=}+Lb%c#rO;af2lKbT4cm;Hb+qmUhRriFwS~J(o=1<w+#1U
zeV0!;--Nk2_>3C;UL-W%JE(tKKCBUmU*JW_ZCKP8x+(F8dAWo)9ELPpLFP?;9>#IZ
zKV$5KE61-ukXr$~L#Osz6-8d$hdA`p)hN$Mrfw1mLv&~&&#vDw9m0O~>rT4iBXigA
zpS@d<<=gK5g)()I)8k&b^q}^tmyJSuwFU-egxx*%6B$3}xOmYJr=1-#y*m1mZ1<>M
z?JUz!AYJok$;)<6Z`1qMzq->TD&4{+%_k1MYzle?DjoB~a)Rp_iUB%bUmw^Kt|yPm
z|2Q_g>0EGUMAbc}+;scLO~9R4zkaqkTEf!uTA|37`%}WT2x(_%+rV7nzoHj(pXJO0
zjTW5|ml4XL^g^L_^(`d*RO^xT13CE(u{i(@u=!8bz5^Rzr`@8bJI7J9#&b<c<s+K`
zae7pL$}MHAFqcwpVcX@>QkNJYN;Ie2t<ANm2FFQ-y_?;4!pHqp#%rseJ1$9OdH&^Q
zIiRS!dGV%Exp{1P%If%_x~vL>p>@GzOanIlGdt9}DKtMkWsX^H8Z}U<I$IYq-t@K4
zC`KhF10Hc_(;6MqC$r@oJs2aiOO>4NB?gGppW2(|ogicW78x<(p2yof&+~hvlE>!6
z2uE(wHYwte6=j9^%n-Ehr?^$nWF5y2+%2NwSz3PR;5=^Xt!V8Ccy!K;Yu*S6`lr%A
z_jK!NGxjS|%Zm9Cl^s&+p1oN(Gv2<JnD(V_L*B{rerR`_Q1bg}_X-o*nXP}laVKWx
zoIVo`I6xUE<1~#&U4~dsD&30tIFjyC3}T`=hvn4j9VW-*6v$o35}HgBYZ;%MS<c!|
z_)xvktfAUse&V*Gt9<23|0Tn}6rAIU4eO0&st%D~=2U!*qDU}8Vr>*{A}j9~ME4AY
z-(0XyvX4y(k}EVW#mAW#5<!|4nNPIzx24A8{V?&o*Wqe&Vs)LrBrZLK$M7y)wLN(3
zZEswKp?7>S-LeyQyZtQnfWcM?a`YiCOI;Hk=)ProPi0vzk0_n^gg75k1kZd@H}ttG
z7s?(oe0hcRn%nlmXHt9U*pM@%{*GSPN_RNgXI|bb-l?pm*rF=eHp6;+D=|Eo)GJ+e
z&$@gVB~s2|oWh6BGqzN*r=OQSq?wCJ&?;QEmoH3Raxd6)p@@+wSkhgRJP5{o5VF|J
zG`7gblBO;(Li-LsDL$mnPXG4Y4si&k?NZ%!1zV0h!wv2Qo+b2B)=gSocJzUTZ5OS_
zjS}`A7KB5Zp&4UCiq~RT!jCHr6On(74QcBX)G1qNPtWeWbxyI|lubCgywUE(%`{ZP
zg!*-&;4IcfLo8M4F|&4>Zg~89h8`7ZtCY+A`grHy9vPUKa&=iqym;UU@tjH?__r`J
zsYs6g?6`)@(5t*PZ0~!Q@EaWwE-yur_A_xWm6iJv?|Blfh`*^t#KobR%jFxa8OJ(?
z=4Tenyk4s{kd;h`<ElrXst)WG41BbUh3%2lO%#8d(~Sm6*DDcVU!&Vi0(SAxGAD$n
zSe|H$(roh{vF#p8^ITAGc2i$Qms-Db;uf-4^14&arxJp?-VE3-8G~t@$R@hpZr|Ws
zaG&Um*Srj%-ybt6-UPplD|a;bPbqU7K-mH<sZ}cCq16kqZn*!sr^w-=XoEHrsz6(?
zf{E+dopa58NiZ-4f$k*raUC0xdm}{*VdjRP(G63~02F5Ml>bz8T$0@H!@x;$!fW`+
z7$*I9jNG2U@gY;zVb=(t{Swpro5ET5;Ej}%2Jmw9U@EIQ6tP5teyl{PMB1-bpUlsA
z57vJPj+>~o)>&VA^#I!6^>B8dw6Tv(8WDI_($1I?)@OCC|Go0}WwxiZVbis<I80Gd
z#BP=~uK(diwejq26ic|+ztHdxt0j<{!UPL5{bPAp`r*#;U~e$QZVHHeXLMGnC+z?b
zstHc>3m=}|^v1@()d?Nw`qIN=p~s|>0;{n}&e}Z+r|WxU9yfw*I64y=Q=}64@x9l|
zk~b{^VQ^O)z=1-%Zt(UJ8(%uZ!_U;b0FwAkRLmPNne#Ftpc1;;48?b^>OEOH+|&I*
zF~W;OU3p3uHZ2!aG78)tbdGszmjA_#woJa8)?*U2nHc>vtGhQ!ribbl5-d8I2d$wl
z6YWl_UDMSHAB~@!>W-IU=t70RKOghhUz-)&9tPyA{0d9d$dYaS-UzPa(PXH^-5!F-
zo;&$-Lovw?xP;eC=DylJ2j$HQspm&)Fuqtd585VplkB-6pI6XnP7$ox_HL$)S6FJU
zQ~ygwbH*2*+(_G=_og>wxE&z95YGiNG?{)+36n{m1f~GT&Kj|53UxhNNWhek8>ee$
z2oi<Iuc$BzPJJg6ohat}X{N?Xy!hUbM61R^Hf@;LkHe{A#j9OAVK{SVTBFy<VT<F<
zzMwDgVnINk)1@rO#;-m%MlMAa9!FYWD96Hec&cYU;6C;;I1jz7fQ2S#`}Fvsei2-h
zaL)gD=Zg9X@@b$Y^Nq*Xd<9fURg0|CFPF8gS550PX;&Dcv3~<=Gfl6|&3>)7?l0<p
zFqWMveOmePJ_E(f+DAAa&R~2tgfCB5wU2!qF6n7DW^}`RtBR+0{83ZDns!#{Ko#Ss
zX-F`{d#zGPFwb)-9Tm(hSAR#hBNgE^8Kk5G|LHQ(bb&$qvt!wAT(Gv;2yEwY&0M;6
zE02`ed_QpvIPcZp9V5-af7sMCDIg}!MTzu%&^G${3PN*Wl@%X)Y0z)gR3vH7Tp?8d
zOEQbl%X7D{MEW&Hqhn)(I=AI7L93q_J-7@mwD5KPlWs}yDPeg2L)x!!%oT{;sY12t
zkPotnhC>pGf3IG!>WI9Lx?#lAbC`Gh1#bkK!?hSlYu=*IhXQp?HDe;-a5HsYBRZO2
z?~OOVVi#DNr}!<83u$3DXY~xP_YvD#BX<qpKlbfADbmnir{~$AD_Tc($}7=KQ^WVq
zs7T~a3lWRSa|!Rc!s{`X2US9@n#o1iS~nGAvIDj~W=6$ReSE5W9-c{>%n4+s7O^N&
zYv$R;n6F-x)x%k4svyMWBpX(kyytH&#cbueV>hA6sbV+)#f)`atEP4<se4V2o!y~-
zA_+&Xl&R!c>pXkebymG06`E??5t5M8S=#e3f5hga@j=GP%gXBYa?=-jJ6iOXezCsg
zTt4(i4MU=%Ck6PSs|OW3^Tx4QZGEl?4poPqxU|wprml^>tL+GNeXldaEv0RH1UyF>
ziJ(BCYar(E2`a@P_xof6rH=EwPxEXS&s3#}G9xBV$^@1?-3s(0ov+OY(R)dySaGKr
z;x1vk-12vL;Fk?*23;oRx@Y>@?Rc?s3yt+1a=GCj%?%q@yK|l#1$t4ntPnY4_AdIw
zF!~O=6)4U}2-TmqXfbG~{2Qu49eexNYskax7D^1?`{@ldx|#2!ry8ulcOPuaQ9kTC
z1uBQ)nya;>m@=g{vDI&iNs;lWfYkKLZ<?tmwn9?Z*Xk;I4AY}VT<Qyya@6c7u8(Ky
z4O9|qSIC@<Jt*Y$IqKf)7kpmNRuoUQLX#OJ8EHLnderbuf3di{fU#39#%8;L!mlA0
zO8m`IMXmmQmiUH4WFgA2tNAR~6<t^>GJ4|R(73tx?UH>|Mr-S~^pdfXtTmiNuzBjH
zc9|I&JdeF5?cuw?pB@Jrz&>#n4{FdsA*{h$UJE!Nj8hqL2MMKY)B}0`4R=0()W$0H
zO#qDdamUlK`5+8JfFRc=e=;`zFx-;djc`J28LK5YGIrWcSx?po`%mfQ*e<CF#Z5k3
z?b}*WZ5QVvT?i`?st!!$DiDvUMSY3hDb4m)HLT0<mQ*hNAcFl@64^@%Bga+&rquoI
zI?jp!`Ye0|W-6l#F%&M=w@0t+EJLfftwx$*$v9o;C2p+wASK{Sy)|H}%1ds}AsgQe
z7}v^H-}2iJ(pZcR*->DMySBt&dN6vVi&U&J3CCEk+C)MT+*HyB^t+MX4?^D|yt9>c
zH$Ca@Pg+D54O7pmqUu=~A|?|AUP{}$=I<Deo5$$SczWy}G{TLN;g{`k_q{&Ti>o@{
ztW}l9jH@f?&zB9gC+!&1DVEJESPwNNK6my-feC8uyHBjz2{;~_gB`n{+aBZY3=7(P
zYl5ZnBl^>%)1v?SDQh7kJs@@TG)wKF{~jP2w>|2(<_?iR#Dnz7^E3mq`emy+H09eJ
z*WD6p_JxM8kM7yWXXJXdJM+Dr)K1j(9y73DPKZ8Lt)%bBzo$lT;Ze`9n<T(FZ=Ovw
z7nk9`DfZ)z)q_~e?MLFnkHpN0_#~dp(XqpexO~2mA?Y)fv!ZziwpVbTNBEf+P)>^W
z>MvPzA34ghnxpC>iNhv1t)3&i{5oFdvH65~Xc2w(M6S(qw6!biiE@#;fk#-!rA$2J
z2g(U0v0mdQ<bh!w>4|Xjd~BCr&OOepnpNjkY`1uAINs=rIf}b)zSAj3S%;la2R6x?
zJATpQ<e(i9sQQVS_9g0ug#=vAi59JeoZlnHkBZ5MLBqmKy#vAB@ruo`rDbRC4Tx%~
z&G~bsVXCtBdB$ir-*e#XzwKqX>iyGcl05*e&&o@GAUwIayyFYegzGlVy~btAP1!Af
zY~OgQwfcS6-vK8PjP{KqlGF8bICN60SsD!A#@^v3(!Lv^4mY<Ki!VM-wz6aO=z1Ue
z{_Lut)iGCG-;*(_-h|<qQx`8f_+`Xyzj1d)TKk;@8tmL4UlRIR`zn>3n;N!~&xJQU
zo@8KW0qfQV_Y?ZYg<i8Iz8^1_OUkc5l8Nqa6`r<HtC`tr?T(X>dCuxHKzj+sw%9Sv
z>^@eh-`FHP92QXKa3u1~O<7+Ii;-c~2Pfg!kgd$y=;Ls)9-4vjV(YyhxKQ1()ONCr
z1BArZQq<FlK>6<O5oY=&E}Ixh2Q5!n1k$G%BQ{OUMS4_LU9EK%_`4oV`sgk&hw5b%
zeoGgNCO!yh7s?n((^FYd)8Pt>)$Q=(6<kttb-UT#6&~7=(kj=>uWzGIT&CbQByd6B
z?ta|``&{2570%(r7kq^;eKp+psfaIIT(@v*RmcicwVxCvuchY6aiXF~c*_hW!`={u
z!bQV5Jn6(0_Wnr{hj+mneALq7=mG=eC!2HnW1nB;wUk((iBWq%kse)8$C$(D^j#cd
zWoPeJ^XB^fu|+1-UcDiWI9k=ZW1y+kx;Y`BT=kF-AtFI)?MxQL)8a;AdquwUSK;gx
z2!`%VXS_9wal(Z=Krh5}X&lddVn`XUIUjX50iLKT#(SXabzGyk@>Run6pHZA3R9e%
z-rA!+xD!Z$Ch<62_f&YUyxx?9`LdSfDz22Bh5gXL%cHr$>dBBZW?tyYum9X$A75cX
zDE>K47f&iNCD8Vobj!{8TBnF=<t!7^L&<h5oqr)NMMg%JRnRfEA-CRDdui+w1tlgp
zL8nj&`h$60bR@%Y*D2Dy!cN)Qc-GDj%CbVe<|+A-M@BN=Pknk$hTLzWxvEuWwOwuC
zSe?Put7p$x`EXxa$ulHGaX16Tt@{A3KT<M9s)LdpcQ4_qwvTNNeKcgRDKxCd!|P{Y
zF{5g_@BV4RsBXf+D~N&;Wv{Slo`n5sdZF&8g6qX>37^lZ+)BEiydS-$YdQ2y*(^{z
zBvyNys?Xu+olKm?UJwv=yPH_V=`#ZF-fjILl!<<UeK;nqPxytR^s8PGvg=$*YIF$6
z@<xoxgEUofNvJeGvWznhCCz8##Z<v9^xtY0M{U&6qg`yBWyU!SiINSwqBFh~Mu|3M
zzgc~vfFhlqZardOxi~*ZHpo=jcwo%2_F5r5UANj|HAYdZF52c1q<+tIf4#YCM_1Yu
zrH1WYdA{MToT!wt+B#h&PoW@G(WiT4q~MSmVD78ZaIa5STj3<6eTiQfQH*PkGr0`y
zQ#Mp|8lEO4!hSAXV_b|>E>zho<=NvvEa`7}{^09-0%L1lU18pPJDa=;tS@kJspM60
z2keOjDLAQS)Ez8+VDwbG^CJX;`YeZa#CqFHS8X!8xEdiD*_X{{U}$s#sVE#D37It3
zU3fFzM)D<hV{MH6Bs1&f13}c4m<QwR#&<sMd5<J5YkutoW9k{5E*TOA_00{k?VJ*V
zV=lm$SRy0^4&!&G4v?aUV?LWFpy>gfoWw$`8bBXCrM_<+A<pr>o?qs022aHX)fw@P
zYIJFB@^9$y=rGXh6K7%dU4T=Z(27z><L$iGoJIC>WE{6TU!arB)2|{INC&BEjG_<1
z4a-VyZTg%Y``I34M`}=)r~PfUOQIK_1)fQjt`?4R_li{v>J}T^(_xFd{XjDUihHva
z*2Z^Y2x&X{HKC1(DXLk`E3hffHL!i8dJIg|C`Q_EA<1Qb2~}`U^x*>Yi;xlsdjrj7
z?VmaMr-z5=2ms-xx-BLF_!U5ECIEK@AQ>Ytshtg=CZ2ZaFt&|;ecV4j!J6mK(V3^n
zdX!`{FEhTZOqDm4$&$L>y$Ht9-$W-vP3KMZa7{hHZWf7q13}Yq?n$O*+xzkV5FF@U
z`8R|oPqcddZxO2ssN})ZQW}g3Ed|+lP{pu^$i(S9o3u9OrWXxN7P6lXY>8o8VZ?n4
zfRy0T5#XD88ul9HH_~0*wcQ`#T@F<>pU(>E398Mj6^ZToA=`H2z;aN6D*2w;F|EBv
zbxR#VxL@T-ZLx{B8T4jWZKCT0e%-HypKl#myuIK(Q%<lEw~P=~2qVI9fo?Mnw`>?`
zNSPtSW`+Jh!UAjl`0j3d7zFcdZ21$}8v>siC&rGbEdE;wJCz>YtF6}ptNfI9_E+!c
zP#x6RzNolt7~ClF^ylXWgW~3yzZkGsEbNq)WM_!2f#4}ng;(S%5ya1%{2$t8lHwqG
zhi6+AXz<1rIQ#ih#k^ci;(Zo+tVqSN%e5S+>#^-Trv6;|lQ+R|z_w1Qw84U??EyBZ
z5O`;Eq^?VcK*1C{@C@gweeBTEo6uc_j&o%c;pavZt30=*)v=nasn{RnNqWflDHG{H
z+#z!~OW{M~xxn<86v=E7qiOp>xj$gaXHgKY{WEFPbLrtX96z>0GXziVZ|6NFEbo95
zRnVhQ<<*PgB-yhjHbj1God|POhJE|Mg9%4=<=m__M6Q_xt|Y!}e{3y7t!j~6#`{K@
zNX_#5O7sBlbB<(hL`R8g1AACV2rsf43W(C*6rnQDSWFG9(lj>`65{;HmlKV{b8Tu?
zvP(!Gjj7^V<&@Y&KE3TOUmnY(DVLtV_>N#J8{<w)Eh3hBscedk!f!K%rZ^dy(N6lD
zl+}xX#aK!QCW^#drzkazi_cP#5-c|2>#VOy#FxwTeTXyuiFCZ5n0=akbqvj2HKAJ6
z@ulaY8>6WzL5^+z&!MedcFA*1Iw+<dK#~DW{7DlTD$B3N`{<SoB*|zt#%Sb#oO*Lu
z4m+p0-s+Tf00W*Fz~mB6lI5LZsf6znLx<MrHq-sf)>-U4S*fpaEq#IDW;GD;f|tfi
zH89ofYpqPufjL$QV&{5gV^U`mt>)xMJ_iGCo&flgiAO6tXxoyXUFRa&_M?DSSBec7
zY8y|3Q+o^BQ>W7X7baUW=5^+M>Gz$Hs-#A<72z78Bu<T(N4+KgRC5nzTE-Yfo<_<v
z$+M-YLp=K55z_$QaoxMTz29zuo8=Lil3?81T15YARal3^xZ&P*NXjrJ;ckV{#D5q}
zPn0AG#=b;k^cd_iiMmr2aQV@7?1Rb241{8EWV$?n|5nj+I&lQfVSWNkDx$1v(XNcW
zf=XR(Bm70huT+<B8yjjIkTrkK7x`(<IyVDDgsiA;{t9l=$cmf-tPt3-nqAN0Umfh}
ze%ohUd~fusz9qy3noF(2-DuYtT&avRKZS{*zdmfEf`*M6azRL%!vn^?D`cy`UQ{Tm
zC=?Pj|E~Q>X1_SzYU)1sENtPy`n2HH<<E!rDc{gLsfu&}5vh<}tjE9vND|n)+5ER3
zg#_A=l}YdYL~?QCuVT*Hf0FE<2WlvwemoPf(#Dq_6OoHCAJ!N~o^AoVc0HP6tfC;r
zPkHE;8A2uSCEItJVm`ainxq5PktEAPMB>EG86!7|5dXoSRKzWr<7V;)?4V|Hp9<Gb
zXyxaoPDKiDR7zW)^f1qB1V)VcMC`bUb(ed|8tFbsaNYPd<y5d?IfyhS)~oP^LbB?!
zYeqa+$IKExM<{&z#}N4Jz;?GM-VI1EhAWKM*y!-ad~l=flU{r?atg*?INX(;7w^!g
z{03CCAs5XP!wb2YjymK3ujV&YN!&2e#VZ`KP4SmBGxF^8*pIgd5NgzzEDQ!mTwOIM
z8Lvo^vP;M7afO3^Ja#D~T;jpufCu+?_HKWvcomNYOD)-cHIGq#`EA?{G#elMu!Ze|
ztuue`>4kHDiw>eZjE8fUCCwWLw+y|+sFtqixh3f{H^9t^l4HDz%sVwLydJnhaguGH
zLFW-P`QAn!XJYWehDe|r!<^`Q&F`Y06S3RA;@=XTk9swhoi4V;@OrH%&NkqYkM$}B
z3&+?<Q*yLDsOkXirm-p&5MX!@<HIXFy}e+Rex%m_8aS+cNWD|peQK7~N!#stCKY<o
zDYdV;&_bXXVhz8nM>vTQ;wA#mh^PCm{-OZGmD=eO8?Tnc7pn>FUk(7$?NedUVsKxf
zz{5M{)M8Zji(>L>jdi^eT^nCEMdcXr;+G9shU=~6>mJ!jfN6hvad${f<udHx#V4&Y
zUl>)bz_s^GhXjneGl;3-&A>-%3-46;#6LkjsRc5>cw-0snUqM&wuhMTjZBwdK91cq
ztGW4~vZ8cKZ8$$Uj27_@wHFhmmi0<-9^xpL)Fo2Oie`Rplh(Ai6buHWj?ZA`fPLk4
zqz$bGij-8SPBl7thF?p-Q`?A!G<%<F)(3gX#3{?Xc{eD1NE~-jM>wjPabRCKP9`Y<
z`fH1*H2MyAfc3LJ;@w;v4T*O#jcur8A=Gem|5t0Z=}7wJ1buf4ENz7MsDI4<lZOJH
z-cc67q)>GJWKjBKa0Wtt7J@m4RJ#SOeAGU~U8%DHCL|<OKq0**+?Y=z&afoul{dS9
zIl%`*-#pa*v^2{O277+c>owl8?oU2V-(Uobg?d@8>*pewthI*qXV|_Zw#}clX22tK
zljecaqLoeR;L%W!VdOS=YmT;HbmJ!J`~24PtL~%jNw@Gb<RZkuw3Qp#zAxJz^DPUS
zuKpUox&3av%63}c$Gl#Yudt!p#;&(%wy!@$a>!7u?NG=)P5H#y$A<#jgqSjTK-+N1
zo@-s7=xYN@-w8W~X^G`T^GtGD`_0}i6=(sM*npDP8B$$8L*C^SDh`4dqDlSmky&~>
z;X9dOPZ$xK2gk?g1BsczQVc($uJusjZumlw$C2dd9!-}4N<PF@qai&T|9Qz}5_63}
zR#%+wte|Q7<%}0EP~u36V_)!@I0!79x6(>fPs6!adC)GCoT;%5spZ!3XRN-aCr)Ed
z?QDX{!Br0r#kw9fJf;J}xWbohiL6Is73!y6NA=-4Qe(mx3iQ(ZPC7)C_e6W<M^l@H
z(4D2`mPqN^@Dz1I3!H`Byko0x<A2b{gtN(~XmT?Wca=kMK(Ml`9MuT{2cJo@DYkbe
zaZj;-cUNGbhC}<bnEaJ1N3<pr0_%N$!I9zv#n`(LxLj}h3-a3MTBmG0y}ONtYP=l8
zJq-(=GWOi&hq0)qKE^0j+-!GjO?va3y^m8THaukSOKzV?{jPPVNpFQZQmI$W(wulj
z3)+#>FmlO|ds4M7+ubHllf`D*pT$$x?7DHdgLVxV%(Y<`8Rui{^xN>ZM@n(csF$lX
zdspelA0fG<;1NIyDmA;F+$zjor5Ccph)TKHO+%fd=<~XU+=aUkrjo)Zegeq`{-o5+
zO%eI@^TTaIfx})rlP_1v*IsipD3{AOC)^1XcrDJAR%v{PC7#Iiep>Zr(&es<jEnrH
zA!(Y#_}m?S@m66^KTgENqq`*6j2LWtvly%A*=~<K9N6nxw0OWP)Y;oDEthM5xT{Ex
z$mwcCsHQPzsERAP?Fdbhi0d#!n<-6PbzQRPQi13-W??Vrf$^0!#-0Ap)7DLUt)HS>
zNS00W3RQ=9{d!nE6-8|N%+PT8odQl4$B{g5iE?nT9@wsy=8B_SD$42Dds0F^cBGCp
zq{GesO~sqwL*W)mqRkOh*mj8HMZ}UXI<-TL9LSH_ohI2r$Doa?;x0&N$|^$nVIx7x
z8!@(Qat#i3){NH9n+naY3^V=_hv_En@p=BPo?dR<cI|bZjb}>tuwJl;7X^=Syb!*n
zWL}k6W*$C>870F?t|_RD4{;tIyHV#@E(N*Cy0g6O>eo;ez?y#CL5JPW#mO7ijJWg)
z1W$<$XGCC3M>0`R{nU+e8apoUuB=t}pY9hGZFLve_ol0d$~<Fhh-x*uY$>e=W|9LG
z`Mb2Pc;cqQR14)_GBS`|x#stGqJw>C9OG=tcLfS^%QsoFPl6&>i;v)*pNkQ`|4_D6
zwE1OlWhSXw`QdN0Ed{w|K5@T47F#9n0yx3;jl@&-H1j4$*`)ljkjre0hHoBm5JaXd
zXO4^t3qKaP118%=O?b^~RW@cn;kih|o#u!qM5MDhHOx|1KF2+LnqYnBDaRQaS=FDF
z3TDa@msdX=AJu$UIkB5o)piX1*V4ai>wVnx0mWgbW-h$6m{k<WRx{s3+v*@*Yjbg%
zM1%FXHIEweThZr{j*M2rUzbnu)R{ag|A@LL_$K4ndi-Uu$kD-P7XLkm);l`bj*9Ar
zJ1Q>l>bgw1lRHd`*BgR_#F<cWeIZ#9JA0{ql1WzFy~SRCg$_V{OK(hfHS!nkRPI^1
