DonatShell
Server IP : 180.180.241.3  /  Your IP : 216.73.216.252
Web Server : Microsoft-IIS/7.5
System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586
User : IUSR ( 0)
PHP Version : 5.3.28
Disable Function : NONE
MySQL : ON  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /Windows/Help/Windows/en-US/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME SHELL ]     

Current File : /Windows/Help/Windows/en-US/ocsp.h1s
MZ@PEL!@0iA@.rsrc@@.its @@0	HX||4VS_VERSION_INFOStringFileInfo040904b0b!FileVersion1.00.00                         l"FileDescriptionCompiled Microsoft Help 2.0 TitleBFileStampB6E338F301CA041F4JCompilerVersion2.5.71210.08579VCompileDate2009-07-14T01:09:19      >TopicCount70000000000000ALegalCopyright 2005 Microsoft Corporation. All rights reserved.CCCCCCCCCCCCCDVarFileInfo$Translation	tiF8ITOLITLS(X쌡^
V`   x NCAOLPHHC ITSF #,9	-Y쌡^
VY쌡^
VIFCMAOLLNIFCM AOLLJ//$FXFtiAttribute//$FXFtiAttribute/BTREE=/$FXFtiAttribute/DATA/$FXFtiAttribute/PROPERTYUN/$FXFtiMain//$FXFtiMain/BTREEe/$FXFtiMain/DATA}r/$FXFtiMain/PROPERTYoN/$Index/$ATTRNAMESp/$Index/$PROPBAGa/$Index/$STRINGSS\/$Index/$SYSTEM/2
/$Index/$TOC//$Index/$TOC/$ocspZ/$Index/$TOPICATTR#0/$Index/$TOPICS?p/$Index/$URLSTR/`/$Index/$URLTBL0/$Index/$VTAIDXC/$Index/AssetId//$Index/AssetId/$BL0K/$Index/AssetId/$LEAF_COUNTSK/$Index/AssetId/$LEAVESS	/$OBJINSTZ/assets/0/assets/076ea64b-625f-49c5-99c7-bd56526b2954.xmltr0/assets/08866e6b-fa9e-44c9-9a15-4ea6d156bf85.xmlfE0/assets/16d5bc20-c781-481a-9dc4-36b7a706f651.xml+0/assets/1e4b6432-977c-4e21-a245-5ce30ae80cc4.xmlCQ0/assets/1eb5a9e3-de04-44a0-8972-bc744ca43320.xmlw0/assets/20de243e-bbff-4364-b9e6-6647ce8832ca.xml;0/assets/2979e21a-28f0-4e84-b978-e52514a86f90.xmlFI0/assets/2c78c461-1d3f-40f4-b435-1d87f03c299a.xml'0/assets/2f8eda99-cfc2-4065-a69f-34f8d46a02c2.xml6l0/assets/3d31dd67-df01-4e8e-809e-22e5bd0a4a32.xml"R0/assets/3e9ef5f6-355b-4a95-a7b8-fb498355674d.xmlt0/assets/4aaea26c-e132-4c04-9849-e5106f93d042.xmlv&0/assets/4e8b3e8f-0fab-4bd5-8f35-016650d37d1b.xmly0/assets/5f0ade5e-30e9-4517-a196-37598d609a85.xml60/assets/6de0bf42-5ccb-4ead-bf09-657a2b3627f8.xmlKL0/assets/74abcd5f-c2c7-474b-b154-8cfe285a1754.xmlz0/assets/82ad05ce-4f9f-4cb0-889b-b0e21bb4766c.xml]0/assets/8aadcbf3-9146-4b0e-897e-f41de6520157.xmln\0/assets/8b0d6773-0c22-46d1-8ebd-22bf489ac671.xmlJg0/assets/8d3dcbf1-d83e-4be6-866a-a1e9449b3adc.xml1>0/assets/8f3e2ed9-d1a3-4538-9d52-9103b6556396.xmlo
0/assets/910c18a2-6b51-4bc5-8f02-9ff32ffc3087.xml|0/assets/925ac0ac-cd91-436d-ad52-9b6e19f36e7e.xmlr0/assets/a793d37c-717c-4b41-ab67-87bf559f4d80.xmlu0/assets/ab84268d-9e10-4f7f-afd1-333a96739de8.xml\0/assets/b1cb8a2b-db02-4713-803e-50dfae5df354.xml_10/assets/b3d53f51-56f6-4031-8aad-ebdc4c71cb56.xmlq0/assets/bb63e84f-9313-4b54-b3f2-5a3c8490f250.xml"0/assets/c651f8cf-5c84-42c0-9a61-37e0000e6989.xml#50/assets/c6fde0cd-3964-42ef-b3af-de1ef683f534.xmlX0/assets/cba53c53-a842-42b1-8de4-7235e0b3c5fc.xmlde0/assets/ce0c522b-93f8-4965-badf-189a9a926e9f.xmlI-0/assets/da078730-9d61-41b6-830e-b8b8b7554c12.xmlv<0/assets/e1a86a0c-3d78-4bb6-bafc-aa13109f8437.xml2b0/assets/e8c88a49-84e8-48a8-a303-9aab2e68a1db.xml0/assets/f5299379-e3ca-49b0-97fa-7e7e67ddfa61.xml%{	/ocsp.h1c a	/ocsp.H1F&	/ocsp.H1T	/ocsp.H1V'r/ocsp_AssetId.H1Kk/ocsp_BestBet.H1K
k/ocsp_LinkTerm.H1Kul/ocsp_SubjectTerm.H1Kao::DataSpace/NameList<(::DataSpace/Storage/MSCompressed/ContentP,::DataSpace/Storage/MSCompressed/ControlDataT )::DataSpace/Storage/MSCompressed/SpanInfoL/::DataSpace/Storage/MSCompressed/Transform/List<_::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/i::DataSpace/Storage/MSCompressed/Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/InstanceData/ResetTablehX3::Transform/{8CEC5846-07A1-11D9-B15E-000D56BFE6EE}/}
3
	n[H5"?OpNUncompressedMSCompressedFX쌡^
VcLZXCHH<maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Remove a Member from an Array</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>At times you may need to delete a member from an Array if the Array is no longer needed, has become corrupted, has been compromised, or is otherwise being reconfigured.</maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on all of the Online Responders in the Array to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To remove a member from an Array</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Array Configuration</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the Array member that you want to delete. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Action</maml:ui> menu or in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Delete Array Member</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If the Array member that you want to delete is the Array controller, you must first designate a new Array controller for the Array before removing the former Array controller. For more information, see <maml:navigationLink><maml:linkText>Designate a Controller for the Array</maml:linkText><maml:uri href="mshelp://windows/?id=6de0bf42-5ccb-4ead-bf09-657a2b3627f8"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Manage Online Responder Security</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>There are three access control entries (ACEs) that can be used to control administrative access to an Online Responder; each can be set to <maml:ui>Allow</maml:ui> or<maml:ui> Deny</maml:ui>:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Read</maml:ui>.  Defines who can use the Online Responder snap-in to view information about the Online Responder.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Manage Online Responder</maml:ui>. Defines who can use the Online Responder snap-in to modify the configuration of the Online Responder. These permissions should be granted very selectively.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Proxy Requests</maml:ui>. Enables an Online Responder Web proxy to submit requests for certificate status to the Online Responder service. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To modify Online Responder security settings</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in, right-click the Online Responder that you want to manage, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Security </maml:ui>tab. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Add the user or group that you want to set permissions for, and then select the <maml:ui>Allow </maml:ui>or <maml:ui>Deny</maml:ui> check boxes for each ACE. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ab84268d-9e10-4f7f-afd1-333a96739de8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Revocation Configuration Changes</maml:linkText><maml:uri href="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Revocation Data by Using Local CRLs</maml:linkText><maml:uri href="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Delete a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ce0c522b-93f8-4965-badf-189a9a926e9f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Manage Revocation Data by Using Local CRLs</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Ideally, certificate revocation data is managed in a central location and immediately made available to all potential users. But this is not always possible in complex network environments. </maml:para>

<maml:para>Organizations that use Online Responders, however, can create a local certificate revocation list (CRL) to manage certificate revocation data locally during intervals when the Online Responder is unable to obtain updated revocation data from a certification authority (CA) or other Online Responder. The next time a connection is established, you can replicate local CRL data back to the CA CRL and remove the local CRL. Until it is removed, the local CRL will always take precedence over the revocation status information from the revocation provider. </maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>. </maml:para>

<maml:procedure><maml:title>To modify certificate data in a local CRL</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Revocation Configuration</maml:ui>. </maml:para>

<maml:para>A list of existing revocation configurations appears in the details pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click a revocation configuration, and click <maml:ui>Local Certificate Revocation List</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Local Certificate Revocation List</maml:ui> dialog box, select the certificate whose data you want to modify.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Update</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Modify the values that you want to change. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui> twice to exit the <maml:ui>Local Certificate Revocation List</maml:ui> dialog box.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>When your local revocation data has been synchronized with the revocation data for the entire CA, you should delete all data from the local CRL.</maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a PKI, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To delete one or more certificates from a local CRL</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Revocation Configuration</maml:ui>. </maml:para>

<maml:para>A list of existing revocation configurations appears in the details pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click a revocation configuration, and click <maml:ui>Local Certificate Revocation List</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Local Certificate Revocation List</maml:ui> dialog box, select the certificate or certificates you want to remove from the local CRL.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Remove</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>OK</maml:ui> twice to exit the <maml:ui>Local Certificate Revocation List</maml:ui> dialog box.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ab84268d-9e10-4f7f-afd1-333a96739de8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Revocation Configuration Changes</maml:linkText><maml:uri href="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Online Responder Security</maml:linkText><maml:uri href="mshelp://windows/?id=08866e6b-fa9e-44c9-9a15-4ea6d156bf85"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Delete a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ce0c522b-93f8-4965-badf-189a9a926e9f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add the Online Responder Snap-in to a Console</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can use the Online Responder snap-in to monitor and manage the Online Responder service and revocation configurations on this computer or another computer. </maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To add the Online Responder snap-in to a console </maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, type <maml:computerOutputInline>mmc</maml:computerOutputInline>, and then press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>File</maml:ui> menu, click <maml:ui>Add/Remove Snap-in</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Available snap-ins</maml:ui>, double-click <maml:ui>Online Responder</maml:ui>, select the computer on which the Online Responder is installed, and then click <maml:ui>Finish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>If you have no more snap-ins to add to the console, click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To save this console, on the <maml:ui>File</maml:ui> menu, click <maml:ui>Save</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administer an Online Responder from Another Computer</maml:linkText><maml:uri href="mshelp://windows/?id=8d3dcbf1-d83e-4be6-866a-a1e9449b3adc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Setting Up Online Responder Services in a Network</maml:title><maml:introduction>
<maml:para>Setting up Online Responder services involves several interrelated steps. Several of these steps must be performed on the certification authority (CA) that will be used to issue the Online Certificate Status Protocol (OCSP) signing certificates necessary for an Online Responder to function. These steps include configuring the appropriate certificate template, enabling the certificate template, and configuring and completing certificate autoenrollment so that the computer hosting the Online Responder has the certificates needed for the Online Responder to function. </maml:para>

<maml:para>Installation and configuration of an Online Responder involves using Server Manager to install the Online Responder service, the Certificate Templates snap-in to configure and publish OCSP Response Signing certificate templates, the Certification Authority snap-in to include OCSP extensions in the certificates that it will issue and to issue OCSP Response Signing certificates, and the Online Responder snap-in to create a revocation configuration.</maml:para>

<maml:para>The following topics describe the steps needed to complete these installation and configuration steps and how to verify that the installation was successful.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Configure a CA to Support OCSP Responders</maml:linkText><maml:uri href="mshelp://windows/?id=c6fde0cd-3964-42ef-b3af-de1ef683f534"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Set Up an Online Responder</maml:linkText><maml:uri href="mshelp://windows/?id=3d31dd67-df01-4e8e-809e-22e5bd0a4a32"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Creating a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Verify an Online Responder Installation</maml:linkText><maml:uri href="mshelp://windows/?id=e8c88a49-84e8-48a8-a303-9aab2e68a1db"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Revocation Providers</maml:title><maml:introduction>
<maml:para>Online Responders in Windows Server 2008 R2 and Windows Server 2008 use the Microsoft certificate revocation list (CRL)-based revocation provider to provide certificate status. This revocation provider is the component that an Online Responder contacts to check the status of a certificate. The revocation provider is responsible for obtaining updated CRLs and determining the status of a certificate based on this CRL.</maml:para>

<maml:para>You can select one or more CRLs and delta CRLs for use with the Online Responders in your Array, and you can define how often the provider receives updated CRLs. </maml:para>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Revocation Provider Signing</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The <maml:ui>Signing</maml:ui> tab on the <maml:ui>Online Responder Properties</maml:ui> page shows the hash algorithm that is used to help verify signing operations for Online Responder responses to clients.</maml:para>

<maml:para>The following signing options can be configured:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Do not prompt for credentials for cryptographic operations</maml:ui>. If the signing key is strongly protected by an additional password, selecting this option means the Online Responder will not prompt the user for the password and will fail silently. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Do not select this option if a hardware security module (HSM) is used to protect private keys.</maml:para>
</maml:alertSet>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Automatically use renewed signing certificates</maml:ui>. Instructs the Online Responder to automatically use renewed signing certificates without asking the Online Responder administrator to manually assign them.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Enable NONCE extensions support</maml:ui>. Instructs the Online Responder to inspect and process an Online Certificate Status Protocol (OCSP) request that includes a nonce extension. If a nonce extension is included in the OCSP request and this option is selected, the Online Responder will ignore any cached OCSP response and will create a new response that includes the nonce provided in the request. If this option is disabled and a request that includes a nonce extension is received, the Online Responder will reject the request with an "unauthorized" error.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The Microsoft OCSP client does not support the nonce extension.</maml:para>
</maml:alertSet>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Use any valid OCSP signing certificate</maml:ui>. By default, the Online Responder will only use signing certificates that are issued by the same certification authority (CA) that issued the certificate being validated. This option allows modifying the default behavior and instructs the Online Responder to use any valid existing certificate that includes the OCSP Signing EKU extension.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Clients running versions of Windows earlier than Windows Vista with Service Pack 1 (SP1) do not support this option, and certificate status requests from these clients will fail if this option is selected.</maml:para>
</maml:alertSet>
</maml:listItem>
</maml:list>