zZ<>DCsECqJ+5N_4f13O`o!bkK5Lg;33*z(N!-_Ci1xqWPs-5U@b-%<xVq_GgtE*bM
zhhf*6bRZ?3vt!GCzLHll-4QIxZAj$?Iu>dZYtxolHmE7*%IjdBy>jLH$0_E%dS%}C
z;#?-qXeTJOvsXVkz2W5O@aq)rjSxjH%z1pYokf=`kmesK?>$Se|KU}ybzB8z?mm{s
zF3`Bbg}8DxtqENinRV0ruI<kn#!CG*J#q}SC&R3QJ9);CUJ72MpOvgod&=R3ihl^^
z=1GpEuHxQ(*>R-#*e`&M{`K({`KEgrwVX;Wrv8Eh3|nmX({fj^Dh6?b^XjH&S(3@-
z#h13s4@v6;$?Jo9U%;Q<%BLP|nEIT3*jpVyM0OP@Jv(R0wm&abCW>aS)4Gis1`Qui
z3GdYsAMcN%{<5Z^<aYz`NpcdR?_<ce9cUL(a!7+0I8w_xjw~RhUGeLo?qOFOqlaW4
zb<+W-b4~-UR#zfx5v&=JwjkCjd9G(y6Ou>GzYgSgZ-3O_2?<Q?^!rIKxdw2zRe%RP
z<(cr;KN{Uf!$@osFCo1n5X|E@@*+Z`RHRRK$6z0dUezBhrc|5_!cU#NZUId7ZZ-q0
z-9KSxl91EGL4QxysGa?!{`|t4Jm@vxM-Rm>4cUTj2e+qrc4U4W5QWNFqel06Z8+||
z1di)7qY<C2HLVlvy-sj@iqJ`3){xbwN)N|~<c9bX&6y+q4>|6Ys3#sXALTzZE&|r=
z>%;r}Bn?yqD)se1Pkz`N3VQy&Wm*n@E$cUzpA!=!C2!fCYIYYg_Yho2o}X0$Cw6m9
zV&atv6vfD|gFqNL=s7faGt3`tHeT!Dy+(Sv*y-BL`?H<VW9_jX+PtElt0~Yj_F{dq
zoT~f7bwXr|VtBKGwf))2K~cox@&Fh)3~&VBf{><)oBV-}H1pOAS&1s=%>;mTjTnCl
zs$MA>TW)!e4!g-Um`;K}y*Ndo7n>louGwET?Oh8kyhT7vqcfJa+nI`BG5>mU<(vCb
zk)z2Qe)bOXz8jiEETz|)4BrI8T$g||v+E+<0okzeoZF!mX73ef`xV?DetW?>7GWJI
zO1h@<l#W0W6=V6wgReK^VZnv6(+T<|z79)D^bzrs^kIZP$&H=B^r*)lhh^D_>Gf|G
z%cIYM*`*{m9$xqlqEOLu*cq;AgFITqb*$bM)Bu4}Wxz5OjoC3WMeOuG#IRUfYJ|N3
z@5H$uH4k7Q7L$(0^QC)YJNN9<la{b!ZI)Kv2$%J-F=^$k8g1&Lt0ipjX=e$s7CiXB
zdWvGkm<+_x-dQ)!!PRHu602V`-kxU)5L~mNfDo3r3+%6ki+x8W6B1CF>?n}BBN^Ad
zy6#-|5=Q9`CNrQH*dMoTn4uI`D7xix*~9L$NBK7q`1Gycm-TVjUxc43KRRye-FeCc
z;eTl^6LL5HT=t#pRB-U!f0aGNR&q2(fm##H^5hOuVbq}y*9|!sDL#2_x2CQ7;n4r#
zT5)qz(y3SVfkjT52E3}=E)_ji<a2@nkdnfJaEIU#b|G_Ozv6S@XVTbKAMz9|xf-(4
z<422Wv;EnC)F<>{rRQ<Y7kyP2bLp`zn77O-RorOTO{v#j(}$)}sz}=3Asc*20lN|0
ztspUED$k3?MoV{@Tj)CW2=5(LX0FnneTIqMt?MHRKT})Ls(maQm_XfI<@<7M;_LAm
zv+Z=zsFb3$`tOHv$1Jd(K}NNjkRm1+Vi#@+Qrv()&3I+KB``d>vdOUYZexPhX#LxX
zi}hf(^6Z+!K8P42Z9iG_?EOaYC1E01r3COD8iT#H?vXgR(i;2HVowV7X<t@9u}N$U
z8vwSPJ>G$|jK>H32)j^_^tAA(jf!=lI;TjkxjPo)zq4KU#5-M;wkK<YR;`B324utC
zF@Y8Ri~uUguidxo-OvJ=^Y9D~-uZEuN`JQGd}kHOfO5dj@02swab0;^#dWf!9iZty
ze^g~1!64@Y=p8f(=63ZLxnU1il?U=b;+bZ>ypdPh4jezvW+`2)ZD(7md90XE`iK92
zF5tlJvU<F-b<p%-tkIkr+wOdGJT^e!I!ppn`-%omt*ej3zld5CfirUH3k~cO@$(9W
zV=s;-@cCbl{!9?Cr`Q-yDIPh<E||uRRIOt4zUSRM9y%o46KKO^N+imm(nH^=|EY5#
z{d|gDM>AH*ofx~r8D};4#>7I)EBOg5*}!p8jA6st!d1$6j~I6`Th70tPF3SGPl|?{
zmedza3)?pWb9VNvAgH;g(RGPG*h!A6K~qRwxKxb2!FckymtAnr06Rl@M2NJ}KfdU8
zBhZ8PP+7lPkq2>4ccpB=I^5-Z7vysTUs{WH%6WbXSVl=XqMa+3qMP<uKg|BPn_7mc
zo|@;;)y@>{d|kbvsk+sTNZV9yYx<Qn`oMRpMJUxG=v$k?(??3S(KU83JiiO~D}7kJ
zx^9;($`J^&x`iv6zH8_*Ges;!7>B9|wsqf2FlS;dH1{EES4dCH7Kp=&UV)~mGaO-Z
zJwL!+HS_Dg`a40Ct&G)EB3Gi!eg7aBoInrxYBOHxKnWTynyj9M-FWZDxz?jU0b?KC
z3|mF{7ZZ+#pe%sm?gl2Yf5bQ-Tk1ZL+jvYL>u+&46>SzkFB}Ina93h;EEbxWi{JXc
zB7KBoOSOBve(=Iu<56hWIZNClX3jL9dFHbpd0sl0?>^T!{tigcub8wOqmDf#7Vb;i
zO?w>-x8EAN4d;qL5F{{Qz5sF>XLQ_bfanMJOxw14HgJroIhbisTmy9&XTT4Z6AdnA
zhxOg)oCZ1V(9RPIsdDCnTN>%9&zlH&XfrxBdEXS<`WJ!jC~XEZ&DQ&0!q7lL^+h(*
zI^W+yp<T*8;Ha?Nlu7YKx$a^f{Eatm5KfMCSpyM6K$vk(ek#iA1q2r$A_6l9TF>T2
z)}sB@*iJSQfwd1oOy1Q{Mi8O5$4`=iYC2DeR7-s~<<?krEA*z>NA^}GHkw&iG7`R@
zkva6|uAW7C={~1N;M*#Im6)fW-%avJ#SLM8>>G!O?S-Qm5@{_aHCHKGl=(<||6&~!
zyQ*(tY;j)T!RGxcdr@%iK8v5Ie+ws(Rh*oSLr7zgmn0v3E39=Jc6T)x>`a$ouj;|T
zkPNvWsR?f%{e^PFEBHMj7r%Gd7D9Vb%P_VpMO??%q+O<y_O3=S3g#nqm`q0QE!+*r
z+|-_vM)|J-<3e~TB;a|1j%{E|qVx14yx7QQjq*F3$Y@j8QZO0vPx0o@R{{nd{yt${
z4e@9gyykE&1d~Bx+&&w`q;LCCQB3gB4@gGgA}w{Dh!BR}2fy7|RU>vZALD1s$2z>|
z8W2eqV!cNdNRNG_f9QnxvnBkH5H$QgyLV&UvZX<GK@)v=^6)+1{sPlJzv1SMvsd)G
zZ>6K;oAWM%AD5*;OUN;5tP(ItlwaU>S?d<SNP_QgME$r(LVv?^@H+Sz`J-fIu)fUk
z3E;<|?_+8OB<G6ztVY8WFqQw7sJ0m^so0D(g-u|Jt<UlJUX%(+dyxS_M04GvrC6JX
zazF&0#CZEmVo-rrgP`D=f$%DIX+o4e8V^r26pp(?KYV-8D8^3;s)g-VSb}^70{CX2
zPYX`J*j^C9j$qEieLyYHHZvm?!`IjlU((MoGS(P}%%3ydcMm_kvq8_>+qK-3y99eB
z1vYswkD}Ihy>l4YyjgDqqv`T3sF?w?p>Gju)`Da)v-S%Ye<c_G;&lHl8h}i58k_ll
zXO7BOG>H=2GWe$idrr=`zlGO?OUAr)6z5yTA!l2uVWj8DMPQdolrn33Pb9)&qS{k*
z5;)Dm_H;F0Xl>XKKD+TZYj>s5+=z~?-l)^4<G6LzE5az}(AISgqo%YbFBm9)LP+wg
z<=IM+hXG<$V^!&)asVNf576TWg-udon4B%)Z`wNq3Wr(sH&R4x$&pX_R#RQZELu;@
z3M6Tyeoef4fq#$=Ki$n~OfbJcu6xy1{dKL2HSjMmgK%N?9{hgeTe$eti0MTh2(MX+
z(D19m-S+eEK!LJ?SBahfZE<ey`Y=B^a=)Soyz|o}=xYZ)V1BgvNu&*;@lWCxbFD%k
z{+h{O72+4Nqu6MblE%+cpky-(_strw7&zS5J3XLuHt9Z7`j|w2Y^k>$72$ag6gNN`
zgt7CQZobXB>A9i^d#zRRSUXpglxZTw!=b@ATs#{|PLSI96?sIKtz2tUJgsub=%$I_
z`!TAJc1silP(F4Wok(z<s{XiEpbOk@48&?b!dm?#m8deGNG7VMJYm$3p6H(Ov1FO=
zX)rqi8!9hN-H$8(g_5cDOocOZ5ZEzINl(ShQHrqxeD0LL0_>^@773i)zsfBJql-&+
zP{uB6qa}7^KB0Qu3l&bbUB4;Y@}?&~xpm4fPQ|=7*Yp`{dD|1SYsSjV`yS(2sR0g}
zEz98(S?j~mLj&v8mBcof^(5av_{e|)GcQIXt}JV}@t?5?z;K5b0lPNvaa^U#9)3&T
zY|8C~!91mVrL`>#LOqv7zwpVK-$wMmBCzgM`B#ppd|t%qZR+M;?L_)4p-=+ls1Y?i
z5eJ)gERM3U{kPJ@^n$&6Oa~72PNzSnE5XO~Ud2@_HGRi}4P_UMrjJ&?0jIITg7pWi
z8dcXnIO2SMKq9ZP<BgaUtq{n`E!0|XL1nQ+^5LFh_}B!2ebyh{8{_xXGGe6<L7X5g
z0kzQ+Rd?v+o4h5^w-A7D*d0)GcJq|_5Ep}4>x=yt{IEy*TBejJ!G$S6#d8K~FP;e&
z&3Bo;(9hKNZqH)MtIa$VTZ=jPP4^Gj7|t$N+gBn|^@~3QYIe^F^b;3^8|g^`ES0J&
z%AH&J&mk{6%&U0r(tqb=!kT()_Lky2;OqPoABR8w4jB7g+0?@S-}p<g*O!D*YaN{5
zhOMh6se1q14ZuX6N`w&gg1lc1hycN=*Df1Ea8;7f8#o&-^1j{soPyx=<mCxkWlTmQ
zDPeR@6>32+u>POG<{SS)+Kj#*?G^dxoq)~oYcFt<y4)O$0KPJnz~k96k1gHxu0JEg
zz!<QgSU>Aj@m6K3C6uaf5t(OT>7u;v82x-Gm@S1{&LA|jzYnj=!5~NqC}bY(0r;_6
z;$XrtA82|#8jFnxA<e_eqLb=rz<#>Im&Ca5D}h-%3=)0co`IC$Rbx$nbml^%Psb`i
z+?tkNxtlUsy-t~#^13wGXfPRnHmxiDx6gCVSeo-7q@u(zV}zsRFgP)2pPd10Rh?ks
z%+RaBNwAA@2VBlSS$w3#ftNu(lcF<-NgDF*=Z-$7XA_z)`N3b;==F^S&}5u9K?aUK
z#Eb_qAMGAMx&bOikqt1)a=%R;2>E{YtIxX<g#P{4P<>o*GW&i6Ea<5~gef7&ucCyt
z9mt<wL*A{$QR-J1QEL6qXRnl`J|`8Ufm!Vs=%+lOwI$V00+@Y%lh3QYW~NiVL#o*j
zRqxH4$PMG;sABO_QCu;cd`Wz9W|$k0)JEIeXQoooNDi*>g#eG@mt|?~Fx-Qiu*x}!
zqhL|bMS4`tC>uM8g(C&ryek-Fm@22>uf!ZbpkC2_ZJ#)F!v0Q8Tt0{wz)iDDx;#wt
za69D2*S>1+uVpm(?^5l7xiwE}b8C%RjrJI4kbr~K$P;Yi;uNCveQU`s2Yf}Ucm8E`
z#;|hk>3_dm>CT$3-~)ht8ZxDgfnv#>YHbEMgx9x0Vm4DRPpM&ZAdYUumXP^efM9s&
z;vX4eD4zYSwGTl^ZPrrkj&Eu&k<6q&P<a__O#TZvO|rFU1qa-L`;`*ZFoed<p=i{4
zs!rU0!|%uXYlV@_q>yo^2B4%ImbmHnJgX^%r6+dksLsK5ei`jXjp`furV}$;2eOKc
zuS~Z0F0K9>R_ADXaq#wlT&2CP<9)AfoJi>Zte!+t&~D>1`Gha>&a##B#}@{abaGQV
zvKF7}Q^gyHiZ=1Rtm@?6PVyfYw!I<XIdRLS2mA466ZrQ%fmfKHtwF4izfrU!MO0#e
zbzB+c7>VpF6MY>;!AtE!=82pWIFi_ry@c1N%9N=oNi}+M&5(=S!h_bnCsd#%!nqG(
z$K@5{oaZeYXU~zEAljP%&q(0tO&HuNtzbF0OV%|{rd~o%rbs0E^?zS5J-A@L3!|BK
zFYx{XZ7}1~WSv(R2-mv6>)ZpOQjO7PMZ^c)0!o$FM>Anpwu8e&w5H@A24qPsn@r5V
zip~$XL&3-^$TVH_x{-Z$+u@!rsl^LfUKSs?`lK)5A;A-*c<!^1-gilJQjMMSP?%MU
zua3P#A!ci+y0B*vi5l&oL@8d&Cn;<v=Kb%T9#mxWnAv6hK!{AhqnRj9a_zgP|0EK)
zohK5!+`ps^Kcbg_P0!Iu65IgnZ;04TXfYkV*3^9Qe7tNK13PoqD5Tc4lkxh;+q>aT
z(~dCzjN{gM&$n6Yus5uUS`xXpFH-}?ZWuHu6sx>3t&xkM&pnq`gJ5eZ5CDB0o-z#<
zwpZw#^!2APW8H1c-m8=|gedI_5XU{%SFd_}8XBA+TH3ij*y1*LyJ>0H9@rfXgF>gV
zH0j6XsjUj}WAW3kEh4ba-39Ic`-NpPAWeaeP05|#Ur7+C^j$`7G!a)Aw0)Er^*K8M
zLE7p6H&-Zc6+r4_NGJ{DEA{u~CgR#y3iJoscci3OHCzOrEo{jKoEtLW0^{j7L36ii
zERX!1K(X{EZUWoM2EMtjj<*4iol*2-r2Q=m;h>>+#2$Vpf!^@!#wh)%wk>M|pDqT;
z9}6|-QMjIa)Ca|}h%_>yf-ed3%`;OJFgCLP?ei&^m&v&Ykbvj_!v~mk@gU&ubOlud
z$!x!t+<xq-%@v;^dXL_r<4z+g6y_V<1sCVdFx2?D1}1flqKtKQDH{u9%C#WH1G(>-
zk@BYse?0m^NfciH;Zl|gO%5NrQ!MNekmcKZ)$NVwBzP9m5&3?j_XU%)B52{gg6HDk
z>F0y4r>X`V+coE%%MG7>GiZDP9MVEnyjIm36SB+a%+-H>0jiO^c+oVaV+Dc#9>SnJ
z7}_<=%>h07HKZBe=fv&#^TRp%dlAl{qOFmHNw;Xiz%=|D{Vy=p3|1-RzXwv2<*yep
zmZ)?CX*EVl;m5+h_ewCRLtF@0Z<fi<cOnX|wRIz1mtUrh35%dRypC*qw!q=ChKcqF
zvwlru67W+@AO5Ffxx$|UwCqRAa?*s`2PU8-FhLLiPcW-EH+Pu)5Y-ZTjpoUyU#rHk
z-MmjI4I<36{px}!5mgaONu!lTQ9|Kz6W@DXYiVkY+0jJ=jT7J6{8kaAu>JRoB$uXL
zw`H^JA<F07vmzSy3bOR}{(rx{>?yExC!|a_vNu^O<Q7f0+-O58{i8cTL&6K3_CG{j
zBD(6)Q>@yoVYPLZsc-29wtK&#297O-|Bl$;_K+eQXS&t)Yp4TD2xfUQB<I2*x47Q!
z129gcKni(JLp0cE?`OP#{MHor0(lO#r=lq(8e@3_Z)v7X+zZ0abD(z>>ut_sRKevn
zf#GhmC8w3XCEqp=t$npw5&6Y@mA1Xr5SX4lXk#u<??$;-v_TLx{;!~wC5}3NDM58(
zOGr^*ho2*NvMulMS)YH4(B%N;%$@;f7M@dU>g&6cJrpnhHL|X(1pVYXUQ@%(JC9g%
zZ@(~0q+1l+y3zgc0O5!=FWUVToLy*0!LH8)l(<A?aE?FW%fOBjJgSQz5nO?Yb*r7;
zQAvu{ytL~cZ4lg1R}f7`IcyI=b3fCR_ky1eV7x|uceA#MvG!%qTnTI}`f-R~l5Q|)
zxx=JXULTcjNywMLJ;O}|)ofF`hf1Vo*hEGI)&1pg(nO7XaXbsW>9yG@i5WR52npql
zs3MZx_pgNgW%dbTTT67Hk9BZ;oD~H#DP-PH44KXag};?EyI)<DB_rA7LnxP;`K!FA
zbG#pHIVz<o-I&Skqm&0vB%#(K1^WwZ+}Nk57mOnkEE6ONr>iLUgCafvDV(ppM2CHs
zA7B`F5N#EMQ9eBYXLsQig)*?`N^rHaDj2>4&C2|gxLmpmVea|IGWwQFn4P$S1vp??
z%)ahA!T?I=%BeU321xid(18F>B7roD-H-7!^X4cNVH4lKQ>Ukh02?lMjCA>Mt`^+0
z-tn9Ih`M%Y>S;@j*^;Akzq&WQfMVx`v2qf)CZ0c@*oG$UJct)uB|oi%j<4|qD5rat
z0(GwkQ@8@lytGOh5mP2L069oly$!i<B`llLW94Y5{mqb5R%?BbbLVeV%KS*aWCtYw
zZ|G5{%7`J^_)t8!R8NbYaaFoH=t#;aZ`5s0z79?YA=)s9Gx~x;!&g_GE4)u|c9j%o
zF(lZ1g5|-i)fuP$BX2d%99O-MyYI_SriA@-lrk-gZe2Wh%y#%ed-XP}Q?Pq5`r^@y
zH?YIxU8RKlmEj2Fy690eO3VF!?|AXD;443s^{Z1O@lfu$m*gfVpgP|(y<k1o3^Y9;
zh4`fHe5XU053)`FnRh)_qBve_4d!p(O1>^j!g@+`#ld4;OU&SL5t)fOlfH@s(41H{
zto}E)Zs8g{x|V9ujC5~-vSx)vQ;5$;{tjaP{ginYr`|W`H2G?(DU9Z1x>fwcDg58@
z>k7Z}50Id?FJdT7g|E{<8%9v|j^|_opV<E{1t40!h-soA<<O&l1c_5wM@bXN99um<
zOZ^WT@Z-8;!(TyOwys{my!frwJIAV#hA<tY54`9e&;H$~tpAlDBaOsk5cU1v@%~0x
z??lnLWbx0-==`4qitv#{hyVZn`f-cUT!FyjUpX#SlP)@94}qg`ueh@~IVetcvVU&e
z0015}E))79=P`>MZY4Yg09jT`yLs}x_wr%GsFR9lmel@OGxAV!XwN8rE?k&>M;N86
z#sG%1*B9P!M##8<1R^l4odN+yGbzdhdL`}<q@<6u(|6opiRh$~#wDOh0QdK?Rw_#8
z_tR^!0vYd#9?0!5TXpkPd)d7hIR0L0Zr)_=J5AtZYgqwQLUv|+vht22VdVS;AGLv!
z(s@u>^i?19*h;LHog!4sNJt+zgWQ*8#1qEThqmG+KkC!}R3bA<TDunA9dL-Nslj$}
zTAmR)xs0Z%dJo`L`%VLR&*$|ugK@DsTy$xB=_*R3M+B56V|kpIhRTm?1*GCDnK4wM
z*FhVR3m};?<_JSFle-iWB+CqKWi-3(t3=JozYiNm(8!B&KZL=SX9RX#Fj>=O0F7P6
z8Su0!B(!H=LhqxWIcgB>6)IX>2|2jxBn(b3PNcEb+ieibjD+QIP~d=9&&gJhG%51w
z2Ixp}&&2Zov~n$LAPHMb_<V}Dn#4mZm&~{yWk^A}-!ogmJx&r3M_u4uBK15Sw5_-b
zTD&)~tCX!1@feKVi1X9T3<XxQe1}~IGguE2d#3%9FQojbJBFPHz&DnvkSC}vI({L|
zIIn<1p)?pX+8tc~#xqsjRdF2q6mLl81*C;%A8xjHGqEobG^oet`p!g_iXck2(4FTD
zqh{S=U38lbPqgbuuP|Yh3#ZU_tei3SYafkoP`Mo!>#D3o|Gq_nefoD66QzJIRS$^7
zHvbtWKLc~E{f(*mhyKruXVsKVMuo_lUQZC3u`&z1)DPQjI|Swt6x8~L`MP&4+iv?y
zUe&scCnur=x90fs*;l!76(GvqaM+vz&y%&;HHeE04j*kbRVL)Sn&{Fy?2aC3X)GGK
zf!G0l+TPl~kyf#8z-{3AnMV>3lR3{y?x{f6d?HYdqerFjCU55lumbGE9=f8?K8_%+
zJ2pWjI}X2h3;-ElqvuC$UF#%7zH8Kf(m#<dIxhAhJN~#eoatI21F2EkX`xinEv<R~
z>MBPy$#K#y>$klrHUh7=dLRh1)-Y%}xHlzeH|dPxwt6s;GKxZdv^^fU5v2LqD0xGe
ztKfU_ZI=1C-OfR<>8(1>h%Q!m1-|F=Usvv;o@aDyyi7eL*TCCP2)W%tl(t3k&YPEx
z6&pVBVieETxEsZjZ+Io-iOu)yMym8-=E?_c^TB1WgqrQTIC8)gc@ne(fJ;vpR$^Ed
zI_jaV4;W&;Eu>-pWqG7+?fet4eYKbxyN9~27Ca{6gcyD;0_0TS)y=H98i5fj3W|`#
zK3kVFtDMDxhqh`r6f`XER$ljIy5%zVA1&+~H%@CT*Ll5dQ5t~kUgJO5Wp(L%b-_FC
zeS1(R|C?l4i@hhd|I$6)+g|dBLEBYEz!;)xa`Z6DZ<>>yT2*{%fCs2day}hAF}`9v
zi{7oL*LEY?_eu59&=?gqxeDbic)mUAW&EqM5q0~3Z%sF~O5N3mM<4VCwHi$ceO*@h
z?gdDE@cr6|1jOu)AGya`-8YAA!|j~irf$)AuTSbpc=3qIX6$7u^2zN($rPTe=k<r5
z0_4qW-7fCugOKiA_p<#!-Mg=;&~ofno)seGL8)PucYPyFbn1#`yaQ+#Z;NJ15%7wl
z2pG2m&~Fn@-(92qtMWtRpi_~d8*U{B!@_xQZg(0)UJ-B?&_^il^L^TBAXqq0-~A(F
zIHwJ~iutzuEN-~D>(;*7wg=+y)gz9vjunuTO@_?FfeJwH=_MOgwr+3CspU;0BBT!{
zOwQo@f#(xcx<CV4D)76w=BjwTHQc*iDt0*Im$0s5%&FHwQd;E|gjWz6N45Pg*3L7o
zsiy7rDhi?$6{R;tL3-~cBDWx2iWKP}BGRjLRH{;yUW3v^kkET?0YZ@)dJmx!5^4zH
z?BM-8@B87LZ|93Y17s(A&z{*cbFKAXyC2&(%9DYaviLC;yg{;KU59C<3@DNFIWvEm
z#2*9^c2~X_`oq2Di5W|O0ZYN8Zw;;11PYlrBQRR&;yM!4ouIA2URRLQkc3Vf+2bI3