<maml:para>The following Online Responder identifier options can be used to select whether to include the key hash or the subject of the signing certificate in the response:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:ui>Key hash of the signing certificate</maml:ui>.  Some cryptographic service providers (CSPs) require the key hash of the signing certificate in order to access private keys.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Subject of the signing certificate</maml:ui>.  Some CSPs require the subject of the signing certificate in order to access private keys.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Creating a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing Online Responders</maml:title><maml:introduction>
<maml:para>Procedures are available to complete the following basic Online Responder management tasks:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add the Online Responder Snap-in to a Console</maml:linkText><maml:uri href="mshelp://windows/?id=1e4b6432-977c-4e21-a245-5ce30ae80cc4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Online Responder Operations</maml:linkText><maml:uri href="mshelp://windows/?id=a793d37c-717c-4b41-ab67-87bf559f4d80"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Administer an Online Responder from Another Computer</maml:linkText><maml:uri href="mshelp://windows/?id=8d3dcbf1-d83e-4be6-866a-a1e9449b3adc"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Modify the Online Responder Web Proxy</maml:linkText><maml:uri href="mshelp://windows/?id=74abcd5f-c2c7-474b-b154-8cfe285a1754"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add OCSP Locations to Issued Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=b3d53f51-56f6-4031-8aad-ebdc4c71cb56"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Renew OCSP Response Signing Certificates with an Existing Key</maml:linkText><maml:uri href="mshelp://windows/?id=82ad05ce-4f9f-4cb0-889b-b0e21bb4766c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Troubleshoot Online Responders</maml:title><maml:introduction>
<maml:para>This section lists a few common issues you may encounter when using the Online Responder snap-in or working with Online Responder Arrays. For more information about troubleshooting and resolving problems with Online Responders, see Active Directory Certificate Services Troubleshooting (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=89215</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=89215"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>What problem are you having?</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>The Online Responder service did not start</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_1"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>The Online Responder's signing certificate could not be located</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>An attempt to create a revocation configuration failed</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_7"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>The signing certificate for the Online Responder configuration will expire soon</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_3"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>The signing certificate for the revocation configuration has expired</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_4"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>An Online Responder revocation configuration cannot be loaded</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_5"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>The Online Responder service could not retrieve a CRL for the specified revocation configuration</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2#BKMK_6"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section address="BKMK_1">
<maml:title>The Online Responder service did not start.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause</maml:phrase>: The Online Responder service can fail to start because of corrupted registry information or insufficient system resources. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution</maml:phrase>: Try to restart the Online Responder service from the Services snap-in (Services.msc). If the Online Responder service fails to start, check the event log for other errors that may be related to this failure. If not enough system resources are available to start the Online Responder service, try to restart the computer or free system resources. If the registry information is corrupted, you must use Server Manager to uninstall and reinstall the Online Responder service. </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_2">
<maml:title>The Online Responder's signing certificate could not be located.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause</maml:phrase>: The OCSP Response Signing certificate is not present in either the Personal certificate store for the computer account or, if the signing certificate should have been issued by using autoenrollment, autoenrollment was not completed. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution</maml:phrase>: If an OCSP Response Signing certificate is not present in the Personal certificate store for the local computer, and the revocation is configured for manual OCSP Response Signing certificate enrollment or auto-discovery, you should enroll for a certificate manually. For configurations in which the Online Responder service enrolls for its certificate, manual enrollment will not work and you need to identify the reason that autoenrollment did not work. Possible reasons include: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The computer on which the Online Responder service is running cannot connect to a certification authority (CA) that has been configured to issue certificates based on the OCSP Response Signing template.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The Online Responder does not have Read, Enroll, and, if autoenrollment is being used, Autoenroll permissions on the OCSP Response Signing template.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_7">
<maml:title>An attempt to create a revocation configuration failed.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause:</maml:phrase> An attempt to create a revocation configuration failed with the message "Bad signing certificate on Array Controller." </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution:</maml:phrase> Verify that the OCSP Response Signing certificate template has been correctly configured. Otherwise, configure the certificate template to allow manual enrollment for these signing certificates.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_3">
<maml:title>The signing certificate for the Online Responder configuration will expire soon.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause</maml:phrase>: When autoenrollment is not being used, a reminder to renew an expiring certificate is generated automatically when a certificate has a configured percentage of its lifetime left (by default, this is 10 percent of its total validity period). You can check the time remaining on the current signing certificate by using the Certificates snap-in to examine the OCSP Response Signing certificate in the Personal certificate store of the computer or the Online Responder service. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution</maml:phrase>: If the OCSP Response Signing certificate template has been configured for automatic enrollment and renewal, further action may not be needed. For manual configurations, you can renew the signing certificate by using the Certificates snap-in and the Certificate Renewal Wizard.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_4">
<maml:title>The signing certificate for the revocation configuration has expired.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause</maml:phrase>: Automatic renewal of the signing certificate failed, or manual certificate renewal was not completed before the expiration date. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution</maml:phrase>: For configurations in which the Online Responder service enrolls for its certificate, manual enrollment will not work and you need to identify the reason that autoenrollment did not work. Possible reasons include: </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The computer on which the Online Responder service is running cannot connect to a CA that has been configured to issue certificates based on the OCSP Response Signing template. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The Online Responder does not have Read, Enroll, and Autoenroll permissions on the OCSP Response Signing template.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>A CA administrator should use the Certification Authority and Certificate Templates snap-ins to verify the availability and configuration of the OCSP Response Signing template before autoenrollment can be tried again.</maml:para>

<maml:para>If the revocation configuration is set up for manual enrollment of the OCSP Response Signing certificate, locate the signing certificate within the Online Responder computer's local computer Personal certificate store. </maml:para>

<maml:para>For manual configurations, you can renew the signing certificate by using the Certificates snap-in and the Certificate Renewal Wizard.</maml:para>

<maml:para>It is also possible that the OCSP Response Signing certificate could not be renewed because the CA key that was used to sign the original OCSP Response Signing certificate has been renewed and is no longer available. To overcome this problem, you must allow the OCSP Response Signing certificate to be renewed with an existing key. For more information, see <maml:navigationLink><maml:linkText>Renew OCSP Response Signing Certificates with an Existing Key</maml:linkText><maml:uri href="mshelp://windows/?id=82ad05ce-4f9f-4cb0-889b-b0e21bb4766c"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_5">
<maml:title>An Online Responder revocation configuration cannot be loaded.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause</maml:phrase>: The revocation configuration has become corrupted.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution</maml:phrase>: Use the Online Responder snap-in to delete and re-create the revocation configuration. If this problem occurred on an Array member, you can delete the corrupted configuration from the Array member and then synchronize the Array to re-create the revocation configuration. If you are encountering this problem on an Array controller, temporarily set another computer as the Array controller, synchronize the Array, and then reset the original computer to be the Array controller.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section address="BKMK_6">
<maml:title>The Online Responder service could not retrieve a CRL for the specified revocation configuration.</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Cause</maml:phrase>: Certificate revocation list (CRL) publication failed, CRL distribution points are invalid, or the Online Responder service could not access the published CRL.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Solution</maml:phrase>: To identify and address CRL retrieval problems for an Online Responder:</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Use the Online Responder snap-in to verify that the URLs configured for base and delta CRL distribution points are valid. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Use the Certification Authority snap-in to verify the URLs to which the CA will publish base and delta CRLs. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>On the computer to which the base CRL is published, examine the <maml:ui>Freshest CRL</maml:ui> extension for the base CRL. Verify that this identifies a location where the delta CRL can be found.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Republish the current CRL, if necessary, by typing the following command at a command prompt: <maml:codeInline>certutil -crl</maml:codeInline></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Then, verify that Online Responder service can access the CRL. From the Online Responder snap-in, right-click <maml:ui>Array Configuration</maml:ui>, and click <maml:ui>Refresh Revocation Data</maml:ui>.</maml:para>
</maml:listItem>
</maml:list>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Set Up an Online Responder</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>An Online Responder can be installed on any computer running Windows Server 2008 R2 Enterprise, Windows Server 2008 R2 Datacenter, Windows Server 2008 Enterprise, or Windows Server 2008 Datacenter. The certificate revocation data can come from a certification authority (CA) on a computer running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or from a non-Microsoft CA.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Internet Information Services (IIS) must also be installed on this computer before the Online Responder can be installed.</maml:para>
</maml:alertSet>

<maml:para>The following procedure can be used if none of the Active Directory Certificate Services (AD CS) role services (such as a CA) have been installed on this computer. </maml:para>

<maml:para>Membership in local<maml:phrase> Administrators</maml:phrase>, or equivalent, is the minimum required to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To install the Online Responder service</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, point to <maml:ui>Administrative Tools</maml:ui>, and then click <maml:ui>Server Manager</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Manage Roles</maml:ui>. Under <maml:ui>Active Directory Certificate Services, </maml:ui>click <maml:ui>Add role services</maml:ui>. If a different AD CS role service has already been installed on this computer, select the <maml:ui>Active Directory Certificate Services</maml:ui> check box in the <maml:ui>Role Summary</maml:ui> pane, and then click <maml:ui>Add role services</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Select Role Services</maml:ui> page, select the <maml:ui>Online Certificate Status Protocol </maml:ui>check box.</maml:para>

<maml:para>A message appears explaining that IIS and Windows Activation Service (WAS) must also be installed to support OCSP. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Add required role services</maml:ui>, and then click <maml:ui>Next</maml:ui> three times.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Confirm Installation Options </maml:ui>page, click <maml:ui>Install</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When the installation is complete, review the status page to verify that the installation was successful.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Before an Online Responder can be used, you must also create a revocation configuration. See <maml:navigationLink><maml:linkText>Creating a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
<maml:listItem><maml:para>By default, IIS 7.0 request filtering blocks the plus sign (+), which is used in the URL of delta CRLs. To allow delta CRL retrieval, modify the IIS configuration by setting <maml:computerOutputInline>allowDoubleEscaping=true</maml:computerOutputInline> on the <maml:computerOutputInline>requestFiltering</maml:computerOutputInline> element in the <maml:computerOutputInline>system.web</maml:computerOutputInline> section of IIS configuration. For more information about IIS 7.0 request filter configuration, see IIS 7.0: Configure Request Filters in IIS 7.0
(<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136512</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136512"></maml:uri></maml:navigationLink>.)</maml:para><maml:alertSet class="security"><maml:title>Security Note </maml:title><maml:para>Allowing certain characters to pass through the request filter can result in a reduced security level, which might be unacceptable in some environments. For an explanation of this type of threat, see chapter 12 of <maml:foreignPhrase>Writing Secure Code</maml:foreignPhrase> (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkId=136514</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkId=136514"></maml:uri></maml:navigationLink>).</maml:para></maml:alertSet></maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting Up Online Responder Services in a Network</maml:linkText><maml:uri href="mshelp://windows/?id=1eb5a9e3-de04-44a0-8972-bc744ca43320"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>What Is an Online Responder?</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>An Online Responder is a trusted server that receives and responds to individual client requests for information about the status of a certificate. </maml:para>

<maml:para>The use of Online Responders is one of two common methods for conveying information about the validity of certificates. Unlike certificate revocation lists (CRLs), which are distributed periodically and contain information about all certificates that have been revoked or suspended, an Online Responder receives and responds only to individual requests from clients for information about the status of a certificate. The amount of data retrieved per request remains constant no matter how many revoked certificates there might be. </maml:para>

<maml:para>In many circumstances, Online Responders can process certificate status requests more efficiently than by using CRLs. For example:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Clients who connect to the network remotely and either do not need nor have the high-speed connections required to download large CRLs.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>A network needs to handle large peaks in revocation checking activity, such as when large numbers of users log on or send signed e-mail simultaneously.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>An organization needs an efficient means to distribute revocation data for certificates issued from a non-Microsoft certification authority (CA).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>An organization wants to provide only the revocation checking data needed to verify individual certificate status requests, rather than make available information about all revoked or suspended certificates.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Components of an Online Responder</maml:linkText><maml:uri href="mshelp://windows/?id=da078730-9d61-41b6-830e-b8b8b7554c12"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>How Online Responders Work</maml:linkText><maml:uri href="mshelp://windows/?id=8f3e2ed9-d1a3-4538-9d52-9103b6556396"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Revocation Configuration CA Certificates</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Use the following criteria to select the revocation configuration certificate:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>If the certification authority (CA) certificate has been published to Active Directory Domain Services (AD DS) and the computer you are configuring has access to this information in AD DS, click<maml:ui> Select a certificate for an existing enterprise CA</maml:ui>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If AD DS cannot be accessed and you know the name of the CA certificate and that it exists in the local root certificate store, click<maml:ui> Select a certificate from the local certificate store</maml:ui>.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>This option is not available if the Online Responder is not on the same computer as the Online Responder snap-in.</maml:para>
</maml:alertSet>
</maml:listItem>

<maml:listItem>
<maml:para>If AD DS cannot be accessed and the CA certificate (with a .cer extension) is available on removable media, click<maml:ui> Import certificate from a file</maml:ui>. </maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Creating a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Online Responder</maml:title><maml:introduction>
<maml:para>The Microsoft Online Responder service makes it possible to configure and manage Online Certificate Status Protocol (OCSP) validation and revocation checking in Windows-based networks. The Online Responder snap-in allows you to configure and manage revocation configurations and Online Responder Arrays to support public key infrastructure (PKI) clients in diverse environments.</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What Is an Online Responder?</maml:linkText><maml:uri href="mshelp://windows/?id=3e9ef5f6-355b-4a95-a7b8-fb498355674d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting Up Online Responder Services in a Network</maml:linkText><maml:uri href="mshelp://windows/?id=1eb5a9e3-de04-44a0-8972-bc744ca43320"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ab84268d-9e10-4f7f-afd1-333a96739de8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshoot Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add Array Members</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When you create an Online Responder, it does not automatically become a member of an Array. Each Online Responder needs to be added to the Array manually.</maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on all of the Online Responders that you want to add to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To add members to an Array</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Array Configuration Members</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions </maml:ui>pane, click<maml:ui> Add Array Members</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the name and network path of the computer hosting the Online Responder you want to add to the Array, or click <maml:ui>Browse</maml:ui> to navigate to the Online Responder, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Repeat this procedure for each member that you want to add to the Array.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Designate a Controller for the Array</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When an Array contains multiple Online Responders, one Online Responder in the Array must be designated as the Array controller. Configuration settings on the Array controller override conflicting settings on other Online Responders in an Array. </maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on all of the Online Responders in the Array to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To designate an Array controller</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Array Configuration Members</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the Online Responder that you want to designate as the Array controller.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Set as Array Controller</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>After the new Array controller has been selected, the revocation configuration data from this Online Responder is retrieved and compared against the configuration data for the other Online Responders that are Array members.</maml:para>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Modify the Online Responder Web Proxy</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The Online Responder Web proxy cache represents the service interface for the Online Responder. It is implemented as an Internet Server Application Programming Interface (ISAPI) extension hosted by Internet Information Services (IIS), and it performs the following operations:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Request decoding</maml:phrase>. After a request is received by the Online Responder Web proxy, the decoder component will try to decode the request and extract the certificate serial number to be validated.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Response caching</maml:phrase>. After a request is received and a certificate serial number is extracted, the Online Responder Web proxy will check the local cache for a valid response. The cache item validity period is set by default to the certificate revocation list (CRL) validity period from which the response was generated.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>You can modify the following Web proxy–related settings for an Online Responder:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Web proxy threads</maml:phrase>. This setting refers to the number of threads that will be allocated by the Online Responder ISAPI extension for handling requests. Increasing the number of threads will use more of the server's memory and reducing the number of threads will reduce the number of clients that can be served concurrently. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Cache entries allowed</maml:phrase>. The cache is implemented as part of the Online Responder's ISAPI extension and is an in-memory cache only. The recommended cache size is between 1,000 and 10,000 entries. The minimum cache entries allowed is five. A small cache size will cause more cache faults and will result in a higher load on the Online Responder service for lookup and signing operations; a large cache size will increase the Online Responder's memory usage. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To modify the Online Responder Web proxy</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in, and select the Online Responder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Responder Properties</maml:ui> on the <maml:ui>Action</maml:ui> menu, or click <maml:ui>Responder Properties</maml:ui> in the <maml:ui>Action</maml:ui> pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Web Proxy</maml:ui> tab, modify the Web proxy options that you want to change, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Renew OCSP Response Signing Certificates with an Existing Key</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Online Certificate Status Protocol (OCSP) Response Signing certificates need to be signed by the same certification authority (CA) key that was used to sign the end-entity certificates that they provide status for. </maml:para>