z-n!mqx(C|k4Xq`?f-R=f3?wG>T{t^kKkr^sO-ve&BBBu=?8ruG`d;W{Pig`{jFp>r
zv>F88{|2x6;KR;OTi6#Kv`F0kg>J+Zg(xFmtQ2jtid{6#={Xa8O#Vsy`o9gcNq8DP
zy6_`-*s#(nrMA1ak#by}Ut)fg35@f#a%ESn43cN8_Ajwd_<b!1R_{ycfSz7$1V;H*
zxH#E~|NA9ee$!LHAFgz5eknk*6!zQkie5?bM^c5E%#x%C@m_LRnB4w%!0LU{V|5@v
zMjK?$!W7Ascn&Px%jH&4Cl&_=JRIrU!bGFO;2@=dDoqM6D>7`?JCT()p^U?;ai_FC
zeUB9bwlit{EphJ{MtE80E|%-p8Umb~CC*m`{&On)z^Sa#`#J=DE~g_;ei#4*B^947
z=nGX?Fxo~F2`3A9i!I+cK^#!C4><$I3OLl_WJAB1u#^L)q2ot_DJ8!;<w(f!qWof6
zmChZdV{9ua%2HjVX)UMf9$zI-Vk|1de&71ejN=yTuz2~U@mt&yV0EWxYPuhN8h0MQ
zXZHf%e7<`Qc!TNy@5iR=a(CQVdr1fQh7xfuJb%H8<<tQ6@}QT#mvn_x5_2P^Cq|}B
zusTE%*tgis4#QUZC^_OiBv6H|UX5R{kG2TNssX-FTGtishIRt=(zmU*6q*_YLr;?f
z-1-^P-$tyYh;jWL3XF#s7;g$z+q*EN<{3MVykud2Ga(X{cU%zl$~SJz`OVi+_7Y|>
z=WX>hnzjx{g2qTJw-Qs}n~>EYH#_l_1PJ&PzDKMi(Y#(XUnD_clO}NLDvn@##AZdX
z153=^cWNK#EJJ&2wj+DD2a~$TM1?9bHC_s4XdAc;pn0&g@m8V%;-&TUC7H6L)tZZ%
zTnBn}f4TK8iGOq)-jzQv_}c+&mAHXvf*T-U8Hcn^yrWoC$8P8g`NWNG1>6t5%rZzT
zrfwArFWkD9e;n7haFnH-+w<j`9t8E}a{@`X_(>pvn2<oGxNiFBF+XBeE|GWvncgVZ
z-e~Z$wNYo0kQnx;kjFrIIIV=gJ4MJq!f0$6=5Uh5?C0%Eb%L$rI^^ta{dH>zE7dtD
zsS4Z8{}z`J7&Q=<KhwngJgv+hDLr3sesrR~ID)oT%sZ5HB*6baL1Ga68en)vENPkG
zbt@@*$O3`or;2v409IACFZ4n9y_ik6&@rTrrfg-F8Q||il?gONTO*6qigM6(7A0K3
z7!J(2y4p5aA@g$4>qmqt_`lP^@Dp>EB8gT)w!Ipesc+khAo(ta4_@RH%jD+ioOH|o
zPObGTt|$RIG2I1m#VY^L6a3J?F^AZD_J8N%eN?YLvH^7fF7u#w(|@F{L6r8SQUebF
zEgSIe@Uc%9^^d$Odegwr%5(s4w%>i&;_P-fX#+pi?C}EL2^>a```@^Ui#MrB0@AaK
z{}KMN?EQNA|HrE#n~soMZZQ2ObOP3EyArOq>pkfEU*S{V1Hw00{RYA>gNpHsEO?97
z^9ie%G2qVly9#=?e<R_RCEs4v`uW-XIr)Dps_KM=M&F~k57{B1e=kV5p%O9U{SM<L
z{aN6#^Y6rQoNy9?NnY9g=eWW1tKh#se%i<W_hSh^1R`FskaH~LKWne>$$u`6gHD^r
zu^%U5|D$H0{(GnfU@MXkPVx8q-74>v^F8pUzTc6)N2omzP!Y$FK|rNt0*n#?i=h9U
z2QQ&51>bK0^RZ)U<&6JU!-0px{f?PEVD1S##0uR0o(iB}1V**sWNCuDY{BTEhsM9n
z@+PE9))|j5!{-8BsQDEW0I^$)1a2a6@p(VYx54oCUEIK~uGw)L&98av@A(@xKs)+O
zmfL6^Bn6%%{rxuK)Wqoo4F{Hxri%iuNFN1Zr{rKBxWHq@KoABUu#RIQ=rA^vKv=Eg
zi#w_?V~JZA5MP8viUTSe1aN8I9Hb2TvEzVRYI!H{6x2UEFgy47?;qb_3^+MC1t2F=
zgB;%HTZ8x_pl;G3a<NvBIvCX{1f9fz3eL~>Vgii`TexEc|K&MwQAfx?Sp=Oy<vEaF
zdE91jvC~<Y_Tw`0JwW6u1d1$yg=hSY``R7^jp*OoM3C7Oa9C}i+9@GtTk{8m#;i0W
zT(QEmEpFXG&^hkY-YVreiqg8_Vzy~;nbuA4@Jg3uWY0w_mJz21;-G<q8zCEn&HndB
zSni5x#3ldz{G_7GHo%|=Oz{B8<ITS}p`asf0v2;|gi@a#dS`;Ka3St*pRs(jXT=X<
zC$w_M#v{9y6C|*u4VX#^*O>DE@^)M6mXpT$)5ibx(SH}xS6`D$G@tZ45u|_ff#?70
z_y6mwAqj^CmWBbq#gRU~IHiu7ljidyz$-H>m~zq6`3;E%2q$@UepvqRtxL;~hYJ5y
z2VVZIw?MezfWIttJuXc;*SaXX7AEO&I}`dJ;WT=`|J?-$pR{p`SukspJKdu4dznD`
z;Noaq9Ty$^IP<6>zYb_VyNgP#9`LFE_C&&solH>%dGU7!Lg*IZ>ra52|L>OpUU3q-
z@BizSO^15q?pEzN{ODrs8GgIA35hiW-ys|p_22GJ_@42=TJGOo{{Q!t<r@i9%daUL
z@UOb<D(4?o6w*atyd*N1%IeJw;`Y<{+O4txh8$jvPb|2sz`z;)fZG~hUbgf5Bs6J4
z&@RWF8w=@ktU*%9#~m^*=DQYO9Ov^sZW~+-D#8sXZ_bYor_ZvXk^K1?)EZ>1JF{oY
zMotGY%Y=hlW(qFfbU^4g-{2tWSTZy+wl(z^_3~*rbwq`~Y_BgKZZzu?cM6dYWztWD
z`DAd!ZMFMkAR(dKGM!&Oy1>cUF6zFM>nr^z0e@-Hl6x6~VnhRwz($G7tx=ZYY{j_>
zsX4QuRxu`#G|~YMR+j%vIh^wCsCq4(xC>-~_Wrqk7v;@7+UXF7GjZ!5MzfL-Lkb$)
z2J+!u2?72qG*8Xmr1uo7o2Uuli759GD;}i}>+j@PuUDK5JsfZw(290>lJQNhPI&hZ
zzV8^oJnhGn_cbIag}XR!{yt-KKpenN14_Gz8pEiG@M0Rxi8o4pYDC>L>wPnjn;SCu
znc#imPj6_w_lJ}=vkhh=`#)g1*&?WJ0c5Noo9lkY!w<K`WKQi-53`sA1nc&Pf4!<M
z2KDgL5gAPS950@s0-ipT0v6XVIWlY9wdWHSZ!cdvsb9~_MaWa^HycMlP1<qcaoB^~
z-sU1ey&4hsJdR26OZxrS-}Valmoi-x%`{AD0O17u2r+$iU8nlLCl>8OSMXZ{>{}d|
zZlfXbeV*F9JrwVfm=c2i!|sD=((6(iVis<ACpX)drw*K^_4ZVg8Bf`T7g@16(KEs{
zDphke*Hk=Yz|91LF)kc%D{}uX%-}=RDrz@Aiof796+guMIKp&HkVyc0@-mm%oA$U8
z#IiU7(B$vu=wx^;el%G@wW~esUIKwESN2<;d=g{@+yOHHr%U2~-u!e^BY2?7A%cpB
zOfnBnV_JjDl-RM0)!^#Omm6!=cty+q!L!~QV@W$)N;)^De-zU-q{Oezk9-{THTB^G
zN@4o@g}N!VJBYQE*M5;4#tM!u{wXs*2lEmn)PDS7+3+-QJ+P-Rxt)zc!(LXtcX|oH
zbtMFs)qK7C!X>}oTX2hzwGjb3t|l5`9fGS|*S;_2JTI#he>*YcyRb47;&aR6%fHva
zY272!7iex+;{fJ`N2XQo%?!yp@lpaQctfgw=?iz;WP+9Hen9aWXZv-W`rsJ0qGNl`
z<RDbnAD-60x0m0Rl-{|k-f?uuzH!smB}Uh4m&e|z4BQYsU0Xgiot8z@e#m}y6JBj^
z7{CN)INvg<E|xS4wo`$nCo%15TliR&Nu3wisYjn0VdIC)FxCTO3}va~$MNL;%45(>
z*|WN`8bGN-8HB-hHTuow?mzUTt}4icB8Yo7i)vh8?zz@tJLt#}!_zd5vs7Ynn3Q0|
zz&>qKot&eR?DQE87z00=Spy`uow<!{>G!xVqaE2!s}?)l|Ge}k5P39$vXh-wzeiDO
z6W@ellp<qFi(2*|5`cp;f}44&q4<uKi$PxCxS>C&!awR4sa_%KW;Nn#0)vYjkSpfp
zGqI6OYwEp*)o-!MTxaQFSkDJ0v7OFAuBY2)Z0k^nys@vtdG`(K0EF7&Ae6h9or#4=
z^dR|H44@PJ1>i4nBWy=sZgby^?XPn1XX+XI_@5C}&=HV`l*-z9Rfdr6CpFKUgL4;y
zXkD(`!FmLB&0m{8rOe(cplT1EYfe1ab|TSiL0{sob?w_Z?P55yN@6wg746@EE+jmt
zuPQiCwZF5G2#;uKwiH=EcJSKu4a&bn{2&s@r&|tEk8=Q#;Y`{#BXjK1^f9TdX*Q?*
zncgA1P5h99$%DKol=oR*+mzkAnJ`TEs8es$^0|drlGyV&ca?)@Q+s*i!7Qr>19uDd
zIpM5lnSjJv&&f1#)K(|ur%~IK9CvW#>7sr1?s0;)*?AR|N=Z6QIOE;TqgB(qO$ju-
zf+P|#300uzW*c~~rs5bcNds?t5l|dwCapxz`O__~ToSLj{>h2E3(!eK84U*|*97!b
zCkZOy`71^1ou-ATLQgxb*?D~Xa(AqylmfI}j|}E|!Yo{uUr`K40o)T-2cZPwBl~wY
zibXdcnWRx?uHB0~qc}#B;_8wNn*!SO?d<u3M|?sovsdoqw9`0k-Q=R?ue23H@~GK@
zuc>k$kiJ2$LB4`u!g~R+KfRjT6oAAB6p&!fzdwQeuKC)k<5GYs4ZOla#9E>%-=4ZD
zD!p~18=Bj<^4W(rQGVl3P!Xw(3y<k93QKK|r?svwyktH>jNzNhxwH=hO-AiV(c9L2
zrN8myY&LdwGaPw^Rp4Q0I-9*wY>#MTm`V{tI(M!@?N22Lw1X|C)+@XFhh0XgU;dK8
z*|aEk;VcweF26!%5`THp>r5m?+@kCd8${Mkg)lk@PLNP2!`<UDReoTY-Z<W7$Kx3d
z*Its4w1Jcq8C82l!)<wZcM$E+fwoGMr9pol3hydRL*8p7Nl#!eIr>IIU`UuuP8-=~
zQBgx`7xy##)Zuo-QRgnClkX)<T=aa`i7%OUK6QSShT(*TSqMsXGt65(_bz<%zAL7V
zrT+Lp#61+#WRjQOn7Y<}B7|UEM{W$a<-C3edAjoYS!&`@Jj2U5d}VXIYOXE3ON-ff
z=irHI+UXtkXq#xM{WGE?H6X-C=EOI_IIhq2EYs<TGi(6i{!`hp<KPT5P(0+6Z0d__
ze*n>?-HmNdDh%venPEMPhnPX&rFJ9ZQ}MM?e6F%Ps(!VE*jxNm7{(g2*e^PEP3Qow
zV_U&#RGhJ>QrFvf<`$4@`W>yh3K$h8?PxZs@iDW&CgszjTxYp^b2EUnMWI{H0b^&O
z4FMa_8>`NOOvmTrp}<4pH7v;zFdOu^H((Hlu5(TPzM354{G^*EoGhcaz12H~s|g&i
zI@zG{`-C)C0}3Dqx8|<;k=j_j39RRjuo|BDH=O-BSc360O}=%sRIZ~=<O7@eam%{5
zrw-^<6RsG})ctfHl~O=Q@!HERUhol8>-A9OfI)f<CD8~+@z4OT{npR8s<KdvUUOuR
zs`8F8Y)E&o#sXXJZRrhT3P%t#g6L30x}fJ@NT8fb#y59Klmb|xE#1)186hzB50*$w
zlSJ$WvXgS*IYgaK+wm4rG-U)^plM#a6xi|I!a7N(DFtWJ4QXJ+NQZ37M_OI9wgEc1
zZf?bIa%!XGeQr&6Z*iI<RrFz}C_hU&{Cyy=_z7D>$exs9N-`^(o0-{KCAbgKYX{d6
zdZfYUI1{=qT?671ZS9=}AuYYN->A;RxHEI6PUK-he!pe9<9y2PMn8k^V(nIW98`nY
zyjh!9hK}I10afwMVgqo}BaD<{rn2~$Sfk9Ik<2jLu3W!_qY9-OvNp*i0%pJHKh@Fh
zeb$w-bzL=eCJwVQQoSybDOsO6{JDznW%Epo>o*$+i*dP(4-(?mmoT~cU;q|xHPhq=
zZuQ^x>v@70L3tmb_ZRz97@d!K%{nmNVl+^e%8V1-ZI-hNv95E^envRfB_H;|ipZ9o
zR4ulaTJw%4U{0|-wD@Memn?F;nPWkvuQ`o-MLQf`DuP=8yX8R7YN|iZ=OZ|r=WacD
z<#LjWLUSi{h6#&@r+;+QGi6V1ij42kY{ONuhZZQHT$k(AX+Q67N{C*@pjqWCBxqm{
zGI>rV7<-7kJ35cnxdM;Fu1y+BNto%Ow>Bf~3II$30tL77qf^fe+Q{Jt!*4I0`sMe&
zY#V-5oCNZTmS?qY**ocUIzh~>eNFi4*Xe%$COC8ulVw0ZY7&_g!33nXKF;o8)E7!$
zq0J$q9$@sp<IT!kXAXSaHf`+pko7W9ns{RM%tr&qmeN)Y8CpzS`Dm7mr<|XRa)qz+
zKGMo&Z(2hDXU@$mBfL;%w@RzaM^Q5+*=B@0X6B@!4B#vWSCB2^vcwXilN5ALv@JN8
znxim5Ncq>cE>mmqAyG^o&rhG^Yg2K!sa;ot>%;}I+Z?GP?io&cF#1r3?UfxkBp$v+
zy2bs`KIN^Q`KLeKgw1JBbYxT4+uu;zr6;>bDoL?tveBgg{R-<cZ{tGD8)L%OpH5*&
z>n{7ge>fbYmdZ{UjZdxB#!pGOPoe)*k^3~N_wZ0CFks*f%sH6~@eB&jaJVvw8f|ZX
zY%RV!OgUk?7|{#wI>F}3aAxdxg~ju1(HHB!34|ETt>Q4k8ZabVJ}fW71>jg=F%l4x
z0-TYFQL-+*UX{g^;Y_IZ-ZJv^$AG(2i^W3UB`Jh<+~a}MhFsz^7c4XJxF@e@f%4+W
zG9Cc@#U;{$6*-xDw>VyN`X$SA$eIS^mPK;epyH}$f+yMp?!SZ8Z2SrPJW}bm)F9u#
zz=()Mn7cUFVuQ6X@G8?Z6ymjO23H~YXBUF0k`ezZlAq1-MaGILpg9nfI~%<!M^Y#I
zRwfXlYnl}g*0R1VM~-W^w9NsMvOgc*-i+IYNl^5%T9-IWxJ&QE`Mu%{N=wMy#M{pq
z%(;?S7F>o>b}xTq45F#;%IYywm1Ho;WoJ>N=lwn0G2WI#?8FHdku<->NO|m>17;|K
z7OyjNB011=g2xP_u?k)hER>=BC-N>jwHJ-vb0Wdn{;bEaK};$E8zSl%tgK#K=j<7y
zYx*_8WU!~DdeT6@$bKys<TNm)oL04yv8$kcU<?1*ew?bFqm6Lr<&X9$*`FSTNU}h3
zG`oc}I}97-dzYu3-z_-|Xr@{*l~;UK(m3}6rQL{wnHlK=G2)ZK)w(efg}Vk$zgZA<
zAeQ<Xvr4}^Ako|6N%fHT>IXJ(ZK<L06Kp>Mj%0fo=IIbG(tsJ%;5UPiaC#rh-4B>M
zZJGf?Q;HW{vCnFY29`upH-JREn6zGN3X@Xj2!GQf;`DEJsqQP0GyzZVQFf$UpR62R
z5eXS|vi)Xmp-trhR($uvs-mC8nxii(F0+a%Qwy=h0W0tk2`z}RSQ7aD!0(;qn-z4Q
z?3SMf^#_@y&l#QE>R9u5ocy$p!;k)lV@S5~11;F%v~u51sYyje&&E+jtEr8;e23Hi
z9yeXXCk);|jMej=zD=Ft-`KII4%6j=&*^xKd%dhCzGT&yPL1yg_>VLUt+RIlcBb<Q
z2Gq;^^x-20`@1s?KSzP3TcA}3qcIzqv7gKN+R1)?P=45K`OP_R4lf~8Cs)()C_^%@
zedbO3r5?P7{ip<m2B`6usZYT#pP;c2h;{4l>O+jyM7}*8Axm@rcn0~&=H5rgQpv|z
z`QkHwj$(qsSc-qmeP}pxH+F9%RTxVP)@|(3P<Q(FBE$Von#aL8_$o4kM&@>f;fQ!s
zH)4+=4(eN7ip;E>kKo&2nJxola3lA-sU_PbL!!)W=i5=`;A@&O!h>X)SG%diximpc
zGP2P!LSA={qw3t!AS~~Vn`T&!pP=?>p{v_7(@!*~wv?69uCR!AT7(_Mm^#^>RtYx9
zM!4oQnUd(6BtR7Q=k~XPShiSnjw|K^q`kVXy7nUAPFI{5wDTVWPlzQ%5{YJL`5;9m
zb2H8wwV$OvOw<0pc^c%i)7%{RkZiE6>KG!i>YnbJQrr<aHGqS2FYm?X=Wug(0ue<l
zezpTJnTHe`q$T2e1!qprC_gV7vo-#Nw{VoMuiW#C7HYqMf2}DsVFKq*=k!_T_sz;_
zsoJ|wZ1aCAQQtji)X<uDnEX!pD$Jg5I_<+4o|5|R=?ge%)3#JAxHb$3;SJ+Nx8&CR
zf?FVpqf(n)K18~mJYs45?6`gYc{4}9jIn)fr3M(T2LTOYU5#@2o-?h8mx)Fzd-Dq}
zm`Kk95=7sD4U2P7U6p^!<MdhIHKco5)aUy<`p`*mKSKtcbMnK<qz|;Qxf^|f#5kaY
zpLrGkYNLF1?af>61KIji+|JZJ8CjKOx?bo)Y)`Fv$6{U@bu)HIv^%c!y4ka~53dnQ
zM}YXy{+4jEx%vL(Owz*b@`<$`4iFuFeQ(0bR(AVFW=3gbElb=jIaSBF=NkYr=oD|u
zCSJQobtlc74o`Jn`}w9K7{+IWeMyr(z1Adb>L=*s6I|+*f9x_uh*FCDs&7V~$=nTt
z4NCLFIKX6?m)~M?tF*HG?PsTstWa#tYeZIM#$ZR{Z^tnG((=+`akXO`-2Jetnqdt<
z?9zUCGwVI+<sqdYo2QXe=iVmvLQTwpeyDxa;46W4E}s^+UMs8pZ+oI4bYI>44XCoK
z%8{8jGnpNkMFl-`5=Dri`m&*&>~ex?RaK$HczcM@u`6kiC%Z{d0I4<OG30cDMnii?
z<+L*&`movWTO6iPLu(n*?uBfAfO!ogY0L6BuG_r&)rgB_HB!lhV=am-P#`pH{pU&A
z)dEsfMLb)69I$f%R8W0@P5e(zx96iN=uj4Z05?|;kZTuk;E{*ypp}pO_f8JC1QlqA
zOXB_dQa<)E^b+6ah_G#AkY$ge>$2+lw?T0^yfzX?agxFha|9G_DTdCpK+iu-jjg~n
zJ5-u$=+p*M!lxfzEpC$X>bh?A8%QF;e%^)z%6i@KlJwt;Xf0PUFLIf(ji7oGX&%Bd
zt9O+wperWeu8i=N?cspNn82&0W<$Wzbvwz&{98a5-I-hqyCJ46$Ac>jETc)4WISy4
z^$oG@{^g+k#jqn#xeV7_%Z}|xGvq1<m{G>9<uT~`v0xC3s`*+a%bF|qwfxVv4mNR1
z-%N?-=j;{^H$@aLv73Y)(R-y0c56_n(Z^h5JK4M8E`5>Ok&=-dAx+eK_WNNiuAiRU
zkb*3bp{+ehQ~xwUh}KCCs2jlprban)5uZsl)@0uj+?OHyf`80Ao`S+o)I1||x!;7z
z1M}w}!bAhr&A`x-oW4yJkb&M=2vYdKOxAk`+z%O?e3;hi$HkNm#^oiNPzKROo5vzW
z;%?bt;_V&<<g`8>+yqta&md*5`A-2E(q|o<XA7(PERQ0Qs(?&*VckL~%^gQ8JeOR0
zX}SM8NWxQbKthr``Szb`>wv3*l4j2G=WCMZxXw*l)@A*^<G{oo+;tH#%M-+m2&BsD
z89nz+&Ir2PA<lr~fyP9Yz%(wKErF8!w;TG3A#f9&lg}oL<S{8$u}IT~wtGwhY?*<X
z(;ITd>e^w*?-}Y}Mtl=aT_GRKue{ZHyMXf<$k|MFX?!ooTJTc&V#nuO;r+bN!(80E
z$yX`c1UzbT5$vY5@EKQbt~$$6ochg?R}{YfFumU61gi9Qub}&HlEp$?cE8WHGcET6
zy2#Cn1;C`T9d+Ovbas{YjkfD&ru8rD=Ei4}4SzmghH6d`-w!yrqK!;ln9DvqAd~BN
z?%2qbKaE$WUGK4Kx68O$f(=!^U6L<PdcIi^7y}B~R&KpC{aS4OSa9yG0B;uq?OxcY
z&v8Cc8`08OrSL$5MNyDZMlUTY(Ma!2+p->pPw+U3=$yX4=5gbkBrNOZ+SRj?-#cwD
zcBenn6)AN#GmqQ@G=wt3S3`x@o))Y7cAvZ)07R|<F*2FR(fZ$`4pZfiL+FBwB7=n9
zNn?ny31V9sY-D9l>!Qx=CRGrqdLyx10la`hV&TI=nnUU#|HijGshR3_jX%xoqxVc!
zopJ>xQ@>uxYh)}cYfXNd>3wYw^3EccO!0}HYgAqD4YnabbzuOcU8&v-eKzdh@|yzX
zN;NX5a%fYo0cfp3wpNn3xek7vIYVDd=T-1*KucHo{d;if^NnwV?OD$AgMo6m5v$~W
z|FaI~N2lXeL@1{KVJ{zJFALObRNTgJFSFA=P~^eiW@nmjm*ajTvY@|bD>(Nd@Z|!K
zN|Z@=B`8I`$UdZKjAn3nB5U=C)vyPCKl!=gsX&m~7qQdlxu`<%-8ycsJAVd`@s0*S
z?$W~g-a=5TuzcO)xG*dl;)RusEXo+kBWZ-}>N_^edI^yUFTUY<=i@mjd$#=8z4Sf%
zU|4$kpQAi{Icf7$!#b2Ej#LQkVR0No^+z0wFI`VbXp8(1FQ^ahX17_O16EhH0OLw>
z6$zrue0e3Vn7@t~|HE!UiOEA3m3uVs!HjHLODVkrPIM)pO`KxRw#+fQMJfG<T+LI;
zU}Gks`_-fvSq1k`_?O}JHz;)?>Dy`Xiv4D4GzY!CdB%nYA;I!jG(0lg;fOW*>9}BW
z5ASO+FL|q8eL`Dat+*#;(!!N_0ZRiN8W_#I?qBJe6Kh{ngGZM08*r}v2Bp0Oa1#?b
zQDzMWH)j74h#x<ePd%!h%<gn@HcnkjGB-z>K`fqbkR(+c0m61CjXtk7GR^K5%9+rR
zy{o>K7CGJWnf8}Vh13LUtDFlyd)z2wTgvT?Hf|V#9b|~cMN`r`6`4MFO4V!oA-pn(