<maml:para>After a CA key is renewed, the CA will be using the new key to sign newly issued certificates. In the period between the time a CA certificate is renewed and the expiration date of the original CA certificate, the CA cannot issue or renew OCSP Response Signing certificates, which may prevent an Online Responder from signing OCSP responses. </maml:para>

<maml:para>To overcome this issue, Windows Server 2008 R2–based CAs and Windows Server 2008–based CAs can be configured to modify the default behavior and allow OCSP Response Signing certificates to be issued by using a renewed CA key.</maml:para>

<maml:para>You must be an administrator on the server hosting the CA to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To allow OCSP Response Signing certificates to be renewed by using existing CA keys</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the CA computer, open a command prompt, and type: </maml:para>

<maml:para><maml:codeInline>certutil -setreg ca\UseDefinedCACertInRequest 1 </maml:codeInline></maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Restart the CA service.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Synchronize Members with an Array Configuration</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>All Online Responders in an Array must use the same configuration data. The configuration data for an Array is defined on an Array controller. You must synchronize members of the Array with the Array controller to ensure that all members of the Array have the same configuration as the Array controller. </maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on all of the Online Responders in the Array to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To synchronize members with an Array controller</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Array Configuration Members</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Synchronize Responder Configuration</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Checklist: Create an Online Responder Array</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>After the Online Responder Array has been planned, setting up the Array involves a number of procedures that must be completed in succession. </maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Task</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Reference</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Configure a certification authority (CA) to support Online Responders.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Configure a CA to Support OCSP Responders</maml:linkText><maml:uri href="mshelp://windows/?id=c6fde0cd-3964-42ef-b3af-de1ef683f534"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Set up Online Responders that you intend to add to the Array.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Set Up an Online Responder</maml:linkText><maml:uri href="mshelp://windows/?id=3d31dd67-df01-4e8e-809e-22e5bd0a4a32"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Add Online Responders to the Array.</maml:para>
</maml:entry>
<maml:entry>
<maml:para><maml:navigationLink><maml:linkText>Add Array Members</maml:linkText><maml:uri href="mshelp://windows/?id=5f0ade5e-30e9-4517-a196-37598d609a85"></maml:uri></maml:navigationLink></maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Administer an Online Responder from Another Computer</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>One advantage of Online Responders is that they can be deployed to provide revocation checking services at a remote location or even outside of the local intranet. However, this would frequently require the ability to manage the Online Responder from another computer. </maml:para>

<maml:para>By default, the Online Responder snap-in is installed automatically when an Online Responder is installed on a server. The Online Responder can be installed on a different server by using Server Manager to install Active Directory Certificate Services (AD CS) tools. </maml:para>

<maml:para>Before you can enable remote administration, you must configure Online Responder–related firewall settings on the computer hosting the Online Responder.</maml:para>

<maml:para>You must be a local administrator to configure firewall settings. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To configure firewall settings to enable remote administration of an Online Responder</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open Server Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Configuration</maml:ui>, expand <maml:ui>Windows Firewall with Advanced Security</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Inbound Rules</maml:ui>, and click<maml:ui> Online Responder Service (DCOM-In)</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click<maml:ui> Enable Rule</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Online Responder Service (RPC-In)</maml:ui>, and in the <maml:ui>Action</maml:ui> pane, click <maml:ui>Enable Rule</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>To identify authorized users or computers that can access the Online Responder through each inbound Online Responder firewall rule, in the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Properties</maml:ui> for each of these rules, and then click the <maml:ui>Users and Computers</maml:ui> tab.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>You must be a local administrator on the remote computer to install the Remote Server Administration Tools. You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a PKI, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To administer a remote Online Responder</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the remote computer, open Server Manager.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Features Summary</maml:ui>, click <maml:ui>Add Features</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Expand <maml:ui>Remote Server Administration Tools</maml:ui> and <maml:ui>Role Administration Tools</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Active Directory Certificate Services</maml:ui> check box, click <maml:ui>Next</maml:ui>, and then click <maml:ui>Install</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When the installation process is finished, click <maml:ui>Close</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Start</maml:ui>, type <maml:userInput>mmc</maml:userInput>, and press ENTER.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>File</maml:ui> menu, click <maml:ui>Add/Remove Snap-in</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Online Responder</maml:ui> snap-in, click <maml:ui>Add</maml:ui>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click the Online Responder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Retarget Responder</maml:ui> to identify the Online Responder that you want to manage.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>If the computer you want to perform remote administration tasks from is running Windows Vista, you can obtain the Remote Server Administration Tools Pack from the Microsoft Download Center (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=89361</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=89361"></maml:uri></maml:navigationLink>).</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If there is a firewall between the Online Responder and the remote computer, the firewall must be configured to allow data to pass through port 80 between Internet Information Services (IIS) and the Online Responder. Similar results can be achieved by using the reverse-proxy capability of Microsoft Internet Security and Acceleration (ISA) Server. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>It may also be necessary to configure DCOM permissions to enable the Online Responders in an Array to authenticate to each other.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>

<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>How Online Responders Work</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Most applications that depend on X.509 certificates need to validate the status of the certificates used when performing authentication, signing, or encryption operations. This certificate validity and revocation check is performed on all certificates in a certificate chain, up to the root certificate. If the root certificate, or any certificate in the chain, is invalid, then the certificates below the invalid certificate in the chain are also invalid. </maml:para>

<maml:para>The validation includes the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Each certificate's signature is valid.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The current date and time are within each certificate's validity period.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>No certificate is corrupt or malformed.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>In addition, each certificate in the certificate chain is checked for its revocation status. Revocation checking can be performed by using either a certificate revocation list (CRL) or Online Certificate Status Protocol (OCSP) response.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>What is OCSP?</maml:title><maml:introduction>
<maml:para>The Microsoft Online Responder implements the OCSP protocol, which allows a recipient of a certificate to submit a certificate status request to an OCSP responder by using the Hypertext Transfer Protocol (HTTP). This OCSP responder returns a definitive, digitally signed response indicating the certificate status. The amount of data retrieved per request is constant regardless of the number of revoked certificates in the CA. </maml:para>

<maml:para>For more information, see RFC 2560, "X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP" (<maml:navigationLink><maml:linkText>http://go.microsoft.com/fwlink/?LinkID=71068</maml:linkText><maml:uri href="http://go.microsoft.com/fwlink/?LinkID=71068"></maml:uri></maml:navigationLink>).</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Online Responder</maml:title><maml:introduction>
<maml:para>The Microsoft implementation of OCSP—the Online Responder—is divided into client and server components. The client component is built into the CryptoAPI 2.0 library, while the server component is introduced as a new service provided by the Active Directory Certificate Services (AD CS) server role. The following process describes how the client and server components interact:</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>When an application attempts to verify a certificate that specifies locations to OCSP responders, the client component first searches local memory and disk caches to find a cached OCSP response that contains current revocation data.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If an acceptable cached response is not found, a request is sent to an Online Responder by using the HTTP protocol.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The Online Responder Web proxy decodes and verifies the request. If the request is valid, the Web proxy cache is checked for the revocation information needed to fill the request. If current information is not available in the cache, the request is forwarded to the Online Responder service.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The Online Responder service takes the request and checks a local CRL, if available, and a cached copy of the most recent CRL issued by the CA. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If the certificate does not appear on the local or cached revocation lists, the revocation provider obtains an updated CA CRL, if available, from the locations listed in the revocation configuration to check the status of the certificate. The provider, in turn, returns the status of the certificate to the Online Responder service.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The Web proxy then encodes and sends the response back to the client to notify the client that the certificate is valid. It also caches a copy of the response for a limited time in case there are additional status requests about this certificate.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What Is an Online Responder?</maml:linkText><maml:uri href="mshelp://windows/?id=3e9ef5f6-355b-4a95-a7b8-fb498355674d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Components of an Online Responder</maml:linkText><maml:uri href="mshelp://windows/?id=da078730-9d61-41b6-830e-b8b8b7554c12"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Creating a Revocation Configuration</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>An Online Responder can make revocation information available from multiple certification authorities (CAs) and multiple CA certificates. However, each CA and CA certificate served by an Online Responder requires a separate revocation configuration.</maml:para>

<maml:para>A revocation configuration includes all of the settings that are needed to respond to status requests regarding certificates that have been issued by using a specific CA key. These configuration settings include the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>CA certificate</maml:phrase>. This certificate can be located in Active Directory Domain Services (AD DS), in the local certificate store, or imported from a file. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Signing certificate for the Online Responder</maml:phrase>. This signing certificate can be selected automatically for you, selected manually (which involves a separate import step after you add the revocation configuration), or you can use the selected CA certificate to also serve as the signing certificate.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Revocation provider</maml:phrase>. The revocation provider will provide the revocation data used by this configuration. For a Windows Server 2008 R2 or Windows Server 2008 provider, this information is entered as one or more URLs where valid base CRLs and delta CRLs can be obtained. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>Before you begin to add a new revocation configuration, make sure you have the information in the preceding list available.</maml:para>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on all of the Online Responders in the Array to complete this procedure. For more information about administering a public key infrastructure, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>. </maml:para>

<maml:procedure><maml:title>To add a revocation configuration to an Online Responder</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Revocation Configuration</maml:ui>. </maml:para>

<maml:para>A list of existing revocation configurations appears in the details pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Actions</maml:ui> pane, click <maml:ui>Add Revocation Configuration </maml:ui>to start the Add Revocation Configuration Wizard.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Provide the information requested in the wizard. </maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>For information about the <maml:ui>Select CA Certificate Location</maml:ui> page, see <maml:navigationLink><maml:linkText>Revocation Configuration CA Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=4aaea26c-e132-4c04-9849-e5106f93d042"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>For information about the <maml:ui>Select Signing Certificate</maml:ui> page, see <maml:navigationLink><maml:linkText>Revocation Configuration Signing Certificates</maml:linkText><maml:uri href="mshelp://windows/?id=bb63e84f-9313-4b54-b3f2-5a3c8490f250"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>When all the information has been entered, click <maml:ui>Finish</maml:ui>, and then click<maml:ui> Yes</maml:ui> to complete the setup process. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>You can modify the properties of an existing revocation configuration, view its CA certificate, or delete the revocation configuration, by selecting the revocation configuration and clicking <maml:ui>Edit Properties</maml:ui> in the <maml:ui>Actions</maml:ui> pane.</maml:para>

<maml:para>The following properties of a revocation configuration can be modified:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Local CRL.</maml:phrase> For more information, see <maml:navigationLink><maml:linkText>Manage Revocation Data by Using Local CRLs</maml:linkText><maml:uri href="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Revocation provider.</maml:phrase> For more information, see <maml:navigationLink><maml:linkText>Revocation Provider Properties</maml:linkText><maml:uri href="mshelp://windows/?id=cba53c53-a842-42b1-8de4-7235e0b3c5fc"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Signing.</maml:phrase> For more information, see <maml:navigationLink><maml:linkText>Revocation Provider Signing</maml:linkText><maml:uri href="mshelp://windows/?id=2979e21a-28f0-4e84-b978-e52514a86f90"></maml:uri></maml:navigationLink>.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting Up Online Responder Services in a Network</maml:linkText><maml:uri href="mshelp://windows/?id=1eb5a9e3-de04-44a0-8972-bc744ca43320"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing an Online Responder Array</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>When multiple Online Responders are used, they need to be organized into a logical framework called an Online Responder Array. Because Online Responders are designed to respond to individual certificate status requests, an Online Responder Array helps distribute status requests among multiple, geographically dispersed Online Responders. </maml:para>

<maml:para>One Online Responder in the Array must be designated as the Array controller. The configuration information for the Array controller determines the configuration options on other members of the Array.</maml:para>

<maml:para>Setting up an Array requires advance planning based on the following:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The number and location of the certification authorities (CAs) being supported by the Array.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The number of clients who will request certificates from the CAs and their locations.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The network connectivity between clients, CAs, and potential Online Responders.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The volume of certificate enrollments, certificate revocations, and certificate status requests that the organization's public key infrastructure (PKI) handles.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The need for redundancy in case individual Online Responders become unavailable.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Checklist: Create an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=8b0d6773-0c22-46d1-8ebd-22bf489ac671"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Add Array Members</maml:linkText><maml:uri href="mshelp://windows/?id=5f0ade5e-30e9-4517-a196-37598d609a85"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Designate a Controller for the Array</maml:linkText><maml:uri href="mshelp://windows/?id=6de0bf42-5ccb-4ead-bf09-657a2b3627f8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Synchronize Members with an Array Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=8aadcbf3-9146-4b0e-897e-f41de6520157"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Assess Array Member Status</maml:linkText><maml:uri href="mshelp://windows/?id=f5299379-e3ca-49b0-97fa-7e7e67ddfa61"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Remove a Member from an Array</maml:linkText><maml:uri href="mshelp://windows/?id=076ea64b-625f-49c5-99c7-bd56526b2954"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Audit Online Responder Operations</maml:title><maml:introduction>
<maml:para>You can monitor the operations of an Online Responder by logging events to the Windows security event log. The Online Responder allows the configuration of the following audit events:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Start/Stop the Online Responder Service</maml:phrase>. Every Start/Stop event of the Online Responder service will be logged.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Changes to the Online Responder configuration. </maml:phrase>All Online Responder configuration changes, including audit settings changes, will be logged.<maml:phrase> </maml:phrase></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Changes to the Online Responder security settings.</maml:phrase> All changes to the Online Responder service request and management interfaces access control list (ACL) will be logged.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Requests submitted to the Online Responder</maml:phrase>. All requests processed by the Online Responder service will be logged. This option can create a high load on the service and should be evaluated on an individual basis. Note that only requests that require a signing operation by the Online Responder will generate and audit events; requests for previously cached responses will not be logged.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To enable auditing of Online Responder operations</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in, and select the Online Responder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Responder Properties</maml:ui> on the <maml:ui>Action</maml:ui> menu, or click <maml:ui>Responder Properties</maml:ui> in the <maml:ui>Action</maml:ui> pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Audit</maml:ui> tab, select the Online Responder audit options that you want to have logged, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Audit events will be logged to the Windows security log only if the <maml:ui>Audit object access</maml:ui> policy is enabled.</maml:para>

<maml:para>You must be an administrator on the server hosting the Online Responder to complete this procedure. For more information about administering a PKI, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To enable the Audit object access policy</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Local Group Policy Editor.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Computer Configuration</maml:ui>, expand <maml:ui>Windows Settings</maml:ui>, <maml:ui>Security Settings</maml:ui>, and <maml:ui>Local Policies</maml:ui>, and then click <maml:ui>Audit Policy</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Double-click the <maml:ui>Audit object access</maml:ui> policy.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Success</maml:ui> and <maml:ui>Failure</maml:ui> check boxes, and click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Revocation Configuration Changes</maml:linkText><maml:uri href="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Managing a Revocation Configuration</maml:title><maml:introduction>
<maml:para>A revocation configuration includes all of the settings that are needed to respond to certificate status requests that have been issued by using a specific certification authority (CA) key. These configuration settings include the CA certificate, the signing certificate for the Online Responder, and the type of revocation provider to use.</maml:para>