zilZT7dUE7t?cBEv`(7H=V>sKniORFdg$T;O8!WBSsPC9k(g44;ag+hw+NTk7QJUAr
z+}yNL6cl0D=dY?`ecznW63~*jo3m5b!N8BZ!PR^l?*YFycqzHHbQJQ3&wrZn>WJ{`
zJG<m#)FZjyN=td;sTx)31iYU0qg<JS4QSk~6~_-FE1P7y@;mKxk7nUVR^fDSigsZY
z-fk#~BK23`d%{4+;JyWE^z>#BG_j+vN2y$bFi+@9uU>98{5_8vbuxy%$rYq^YFM<s
zi<@Hrtk?b!xw`ER9M|UyBP?82ZPg)=UQgEDdg0vz{jjS0VxeJTW~AtnHYgcYZJGIK
zmimm~O1nES2ZkT?zGLr=^RbSE2St|u(C`^`jf~T8<Dc@=dYdbTKQw!QW?=KJH4*R2
z`c9<xi=UPQGY9T}=&Q8kbm%xgcTOQ)42SOzh}LIF(=6{3+uTI%O`pj6CU*7I&VBH^
zPvN}>-;!BJb7j0Ys^*KbTU<Il#Eyq-%4Yn6b^AXLvT_ordl)4_S<03f!rNF^2Slkz
zpr0AQq~Tr}BgIFV?>*#n)))LHv?X@0E7eiQxW1~b1(lW975ISN{eZ|(-7_fPBbtHE
zMOWJ&BXWEv3Ol1|2!=3l*>PDeI)<${<o<8n<Zs-akN7>A0{v#w*EQDhO*|5K&5(9O
zgXq!hjF`>4NxexXs+AeqrUj}I5eln%98Kgp5Jpvmx+IoLHK^=lf6u6v6uE4eE)P?v
zqlUj;_n`G(Ve~iV3gC2b!!rXMm8QO#FoC>zmx=iDhOe6QyXfYg!ua=rX7!3vxR}17
ze2IDdWDw@;211bOp$W@iTmD9m^p2BvHLA%eE834`VL5eqPEO8SfnELRZ~%54+6ZhM
z?n1IL1tMEMBmT;RZA%SmJ=M)LXkOXrMh(C$7Wsaqzb&`;RPI{stEO<9gVzpn3B(rL
z^oyK>tlK<0M%V3JOB+s3-F~wiVKb+v>)|^gc4wQ?8yJVlGHck=ncqg$<9lw=zTOh>
z)h2*}@Uz`{ACNhg%2fk?H`9z=Qk$dk^CR~49trdH$pgUF20xky{K9P~+J0uM?0ypm
zn{fCM+8fc-9c35HbQi{<)T{23)9xRsg&>n7uTO#u0-DNkWRb>{kQ&pSf#Su-{72&5
zG>CjTQktL!e?u|AD3L@NHb2as4xNW|{5&Cw7!=fpr~`ZrHr`=Y-r+s?P;;^tOx`Pk
zVflbGkOF2^L^K0mf)<NQLfW&9x*c!*bX#)U$Eq`by}hoZ2Ps^z?(z3exehyDqqc=2
z5P=a4W|)=N76v9RjCwXaEFBTHb)X7f)#xhg65kxOZN(U<UY`bdXb$0mxzXaP#E%2a
zM^<oIAzl)vU=bY`?Ey;WWiQXBp2>xA=)pjeAkyAB>C0{g%dNzn9#%N)F_QLbR~OMP
z?o6Ag?_0KvSa*M|wu!n>0GEAFCzV(__<5y^TrpT8-dLFgVCDX)Yfo76X*5U|;dw81
z!ZizWWKs9nXzv=xPaxcUJ-<02xxPlHqA5weX>O&AmP)C6D`UmvMwxksA63^qb*5_A
znLbC|o9ndDDK7B;>iNrQxhe6SJ?YDQPEdi|SaHHsq2yAP?Rh-^y?NMdy|zi`0NhEL
z-@9vtjEg!?Jtgh+mu1sjn|lK>M12We_r^_K3N~jTql$fh-ks+U)8=M~%0dfR+9u8;
zwu^j;G~%oTwrr&*2Gtp#4=&|161jmEMI>yfLgK9!OjC>E*@-!mYYdOSMUWFabob0_
z+AAiMe>7Hc6{dl^eb(BD?Q!Oce&3<F80EnkMz*9}XM!o~7kr1G8nvU+19xyH(6k4G
z8+;Tw!}t}{Xrxl&w6-3b87E0LxbP$2k_hHFc{{k4%Do?xtN)Xtot}59FkQCt)+ltw
zJ4TbcQv#SgX3tXb!RC3$bV=xpmvA2_o6kX_hL0s-L`s28BF+zZi1-3#VdUnGR;=CT
z{2Fnt!r}ID#L@0Nd|mm#X7=^=OEa3+Y1LfKUMGH8&LE%rEd0~hg)CF&NXgS-I87I)
zJ)6&X6h0y_S?RLU1AR2VMt!h?iC$)`(@jlY_~|?RNQ1!y*hD~>?ukOea+UA7vXena
zJs1znkCqHnD3!d1F)n`o03}b#llP#|Z@QuD2*{A)v%mI)GwNH!NOgs)gU2X3c2~E#
z<2*j%G!L66W?MaUd%)<GgnMIuFpG_MzN~>CqqoyYzP8xTwsq7zcI6wh>u!zNVpA<r
zz93UOTI4!IQq<{J8=&1m+p};^ygc?&J--rOGZ+4FSsrFDbZ}IPeTyj)LLPkH*S6^U
zDqgR-A;tF+KGTk67{TO;gxcCj46tn);7!@tH=ku}GdQ;puNIgsraeBp!z|7Im6=`0
zlQ(nJ%l;b+WloB_C1WWrEt`>SPBl(!X{z_~65s?&>t5X<73+biH|YqZ+&}XYQk&y!
zXKnrleW3^Dv&E90{B%7`?sE|RB#F=WQ~NTdk!TSwwL<T48~Tho{=Vt6+X@-C1~iwB
zL89^`H{s)d#NOdkH!4Z%A&4Z`6CXP^E7~f?bPnTR8Iix@I!dwOn-REIzU96PPC@*I
z@SD9Gr(ujMAr07?V`WOi{9dVFJTloEk%(#cu8~!|15EpeI-Saihziyw)-eg_=B1Q@
zK3C}O%xU3)XC<Nj$4=o}UowOVB|p(Dh_GG7W}d3da|hoNzUqrDu|)xRf{0U$fds8B
z7gq;YPMmt=f4nC}8WWL|kwSZ2FhP@m&nn?#q5tE>5A6yh|2IM!HC7$go=<I9z!pqP
z_CJ&=vZ!;ieS%Bef0<$40L}T9OuRv_b5p1O{cbS<odzz9c^ZBQs8!ejYrNi=+^H_$
zj1Qr5YmrG*F4Fj8;ZB!9jcJt`FWA=&$6rlR#sD7qaXZS>(dZr_NY(YyJGj~TGm}aH
z#xNBKI41P~?Ni?;J_2KR3=j_+$pR*Ik7Qtoe@S5LFi``LVvHhKUZ4?#Om}NbNyv>5
zx;{iq=d5=-$z+^m;SgIr*DjNuer3+DJP<J3<6W2^C)mE)ln=j~*Pb_GiIrUVkPA)r
zE*jBJnNW(8qgfsxq706E+IOE2?kj6sHAdc&`H+AgJJt-}YvW1>=pO}Bbslz=A2asZ
zBnai3sqkfTUPu%69g5fgp4~0A-Fbrbqh{D$i}?N&E71TKV97sK!ivknIKnpMuM27j
z7@)K$qksI`SqVy!6#&ThV@EfK5(y+Y{Ij!EyJAwCL{}iOdmOG4T~qX-cDri2tLa9l
z8P0)dQaw%VrEgpH1(x-<Nqv<Ze}{_mA9<3O1i;$C9|g)WsWm2~W5b@JgC$SL_3jVC
zY$%w86OX_!w`3#In;eoKeQG$+E02yC;cCk*dM!&v1PXuQ1V|O7s@;b|JN<^oHbL*|
zZTV`l0$;y8*HSt-8wt)#TE3k9nNCY_vA?8f6KI6O7{Q{4-SWnfTm%+Mqxf}2R#P{6
zk~a+>0srFn%zxSex=e8onk%o+leH^iLz%2CoS0GZnP0t`<IF%}2*5E)#GYHs@K*2t
zp673Fs6G<V3|sF76ywozrJD0#3i$gjly#b%4G;f_%6PlL&hKihs_7}zowl~sgvP;3
zC>lp!u<4pz*Q7DA30fC$Fg~r4j`2w4ACW}vpU#NSO-!ft@imH(JDy<B+-HFu&l{NL
z3WbUKY6$+BN&qJIC>s78r|&s2k#J9PSzrkV7z-(z@HejCH_x5^NJ}vmM|<`6zaA>f
zs{*Md_Y2=QD7JOw0XXj>a+#JdOozYLQ<b+*0XdYVH9;YCA(s+t?JC|nvj7{cdT@|Q
z6SPiQ0DqvAe0t)asNC;KCZ3aRl44$}t?d!HIn)%;a|h;knlgL;bnYOkY8inv%(M=d
zC`^M6t(A)kIHmmkZI@ilR&pa^v}OP=KlLCIjsya6uXs|3cju#1=OF)hHh{N5Amv$d
z^gvb58Q{Gjv-vgUw7#hAvE&V~UlP0HWl)BFVv#>|9&L@J2b4cu>8O=YdMZ8^B&cTC
zO}VJX|5FEI!&pnbDRMq7yCv%r?K!YS(N==JTkQ}5R~!!-kL!WEe{=RUTgsinvz~1J
zB0qJn2_zk6V>}TL51QeG42t8mro!N9+Vxd3F3pSub!;*&X}vN$Gcl(IOcf6NoZW0L
zjZH?lbiZx6wO|XEe$m<bh^mM!|2Y!Q>YlzN1`x7F?1l@=^QKT`IP9lxo(1d<5I)t&
zY;=ArD6&?r7b6tvYg8vusG3<Qsp#Mve4odKCxDL+$>aazO;hxGz9n%#7-1FfDN14R
z-7SCn=j`(IJl+#UPU&N7U3N&>R8&fFUvt2_b~%<G&A;w5WAj75Y5wggPpM37G(;Z;
z{dpEPC4aPiDMg#VbneBugY`f3a&j)5RMvJ1zhWGHovcQEm@CNy+sCPn7^;|(SeX&`
zP55mXkt)_v2lU<9NuqddkOiVNAfikM$<7g-eMsrndV#F@Pv+D5%{f^lLEkA9`Tk;#
znmbYDU?fE02-w?w0UxLq6nReI;u%C37__ahW`?jeCTsP+=minTa~=}W1)Fm~4pS+`
zG_hG;GGRVihOza9AIb%*b{-A%+Dv$(tAWbzBa6o6SJ7G?zy67{2a3_vgt(~t?kx3*
z!_C^VEsw2BD{7-N5$JyJUh4%-pkglJK&J;*Ifzjhmz&SD*dUd3;m!ATnPw3QG^w;O
z1F3Jb-WwQ5Fy@>6*7SgI6p!|mbQPl14T`_jYUxl1enEAgkE)fEc|yx7N7o<>l2Ct{
zCJogxC$9G+<&nq1bn$s|vF>zsUQ-*k8{QPz@ttk49FWb@i0KJ|LD(I2pX6UK?XxuQ
z%Emn3uCq^&h|$KcV4Gx|Xb3c6U#e@V!&^AD7>Y_Sk=PTqeG%?ti%5rm7elZ3Xuy}{
zgrgbY?<wX@-J<=-v^7Jg<iUBUnkw|c32&`-pxL+EXN|j*I%n>2WDOb!Agy$>7N}d3
z>1aCiwjOBvuRQTA*l)-#Dv*3$1kXiEl&M)9<;$s_T}4D7%2J=l<b}1|jAu*eGAE`H
zCoX)^hBg;`v>?C2%{><0;Cc&;N{=AXNTe)=8YCMNk$_`#*%+(Hf-yp9N+)iGcP($$
zb9+aq!4TRwCT|QP*X2+5l$wxiQ>Hc=coMsjIj*^fhw-SH))?D}e9=fi9fT-QkLsjX
z*RYkL3b0&bM3LIm^~}f=+&8ClXZZn6H5!%e?9UeapV0<$D5L2t+-Q9Q=}8Bfk)|Bj
zQ)Cw7{Xq*&LM@(4<$&_}8ss<O|G2sJoSn)n@A&fOX7A&5?#1m_1;*@1UHTR1>o5(h
zUmOThj(<htK4jWpdW+bfO^yPD-0~@A;qCFdHC1I22yzQbOmn6VJw5q&7v9k1lVKMG
zr@@W0OTMaeX`0&L!~+W&OBbMnX8NB8E&HkI;HMTwviP=ZEzYRC(TGo4)0s(<d+JA|
zo69~aCw^0nq%d!^GChzP%5Y7U4PFd1>am>F1Xg2lTKxvUX1Xj@(ZKP1@uH>w<+uXP
zFt;4}+1!o$*IXI~XxF%rJlj=5qR(MVznJ#de=q@k_`}YUc<q&=3Y^P6JkmfheyF$i
zqTDW%V|&yxiMc_u$;+23ZUV<-S-<_^AnP#{t;#CRh(Np4LNwEGU9lwfj@}g&HKC@b
z4f(^Y4Kag5`_bqVpQTqS^Lj+tvSW<wYR117X-(zbdbit;DJY99-S)KZ)JLmwhM6#k
zfwSW;BUCe-+Lm$%jm$yW>xBGjM#D;@D$K#w-nK~l7#cN{|ExWVE>|uUwTB}bV}-0p
z4kUFdkLedPn~#<q+tuj$W5wb(CboSF{NrgA!G28nuZiW<(u?_zSPxdLwR~<xrh?vn
znZJrC6VVR3Swg~KZF^Jd^*TB>a<44PmW>AG8eMAl=){PYSlMI=7Rpf3c#O`+@(IkA
zJ9m8M1X_^?SoTN0a_s%b--Y)*KTD{*nNfq9&Y5hiY0<L7fk<K?4KN(Iw9B-soY+Os
zT_d(-(}TwI4wPG1EV(zT)g*q2F?E^UjN#`lR&N$m!)FzGTHCJdXRrH24(b=+f-K8g
za#3&{2j-#y=K}O`!*b{toE`U%p#Bl(C`A{XLdC1`GnB(ru~z69+tukaHu@&^_bgG;
z@NDsh_k@thP*o;ROpV3#-eXpVVT2*gh$5tbyFQx7%I~B`Nd|w3VRK2_3P1M5=J(`P
z!*{gi_rMIvAHgq<zw9AZ_s;&|$d&Q@oio~Wzcb1?Ug%gcLA#fcn&V|=)rwS@v8ht4
z_)?xmUmJq`i8)o4t`!T=3?&rOJAGEq=dF%Z{?iB*ZcO#!5At4HWFSj2@B(F3Bxb(?
zWF=34UWJ#}8XnQYka&VErc09SxcsN0O*H8&RSZs5#=Moy{H6I5V6e#%J^j#a@if}X
z#^cLI%7K3Lf3N&h)vOk5wn}cQih;7u!4|qbMrCGKnC~L%p+y}5+7d2`Z>}Qa+SHn6
zb^*$`VXVa*X5-&7J%_~I$BKEPj04h&p<Z;c(BhKAn20^JeQ*9cSMlgTT^|7O4<xpw
zdPlNsNAd`F%r<@#T&+##H_rmEjry%}pi;{lz%!zSn0Q8)`c_A?i7~rkSxbP8lP}L<
z{>}DX8dwija6{@yhUp&)j0)21JArDn5jCY<viL%Ct@1pG1!wNB<^o`tfN;$Bdy7eg
z3g*A$3>d)#1;E`DdD{Vx3JqY%8hS=UUa>b`!wP8}C_OX-zzUuHxm`U##8So>lUU;?
zz~)dcN1r{eL@G8=c6uO%z$UlngLq7mLdYkz8_v&mDVq+<XoD^G*8wbIaZHncj=6#;
z3aq;QBh!cS12zsKsn}ztAN!tr9&p<>+EdjkF?$n0bOfL?s*(-9)73u$lym(M0jG_-
z{shDa;1p)?n-x;?6>MB1kN<*o1B`+s05%ZQC)_H|M5eRzm*!#y@7V*gV<2)}XP%_|
zBihZc>cp;_Bw8oi80h;EGHGLSG&95;P!jK^fqD-Vkn?LuBH|Z}Gzv0{0lNdhs1!LM
zHvw=dyI1FX7ZKh-wkwGl{r&`Mc_;ZIMXJsQnAQTAk{8m+YSNFR?q85CxnYmRcdU!7
ztd?gmH&o7!e!4PNl9>obd&)c}7*S9Ok^tQhNEEio^nL@J3m_<_^Ha5G$Qa?CqO!V*
zN~?yj>+K6K5tbh)-t#-ETaf@XN96d|JAzBGy5j5ahuMjjbEkpj$aWy$9NOg9n24Tf
z-!Y%N=0|4%Ofe1=b^+sx$;8XX^~GxKi3Q0wqu9rb(z|~Vm{1AW()zn49m^N~Wnpf(
zgY=0L$QCWPmS*+}M73dYiot&2A|I7@P@9PEwUZf-guvD+3(_~&8{qx`QCRTz4H&ca
z9@#DEvx3HC(+a^477wpt&kVD49p|HU4y*?PUuJK|+<UViz=o=!voVyZ1unKg=^nA^
z3bb}c|2;6Hdy|s~W(m9OMU4%$*aQ5nao@FoTVE*p_;b?Wro<D_$&bi$6?J1sP?o2_
zoM#K=o5N=?2};RK0C%#$;D|d}ir^=nN1d(xy|AU)+sP-7G1^laxJO*)JdBAJ<Q17N
z71f58&&Va(odIwU$^6!xBmx?w0N{u<2|TfWGWhU_;7j4Cjr(90bMmN_olZ^dZO+Qq
zu+4{2swTpb8VNjyaj#!ZLu(FthNDsveR>g2x;TE&o07{bJ?8iL0Llw?ZBagQ3-G)Q
zPZ?Ontr+I)7Y^hkhapELEL`0Hie>Qml;Dn;P?&XcS<&4J3^3mt^}dP?79NnuX8w>Q
z2cAjPowj?GQ1eaAYCg6N@;0qQxUk}tbM8V)$Pn=vf!8A~YG23{na?EPDZQF(^()P>
z&ejryEqXXI2aYUcvdXcN>urdyvI6OTUbnO)W|V?A`fkd4eQ``z6;ZN|7b?lYBa+OD
z0Z5{j0|DR$&H19tH@>ah0y(4v6ydW50Q98+g<4+xQt3ZMm#^_JN3>7j6nI1l_~rD{
zNe`<F?)cD)24=VMQ;eIT%taNF&7v@X1DER<Tk`4yiJ*B0K=&~+;gD-y7Lp*p;{Sb6
zXF$Duh3!pjg7Y}VYKSgVC&5chdkilF@}wUf>qYC%S&6F|>fOmCUHR(ixSe`9a8*p)
zn<;l&Fq%%hd`3J+z)D)JjaH)jMw!d+TT<sZ3{9k%%*c||>bcen={4#A<2PHx-El16
zj{xc9N>h1T!#>CITWBPwrqp_lk6f=oNNqQO7fR|5akE4h{k&`gkafwM7EutTqW$10
zT3}x9eye)MRrSog^ys9-F{bXR#a#ntfQTZlM`+8o*I!8-Xqt`P)!_$U+xd+cX}Dh|
zCgerQd59J;>C38*<V-h9+y4tm6|8jXHUoTL#Abnkw-Y-wTuDo8a!pxi#T~GAr=6~;
z0R>En7jZ{jP?g4}`a9MsS1a7ederoa&M#c4Z0=)+wDple-s=pO$?hqAUSl?Qx?1vN
zy>NwW%Ley5_;KSbLhR;bGQ~Y*Q}W^$5ldfLKE`r@o>q^UfaYlP%*+VLP;#dUmY31l
zi585J*-Z1k0JD|5!ZwNasjBZy@(6G{rIGj>k&L{(6P2<b#EkJRSN#WNk4B;LsAk>c
zC=#m+x{#_>=(lg3z>1iVEo40^w36j^yhPJXi#Ng!<l8W&4XkFl;fIr&?&2BnCTlK^
z6XM0#OQ5Wpv%~2iesvlqtOQJm%!J{#D%Kq^iH|E0dj!qBf3#s6kL!$_3Z;`s$wblL
zvo13e@@KJ}kjCQPjaM#q9re_Hyoc^RsQllNN@+~?kZUVu!@N#KxDF1v+kUonZ{M3#
z&(a2b7p@cAnuZ`MD!-}Kuen*IThoOWgOm1S)GS-Eq_maWCvakK>qpR%gHexpfgQ0S
zVl?W6P!-jG2|fknM@~3{`cJ?J3_2d3I1WPgNsw^|%+~><J3jyh2G$c6(;wA0bRciV
z7s)RLP|YRJG(@;WM0wlCo!+G-c8lbKYQY2^*ZR=Emp)w9vEy&oPK`L_z2rCRMJv9#
z^28)<XtWDi7<Df&r1yPR?f~C4^6Q)YCGq@Y29r5){>&-{^tu7>Na=UIv5$%cv*W)9
zJ4wtfkvT{~Tm-g=O9MoEE~0=KD3^axmXOldeRAylQ=7$K!$)glIAz)VJTA<F<xtWU
zyCRNk+^O6A1d&}X&Ie{KCRG+AR9MacK|vKWCG$UDe`)Ub1&}k{jda!H8~!{3V7ilF
zXHt`SnoggTs~w7~hpC()G;8K6O+XaVGuA=?lWmrjNdVU}q`Op^#PAa}zj^P?@3gQq
z2D@9~GLohRjNwy4JIF_nZy%B-e>x0mK0N-Sq2d?`Ic~L&&BZIy_$%md|GJsnGD0&f
z_7VReQ}=e4Sn@9RCDtIbcJG=44E>h-4OIDEyNP=bLtWj|ZS#H4SYMMGkt(#my^11E
z6DNi#o}s0j^s(~m`{}y%gG{}mAV0w#%IW{iv5LNsbakn=PDoOVx;Oq)UEZJ?9q3H4
zHy5HkDC#TyDaYC9#=JjC)A}4k2OsHfbLD(tNh1Icf;8XOtf4*U4JgLQ;sLtGsEZHN
zdYh<Q0q)jZaU8LQgwm9(^(z3RSF=i&OV$|XnW4FZXm%PrPh^K%g(G)uPSg|lNi2BD
zDTQ)o7<=klWql|!q-4Bd{xP7igfKSmN3!S-_A-h2+J>&)VZb8%>bgOl1W*9#wRByU
zIan@56$nL@^W;{@%AL{nTEjVMtSf!1EDZe7+wdK`TZ!ksRCQ7gf#jjTIqGeG^>;>o
z1F=STD(wW*Rgg2dc)PevM%Kvv){uC>0ajF@P?thLbUf$B)sq@Eptr`0Z$}@SIz8q_
zcKhn!i4&}KCL^`6c_R`dzP-T;EPj)<iEVI>^^_fLkSVo#hle_SLDlrLT7UXPoB6z2
z@sq_@TmclrC5K<K2h{T=UP=E`oT;4>ZU;v}BVSQR7;)Kf1};p0aZ*^xCGRK?7|bHW
zH@V;&jJKMCDr5(Y{2-@!Zk|!@WPzHvM?g7Uf4g`1`79Am_W8W@>m|hN#fAX7;A(+d
z--ME?kE-$~+foDjA*T<NSio2{M5%Jj^qtN6kMq?)KDk}QRIAt2M}9W6@GL76MBG!h
z3-(ba)@;eO0=wD}^4a>S+%|o*4Yx%Rqvsr;WBgb`?MN#b{VJ4wYMctm%NV^$o!D@U
z?XFyAbYU(c8xM_5Gl6#AnlpobWr3Nc6C<rG{U6Beg==~RX2=xlDQ<pbV(-&!kCK;P
zqL4!Tthn2ByED2s2UBtGc4Dj2E`CeLe6YkCm0{j{JF~({JL*c(#%ovBn-R!8bg!gT
zi2U9WhOano##@tbx9g|W%THzb!$MI1WvOzzi?&v`WuRtH07<<Yt`eB51e$uO$pxC>
zRv;#%COdgHRgn#-a-T6Ac1V4*%U(&7>km7KuB!^*Oh{tSc&7qxs^TO^XO2kjcH2a1
zGR!gr7f-1c;8wL=WF==+WCLAelf)dVBV37s-rm%44I00>ou5N#9C6U7%RYbTie}8^
z@%*g|RTnyfH*)8$+r9&>J;vS^R++ZTKJ6YG$>WpBUZJdet53}V*FSYvjdqRS7=f|t
zXWnTll8ns{>5<$JIUoySmvvOtk;BpY$JS{}(`rh;-H79C?qSVcRu_5@7+iX;bHcSw
z=Dl3EZd3d_x;%3_{`=>u1Kn=`H6hgw`bY(1mEO#(0JPa)@3$gOg&T2~p?S4ZXw%=3
z<3!R$-=-)=Z%J8LSzBvAZC`xVBc#@O8v2h6J>R;|H7;46Wf4@`)9?G9a_~!`oJ8j%
zU!g8F)d&!YVy;9p=cY9UT0v%`cNw<Gz<|iwi{JQ8+PlJ$I>V*`iP~8~@6f%>SGh%L