<maml:para>Procedures are available to complete the following revocation management tasks:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Revocation Configuration Changes</maml:linkText><maml:uri href="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Online Responder Security</maml:linkText><maml:uri href="mshelp://windows/?id=08866e6b-fa9e-44c9-9a15-4ea6d156bf85"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Revocation Data by Using Local CRLs</maml:linkText><maml:uri href="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Delete a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ce0c522b-93f8-4965-badf-189a9a926e9f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Audit Revocation Configuration Changes</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>You can monitor changes to revocation configurations by logging events to the Windows security event log. The Online Responder allows the configuration of the following revocation configuration–related audit events:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:phrase>Changes to the Online Responder configuration</maml:phrase>. All Online Responder configuration changes, including audit settings changes, will be logged. </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:phrase>Changes to the Online Responder security settings</maml:phrase>. All changes to the Online Responder service request and management interfaces access control list (ACL) will be logged. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To configure auditing of changes to revocation configurations</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in, and select the Online Responder.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Responder Properties</maml:ui> on the <maml:ui>Action</maml:ui> menu, or click <maml:ui>Responder Properties</maml:ui> in the <maml:ui>Action</maml:ui> pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Audit</maml:ui> tab, select the Online Responder audit options that you want to have logged, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>Audit events will be logged to the Windows security log only if the <maml:ui>Audit object access</maml:ui> policy is enabled.</maml:para>

<maml:para>You must be an administrator on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To enable the Audit object access policy</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Local Group Policy Editor.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Under <maml:ui>Computer Configuration</maml:ui>, expand <maml:ui>Windows Settings</maml:ui>, <maml:ui>Security Settings</maml:ui>, and <maml:ui>Local Policies</maml:ui>, and then click <maml:ui>Audit Policy</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Double-click the <maml:ui>Audit object access</maml:ui> policy.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Success</maml:ui> and <maml:ui>Failure</maml:ui> check boxes, and click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ab84268d-9e10-4f7f-afd1-333a96739de8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Online Responder Security</maml:linkText><maml:uri href="mshelp://windows/?id=08866e6b-fa9e-44c9-9a15-4ea6d156bf85"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Revocation Data by Using Local CRLs</maml:linkText><maml:uri href="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Delete a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ce0c522b-93f8-4965-badf-189a9a926e9f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Online Responder Operations</maml:linkText><maml:uri href="mshelp://windows/?id=a793d37c-717c-4b41-ab67-87bf559f4d80"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Add OCSP Locations to Issued Certificates</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The location of an Online Responder is specified as a URL in the authority information access extension in a certificate. When a certification authority (CA) issues a certificate, it adds the authority information access extension to the certificate; when a client needs to check the revocation status of a certificate, it will send the certificate status request to this URL.  </maml:para>

<maml:para>The <maml:ui>OCSP Properties</maml:ui> tab allows you to add Online Responder URLs to previously issued certificates that did not contain an authority information access extension. If an organization adds an Online Responder to an existing public key infrastructure (PKI), this setting allows you to use Online Certificate Status Protocol (OCSP) responses for existing certificates, eliminating the need to reissue the certificates. When you add an OCSP download location for a root or intermediate CA certificate, that location will be used to retrieve the OCSP response for all certificates issued by that particular CA.</maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The OCSP download locations added through the <maml:ui>OCSP Properties</maml:ui> tab are checked before any download locations that already exist in a certificate. If you need to add a placeholder URL, use the following address: http://localhost.</maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Revocation Configuration Signing Certificates</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The following options are available for selecting a revocation configuration signing certificate:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The default option, <maml:ui>Automatically select a signing certificate</maml:ui>, will generally meet most organization's needs. This option allows the revocation configuration setup process to identify a suitable signing certificate in the local certificate store. However, if you also enable an option to automatically enroll for a signing certificate, the Online Responder service will enroll for and use that signing certificate.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>When selecting <maml:ui>Manually select a signing certificate</maml:ui>, the Online Responder will not assign any signing certificate and the user will have to manually select a signing certificates for each of the Online Responder Array members.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:ui>Use the CA certificate for the revocation configuration</maml:ui> can be selected if the Online Responder is installed on the same computer as the certification authority (CA).</maml:para>
</maml:listItem>
</maml:list>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The default installation of Online Responder services does not allow for automatic enrollment of the Online Certificate Status Protocol (OCSP) Response Signing certificate from a hardware security module (HSM) that requires interaction from the user. If you need to use an HSM to distribute OCSP Response Signing certificates, you must modify the Online Responder service to run as Local System with interaction enabled. In addition, on the <maml:ui>Signing </maml:ui>tab of the <maml:ui>Online Responder Properties</maml:ui> page, the <maml:ui>Do not display UI for cryptographic operations </maml:ui>check box must be cleared. </maml:para>
</maml:alertSet>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Creating a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Implement Role-Based Administration</maml:title><maml:introduction>
<maml:para>You can use role-based administration to organize certification authority (CA) administrators into separate, predefined CA roles, each with its own set of tasks. Roles are assigned by using each user's security settings. You assign a role to a user by assigning that user the specific security settings that are associated with the role. A user that has one type of permission, such as Manage CA permission, can perform specific CA tasks that a user with another type of permission, such as Issue and Manage Certificates permission, cannot perform.   </maml:para>


<maml:para>The following table describes the roles, users, and groups that can be used to implement role-based administration. To assign a role to a user or group, you must assign the role's corresponding security permissions, group memberships, or user rights to the user or group. These security permissions, group memberships, and user rights are used to distinguish which users have which roles.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Roles and groups</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Security permission</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>CA administrator</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Manage CA </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Configure and maintain the CA. This is a CA role and includes the ability to assign all other CA roles and renew the CA certificate. These permissions are assigned by using the Certification Authority snap-in.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Certificate manager</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Issue and Manage Certificates </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Approve certificate enrollment and revocation requests. This is a CA role. This role is sometimes referred to as CA officer. These permissions are assigned by using the Certification Authority snap-in.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Backup operator</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Back up file and directories </maml:para>

<maml:para>Restore file and directories </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Perform system backup and recovery. Backup is an operating system feature.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Auditor</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Manage auditing and security log </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Configure, view, and maintain audit logs. Auditing is an operating system feature. Auditor is an operating system role.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Enrollees</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Read<maml:ui> </maml:ui></maml:para>

<maml:para>Enroll</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Enrollees are clients who are authorized to request certificates from a CA. This is not a CA role.</maml:para>
</maml:entry></maml:row>
</maml:table>

<maml:para>All CA roles are assigned and modified by members of local <maml:phrase>Administrators</maml:phrase>, <maml:phrase>Enterprise Admins</maml:phrase>, or <maml:phrase>Domain Admins</maml:phrase>. On enterprise CAs, local administrators, enterprise administrators, and domain administrators are CA administrators by default. Only local administrators are CA administrators by default on a stand-alone CA. If a stand-alone CA is installed on a server that is joined to an Active Directory domain, domain administrators are also CA administrators.</maml:para>

<maml:para>The CA administrator and certificate manager roles can be assigned to Active Directory users or local users in the Security Accounts Manager (SAM) of the local computer, which is the local security account database. As a best practice, you should assign roles to group accounts instead of individual user accounts.</maml:para>

<maml:para>Only CA administrator, certificate manager, auditor, and backup operator are CA roles. The other users described in the table are relevant to role-based administration and should be understood before assigning CA roles.</maml:para>

<maml:para>Only CA administrators and certificate managers are assigned by using the Certification Authority snap-in. To change the permissions of a user or group, you must change the user's security permissions, group membership, or user rights.</maml:para>