zcwELBIIK2iSfIAdqncLnU3qm)=4kJTxAM{8PwYPoD|2#u0mE#Rxg^6`2d}MHCK9#K
z;_ny^4NR6FJCXKk%q{u44QxcXaY{~z_9nLvAGvbyGPqYL2i0Xe?R$6Zfjqv<=y-IC
z-ki=c5_CXc(}M>O%Hu6FsvD|%Xsp?aI*}6Lrt}U|j!B5T=w-1mV4DY7g3TB<+>uY^
z^iJ#zR^y4%K4q-paab8uTy<esYI5+HLNiyh441g5N1r!0o_?%cDcS_d(cCK;22GDA
z$A*f`KKj6G8@SDvJe>M`*zs}@y+D1IpgF_z@8GK<*Q#SJAIJZ`-u2i%?m^V;s()S-
zZC!cv{quC};|fOwWx;I|^}zVIW%btg^#Yq&R`CF#({J}|&IX)<=}U1NOmQ1HP4L@I
zkq&Ie^rgFHA|>5cBTr|9J$I&Er<8bY1_Swz47~i&X&so}#FrGDE~awsGL^DS=T$;?
zx5IeFH<EKFFiqQxR0%eI#cxy6-5w!j268b9l13*RTIbW=R?BXKREypv9)m>EPD}8|
z-1^ezsiq_e3b@o_i$G&VCd{a0c6xl;#K~lplRvC<SFU2+HGRwL*jOZRpjPfn;t{ee
zx;CLaqkc+H4GK*havs6wWKwli6)Gu@rFoF0Mh}%441vp@P=9GMdryEEv?Ju1_ceKm
zE_G$^W|(;`hKvb74lb=u0{;15r+V?^NgGK4m&`Md508ejm7sN`bvwS<r$T6{3C9g_
zLE=m1cYxpo&6hF2hJOx*xMfDWT`5Bx04Eg&G|^o8!0x_q>C$R+aZ{<8LJfeLEL6Ib
ztOO(-*c^DlP2Rr*rIB5FLM7#V>5`ig2#nt<AEYLsWVXlAsa&F!Iun6336%gDqDuf9
ztQdObQmi5g#U=BdpWm~MYK9gr3k;54{tYh!CMV6zM3<hF|DWdGJF3a7`yXY78JR%=
zM?q1V9Rw*VEwrcz3@RcuN{h(Q36b7|$Ot1<M**cpKtm^@5Tqq20-68;1EEU^Arz@0
zKp-Ud1m}If@Av+GcinZ@{jPQI^G_bglk=Ri%V+O%_TCQz$EGQ<X=!PS>U!S%6sIix
zI}m=-W)lH{d#2zFAhR?afVg3+)E@+HLyET%oVy3Xna{5nlb2?bu%c6beV*XKu)I#G
z@q=9g0!>vuGq9pSNRi|70FaBa&n0W7uvr~z(0fid_}fjn5YEPOxKF0e-#!s*4<#Xc
z<l`Nl!fICPfDO`@q3=KWyS}EG7RtsT6I5Gi?A4~bk>=d5nbd+@KYffErG>ahhAO#a
z_5u3v5h4E@*A#`otDkpEXh+HDhg-vzt@E4%CO$r_28S`Q=KS~R)33#g%GjZiJnlBD
zzq&eBNUS1t6u8UvH9K(CV3V)9x3||z`rrMq^u@`Po78FzfE4YU4e?@f6>SwZ?151F
z$mQCBNdE3jo9OX)hs3+S*N*LcJTkl>`u>FfUa9D@rkL<OVEoj~--S}JC)lFW77yAm
z^Ise5W$T|SntNq?$m+MIowjMnq#~_j-h@pM#UVc#emZ)P-kW@Qs(_j|Kcu(JorVnK
z<cvuJIuqN6E{WEL8Zhji2E<DL=>N;+)R9?^r@gFz!0j)mzQi22{cO>qIHhFa75LGb
zT{*K^rOp3i^`mvzTVl4N_36pIdyeua*MK0apAs&M!E8lY&`wRQ8=<eXfoZHTf@p0{
zJ@WpoQ^fz5Pe-3!7S(Jd2kaIQc#-%pWb9>?V@27O$7WWpMW#b1DJ9th>NbOxpN>j`
zJ}F>*t9<P<a5Kd*&Xk@d({8+{9Kv9}-ks9Zzf2z!0dM_2KhjUMRkG1PKz>Sm6q^gn
z{JLH(B_MF5@1xFLYg0@0ZuvioiH~gViTnNBZsl@$t}haQ36t<dSq|28=U;u-s{6Z{
zTFgqsxevh#T5;(7Qf;5Gd2}~wC{!bS5R6Y+4_$xjUlTO>f`OTO{*eg=aik5r#dulb
zn10E4KJjmx?4Dl^wZMozD4Ri!&d?)6wLhi(Eu2O+8hX@zBOo+FjVl{`Py`;XQxmL6
z-?40|C*MCN_kw31N(%@GU|hXqv?o+esq(PRKdv^H_!NIhYfiT)a=z1Ca+iK2{`N1B
z$^3@8Wq9NAkcFXqypDj+A$r+%HLth-^I7mV<qx%IA4>b5A=X|L1yd3g0NQ+(UK~93
zm*Qnx$eSCq;~9#7EU%PQ1zi+<zt{hhQ5fAS)=^|V)ZS})(z5MhLj$PH`<?tp&V2aZ
z$dgY$0BSgl`5IHOn6M>m*?F?_EbrH>{JE2z|22b)v7;#lHVc<T4hJ3C2=Z_^$fr3n
zBQnw7mruMGM|Vay9_DJ~x>GSGT;Zmpqw@7!y<5Bt6H;g@lpCu5G+z4t(aA@NE3;Gl
zo!9vLz-#tWmKd<PIy2EzY{iOx4@x>&h|&2ZdtiJR5EF#YqVe~n@8cn0px2B>9-o)k
zyxgv0wU(h2Qrj~CSDf#&(6pU}3_dngOO##>63vpAsJnmU!O9gAt1vc}wlN>b)=B2+
zq?8+??=mutM0E~mMoZh_Kff_R)07TGPJ6vL#SHcR_~|H^`+YkvX|~qA8)*8*Cdt})
zB~4`;nsE5MZS9vg_%E+`0bm&urL7O)!YsRcj$RCVRZ!fp+Iz^XZ;cboDvIMOY|f@2
z3}trX11>g0+#WY;%V;yheLuE-z9{05C7*&3%?{Jo0%ZBfuuF?Cb3C8h38fIAu^OTr
zZJQUy%j<u=ZY`B7OmL9$|Ao(7M<;c_nzOgGJ+x&D<4{r>wq?#(lkLT}TY`lhV0Ej1
zVYHs`|8({t?cAULVs9`{YGzh*P0Q$CwuIAoJ;RFTr@2<1ylR1RQmg&X6~F!?F4D|N
zrSI>|F;@u)lFqM|9FVqbPLS($WbVZ8-$h2q+g}*FAU{p+y>@J;ubEeXK)P1^fzB3w
zD$9yau)$a|H?BA|pbY<^v>=+)w^_-hNRybuoYQ#95slPEg}?fc{~>JuYbA%$L&hf6
zk3||9NtE;##U+i#U6RmE-60R}Uus1G^FxwFMqgMoLp4j@(`xck;`{$=ykOY>bSz$T
zZI}`eFx(deX0so(IlV=LNF1?w?PCyK`$o}#`n##kha@V3)RuAW$-mfj+CUyBiqJBm
zA!O+^DNY?Z!OYux+B>u3V6?J3;J;@d{cioqJl~g}E%kk=;w{t(%2~57eijgrY)cOw
zE2_LLA!(C7xFP(Ur+zK@fD|^2e;;+sM6~%cUlNxCfl%q%TZE)ZZBvVG6ns1^HEZqR
z)&3XeR$HuW`Ni{KRhJ_>YZSmZ9yOl`_~Z-;b`%9dvjeo=UkESJrmJ6xDlirix50ml
zHj^?MdQHsiF#mV!WqB`5ykDq4l!8uRS8g=BiH~knvg02aisq8}ViT~WAY_BRHTB3a
zM-!Kn%LFv><aIvO^`s!U1D7DHVe_|tZjFFi=U+`t-7(+4R=dl`4g715w2b!mJ3*8G
zZy#gLHiZFycLD$yl@oDNzD0d+vO7USo)T$(xvB8>I9gjO*4(@Wq+LvCj95RwuifCc
zGWj{Y_%me_kyWhcqJznV)k@L5XjO28ENWw%H9rFKi1%vyOI{bP^#w%)S+1$l5X)3E
z3cEB?9oy+?;fv$&VVECc0l1f0Y*yw8zRY8|<G<^?#6A`O8;_c&fZ%)P?X54ZA0B8{
zDk%>_XdSVxkm@wU41a#~_2Bzhp}CXta~~h>_XcJ@e3V-0(l&eAT_<q5Ycq0deGv<=
zLG8c>NV(bLLh-R5Ec`DlLF~X4uoTu$ZLQ7Qqt}<ln*sPxgi4JDqm;C=kc`e8R=+cl
zr_8rmM%r4Z9vh~Bp7ABw3nW<6_P0(l+WDPv*8N$fisi*K2;?BCiRf-El%lxkHz1>Z
z_k|)Xt8HpX*h{TnGgD{8`luECcjmMOFTwyuN9RYq2~+<Dq$(iQ;y3zUGK2Vz{fnuJ
zAfbzMRd)IDuV}s`XPzGgToM)Vsl^+10VpIOdq%@U#?&jdIxt!c*FIZ=lBE7s+?9C6
zi?;6%X&~i@-MBnNYvf5&^s^QYx9E!mQ$i!kF8$Ju2pR7yXzP(jqu`d5ZTyBgJb5(3
zT4)OJeG7Y_<A0+~pP2-Xwf}C<-bi?;coq?O@<~VOwAE+iL``18BSmB5p|_rhHoFYS
zP-Govz>3z2@f@}Kjy(od0$>k@F&a6vL9O|Mj>4#QpG?IWymZ4qV>*#SI+l&D{ZHki
zmg+VbQ*fntsyplTw3TGzWAALmMy}OCkvWlDb8mx`)CuY2uvn^ICTtEz4@mFD(dK8P
z(Qp__|18~w5}>$Xo08BY|Gs3;ty&C*(dA#99a&p+iFz4wvvzA&@+eGKEb}{_n0aDh
zUr1FQ%tb&e-nFe}-X?7^5}*uPLWB>HO=FyIZWf)%c*x{LwGv-50^&1|oo?#Z<5G-w
zM;NXnTM^yVya{Ns=>x2uq|L5Kx{d^KL{Y?XgYJTgwhC*pept!28AxrRYl+SmU==*G
zP>m&jCEsZqA|oX<?A^a>9u;&(?$wE!@?A>`=@}i1>!Z{GH}Lie@b=$2lT9ZdxmbJ$
zeA8J#W-#6M%4o0cs_4>gjG42#TKaA_x}!kLU1ZK|)I%2j!xAMaIu<4rPc3J8+=|k1
zp-gCn+h7olcCFNMwq;tJiqC*GdqX%0_oUh1<|Aj*k`lnau9=oav}`t`=iVVHSo>;b
z*Q38<5j?X8SvX()p2F-%x9H?TN&|G;{!24dDlm*kfovU=;DZvt1L%u^V>gqA_O3|W
z+n`*r5wQNPOTF=Pq2f=t27+}TgZeZBZIZU3;!|tQ_K48bulX^b)ql<pPwY_CE*V}O
zuW`v+A<@@6F4g{nr^eB-26cMw6Me!D4ma)qsZO%*cdSwyIxh^E59rD%(rul)>Ut_R
zs4QxMlDm(c{evSF3UeKB()9kkQ()Novj#$E?Nw|H@aO)vSHYjD=Ga=uXCO=-GbLi4
z5qq!&bFiPjQ!0mfqr3XJ1=%m+y4^pZ>puig#XSJ&0d~XdVIvEq{v7hHFPEKNxW8Ma
zD86%*f6C6#$PeVP?KO0-1Gxxi^YXP(oY2a;Iy(_KNHW&zk^rAtouRP0e6D$Kk@c9@
z^u>#^zeBb*B2^FU`LS-uen%pOXjGl7Fuy!xxI${@qE+GbUf$3AQ(^i~`6_dQ(+-r`
zf1mp2b;sQ&s=SOAB(x!`r;`oRt~vU8{|2wT!<=1NbtoqJnHUYBFjdN0of6vkYu4B8
zFQOHOT)A9-o(f!IscjfrP!`!6P<1^1_5sMWuqFU@W{eytdONtz;n*S>X&+w^`bi^E
zI`E7SSGy|miK{-8rgSrMn!?%vbahiNXt$X!^JfxnI6(!0ZSsS_J@$Dm8SQY8%VOx#
z+-ljKk#v)G7$)HO*98TfgQ6;7dzdx*w~M`7X%Vv>mnR)nV8lz!CqA{Qs45#J57Pk5
zIpZ%`BiPnyh9DzhsU;1m`B%pgQsD+0eaRK%RL`ldwai!Zm@`Z^<hoF2L#|Y11;j&k
z$XGE`=Wgiso_}bA><~D%!LBl}c}BZZZkDRlZhJ^_ozgWd916p6t=WMicttf$!r>q7
z-$$E_9JWF^bOvvS^psaFw#~f59o;byR@PasjbF(X5+kJa$>rY>Vev!-lkmS_!U7~f
z(*FUW)sR#9f^7zl7O&ntEH5k;bnnsBgU39J7nO#mPz9c;!&C4VC$Q%{hH#_u(VkUQ
zS6cZGJ%8@NGDDJ<eh3SIMa7ZR+~GC2{4z}NRtwbizlnv!zJHOVL5Go0N=E@ZOTB|)
z{XT_FjJ^3vhq3>K-_7gAE6Ztr<Dw4Od{c($`x+UwXc<pLRyAhNm+tFTPlXzrZC%|_
z2Xv)zokIQS6s<<%jVqyEvT%0lcQn~a=9?X>9Y+sh9f1)v3BU^{vs5%26U4r9mt$Nm
zDw>7S+OjsfAmM5w5c%^U)=DDT^leb#+Gp7CkfLmQO~=rxY1-k#w%s$~5Y%-eqMS*Z
zeY?5&d@6vU?C|e`29j)^ToYzVJ_{XzY9)`xbuRvQ1j+~AK-}yA(bWz>U11srWwg0l
z?RKqSzuEk-CgG4J%OsT^D^C$sE?qP(y>pwwah+YxB2ecFOV8aVdE+a58o^XZM3lpM
zTQ^kd&V8DyWM^)$PS@RtPgU-t-n&sd80iPO1;J_Dt@gDy;1a=D0RqW@LaRr_LEoOH
zVn5E+x>5!^5j;+^t{MP<DW=jHM%vH-Wnyi&R=h()@Xr9j@+CAvMd$8nD*{O^zG2j_
z*jy|sZ4(~l3Xv$e@v+Jg9^)ZQr=}_EmI%6AD?l|)4JHl66l~YHTB8t=v8{_w6wNeI
z*125C)9y#($0r|M6|u3`WHqcr8hy>J562HOualK+s975c4YK7ix&Scvp{9Vpflqv)
z^T&jKhWK>y=LhF1qiySnD9yGzY0FH>Pk3$6QI+ua5^{QNCb==sJI72Nn_fw;b}WB8
zZ{{fBTTW3eydgV?!BpFfWmTo6Vpj_<N$jJKtbI-^WZkMw_Bs=~HdE>Uxp-saN}8hQ
zV8u4pv%o_NH>wHUal`~y%yb_vGn;6Ay<u)PluK@PGU0H*{0TAKfmQx5*m4j6<<HKm
z8~}Dl61Y#1KHu@KWD%n`^`Bb>zKe{1?Me~lTe-m0h$#>Ravof_$EKTr^$ada?f=bV
z_P3OJn+5I_Z$`Uv&}#2`P$fwR|9o%Dt4VQP=ja&cHT+22EeT&>3JIu*=<D8HP@>H{
z?-dwpC`*d|HCA%G>|E~d*m4zBS|#{x#Ti<+TL0|qIs9+CG6q?$dXl^B9c@~VJMX<P
zf7P|&=$;=1+)}VNzW3(;9dbYaGjP<2D=8WIaoMb2c7}IPbh_#JeM(_7?JYU3?bbUM
zwd-M(i;0Ca)G76+ohJgENji5yA_0Z91rb<I5$!^yH*EU%(2eo%Q`b5`guE;amN>CB
zD%Q-LtZdWlEI4j5`xs;j;?y39*Qp3Jm~GGtd*kG>`=-hBV`+tjdS~3}rv}CBoyZv$
z3-|~ZRNCW5hLT!<xMny#{=|zzh=M-zp_Gb+{W*P_3u{Bo?=-cBUsvk$O{=>o>hbgc
zW`PHOlY3hq8|v>9P?Pp<jI7&Je&=|KtTGjcRHatU;`$rwZ|eHpVZKQ`EF|jlEyODv
z-Tzj;43=6vb6{)j0Xxvg7Di$2fdo3;I#i-Jgh@>R#eskaknGTQVxqq?dA_J@sMAmP
zR6=vSR_oANn<{!S&4UT*exJ>izSM3IpMl6MR0f_dR8PRIt$cQ%>=5{Lqe%>|he8q!
z<29#-2+=Map8)N-q_8i3VXRN=F!~|pOWN$u+FF-ZN#mR6r%c;ycHi~=^GN*O$-ViY
zWV)iDfSP!?>w<Ftu*gGC_m~!F32RhH9Hwe#<$C?4ddJ6AC?%~>){1iQWL@A`(T^^S
z><8%<t{;JXnP6Qz)-(MYp`JrC7~SYE{_#~@JZ7e{_{|jhsvR0_EPB)}%Mc}$@&S!r
zM&0y~^T`d3w!T&43I0&v;kKVUijL^q)rK;4@2+Z(GFpw3(EO)m!{&uAiXQzG1NcL7
zU*oy;*WED%=D&RFxR}=|opm7otN7~aOO&jx{0D0k;z^B0^ZqOZ$F0$0T<KIX)2%0P
zx5hC}Se*ppg`zP&|7C)eUMlv)E6i4au|!R1-RP*bi8$oXX9)hQIpIAwk_)$@y64>W
z9LLv<7~y&&i&tkg!h<1!b4?a!*4YE)f+lAP-@8^Ln$0%Q(!4Ky>5<`I%K<L{)5cxK
zw(I)<6|9wlBb`@Xb$c2fd+Xy8GP8Il>I2acta{=;{GGg&Z#pCK1nFCq5{$fDK^)4l
z?ptB8^Bqd2e=pNeWN(%^WNSv#Oajs|S9lAwJwWdQuk8+gUa#1rX~w8WyN#0(bUL#;
z%$G9gr0Vv>a9uQeIhADGzQ`VE6m&<ClRM5j@dqT%jPUjO3Bq4o8sh>mviCf6dLHo$
zz$yD*YyH&tgHOYB>cNuG;$u^z9;<QrT4x$fU!_}kK(b&wB~_cB5Hid1qMA<3nGPb1
zYl&VsT@^*R{(y@lT}5Ivk$PrBy;*P8%!XFydU?dt3%8f(BjUEZ4y?7xrKTEg<vFOM
z%dfUw3{$ruO5jp$i*IxSa9UtumZ-F+*1660aY=SkrffX)RIzzJCrzi=JR#tNoVk*&
z4ALG;3<@~u8Q@WmYe05w3<o)EpY!9-!(>;Zpb1%uWSW}(1WK5PP{no72q(HbEv+UQ
z86n$wDt<vmJAtkbtq&Pfm|_n1OVjB5pS+)Q|Hc28$_7Xma6%a7!=_{}30=?7LR*aM
zT4Y{A>J)1!G(I2DD-jr!%7k~4ku+A^)Tp>Jr(w{^OIFS-jJ@KSMHL?ugXi_$^)isN
z!+7eV8jL!*r!8}2gzX8$3pp432JAm>{Vm1q_p)~^Y|Asg*MSu_*Bi-zMSh)(Bb&OG
z`k@+i7AIUMx^UYZo$IzZTqh2!%G=L*5r7{Uu4J&Wf-4Nra%znylcv_UMpvcR&TdP$
z^2v_DhBygzM&?Sn8?W>K^PC(&YyZx#5u(7G()4ILtv0?ZhBmsV)ic|^=$PA_MS)$;
z#qhV59ye(|;j>l-yjC})ai%$~w|H-eN(*x~`6|*a;oZJsPfaYfKua$fX4Fjx!ziLr
z;a-`eFexm{J6pN%+#2cD%>ga58V}M%=Pma+%dlGm-srL<aX*Nn&o;`S-pd4tquVqq
znNtOq=74f7ub^0suS0UDNZ!^1xCe`mRzX#Jogmb}IYlja${?d>XBlT0YED8am*#4M
zwj2V;2>ocpA-d-rg-LO$H*N_GkR%AYL&)T1KJ|w9zAUg8r3H;C0Ei1@K>B$hpa*aN
zzDgW6oNii9Uh7cZWanv#*vB8H7GKG3WgCZZjA?y&k~Ys*nYhMfPkl`|MXC&Kf=n@^
za5l1+kUhocEWT!H&L-C@3qj3>5(||$5@y9$aPas`5`j=h=UT<O;8nIuDIzE*R~T&`
z>Cij#$5yE`wESvOHiy}K%)n&un2Nm-#qY|`Kx&{wX(3}Dv97{4RaQ*R2T+2tC7FbI
z=F9)LLi!>{ngGNFoMEg}M^{4$iDJ=5KOOz(KlPuS$Q8NGOhloklbfl(X<?#@&LWsC
zNKO2uLSh~|T{sJd{4?C}T1UZ+S2vh5RtY_U558(6qLw8TxyfHr$-fc^#r~C7mWs9!
zr1xt`YsiLq_(TE@9&L4U7zi%KT-;Kd?a-`_zJvh-7f^xRP%0KzZ0m_M%X7KY_9=f}
z`xTI0*R<l7b?=IEtt^cCQa)~!rq6P&ck~^gkn-R{otzx0nNMW?U1W|_$76K!hK#nb
z6Vwo}Bb~G(k^g3-sSd_2jm3^vmVK1ybJ!ne<;2?zf3ezuqzeAJ7y;LRG~T$VoB-@b
z-b0|!#Y;<_H;78jF2s`=J%X<&g>x~#YBRFKZzpbSgDtUI>B%5$sn8V=!lM7^bqG>_
zZy1|27xU!=$-{v{90vt9Vg`?=_6R<I$^cG%XtjK9k<hvCo}>Zh7d@~M@Ms34;*ZIs
zhOGRtZH@s>msq|FYiB3v-xfr>HE{N0K0C&^kQfdSnrh=3ZQDi?0<-RKK)`%9f~Jfc
z#JE?)pkLz+AUzUBo8n)vBoi<6rc(@UU6nzU$O_4hvhLS|46U41Bv)+ZEio+muz~bA
zG6}viOfUV>z}z1E@@hwxu>UWBjh%2a#1FuZ46p4V%cH#qZku(=#T%Gb(>W{4Hi?L{
zBhnuvw3p>S7<`a;G^2DEP)>tC#Rgs6CBIs%ba!fT_;-^U=?W~dd&<-(R7{%*3c-F~
zg7z4t|KNul(OQXj+CJ>;)|zPAGHp96Gj6+zKO`Wc+ml11@cA=sO4g4Nb5+Za2j!J^
z>$g%O)#+-!&s&DPhfL%&&F!BTeqcPe3+`F9-tad!LtpOKw7&Qypjq)scu%FdGR;sX
zBE4XZlo8OkeIh;?aa}$huxX@kcrH62qK7$rDT6X}&hD#|{5M|DIRnfNv5>-0DWfsx
zqZzHwyY=~m_P^)krz&WHjo0)5#e22`l&mzlMI}E-+J&r|c{2+3{CbCmC~r#AoGAfI
zbID#Wih4r_HkFmA<2rdtB)K@*W2f_dZ=}=Q`?hbqYMX+&DrlIGE{$4<B^P(ljHBEg
zCC++xfnE45KijaY%HBYfxIJkOU2j?j#;#H`*dM{uTq8Fk68o7wsU*l~A)5c?p~ZJT
zDFfM3Sp^ZIv=Kpf19I~D@3)0pego2PAzGS3-*qefzj5@F@@&y(*8MAxv>FT|dG_01
z%~J^PrL6?lzUxA}mEGr-XxnvJDl&4_=1;yg9b&aEGLlL8p4)!v%235YT+VrYQ8d=(
z{;5MHdy9{~WR>2TEWBl8>YSWvy&)adRuqlDC8!`Vx%UnLC5uhVjLK-U8xICsmE7l_
zz&qm`Pbowi4Tn_K<S^fUc5V>O2HLP~M`gGKBxUe{0$cz8qT6OhXJ_|o?}mp_q~eqp
z+uHJih9dn=l40M}zZJgvFx4w%=T-M$-u^nnQjsHtkwZUOED9?-r>9thkrp?TxUb#w
z-evADrC$(p>(0z1MW%Kn<Yl^y#z?$>O%%1DbF?Qi>I1OFX;T5c%S_6dNS6~DsmPyR
zb?)X1Qh@w)@0RV$)luCJD4UU9Pg@F=<>`zBe<knebW#*5c(LjEXuv;%_!s$i{u>kS
z1?pn<TIE5MO<CsGd*WUfN}JykVm1<TFs~GmhZ#!9@bfE_ZK<0>Ysx-fF+|LRXo_`i
zaoFGonBsOQ8mTBWk0pMXGM#_2xZzc@q?qY{V`H0gSI;re#f|w=CvlLv*gSQ}X38%~
zvDAX1td7>$CvJvbEh*@lBF#UlTB=pIc^PSRI_SCv?B%5m#5AN^GY3dkXuL15+96MM
z;#r(EhA(H6Q8;&&6+Tw;IJ|<a!bdC2DBo;Iqdgz2O>GVTZoZgq_#Ib%p?p3HklS>+
zAlM~QJHZF!1%f7d!WoSlN~>;pTE8`(R_M98hCJf;b4Q5nbcZ2x=uO>bGpyZG1j(B!
z7!M7X)<l*Zn?7D4?uCl}IYIHE*Q9r}IvQ>}u9UN^ZjY7Sma2%e*@eqKR&9=_UCV)F
zw)rnJtLZN|+gvuyZSIX{!p1Dv9NLWP*DE0EiAMWakv3<DFy2<zIWFf70Q)yLwk^V5
zPI(Fwa^C&slDDjxn(`LeUeu1Tvrpl^`$!f7vTsOwMfdL0SbcEJ#Y^@<ZU!!A<6KDe
zgY0PKhlX=C?1{e09dsMdd}|L>3|i{wCLip^_f-IE<i0d8fA1abRtgZy0tyO0K6JoK
zd`s)#1MWJ~(yY5@V?8-kq;P8atXGtQ_2V9?d}WGw$?aCs=DCN3Y@(YYC(F|dZS7`T
zoZL+AOOL&@)mJ6E+YEN{NHwR3We=pc>q4{KP|q9GW>J@)&!E_D0@M-g`;S-Bdv2R{
zxQt7w<IHt(gL8`;vJ}09&EC3TOd<>(8%jdA_=D={s+v#L(c1QY*?4N2?M+kH2iOh!
zX)7QC2bl~RJJZT{l5haOLHU-}Q38KZYPr%MLjAi!{{>>2p95{$_`|f><uuiZ;}%7h
zua-;NU!}jjQ5ctAt@WF|ZO$PCQV;*PwwDyZnO~)?D6}rA=Tph+SCL624qkSO&<JMl
z+JvXDjaqd>G^K}U%dTEF+j_Z-_b-k7mOOOFT2y!*ou0UE&hu`tIc53yE$YF1;*_}=
zQWz{}S_pjR_Xjyp1e&wirRft@aCo;t+21eQa4VJ`by#c9?8Pq9>ElWvP$=Y2zqjP0
zSV0p;g>oUo4}juu$JYUrshSk0<eI)@+!FR+xNnC+{J~QU$axh8r_BEoU{_v%%Rc^8
ztm>*Xp#C;|7G3GTV<i1y6iqxhb9MyQI@EkbpegLuA>O`SXFuF>)jJ5B4o<Bu&UcF)
zZ?zUUzwYgIjXb_brFxDOs<sDLSCVA%;mEzg3}UFE<WB<a!^~Ne9p`|+9`XODTZwJt
zzXY4oKW!gcKG>T|`c_B`)!c*IguCh;0`8Ajt{fLhpCGeCZ6C%!SZ|VQ{Ciuh3Qd>q
z3_%j#sqmd474HA+Sqk6|!^Q-5&nKL7WB<xAa*b5ogZq;9qgedK+jj$ly260V1#F}I
zw(vi?|0$9$$e`LM-f?}U5d2Lcfz~$n`1?#0t?uk)@*IO2lJ;v2-@v|H{cIlB*4vxE
z!Ch}w>w2KWU8t4MhAoE$^R`*nj(f<=Ub8mISH?OgM*wFEW|zEq-2Ar@dvOMuPziP@
zjr`U}oWry5q>yfRXk(k~kOGpf=Se(iBU>~2wY(riY2}-JoKCJz#h{$MQ>|xo0J+a%
zGkx?Wk&wKm!OHFpfH1Nb>l%o|WL?EmL3n;A_g7Mzy9)p_CivZ1_eJP@#78*~ug$j%
z&d#=O7^TDtH5(v@(sQp*w#5i$k;|>8BX#|bH8xCi<*oV~1h!j}WDTTKT)YnL&KYV;
zL3FIl`?X+rTi*&F5YO676^HdvRjwpmZPCc$*7W^}xe+F#KbrwPUq^o~7e%_!=GU|Q
z^{srPkMF87!Srdg{dE7g;pa{@4=`Gda!K`(o!&;$&NAe5zMrd|3S4$+J%CO@Rq&y?
z@s5f{O}+HA=?PF4xB2UU`@t4^Mj!9Y(Wrf#-1R@l4NL^apZIsz22;$8{AON_^T?=R
z+N{a|@L7QxW1Dh}Pml9Mo25S79Z*wVsPlG_fph(DwgG<^PfSiFp^sp&M=EN9*NZ*S
zvNmsIq1lkw*Qk=jYt>4aI4(DE)0Q2@%yRCZtB<T#B5K=;utv<gZ4MzL?BCg`q#LBF
zD$*hVyJ)!nc@-A;pe-KiAY!}4i6Fo#UO9A#Mc)*MZ+>Y#+iMUxXK&>9`Q&&sHX=7{
zGd-`uq1#|UPe*<}G@7Anv}_Vx^*DgS*10mel69G#ny(aARW_Z?D<4%%2<SXbe!5~^
zyNF+ke1r)=4byG71r;kjs7;s1*{5-VO`R0};;QM|Xm$1*IL6ufxq0*oN52xO{Eho$
ztS9golxS=lWOLao({bjH$92Lcuo{m{>XSO65$tgPN~TtBMSw%w`D)*Ca=Oj5S5{~)
zo>bG;3Qo<fQ!-v*O54-wlM@+Y-SfiIj`O$Yl%z&KpIau&IG)~TE~iRvn6{7O64QGi
zrQ5xAh}^p@6V%T7@`{#VY8uLmsW6A@Q5kX)TuFr9=(`{J-qp8-nVw>SV@Xo@-=1b(
zzot^wUH%tgZColA0gqTtuCs1#ROY<VSpX0re{>~J(0$)lF`_i!Vk-4DI#B4kFJvp_
zY3N{RSV{`sbz0YC5PvMKKF9i>mwvj1D=*tr89jg(^kqf>$31x8v&M@Y;WS_Efxzb9
zqa;3<zs-ss>@d`D(i-eZzM>CJJ*HuPWvIh+$alE7p-PU6d5Oy&tr*$cgEu&-NqB&U
zZ(*_O)83l6vP;c}`+}RT>YWSM9DPQ8^wZIVfx@_Lz3?Q)!&}$WYw&LQh`~^VNo`fR
z;Z}Z_4eAMIUW*+cT_kh`i3-qvv_v8}h&}x_cc@kc|4vrYYLxD}Z!3(JY_vT2#0V6{
zHu8J_Gwai@5liovim>>qs1{3j)^AY~rsUs{rF>@Rt(vngn8Mkf{v$!G3o}R_PWJ9#
zu2K{UxsQ%z5E@Y){S@ymuWgCSsI3n!3HbC^(vtz`-Kk$f*qY%{U-}mQ7{cXme3bv7
z#wQnXu)Pe4($O1?I%=tICi9bOl;<?(^_7O!()--21aVC1eQaDZ+C-f!0m~lfU+OvZ
zCMx1xTP)nR`EcQ`izUsMC89NopUN@>1P-4vy?oKS#JAR!hTn6Cbh^fG#_3X>+=IjS
z@sa9fe#o$^)3-gDv2s3Nwd_;rg~Qciic)D<v`OkFoHnF$d-A#arMBb+xp678!IYGE
zgnY~4Iz<A`MO~C&HWKmq?Uu`QKTcx}&RqefEhu(<;gl|cJ{&L?Bf6=g`lR1nxyD9D
zE1&iUxqc2SmTKn2CWgOw8POJMpXNS#j<Z$+OxRMmqu2?Lk?@Ly#nrQB<TN~8t9T`v
zvz*+Q3f-nGdEmE3K--ypJ%S>ULTN#w>yG%2Hc*zFS69=my}rhmNw_aZbnf~WAHOUT
zJ5t{)a!CU4mR93w^@^U?-31sq{W|s&yRAPpFy;xphmP6tDqV~!aR)BVb#GRQ1f_q3
zO+?OGNy%sliTR!>Y;B4W9H)2`NZs+uY?aCyJ;t51XDbPnlcy|DMAM%4U#K&A#xLfx
zsISgJ0zF*9=oOt3K?gkLY%rN7L)N$cY9;Wto!@;%a^0riS<tNLj|MxD9AnAc0~%N6
z`=_l~?|cx0MY{;d_F}`b-Ss6GQR4?^cP5L{PsZnl=F2K1&lY_#3rb!b8@v)lT6%0U
z8}p?osNcpV{40Id9z{`z4qA{L34E7KSovlG6;6%HK<4+E*ZaM7V*27Cd-%tR49~%2
zw7uGkXf!4GuY`sCuC$ZX&o4wpI|{A~N7+@(0B?lKgPIiCj{PCQMUSzaLfv&$sL`&z
zaP{jl0(LwTsGWHcC<zvCg6M;BdLL2xv~$BtWY6vjqAEnw$E4zjWH>z^-sG8|omQ{&
zN0mz2!-}VsQTx2JOPaw+#IULka-<v0OCU(Rx;xmqledwYC(Q}=k*Nzm!t#74V;HpN
zQESQ`?3<1GJ1Wg5vuD8Fwe+0Fmfe*rqx8y9+-&W+(;1Gq<+_#5khr$Ih`##Sn0@e^
zAHj~}jSd^36rJCDj_%v4h68U%ro7D$(QUf3F_w{^35VIUk$a<ElM2n-%LR{c52q<h
zp?rhGd-7ahH5=yZR%QD?Q4HAFD@Dvx3zJ=X1g0(v`U;0VR^(j#<{?(4ix=|s7SHMp
z_Fm}hq=kDL@AD|W=PZNZw6;Zni(Pv>idT(wh{|Z27)W3cPs{|hR;VYz1LA%M$Iq`@
zHgdO8z@Y%(gPST5WRxSzg^p!7*@->PoC;e`oZIOh0pd9%AsTFo59*hk`>9*vY=JLT
z*VE74^a-ZayrSWatb#@d^KZWI2lT07t(tY=KH=<KAHhk?r*d?Aq(dfv;`?j{L#5t&
z)mdHv6JR;YUeFEteMp4fdnkAF9(cKcWJ2w1(@a76^1`C03nBZdFpp%x^}Z>`8Eb|8
zsh;Y)QK}^G@0<PHkX?KhyVcW=t-txQ!tJ?wG$GNC9;|MbKqTSsV6Z`E_0AX<Y?fVO
zr%04UdEziV2rC|KupxORKDBey8g)R&w&~1ppq2iOy7jN&J1;JJHPiI`#K`El1h$BG
z8kE9YkLvELxeSY%MxEX4RSK$Go%vJ=PqlP$%F$Tvg=#+`w(CGwi#O4{Fu)oz$SwNW
z93}Y1r5e#PJV{W}OeUUNYBdZO28|n<2wlItj*yh7BNz_9pz`X-?GN{lAAI&LK{}|e
z=<EV^<?}0m>iY_+3`PoCdHd2n_<AH<$kDQOn{DXczBH%<{pMC$;HwTcnr&dcg1=JP
z`6-&^TY2$y8hh$hunpVnvF6cI&o5g84=PYs>F&;2+%@Pj7s;~~Q{VWy4v5q@Q&$9V
zVgr-UiG6}YaU(QE695H_*<0|MmAT)SAvfd0M(N2!o*4JYp1EpPt5oxj6#pY|>}h0k
ziE7Y+qKhTFp6U2sPWIdG357+kxdUARJz0+Z*ghws85JA!H+`Nhip}nn3hOQXP@vN~
zxZwB_eMbu$>8iiCdnHN-3Dl<B-&?gd9DGXMMJxf?OM>$W18CVrE!M~)a4CjYcu2kR
zhK06w*KjZvTrSF$?<?$TLK(ni&aCMz)Hig)99Vi!K=#^g9lp@q^Mj1`NsY{o$H!Ss
zKNTHstN7@-l~#ml9TP+Cl?_Vk&<h;a+w{<XG#1@Cl(GJDnwX}AKf9-tdAyKm%t_9O
zN;#{slB6-IFJl<x*m?MYm|j;S6GL7pxaI||$#k^9U~%e>ukzo#DNS7EWKzM-^dYCH
zApIMgUovK6{v=1^Wfit3RH=f`0WP-9An*nP>P>7CbX>~!lX#X+qx6<h=|~>enJcaf
z`uYg$Onl~D`XUqZ=Pu&Qe)Gh(WNDs_zzDQ3*`V8;{?fQd-S<xRRT0IgH!_S8-u#^K
z1Zk*<c}c5k-oGWrG-_U9eLqW!P%EndQUer_ZmmNSQo)uEHyA1s)mwhG;Pv7P<Wwb^
zvV^PY6+Ed?VfB^AO-`xs<W_}`p6fYVE$TRO{3-)+jRx}Bs+EOVY32JyRP4YSg3kMS
zx4B|bzk1j+otu_guWf7bbB;i=Y%q9RXRw}tju%lOlDohlrasuIqE!q_wa-_1wJeOx
z%ovDD_dkQ?2Cq)Hs*AKy0vHzkdV@}S9gNoj?v=qCcPoP@KDGvyuaCV~>rjpUcC!*h
zQCHe(2A4QX!8KK=pziuj_w0<R<eI`TVykI&*;MzMk1RNGJZHfiP&X>c9wPQ0a|iVT
zyeVghaovM?hR#m<v(Z@?|AdUxzQ=>cRz+v5xwtaoHByaHgDCwEk`jy{3hx|Dkr9;B
zL20H=tq)y!0L7lFjEr!oG#CznRy(5OKQLs?cat2eJY_okIyPU!3p>4aGghU$d75TS
zgp<i%%PZ}Pc-Nw+C8kFdt|2#(>p*Q-UJ=f!_?<pl!`W0>gj=ac>*=F9ONOg_5yu&<
zeDVrclKlpmxD*+I17R2fw{h0z=bin4>k98jJ>XR}a1MVQbGpZ4X{d53`KTOD%u9Qt
z)mqx?<4t*slI#E-cYol6!fTq*`_hqC5Cu*oqD@T{9qqf3qWOSWJ9G19Q5lUcj`#6z
zMneJIm64Lsj#{(Io5!SkCft<<n_?bY_}_AcbKLWsqui1*+?`gH4UIbIl5~z)k`y_S
z#lu_a@KO49z&Tdk%Puba`ZMdQMyI5DPLWGS!V>D@j=}4OB;haF*j6Y(2!FW1<=?pK
z@kk1&e$sOjpKb2kRp2nU7I%#;s=G|^Y4WkO<&<K@r41UEOCkANPoE|~yhG0IAbHpy
zE@aL06<ZoGpTAZnk<u%%<Z15<bs1L&?)9&Fs~@JmlSdD~LtmS1Z9>q!{HH!E!^^K~
zL2Z2TXRL!23o!nBJB|<5sKDh8GY<YW5%t>NHYGiN*)^w5z9SJn>=b;O%K?_sK`{6_
z-<o*`&w}|m?+43as=+EVdfuCv!?sfcHG5i|+*cje+nmUU8fD8WFa#Y}V|~~re+F3D
zRomeV-Da0-TZPy?t=MWi-<~-Pm<VmH8*=MxK8ar&ObGXz9X~tmn}ZaKy=hn1_n_!~
z$PmI=($LR{?>D&SVBPxHXhcPk{KUB0FMCpaH{TjT(R|C}kBL*Q-~(L$x96UxJ5YXc
zaBsd46S(c&6%+gQdXA#-cKUN(7&wy-E;Y!%Pg4&Q?TTgjT?6nz!0+e(pPai^@_rQ_
z`b2lJ;q3;$imFKTn4nydEPp^}(BQcBY-QdIu#N7wie{s^GiVhqsK#1<7`0FfWZTX|
z8K6umPmy2e)$1nW$7&G)0ZQM7gyN{Piwr-WLLfa6xw~QMfofSi_=egaLxX4c&hf{7
zo4tV(fYAk;zTMrKi+jd+!Fc{=N$?w;yWdT~o7cI`4i&(~IN<rMDXcru$y!XJWd>|W
z9p$%7`dIUGq|^@rYL3Y=+R*g?C=7hdFHYKH$p1S1A#(SI=8pom>p**4Q1!P_763Pa
z*ViKL?}38~&vL+!5><hPrI-MYT!-_|xip<yM*J{p42TEjBGd`8qs<-NIn{H|l|J+%
zJ{inI1%DoRY&14LVS@kpf9?r?HaGS_ndhNadLaC*cL^j*x%I8Tvfwa(;a_j?1J@^B
z0UJsql6uQs0<^%pB_b$*!Bz`0U?@5)K}a_A#bNw(eqw?YvY`_E>J0vgy!inTu;;kk
zs)euI1VzHRi-|&Vk+0v4-QUe$gv3R2?xZ<2+SmaRtBP7q>{S!Ey=kX=mph@#y?<Rw
z;HH1bND$1g*9IoRPhhRTOW<|VLgTvA;4T3*!*Utzl~TfHX$t^$qrITD^bXeyM_bOM
zIrk4g&~Xrrc6(sDuaL`v^QyUG0&2UD>)xG|SqwGt<5%JaKR7VLFMlj9x7FW9U5s^e
zTDpHwd@*V<VvYxvXbhZtZ;=TZw%~x`y*}X8YP)X%Yx^FZIYihVYAJ+n&ukLL=8@46
zES4RZApuJ7#`y{GeK1Jg(q|}TN#p<1N1wk8rgeUPXEgYv(?q2ySqt2IDaT!kZ{erg
z<Q<$Y{DTZUS({M)^AxaICvfjXP|t>xt=F?o5HKciTa$lMOMMXNE&Zx6Nq!@N{D=pS
z)%=5vMY4l>JL0}>=b>;e6AcHnv>S}&J6%+Le{?@|c|Yq0J8oI;>p9TEy<2&jq5>Y1
zx`^+mz}(^owFO>)Y+qOY`zt1~b$L4n#-8P*Ra@%s5okKault?IXS&1OCLx0x`h3cK
zX0StS;BMFd&_OP~1qMXW|9n8lO@;d4c|}`WTYj_!)kRG;us!e_KOlo2ya<4@kmx-#
z{z+nx)<?fZ1b8_$Fy$A^TUpIwPzSPx!{{cprlbuR146yD6EYD0KN_#8>nWw`ul0w^
z>ew1LYkrNFA@E~Ma|51zd&bYD3JxoGzV9)>Tw;pSpYi2R6j+hlIXcK5zW|bQjW~RJ
z7B*LzcX7Lx998iSR1Tgyn@9?|UsUihg0tK<m)FruSu2p+E&|L>DKzgh%!=37MIpmT
z_9aSBC${bWFod{4GIgf-od-+Rq!aYDU*b%}+PBlT;MiJqb@lA>*!$QP5YJKKnb;n3
ze<NidsMAZD1??IJu1<H)_MZl!C$=)?-OG(Ln5>e{y0E|wjlQzQj0s@Gv!3Q3UZbcl
z>dCytr0|8}1wb!1y8FD#m~J2kVlQteEh<44iDysoBjI{^q*)d=8fdtCaSY(YggeQY
zk3M9A)FAl7PJztucF@E<Nx(*m>mwm>eQWW>NQUlQUT|I8Ukl~=5oP@_XrP37Bvt|(
ziOe*I@2}jN>rakD@`GG>LFm6hb_r|V7WT0RgrKbNRSQCA`U0w~M2ojJH?aFXha<i+
zb2kb3o5W}IlU$VIa^It;@hg?X5}S2j_}Q*zybg9S`toLQNjNO8h8Pd!jE5H~0D1B?
zyy({T=MSMyipT38S6y=52cIwCRio|DQ{5}ekn^XDU8uo(Rz2F978Cs&K^m4PFcnV&
z_;p-Ls8a;KKhmxyT_SlMZqXCwF{EKe*0PUZCTr1OxZEafAX>L%q7fvhs*Ri9!g3gY
z^vbwh0w)`#Z%%51I2w%WL_Z-qTAwjE7$Yb|Z9{?(=%`Ts%m#uDbaA`uDYE)?o(*Ek
zZ^7C34tdS5RAmrSGgOr%Mu=>PN(7-d)|73Of_wmwcdf1x`~Y3XaD%EDsUM}aJh#Nu
zq%#ns_^7B{&05z}s0K9ogWPV5Fw7M5F=;WNWZ2U6?|?nP?M<^$$%RKto3-hSdMfUx
z%NOJ#`LVxK`_Wc?+mzrWebu1Om(&73t{xac6LmsZS|DeJ5<0RMMvNQVZ1g7@ds%3%
zl`Pi{8Zuh~4M*NQzS#lSRG+Ji!K5XBn9Ws|zn-n|l{2LUqm8cNYHU*NYDUwide6yi
zPn(p^Ac(CV7MlL0t`hv9qE>G<Hfr9x_ci|5RKOQa^~Iu6!>_9tt#XDhNx>XpwVL*-
zN2e+YSIDj=+c^PKBGo$8{vyn7l6d;OIgO>EETj9NQ>0s@a^6eC(I{U^F%dJ=u*RzJ
zWVT({@(OIP;t|c-zNCPIo$SxE7J;ZC347eAUFyQYliYXFY!bXewgug63l22#q)4Bm
z5f%(Wt}adny~xi#L^X7O<Kod~{xpl5+DF5FJWqsu8~zGnqgVu@3ZoVvuzR1uHq-@o
zF84Gj5g7drg_RyrUjs?a%HmG;eu6by!&~-_WSv}V5)`whsRA|V)#$ZkFK9WpHWc1l
z>SQC5I(wT9Qt?<s(v{!?fnrbl8W)0CHwaR#o1C84Hct6^)sD;-RaB+y;EP?Wh?)^w
z5pOgix<@Uy+K+fG=Qo`LI>8BW9t(~w^cjA!E;YJg%u>(^@o`di&pAYyOpRIV)j2{x
zk7l=ThIudmyA^Pl7i7{iVSxk%m$q#n^vY$8NS-n}Fg&QaPIVdb+%nf^S+hKbmfJ8h
z?o8e+mg^OT=PUSd@ibOE*nRNoUksU5y0ZeJHp<aMe92g961MbSXa`^TXaL0!xHeso
zN;NcEo`n%WEQU(mbbh$P$S1<)Z0TH{y7!60qhozG&|opq2iraDB2h7oD?tRYX!PHv
z+b1?d@XQ>*q)trWx-^Ul(ljlJnU`Ww@~_{MragTgbf${E$@lK$ge^>-fqE{VU4kjF
zBl$VQz>ji6CmzmrFDB|-D9aXaO{uRq^|mxLu($KUL8qHRt%0?vNjkNGdK~?`#z6fB
z0Ex(OaiHQx>(0rygy6hx)z`J_r~-lgn#GrS%P`p_FYC?Dziz45xlq-7^Nq2GJE-I5
zP4Q2NTIun>!`YR)YBZX%d|aPDKboy;Ki|OYES2pIy92j>!?b~)<d<-MqvIDS=o)l;
zHgwOpa5+YakF#F~?X<prq;{^Nem1YF4-dRnH#UBjU5o&g;(&xy4f_lNV3t90V^`LV
zO4MSu_8{u3L$XVK$%U;V(LKtvMXfLKg#1sVjLRJTdz@aew-bvoch)7Y3=q%N^HUM#
zohRoEm&V3@SWHZ_kmk-s=?JY>pUlAqqoqI3oOm0tSX5xMe)SE@JaO?4OGa{z+}n*o
zfIFJr<O51JT5nr|?b<+3+s2xSSVVPP5`m0*f?S0mW#q!G_a2b$x{CURI<I$PQ5~%-
zn=~kw<|Sn;Bd~cmVf$M^!bpVCYVUrH{Av*W^38p&GK-Dv>F=u<taudKqU2PWi#|M%
zjwXH#NoZsNcV9floL!pD>4;@TKdEq~KHz0O@02Nr<wZ`-&uMdWFU(3OqE$DG5xR0!
z(RB%}Q?;OePpQcwNdHg~uZhofW#l>r6$EtPF_OG*>$Y`3n^6P8cw3`zeIlz54i^J!
zdAk%S-xvADb-vcKy2roaW$WPac)YWS&q!e_>Y*|EBM7-ONzhOa+COX>X=FV2I_n2-
z`@y&o9!&%p+8kbZc|Y9?E=DmJ;BLV8uS6C;!C!jGp3jK0j6@BFkj#gwO2s)H$%QQ$
zPw*I;E;2A+Ler5{wtGaauVU~9+oMsKu7!jJY%pS0QqiixoMhj?Z)l}fd?#kB{buc4
ziL`F;1R7~az>N5llzZQKb_Kv|J?evHr>iGMfCEGWK$LssAfWYLkk^Hhn4;2OBVFu7
zG#t(Hv0eQg*Lpqku<Ea-C}2-fLY7-<%~ce1fvdjhEO<tJh43Ch$!bKV#cn4&x+&Pd
zpnq)hm2|X5(o{F>rcX9u*0|Oq2Pa#JP12Z;CzGvEn-AUQ#vUIeY_zbto@;f<*od|w
zhp@+;(A{_it@#WTOQF!E{Oa>pM2Ae`Rhi#sAHCl0fxPtJ+-QS3Z9~0y`sjFGU5+We
zD|nBO9B26;6b=8HE5yycM1<2{27J(2=n12(4@`9jw2U6v*bU$KfMGl>hY>iFi|7KA
zZ6q{ek%XUTyOD-!-7?pPiURr;3;g@MTh0x)0c+>Bf-M!pJ_)?0Y6k<4d)Gt7Y(Rwb
zy#X4~OZ@A9iE?m%jW(^>;$x)SxOe~Ttv5COj~cSEw&FaweC0_;{i8++{7#q}UB6s$
I>Gu8q1M#5|Q2+n{