<maml:procedure><maml:title>To set CA administrator and certificate manager security permissions for a CA</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Certification Authority snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click the name of the CA.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Security</maml:ui> tab, and specify the security permissions.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction><maml:content><maml:sections><maml:section>
<maml:title>Roles and activities</maml:title><maml:introduction>
<maml:para>Each CA role has a specific list of CA administration tasks associated with it. The following table lists all the CA administration tasks along with the roles in which they are performed.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Activity</maml:para>
</maml:entry>
<maml:entry>
<maml:para>CA administrator</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Certificate manager</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Auditor</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Backup operator</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Local administrator</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Notes</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Install CAs</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure policy and exit modules</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Stop and start the Active Directory Certificate Services (AD CS) service</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure extensions</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure roles</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Renew CA keys</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Define key recovery agents</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure certificate manager restrictions</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Delete a single row in the CA database</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Delete multiple rows in the CA database (bulk deletion)</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>The user must be both a CA administrator and a certificate manager. This activity cannot be performed when role separation is enforced.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Enable role separation</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Issue and approve certificates</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Deny certificates</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Revoke certificates</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Reactivate certificates that are placed on hold</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Renew certificates</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Enable, publish, or configure certificate revocation list (CRL) schedules</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Recover archived keys</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>Only a certificate manager can retrieve the encrypted key data structure from the CA database. The private key of a valid key recovery agent is required to decrypt the key data structure and generate a PKCS #12 file.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Configure audit parameters</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>By default, the local administrator holds the <maml:phrase>system audit</maml:phrase> user right.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Audit logs</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>By default, the local administrator holds the <maml:phrase>system audit</maml:phrase> user right.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Back up the system</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>By default, the local administrator holds the <maml:phrase>system backup</maml:phrase> user right.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Restore the system</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>By default, the local administrator holds the <maml:phrase>system backup</maml:phrase> user right.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Read the CA database</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>By default, the local administrator holds the <maml:phrase>system audit </maml:phrase>and<maml:phrase> system backup</maml:phrase> user rights.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Read CA configuration information</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para>X</maml:para>
</maml:entry>
<maml:entry>
<maml:para> </maml:para>
</maml:entry>
<maml:entry>
<maml:para>By default, the local administrator holds the <maml:phrase>system audit </maml:phrase>and<maml:phrase> system backup</maml:phrase> user rights.</maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional considerations</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para>Enrollees are allowed to read CA properties and CRLs, and they can request certificates. On an enterprise CA, a user must have Read and Enroll permissions on the certificate template to request a certificate. CA administrators, certificate managers, auditors, and backup operators have implicit Read permissions.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>An auditor holds the <maml:phrase>system audit</maml:phrase> user right.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>A backup operator holds the <maml:phrase>system backup</maml:phrase> user right. In addition, the backup operator has the ability to start and stop the Active Directory Certificate Services (AD CS) service.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section><maml:section address="assign_RBA_roles">
<maml:title>Assigning roles</maml:title><maml:introduction>
<maml:para>The CA administrator for a CA assigns users to the separate roles of role-based administration by applying the security settings required by a role to the user's account. The CA administrator can assign a user to more than one role, but the CA is more secure when each user is assigned to only one role. When this delegation strategy is used, fewer CA tasks can be compromised if a user's account becomes compromised.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Administrator concerns</maml:title><maml:introduction>
<maml:para>The default installation setting for a stand-alone CA is to have members of the local <maml:phrase>Administrators</maml:phrase> group as CA administrators. The default installation setting for an enterprise CA is to have members of the local <maml:phrase>Administrators</maml:phrase>, <maml:phrase>Enterprise Admins</maml:phrase>, and <maml:phrase>Domain Admins</maml:phrase> groups as CA administrators. To limit the power of any of these accounts, they should be removed from the CA administrator and certificate manager roles when all CA roles are assigned.</maml:para>

<maml:para>As a best practice, group accounts that have been assigned CA administrator or certificate manager roles should not be members of the local <maml:phrase>Administrators</maml:phrase> group. Also, CA roles should only be assigned to group accounts and not individual user accounts.       </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>Membership in the local <maml:phrase>Administrators</maml:phrase> group on the CA is required to renew a CA certificate. Members of this group can assume administrative authority over all other CA roles.</maml:para>
</maml:alertSet>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Configure a CA to Support OCSP Responders</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>To function properly, an Online Responder must have a valid Online Certificate Status Protocol (OCSP) Response Signing certificate. This OCSP Response Signing certificate is also needed if you are using a non-Microsoft OCSP responder.</maml:para>

<maml:para>Configuring a certification authority (CA) to support OCSP responder services includes the following steps:</maml:para>

<maml:list class="ordered">
<maml:listItem>
<maml:para>Configure certificate templates and issuance properties for OCSP Response Signing certificates.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Configure enrollment permissions for any computers that will be hosting Online Responders.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>If this is a Windows Server 2003–based CA, enable the OCSP extension in issued certificates.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Add the location of the Online Responder or OCSP responder to the authority information access extension on the CA.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Enable the OCSP Response Signing certificate template for the CA.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>The certificate template used to issue an OCSP Response Signing certificate must contain an extension titled "OCSP No Revocation Checking" and the OCSP Signing application policy. Permissions must also be configured to allow the computer that will host the Online Responder to enroll for this certificate.</maml:para>

<maml:para>The following procedure is for a CA that is installed on a computer running Windows Server 2008 R2 or Windows Server 2008. </maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins </maml:phrase>or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To configure the certificate template for an OCSP Response Signing certificate issued by a Windows Server 2008 R2–based CA or a Windows Server 2008–based CA</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Certificate Templates snap-in. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>If you are completing this procedure on a computer that does not have a CA or Online Responder installed, you may need to install the Active Directory Certificate Services (AD CS) Remote Server Administration Tools in order to use the Certificate Templates snap-in. For more information about the Remote Server Administration Tools, see <maml:navigationLink><maml:linkText>Administer an Online Responder from Another Computer</maml:linkText><maml:uri href="mshelp://windows/?id=8d3dcbf1-d83e-4be6-866a-a1e9449b3adc"></maml:uri></maml:navigationLink>.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the <maml:ui>OCSP Response Signing </maml:ui>template, and then click <maml:ui>Properties</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Security</maml:ui> tab. Under <maml:ui>Group or user name</maml:ui>, click <maml:ui>Add</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Object Types</maml:ui>, select the <maml:ui>Computers</maml:ui> check box, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the name of or browse to select the computer hosting the Online Responder or OCSP responder services, and click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Group or user names </maml:ui>dialog box, click the computer name, and in the <maml:ui>Permissions</maml:ui> dialog box, select the <maml:ui>Read</maml:ui> and <maml:ui>Enroll</maml:ui> check boxes. Then click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>The following procedure is for a CA that is installed on a computer running Windows Server 2003. The procedure must be completed on a computer running Windows Server 2008 R2 or Windows Server 2008. </maml:para>

<maml:para>Membership in <maml:phrase>Domain Admins </maml:phrase>or <maml:phrase>Enterprise Admins</maml:phrase>, or equivalent, is the minimum required to complete this procedure. For more information about administering a PKI, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>. </maml:para>

<maml:procedure><maml:title>To configure the certificate template for an OCSP Response Signing certificate issued by a Windows Server 2003–based CA</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Certificate Templates snap-in. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the <maml:ui>OCSP Response Signing </maml:ui>template, and then click <maml:ui>Duplicate</maml:ui>. Click <maml:ui>Windows 2003 Server, Enterprise Edition</maml:ui>, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Security</maml:ui> tab. Under <maml:ui>Group or user name</maml:ui>, click <maml:ui>Add</maml:ui>, and then type the name of or browse to select the computer hosting the Online Responder or OCSP responder services. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click <maml:ui>Object Types</maml:ui>, select the <maml:ui>Computers</maml:ui> check box, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Type the name of or browse to select the computer hosting the Online Responder or OCSP responder services, and click <maml:ui>OK</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Group or user names </maml:ui>dialog box, click the computer name, and in the <maml:ui>Permissions</maml:ui> dialog box, select the <maml:ui>Read</maml:ui> and <maml:ui>Enroll</maml:ui> check boxes.  </maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>The default OCSP Response Signing certificate template contains an extension titled "OCSP No Revocation Checking." Do not remove this extension