literal 0
HcmV?d00001


From d9bfcf2e0cc2dd715453da237fea32f6313f626a Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Fri, 25 Feb 2022 15:57:25 -0800
Subject: [PATCH 10/23] fix links

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 1bf1c5ad0c28..3634fd53cc26 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -106,8 +106,8 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 `AuthenticationFailedException`
   | Error Code | Issue | Mitigation |
   |---|---|---|
-  |AADSTS7000215|An invalid client secret was provided.|Ensure the `clientSecret` provided when constructing the credential is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
-  |AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).| 
+  |AADSTS7000215|An invalid client secret was provided.|Ensure the `clientSecret` provided when constructing the credential is valid. If unsure, create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).|
+  |AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).| 
   |AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the specified `clientId` and `tenantId` are correct for your application registration.  For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
 
 ## Troubleshooting `ClientCertificateCredential` Authentication Issues
@@ -132,18 +132,18 @@ The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts
 |Azure Virtual Machines and Scale Sets|[Configuration](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)|[Troubleshooting](#azure-virtual-machine-managed-identity)|
 |Azure App Service and Azure Functions|[Configuration](https://docs.microsoft.com/azure/app-service/overview-managed-identity)|[Troubleshooting](#azure-app-service-and-azure-functions-managed-identity)|
 |Azure Kubernetes Service|[Configuration](https://azure.github.io/aad-pod-identity/docs/)|[Troubleshooting](#azure-kubernetes-service-managed-identity)|
-|Azure Arc|[Configuration]()|[Troubleshooting]()|
-|Azure Service Fabric|[Configuration]()|[Troubleshooting]()|
+|Azure Arc|[Configuration](https://docs.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)|Troubleshooting|
+|Azure Service Fabric|[Configuration](https://docs.microsoft.com/azure/service-fabric/concepts-managed-identity)|Troubleshooting|
 ### Azure Virtual Machine Managed Identity
 
 `CredentialUnavailableException`
 
 | Error Message |Description| Mitigation |
 |---|---|---|
-|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a status code of 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified `clientId` is correct.<p/><p/>If using a system assigned identity, make sure it has been enabled properly. Instructions to enable the system assigned identity on an Azure VM can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
+|The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a status code of 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified `clientId` is correct.<p/><p/>If using a system assigned identity, make sure it has been enabled properly. Instructions to enable the system assigned identity on an Azure VM can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
 |The request failed due to a gateway error.|The request to the IMDS endpoint failed due to a gateway error, 502 or 504 status code.|Calls via proxy or gateway aren’t supported by IMDS. Disable proxies or gateways running on the VM for calls to the IMDS endpoint `http://169.254.169.254/`|
-|No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|<ul><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
-|Multiple attempts failed to obtain a token from the managed identity endpoint.|Retries to retrieve a token from the IMDS endpoint have been exhausted.|<ul><li>Refer to inner exception messages for more details on specific failures. If the data has been truncated, more detail can be obtained by [collecting logs](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#logging).</li><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
+|No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|<ul><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
+|Multiple attempts failed to obtain a token from the managed identity endpoint.|Retries to retrieve a token from the IMDS endpoint have been exhausted.|<ul><li>Refer to inner exception messages for more details on specific failures. If the data has been truncated, more detail can be obtained by [collecting logs](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#logging).</li><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
 
 #### __Verifying IMDS is available on the VM__
 
@@ -157,7 +157,7 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
-|ManagedIdentityCredential authentication unavailable.|The environment variables configured by the App Services host weren’t present.|<ul><li>Ensure the managed identity has been properly configured on the App Service. Instructions for configuring the managed identity can be found [here](https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet).</li><li>Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verifying-the-app-service-managed-identity-endpoint-is-available) for instructions.</li></ul>|
+|ManagedIdentityCredential authentication unavailable.|The environment variables configured by the App Services host weren’t present.|<ul><li>Ensure the managed identity has been properly configured on the App Service. Instructions for configuring the managed identity can be found [here](https://docs.microsoft.com/azure/app-service/overview-managed-identity?tabs=dotnet).</li><li>Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verifying-the-app-service-managed-identity-endpoint-is-available) for instructions.</li></ul>|
 
 #### __Verifying the App Service managed identity endpoint is available__
 
@@ -192,7 +192,7 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
 | Error Message |Description| Mitigation |
 |---|---|---|
 |Azure CLI not installed|The Azure CLI isn’t installed or couldn’t be found.|<ul><li>Ensure the Azure CLI is properly installed. Installation instructions can be found [here](https://docs.microsoft.com/cli/azure/install-azure-cli).</li><li>Validate the installation location has been added to the `PATH` environment variable.</li></ul>|
-|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|<ul><li>Log into the Azure CLI using the `az login` command. More information on authentication in the Azure CLI can be found [here](https://docs.microsoft.com/en-us/cli/azure/authenticate-azure-cli).</li><li>Validate that the Azure CLI can obtain tokens. See [below](#verifying-the-azure-cli-can-obtain-tokens) for instructions.</li></ul>|
+|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|<ul><li>Log into the Azure CLI using the `az login` command. More information on authentication in the Azure CLI can be found [here](https://docs.microsoft.com/cli/azure/authenticate-azure-cli).</li><li>Validate that the Azure CLI can obtain tokens. See [below](#verifying-the-azure-cli-can-obtain-tokens) for instructions.</li></ul>|
 #### __Verifying the Azure CLI can obtain tokens__
 You can manually verify that the Azure CLI is properly authenticated, and can obtain tokens. First use the `account` command to verify the account which is currently logged in to the Azure CLI. 
 

From 33321e168a267a60511d18b1afd4833f034915ca Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 09:06:47 -0800
Subject: [PATCH 11/23] ungerunding headers

---
 .../Azure.Identity/TROUBLESHOOTING.md         | 70 +++++++++----------
 1 file changed, 35 insertions(+), 35 deletions(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 3634fd53cc26..0c42adf93a07 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -1,27 +1,27 @@
-# Troubleshooting Azure Identity Authentication Issues
+# Troubleshoot Azure Identity Authentication Issues
 
 This troubleshooting guide covers failure investigation techniques, common errors for the credential types in the Azure Identity .NET client library, and mitigation steps to resolve these errors.
 
 ## Table of contents
-- [Handling Azure Identity Exceptions](#handling-azure-identity-exceptions)
+- [Handle Azure Identity Exceptions](#handle-azure-identity-exceptions)
   - [AuthenticationFailedException](#authenticationfailedexception)
   - [CredentialUnavailableException](#credentialunavailableexception)
-- [Finding Relevant Information in Exception Messages](#finding-relevant-information-in-exception-messages)
-- [Enabling and Configuring Logging](#enabling-and-configuring-logging)
-- [Troubleshooting DefaultAzureCredential Authentication Issues](#troubleshooting-defaultazurecredential-authentication-issues)
-- [Troubleshooting EnvironmentCredential Authentication Issues](#troubleshooting-environmentcredential-authentication-issues)
-- [Troubleshooting ClientSecretCredential Authentication Issues](#troubleshooting-clientsecretcredential-authentication-issues)
-- [Troubleshooting ClientCertificateCredential Authentication Issues](#troubleshooting-clientcertificatecredential-authentication-issues)
-- [Troubleshooting UsernamePasswordCredential Authentication Issues](#troubleshooting-usernamepasswordcredential-authentication-issues)
-- [Troubleshooting ManagedIdentityCredential Authentication Issues](#troubleshooting-managedidentitycredential-authentication-issues)
+- [Find Relevant Information in Exception Messages](#find-relevant-information-in-exception-messages)
+- [Enable and Configure Logging](#enable-and-configure-logging)
+- [Troubleshoot DefaultAzureCredential Authentication Issues](#troubleshoot-defaultazurecredential-authentication-issues)
+- [Troubleshoot EnvironmentCredential Authentication Issues](#troubleshoot-environmentcredential-authentication-issues)
+- [Troubleshoot ClientSecretCredential Authentication Issues](#troubleshoot-clientsecretcredential-authentication-issues)
+- [Troubleshoot ClientCertificateCredential Authentication Issues](#troubleshoot-clientcertificatecredential-authentication-issues)
+- [Troubleshoot UsernamePasswordCredential Authentication Issues](#troubleshoot-usernamepasswordcredential-authentication-issues)
+- [Troubleshoot ManagedIdentityCredential Authentication Issues](#troubleshoot-managedidentitycredential-authentication-issues)
   - [Azure Virtual Machine Managed Identity](#azure-virtual-machine-managed-identity)
   - [Azure App Service and Azure Functions Managed Identity](#azure-app-service-and-azure-functions-managed-identity)
-- [Troubleshooting VisualStudioCodeCredential Authentication Issues](#troubleshooting-visualstudiocodecredential-authentication-issues)
-- [Troubleshooting VisualStudioCredential Authentication Issues](#troubleshooting-visualstudiocredential-authenticaton-issues)
-- [Troubleshooting AzureCliCredential Authentication Issues](#troubleshooting-azureclicredential-authentication-issues)
-- [Troubleshooting AzurePowerShellCredential Authentication Issues](#troubleshooting-azurepowershellcredential-authentication-issues)
+- [Troubleshoot VisualStudioCodeCredential Authentication Issues](#troubleshoot-visualstudiocodecredential-authentication-issues)
+- [Troubleshoot VisualStudioCredential Authentication Issues](#troubleshoot-visualstudiocredential-authenticaton-issues)
+- [Troubleshoot AzureCliCredential Authentication Issues](#troubleshoot-azureclicredential-authentication-issues)
+- [Troubleshoot AzurePowerShellCredential Authentication Issues](#troubleshoot-azurepowershellcredential-authentication-issues)
 
-## Handling Azure Identity Exceptions
+## Handle Azure Identity Exceptions
 
 ### AuthenticationFailedException
 Exceptions arising from authentication errors can be raised on any service client method that makes a request to the service. This is because the the token is requested from the credential on the first call to the service and on any subsequent than need to refresh the token. 
@@ -48,7 +48,7 @@ catch (AuthenticationFailedException e)
 
 The `CredentialUnavailableExcpetion` is a special exception type derived from `AuthenticationFailedException`. This exception type is used to indicate that the credential can’t authenticate in the current environment, due to lack of required configuration or setup. This exception is also used as a signal to chained credential types, such as `DefaultAzureCredential` and `ChainedTokenCredential`, that the chained credential should continue to try other credential types later in the chain.
 
-## Finding Relevant Information in Exception Messages
+## Find Relevant Information in Exception Messages
 
 `AuthenticationFailedException` is thrown when unexpected errors occurred while a credential is authenticating. This can include errors received from requests to the AAD STS and often contains information helpful to diagnosis. Consider the following `AuthenticationFailedException` message.
 
@@ -62,7 +62,7 @@ This error contains several pieces of information:
 
 - __Correlation ID and Timestamp__: The correlation ID and call Timestamp used to identify the request in server-side logs. This information can be useful to support engineers when diagnosing unexpected STS failures.
 
-### Enabling and Configuring Logging
+### Enable and Configure Logging
 
 The Azure Identity library provides the same [logging capabilities](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/core/Azure.Core/samples/Diagnostics.md#logging) as the rest of the Azure SDK.
 
@@ -89,20 +89,20 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 
 > CAUTION: Requests and responses in the Azure Identity library contain sensitive information. Precaution must be taken to protect logs when customizing the output to avoid compromising account security.
 
-## Troubleshooting `DefaultAzureCredential` Authentication Issues
+## Troubleshoot `DefaultAzureCredential` Authentication Issues
 
 | Error |Description| Mitigation |
 |---|---|---|
-|`CredentialUnavailableException` raised with message. "DefaultAzureCredential failed to retrieve a token from the included credentials."|All credentials in the `DefaultAzureCredential` chain failed to retrieve a token, each throwing a `CredentialUnavailableException` themselves|<ul><li>[Enable logging](#enabling-and-configuring-logging) to verify the credentials being tried, and get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshooting-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshooting-managedidentitycredential-authentication-issues)</li><li>[VisualStudioCodeCredential](#troubleshooting-visualstudiocodecredential-authentication-issues)</li><li>[VisualStudioCredential](#troubleshooting-visualstudiocredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshooting-azureclicredential-authentication-issues)</li><li>[AzurePowershellCredential](#troubleshooting-azurepowershellcredential-authentication-issues)</li></ul>|
+|`CredentialUnavailableException` raised with message. "DefaultAzureCredential failed to retrieve a token from the included credentials."|All credentials in the `DefaultAzureCredential` chain failed to retrieve a token, each throwing a `CredentialUnavailableException` themselves|<ul><li>[Enable logging](#enabling-and-configuring-logging) to verify the credentials being tried, and get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshoot-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshoot-managedidentitycredential-authentication-issues)</li><li>[VisualStudioCodeCredential](#troubleshoot-visualstudiocodecredential-authentication-issues)</li><li>[VisualStudioCredential](#troubleshoot-visualstudiocredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshoot-azureclicredential-authentication-issues)</li><li>[AzurePowershellCredential](#troubleshoot-azurepowershellcredential-authentication-issues)</li></ul>|
 |`RequestFailedExcpetion` raised from the client with a status code of 401 or 403|Authentication succeeded but the authorizing Azure service responded with a 401 (Authenticate), or 403 (Forbidden) status code. This can often be caused by the `DefaultAzureCredential` authenticating an account other than the intended.|<ul><li>[Enable logging](#enabling-and-configuring-logging) to determine which credential in the chain returned the authenticating token.</li><li>In the case a credential other than the expected is returning a token, bypass this by either signing out of the corresponding development tool, or excluding the credential with the ExcludeXXXCredential property in the `DefaultAzureCredentialOptions`</li></ul>|
 
-## Troubleshooting `EnvironmentCredential` Authentication Issues
+## Troubleshoot `EnvironmentCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
 |Environment variables aren't fully configured.|A valid combination of environment variables wasn't set.|Ensure the appropriate environment variables are set **prior to application startup** for the intended authentication method.<p/>  <ul><li>To authenticate a service principal using a client secret, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_SECRET` are properly set.</li><li>To authenticate a service principal using a certificate, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_CERTIFICATE_PATH` are properly set.</li><li>To authenticate a user using a password, ensure the variables `AZURE_USERNAME` and `AZURE_PASSWORD` are properly set.</li><ul>|
 
-## Troubleshooting `ClientSecretCredential` Authentication Issues
+## Troubleshoot `ClientSecretCredential` Authentication Issues
 `AuthenticationFailedException`
   | Error Code | Issue | Mitigation |
   |---|---|---|
@@ -110,20 +110,20 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
   |AADSTS7000222|An expired client secret was provided.|Create a new client secret using the Azure portal. Details on creating a new client secret can be found [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret).| 
   |AADSTS700016|The specified application wasn't found in the specified tenant.|Ensure the specified `clientId` and `tenantId` are correct for your application registration.  For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).|
 
-## Troubleshooting `ClientCertificateCredential` Authentication Issues
+## Troubleshoot `ClientCertificateCredential` Authentication Issues
 `AuthenticationFailedException`
   | Error Code | Description | Mitigation |
   |---|---|---|
   |AADSTS700016|The specified application wasn’t found in the specified tenant.| Ensure the specified `clientId` and `tenantId` are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](ttps://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).
 
 
-## Troubleshooting `UsernamePasswordCredential` Authentication Issues
+## Troubleshoot `UsernamePasswordCredential` Authentication Issues
 `AuthenticationFailedException`
 | Error Code | Issue | Mitigation |
 |---|---|---|
 |AADSTS50126|The provided username or password is invalid|Ensure the `username` and `password` provided when constructing the credential are valid.|
 ||||
-## Troubleshooting `ManagedIdentityCredential` Authentication Issues
+## Troubleshoot `ManagedIdentityCredential` Authentication Issues
 
 The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts that provide managed identity. Configuring the managed identity and troubleshooting failures varies from hosts. The below table lists the Azure hosts that can be assigned a managed identity, and are supported by the `ManagedIdentityCredential`.
 
@@ -143,9 +143,9 @@ The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts
 |The requested identity hasn’t been assigned to this resource.|The IMDS endpoint responded with a status code of 400, indicating the requested identity isn’t assigned to the VM.|If using a user assigned identity, ensure the specified `clientId` is correct.<p/><p/>If using a system assigned identity, make sure it has been enabled properly. Instructions to enable the system assigned identity on an Azure VM can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm#enable-system-assigned-managed-identity-on-an-existing-vm).|
 |The request failed due to a gateway error.|The request to the IMDS endpoint failed due to a gateway error, 502 or 504 status code.|Calls via proxy or gateway aren’t supported by IMDS. Disable proxies or gateways running on the VM for calls to the IMDS endpoint `http://169.254.169.254/`|
 |No response received from the managed identity endpoint.|No response was received for the request to IMDS or the request timed out.|<ul><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
-|Multiple attempts failed to obtain a token from the managed identity endpoint.|Retries to retrieve a token from the IMDS endpoint have been exhausted.|<ul><li>Refer to inner exception messages for more details on specific failures. If the data has been truncated, more detail can be obtained by [collecting logs](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#logging).</li><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verifying-imds-is-available-on-the-vm) for instructions.</li></ul>|
+|Multiple attempts failed to obtain a token from the managed identity endpoint.|Retries to retrieve a token from the IMDS endpoint have been exhausted.|<ul><li>Refer to inner exception messages for more details on specific failures. If the data has been truncated, more detail can be obtained by [collecting logs](https://github.com/Azure/azure-sdk-for-net/tree/main/sdk/identity/Azure.Identity#logging).</li><li>Ensure managed identity has been properly configured on the VM. Instructions for configuring the manged identity can be found [here](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm).</li><li>Verify the IMDS endpoint is reachable on the VM, see [below](#verify-imds-is-available-on-the-vm) for instructions.</li></ul>|
 
-#### __Verifying IMDS is available on the VM__
+#### __Verify IMDS is available on the VM__
 
 If you have access to the VM, you can verify the manged identity endpoint is available via the command line using curl. 
 
@@ -157,9 +157,9 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
-|ManagedIdentityCredential authentication unavailable.|The environment variables configured by the App Services host weren’t present.|<ul><li>Ensure the managed identity has been properly configured on the App Service. Instructions for configuring the managed identity can be found [here](https://docs.microsoft.com/azure/app-service/overview-managed-identity?tabs=dotnet).</li><li>Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verifying-the-app-service-managed-identity-endpoint-is-available) for instructions.</li></ul>|
+|ManagedIdentityCredential authentication unavailable.|The environment variables configured by the App Services host weren’t present.|<ul><li>Ensure the managed identity has been properly configured on the App Service. Instructions for configuring the managed identity can be found [here](https://docs.microsoft.com/azure/app-service/overview-managed-identity?tabs=dotnet).</li><li>Verify the App Service environment is properly configured and the managed identity endpoint is available. See [below](#verify-the-app-service-managed-identity-endpoint-is-available) for instructions.</li></ul>|
 
-#### __Verifying the App Service managed identity endpoint is available__
+#### __Verify the App Service managed identity endpoint is available__
 
 If you have access to SSH into the App Service, you can verify managed identity is available in the environment. First ensure the environment variables `MSI_ENDPOINT` and `MSI_SECRET` have been set in the environment. Then you can verify the managed identity endpoint is available using curl.
 ```bash
@@ -174,26 +174,26 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
 |---|---|---|
 |No Managed Identity endpoint found|The application attempted to authenticate before an identity was assigned to its pod|Verify the pod is labeled correctly. This also occurs when a correctly labeled pod authenticates before the identity is ready. To prevent initialization races, configure NMI to set the Retry-After header in its responses (see [Pod Identity documentation](https://azure.github.io/aad-pod-identity/docs/configure/feature_flags/#set-retry-after-header-in-nmi-response)).
 
-## Troubleshooting `VisualStudioCodeCredential` Authentication Issues
+## Troubleshoot `VisualStudioCodeCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
 |Failed To Read VS Code Credentials<p/><p/>OR<p/>Authenticate via Azure Tools plugin in VS Code.|No Azure account information was found in the VS Code configuration.|<ul><li>Ensure the [Azure Account plugin](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) is properly installed</li><li>Use **View > Command Palette** to execute the **Azure: Sign In** command. This command opens a browser window and displays a page that allows you to sign in to Azure.</li><li>If you already had the Azure Account extension installed and had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
 |MSAL Interaction Required Error|The `VisualStudioCodeCredential` was able to read the cached credentials from the cache but the cached token is likely expired.|Log into the Azure Account extension via **View > Command Palette** to execute the **Azure: Sign In** command in the VS Code IDE.|
 
-## Troubleshooting `VisualStudioCredential` Authentication Issues
+## Troubleshoot `VisualStudioCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
 |Failed To Read Credentials<p/><p/>OR<p/>Authenticate via Azure Service Authentication.|The `VisualStudioCredential` failed retrieve a token from the Visual Studio authentication utility `Microsoft.Asal.TokenService.exe`.|<ul><li>In Visual Studio select the `Tools > Options` menu to launch the Options dialog.</li><li>Navigate to the `Azure Service Authentication` options to sign in with your Azure Active Directory account.</li><li>If you already had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
 
-## Troubleshooting `AzureCliCredential` Authentication Issues
+## Troubleshoot `AzureCliCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
 |Azure CLI not installed|The Azure CLI isn’t installed or couldn’t be found.|<ul><li>Ensure the Azure CLI is properly installed. Installation instructions can be found [here](https://docs.microsoft.com/cli/azure/install-azure-cli).</li><li>Validate the installation location has been added to the `PATH` environment variable.</li></ul>|
-|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|<ul><li>Log into the Azure CLI using the `az login` command. More information on authentication in the Azure CLI can be found [here](https://docs.microsoft.com/cli/azure/authenticate-azure-cli).</li><li>Validate that the Azure CLI can obtain tokens. See [below](#verifying-the-azure-cli-can-obtain-tokens) for instructions.</li></ul>|
-#### __Verifying the Azure CLI can obtain tokens__
+|Please run 'az login' to set up account|No account is currently logged into the Azure CLI, or the login has expired.|<ul><li>Log into the Azure CLI using the `az login` command. More information on authentication in the Azure CLI can be found [here](https://docs.microsoft.com/cli/azure/authenticate-azure-cli).</li><li>Validate that the Azure CLI can obtain tokens. See [below](#verify-the-azure-cli-can-obtain-tokens) for instructions.</li></ul>|
+#### __Verify the Azure CLI can obtain tokens__
 You can manually verify that the Azure CLI is properly authenticated, and can obtain tokens. First use the `account` command to verify the account which is currently logged in to the Azure CLI. 
 
 ```bash
@@ -215,9 +215,9 @@ az account get-access-token --output json --resource https://management.core.win
 |---|---|---|
 |PowerShell isn’t installed.|No local installation of PowerShell was found.|Ensure that PowerShell is properly installed on the machine. Instructions for installing PowerShell can be found [here](tps://docs.microsoft.com/powershell/scripting/install/installing-powershell).|
 |Az.Account module >= 2.2.0 isn’t installed.|The Az.Account module needed for authentication in Azure PowerShell isn’t installed.|Install the latest Az.Account module. Installation instructions can be found [here](https://docs.microsoft.com/powershell/azure/install-az-ps).|
-|Please run 'Connect-AzAccount' to set up account.|No account is currently logged into Azure PowerShell.|<ul><li>Login to Azure PowerShell using the `Connect-AzAccount` command. More instructions for authenticating Azure PowerShell can be found [here](https://docs.microsoft.com/powershell/azure/authenticate-azureps)</li><li>Validate that Azure PowerShell can obtain tokens. See [below](#verifying-azure-powershell-can-obtain-tokens) for instructions.</li></ul>|
+|Please run 'Connect-AzAccount' to set up account.|No account is currently logged into Azure PowerShell.|<ul><li>Login to Azure PowerShell using the `Connect-AzAccount` command. More instructions for authenticating Azure PowerShell can be found [here](https://docs.microsoft.com/powershell/azure/authenticate-azureps)</li><li>Validate that Azure PowerShell can obtain tokens. See [below](#verify-azure-powershell-can-obtain-tokens) for instructions.</li></ul>|
 
-#### __Verifying Azure PowerShell can obtain tokens__
+#### __Verify Azure PowerShell can obtain tokens__
 You can manually verify that Azure PowerShell is properly authenticated, and can obtain tokens. First use the `Get-AzContext` command to verify the account which is currently logged in to the Azure CLI. 
 
 ```

From 281cbc1ddb46c429ccc91ee3b55016816cf9c6c2 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 10:12:13 -0800
Subject: [PATCH 12/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 0c42adf93a07..45fefd284a18 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -24,7 +24,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 ## Handle Azure Identity Exceptions
 
 ### AuthenticationFailedException
-Exceptions arising from authentication errors can be raised on any service client method that makes a request to the service. This is because the the token is requested from the credential on the first call to the service and on any subsequent than need to refresh the token. 
+Exceptions arising from authentication errors can be raised on any service client method that makes a request to the service. This is because the token is requested from the credential on the first call to the service and on any subsequent requests to the service that need to refresh the token. 
 
 To distinguish these failures from failures in the service client, Azure Identity classes raise the `AuthenticationFailedException` with details describing the source of the error in the exception message and possibly the error message. Depending on the application, these errors may or may not be recoverable.
 

From 33142997908780e39db0a82d185c82b8af84346a Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 10:12:41 -0800
Subject: [PATCH 13/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 45fefd284a18..6c6ccf5f19e3 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -66,7 +66,7 @@ This error contains several pieces of information:
 
 The Azure Identity library provides the same [logging capabilities](https://github.com/Azure/azure-sdk-for-net/blob/main/sdk/core/Azure.Core/samples/Diagnostics.md#logging) as the rest of the Azure SDK.
 
-The simplest way to see the logs to help debug authentication issues is to enable the console logging.
+The simplest way to see the logs to help debug authentication issues is to enable the console logger.
 
 ``` c#
 // Setup a listener to monitor logged events.

From 2e962ba8d2162821708134d6b26e2ca8fab24071 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 10:13:57 -0800
Subject: [PATCH 14/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 6c6ccf5f19e3..56088243de29 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -114,7 +114,7 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 `AuthenticationFailedException`
   | Error Code | Description | Mitigation |
   |---|---|---|
-  |AADSTS700016|The specified application wasn’t found in the specified tenant.| Ensure the specified `clientId` and `tenantId` are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](ttps://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).
+  |AADSTS700016|The specified application wasn’t found in the specified tenant.| Ensure the specified `clientId` and `tenantId` are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).
 
 
 ## Troubleshoot `UsernamePasswordCredential` Authentication Issues

From 7623c7160f6b05948951cd9310d298f1a8a3c0fd Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 10:16:39 -0800
Subject: [PATCH 15/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 56088243de29..29e61154ea74 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -94,7 +94,7 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 | Error |Description| Mitigation |
 |---|---|---|
 |`CredentialUnavailableException` raised with message. "DefaultAzureCredential failed to retrieve a token from the included credentials."|All credentials in the `DefaultAzureCredential` chain failed to retrieve a token, each throwing a `CredentialUnavailableException` themselves|<ul><li>[Enable logging](#enabling-and-configuring-logging) to verify the credentials being tried, and get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshoot-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshoot-managedidentitycredential-authentication-issues)</li><li>[VisualStudioCodeCredential](#troubleshoot-visualstudiocodecredential-authentication-issues)</li><li>[VisualStudioCredential](#troubleshoot-visualstudiocredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshoot-azureclicredential-authentication-issues)</li><li>[AzurePowershellCredential](#troubleshoot-azurepowershellcredential-authentication-issues)</li></ul>|
-|`RequestFailedExcpetion` raised from the client with a status code of 401 or 403|Authentication succeeded but the authorizing Azure service responded with a 401 (Authenticate), or 403 (Forbidden) status code. This can often be caused by the `DefaultAzureCredential` authenticating an account other than the intended.|<ul><li>[Enable logging](#enabling-and-configuring-logging) to determine which credential in the chain returned the authenticating token.</li><li>In the case a credential other than the expected is returning a token, bypass this by either signing out of the corresponding development tool, or excluding the credential with the ExcludeXXXCredential property in the `DefaultAzureCredentialOptions`</li></ul>|
+|`RequestFailedExcpetion` raised from the client with a status code of 401 or 403|Authentication succeeded but the authorizing Azure service responded with a 401 (Authenticate), or 403 (Forbidden) status code. This can often be caused by the `DefaultAzureCredential` authenticating an account other than the intended or that the intended account does not have the correct permissions or roles assigned.|<ul><li>[Enable logging](#enabling-and-configuring-logging) to determine which credential in the chain returned the authenticating token.</li><li>In the case a credential other than the expected is returning a token, bypass this by either signing out of the corresponding development tool, or excluding the credential with the ExcludeXXXCredential property in the `DefaultAzureCredentialOptions`</li><li>Ensure that the correct role is assigned to the account being used. For example, a service specific role rather than the subscription Owner role.</li></ul>|
 
 ## Troubleshoot `EnvironmentCredential` Authentication Issues
 `CredentialUnavailableException`

From d9e3f352e2925d209ca212034ebf8d7a3fafb991 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 10:35:31 -0800
Subject: [PATCH 16/23] more fb

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 0c42adf93a07..47ec8240cf18 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -93,14 +93,14 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 
 | Error |Description| Mitigation |
 |---|---|---|
-|`CredentialUnavailableException` raised with message. "DefaultAzureCredential failed to retrieve a token from the included credentials."|All credentials in the `DefaultAzureCredential` chain failed to retrieve a token, each throwing a `CredentialUnavailableException` themselves|<ul><li>[Enable logging](#enabling-and-configuring-logging) to verify the credentials being tried, and get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshoot-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshoot-managedidentitycredential-authentication-issues)</li><li>[VisualStudioCodeCredential](#troubleshoot-visualstudiocodecredential-authentication-issues)</li><li>[VisualStudioCredential](#troubleshoot-visualstudiocredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshoot-azureclicredential-authentication-issues)</li><li>[AzurePowershellCredential](#troubleshoot-azurepowershellcredential-authentication-issues)</li></ul>|
+|`CredentialUnavailableException` raised with message. "DefaultAzureCredential failed to retrieve a token from the included credentials."|All credentials in the `DefaultAzureCredential` chain failed to retrieve a token, each throwing a `CredentialUnavailableException`|<ul><li>[Enable logging](#enabling-and-configuring-logging) to verify the credentials being tried, and get further diagnostic information.</li><li>Consult the troubleshooting guide for underlying credential types for more information.</li><ul><li>[EnvironmentCredential](#troubleshoot-environmentcredential-authentication-issues)</li><li>[ManagedIdentityCredential](#troubleshoot-managedidentitycredential-authentication-issues)</li><li>[VisualStudioCodeCredential](#troubleshoot-visualstudiocodecredential-authentication-issues)</li><li>[VisualStudioCredential](#troubleshoot-visualstudiocredential-authentication-issues)</li><li>[AzureCLICredential](#troubleshoot-azureclicredential-authentication-issues)</li><li>[AzurePowershellCredential](#troubleshoot-azurepowershellcredential-authentication-issues)</li></ul>|
 |`RequestFailedExcpetion` raised from the client with a status code of 401 or 403|Authentication succeeded but the authorizing Azure service responded with a 401 (Authenticate), or 403 (Forbidden) status code. This can often be caused by the `DefaultAzureCredential` authenticating an account other than the intended.|<ul><li>[Enable logging](#enabling-and-configuring-logging) to determine which credential in the chain returned the authenticating token.</li><li>In the case a credential other than the expected is returning a token, bypass this by either signing out of the corresponding development tool, or excluding the credential with the ExcludeXXXCredential property in the `DefaultAzureCredentialOptions`</li></ul>|
 
 ## Troubleshoot `EnvironmentCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
-|Environment variables aren't fully configured.|A valid combination of environment variables wasn't set.|Ensure the appropriate environment variables are set **prior to application startup** for the intended authentication method.<p/>  <ul><li>To authenticate a service principal using a client secret, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_SECRET` are properly set.</li><li>To authenticate a service principal using a certificate, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_CERTIFICATE_PATH` are properly set.</li><li>To authenticate a user using a password, ensure the variables `AZURE_USERNAME` and `AZURE_PASSWORD` are properly set.</li><ul>|
+|Environment variables aren't fully configured.|A valid combination of environment variables wasn't set.|Ensure the appropriate environment variables are set **prior to application startup** for the intended authentication method.</p><ul><li>To authenticate a service principal using a client secret, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_SECRET` are properly set.</li><li>To authenticate a service principal using a certificate, ensure the variables `AZURE_CLIENT_ID`, `AZURE_TENANT_ID` and `AZURE_CLIENT_CERTIFICATE_PATH` are properly set.</li><li>To authenticate a user using a password, ensure the variables `AZURE_USERNAME` and `AZURE_PASSWORD` are properly set.</li><ul>|
 
 ## Troubleshoot `ClientSecretCredential` Authentication Issues
 `AuthenticationFailedException`
@@ -178,14 +178,16 @@ curl 'http://169.254.169.254/metadata/identity/oauth2/token?resource=https://man
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
-|Failed To Read VS Code Credentials<p/><p/>OR<p/>Authenticate via Azure Tools plugin in VS Code.|No Azure account information was found in the VS Code configuration.|<ul><li>Ensure the [Azure Account plugin](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) is properly installed</li><li>Use **View > Command Palette** to execute the **Azure: Sign In** command. This command opens a browser window and displays a page that allows you to sign in to Azure.</li><li>If you already had the Azure Account extension installed and had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
+|Failed To Read VS Code Credentials</p></p>OR</p>Authenticate via Azure Tools plugin in VS Code|No Azure account information was found in the VS Code configuration.|<ul><li>Ensure the [Azure Account plugin](https://marketplace.visualstudio.com/items?itemName=ms-vscode.azure-account) is properly installed</li><li>Use **View > Command Palette** to execute the **Azure: Sign In** command. This command opens a browser window and displays a page that allows you to sign in to Azure.</li><li>If you already had the Azure Account extension installed and had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
 |MSAL Interaction Required Error|The `VisualStudioCodeCredential` was able to read the cached credentials from the cache but the cached token is likely expired.|Log into the Azure Account extension via **View > Command Palette** to execute the **Azure: Sign In** command in the VS Code IDE.|
+|ADFS tenant not supported|ADFS tenants are not currently supported by Visual Stuido `Azure Service Authentication`.|Use credentials from a supported cloud when authenticating with Visual Studio. The supported clouds are:</p><ul><li>AZURE PUBLIC CLOUD - https://login.microsoftonline.com/</li><li>AZURE GERMANY - https://login.microsoftonline.de/</li><li>AZURE CHINA - https://login.chinacloudapi.cn/</li><li>AZURE GOVERNMENT - https://login.microsoftonline.us/</li></ul>|
 
 ## Troubleshoot `VisualStudioCredential` Authentication Issues
 `CredentialUnavailableException`
 | Error Message |Description| Mitigation |
 |---|---|---|
-|Failed To Read Credentials<p/><p/>OR<p/>Authenticate via Azure Service Authentication.|The `VisualStudioCredential` failed retrieve a token from the Visual Studio authentication utility `Microsoft.Asal.TokenService.exe`.|<ul><li>In Visual Studio select the `Tools > Options` menu to launch the Options dialog.</li><li>Navigate to the `Azure Service Authentication` options to sign in with your Azure Active Directory account.</li><li>If you already had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
+|Failed To Read Credentials</p></p>OR</p>Authenticate via Azure Service Authentication|The `VisualStudioCredential` failed retrieve a token from the Visual Studio authentication utility `Microsoft.Asal.TokenService.exe`.|<ul><li>In Visual Studio select the `Tools > Options` menu to launch the Options dialog.</li><li>Navigate to the `Azure Service Authentication` options to sign in with your Azure Active Directory account.</li><li>If you already had logged in to your account, try logging out and logging in again as that will repopulate the cache and potentially mitigate the error you're getting.</li></ul>|
+|ADFS tenant not supported|ADFS tenants are not currently supported by Visual Stuido `Azure Service Authentication`.|Use credentials from a supported cloud when authenticating with Visual Studio. The supported clouds are:</p><ul><li>AZURE PUBLIC CLOUD - https://login.microsoftonline.com/</li><li>AZURE GERMANY - https://login.microsoftonline.de/</li><li>AZURE CHINA - https://login.chinacloudapi.cn/</li><li>AZURE GOVERNMENT - https://login.microsoftonline.us/</li></ul>|
 
 ## Troubleshoot `AzureCliCredential` Authentication Issues
 `CredentialUnavailableException`

From 6b04a4fb2c3f5d4c81eade772078834ded8d4110 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 12:26:58 -0800
Subject: [PATCH 17/23] more fb

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 0ef6627fb09c..97883288ee4f 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -132,8 +132,8 @@ The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts
 |Azure Virtual Machines and Scale Sets|[Configuration](https://docs.microsoft.com/azure/active-directory/managed-identities-azure-resources/qs-configure-portal-windows-vm)|[Troubleshooting](#azure-virtual-machine-managed-identity)|
 |Azure App Service and Azure Functions|[Configuration](https://docs.microsoft.com/azure/app-service/overview-managed-identity)|[Troubleshooting](#azure-app-service-and-azure-functions-managed-identity)|
 |Azure Kubernetes Service|[Configuration](https://azure.github.io/aad-pod-identity/docs/)|[Troubleshooting](#azure-kubernetes-service-managed-identity)|
-|Azure Arc|[Configuration](https://docs.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)|Troubleshooting|
-|Azure Service Fabric|[Configuration](https://docs.microsoft.com/azure/service-fabric/concepts-managed-identity)|Troubleshooting|
+|Azure Arc|[Configuration](https://docs.microsoft.com/azure/azure-arc/servers/managed-identity-authentication)||
+|Azure Service Fabric|[Configuration](https://docs.microsoft.com/azure/service-fabric/concepts-managed-identity)||
 ### Azure Virtual Machine Managed Identity
 
 `CredentialUnavailableException`

From 6cdf3dd58b78b3ab5dfccf87d6acc83c83feadbf Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Mon, 28 Feb 2022 17:41:38 -0800
Subject: [PATCH 18/23] Update sdk/identity/Azure.Identity/TROUBLESHOOTING.md

Co-authored-by: Christopher Scott <chriscott@hotmail.com>
---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 97883288ee4f..b14d1de4310f 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -58,7 +58,7 @@ This error contains several pieces of information:
 
 - __Failing Credential Type__: The type of credential that failed to authenticate. This can be helpful when diagnosing issues with chained credential types such as `DefaultAzureCredential` or `ChainedTokenCredential`.
 
-- __STS Error Code and Message__: The error code and message returned from the Azure AD STS. This can give insight into the specific reason the request failed. For instance in this specific case because the provided client secret is incorrect. More information on STS error codes can be found [here](https://docs.microsoft.com//azure/active-directory/develop/reference-aadsts-error-codes#aadsts-error-codes).
+- __STS Error Code and Message__: The error code and message returned from the Azure AD STS. This can give insight into the specific reason the request failed. For instance, in this specific case because the provided client secret is incorrect. More information on STS error codes can be found [here](https://docs.microsoft.com/azure/active-directory/develop/reference-aadsts-error-codes#aadsts-error-codes).
 
 - __Correlation ID and Timestamp__: The correlation ID and call Timestamp used to identify the request in server-side logs. This information can be useful to support engineers when diagnosing unexpected STS failures.
 

From 6e891db943abdc69eedea90f43f73d0c6794cf2b Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Tue, 1 Mar 2022 09:44:06 -0800
Subject: [PATCH 19/23] add additional help section

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 97883288ee4f..6d9691d939a8 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -20,6 +20,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 - [Troubleshoot VisualStudioCredential Authentication Issues](#troubleshoot-visualstudiocredential-authenticaton-issues)
 - [Troubleshoot AzureCliCredential Authentication Issues](#troubleshoot-azureclicredential-authentication-issues)
 - [Troubleshoot AzurePowerShellCredential Authentication Issues](#troubleshoot-azurepowershellcredential-authentication-issues)
+- [Getting Additional Help](#getting-additional-help)
 
 ## Handle Azure Identity Exceptions
 
@@ -235,4 +236,8 @@ Once you've verified Azure PowerShell is using correct account, you can validate
 ```bash
 Get-AzAccessToken -ResourceUrl "https://management.core.windows.net"
 ```
->Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
\ No newline at end of file
+>Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
+
+## Getting Additional Help
+
+Additional information on ways to reach out for support can be found in the [SUPPORT.md](https://github.com/Azure/azure-sdk-for-net/blob/main/SUPPORT.md) at the root of the repo.
\ No newline at end of file

From 25fc1d4f0c3344a22dbcb7e63e9888fd004939fc Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Tue, 1 Mar 2022 09:53:25 -0800
Subject: [PATCH 20/23] fb

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index eb3eb2113bac..c6b957824b37 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -20,7 +20,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 - [Troubleshoot VisualStudioCredential Authentication Issues](#troubleshoot-visualstudiocredential-authenticaton-issues)
 - [Troubleshoot AzureCliCredential Authentication Issues](#troubleshoot-azureclicredential-authentication-issues)
 - [Troubleshoot AzurePowerShellCredential Authentication Issues](#troubleshoot-azurepowershellcredential-authentication-issues)
-- [Getting Additional Help](#getting-additional-help)
+- [Get Additional Help](#get-additional-help)
 
 ## Handle Azure Identity Exceptions
 
@@ -238,6 +238,6 @@ Get-AzAccessToken -ResourceUrl "https://management.core.windows.net"
 ```
 >Note that output of this command will contain a valid access token, and SHOULD NOT BE SHARED to avoid compromising account security.
 
-## Getting Additional Help
+## Get Additional Help
 
 Additional information on ways to reach out for support can be found in the [SUPPORT.md](https://github.com/Azure/azure-sdk-for-net/blob/main/SUPPORT.md) at the root of the repo.
\ No newline at end of file

From f4ad1cc95ac8da2dc10c9f7dd620ab455abef4c6 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Tue, 1 Mar 2022 10:09:12 -0800
Subject: [PATCH 21/23] add permission issues section

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index c6b957824b37..35eacd10551a 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -6,6 +6,7 @@ This troubleshooting guide covers failure investigation techniques, common error
 - [Handle Azure Identity Exceptions](#handle-azure-identity-exceptions)
   - [AuthenticationFailedException](#authenticationfailedexception)
   - [CredentialUnavailableException](#credentialunavailableexception)
+  - [Permission Issues](#permission-issues)
 - [Find Relevant Information in Exception Messages](#find-relevant-information-in-exception-messages)
 - [Enable and Configure Logging](#enable-and-configure-logging)
 - [Troubleshoot DefaultAzureCredential Authentication Issues](#troubleshoot-defaultazurecredential-authentication-issues)
@@ -49,6 +50,10 @@ catch (AuthenticationFailedException e)
 
 The `CredentialUnavailableExcpetion` is a special exception type derived from `AuthenticationFailedException`. This exception type is used to indicate that the credential can’t authenticate in the current environment, due to lack of required configuration or setup. This exception is also used as a signal to chained credential types, such as `DefaultAzureCredential` and `ChainedTokenCredential`, that the chained credential should continue to try other credential types later in the chain.
 
+### Permission Issues
+
+Calls to service clients resulting in `RequestFailedException` with a `StatusCode` of 401 or 403 often indicate the caller doesn't have sufficient permissions for the specified API. Check the service documentation to determine which RBAC roles are needed for the specific request, and ensure the authenticated user or service principal have been granted the appropriate roles on the resource.
+
 ## Find Relevant Information in Exception Messages
 
 `AuthenticationFailedException` is thrown when unexpected errors occurred while a credential is authenticating. This can include errors received from requests to the AAD STS and often contains information helpful to diagnosis. Consider the following `AuthenticationFailedException` message.

From 27883814737c00f5681163a85f15698ca6f38d44 Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Tue, 1 Mar 2022 14:30:46 -0800
Subject: [PATCH 22/23] fb

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 35eacd10551a..42ee4a02d59b 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -120,6 +120,7 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 `AuthenticationFailedException`
   | Error Code | Description | Mitigation |
   |---|---|---|
+  |AADSTS700027|Client assertion contains an invalid signature.|Ensure the specified certificate has been uploaded to the AAD application registration. Instructions for uploading certificates to the application registration can be found [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-1-upload-a-certificate).|
   |AADSTS700016|The specified application wasn’t found in the specified tenant.| Ensure the specified `clientId` and `tenantId` are correct for your application registration. For multi-tenant apps, ensure the application has been added to the desired tenant by a tenant admin. To add a new application in the desired tenant, follow the instructions [here](https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal).
 
 
@@ -128,7 +129,7 @@ DefaultAzureCredentialOptions options = new DefaultAzureCredentialOptions()
 | Error Code | Issue | Mitigation |
 |---|---|---|
 |AADSTS50126|The provided username or password is invalid|Ensure the `username` and `password` provided when constructing the credential are valid.|
-||||
+
 ## Troubleshoot `ManagedIdentityCredential` Authentication Issues
 
 The `ManagedIdentityCredential` is designed to work on a variety of Azure hosts that provide managed identity. Configuring the managed identity and troubleshooting failures varies from hosts. The below table lists the Azure hosts that can be assigned a managed identity, and are supported by the `ManagedIdentityCredential`.

From fcc5f7031da710767eac9fee4086abd4c5f1d89e Mon Sep 17 00:00:00 2001
From: Scott Schaab <sschaab@microsoft.com>
Date: Tue, 1 Mar 2022 15:41:25 -0800
Subject: [PATCH 23/23] make image link absolute

---
 sdk/identity/Azure.Identity/TROUBLESHOOTING.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
index 42ee4a02d59b..6e5f400eec2b 100644
--- a/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
+++ b/sdk/identity/Azure.Identity/TROUBLESHOOTING.md
@@ -58,7 +58,7 @@ Calls to service clients resulting in `RequestFailedException` with a `StatusCod
 
 `AuthenticationFailedException` is thrown when unexpected errors occurred while a credential is authenticating. This can include errors received from requests to the AAD STS and often contains information helpful to diagnosis. Consider the following `AuthenticationFailedException` message.
 
-![AuthenticationFailedException Message Example](./images/AuthFailedErrorMessageExample.png)
+![AuthenticationFailedException Message Example](https://raw.githubusercontent.com/Azure/azure-sdk-for-net/main/sdk/identity/Azure.Identity/images/AuthFailedErrorMessageExample.png)
 
 This error contains several pieces of information: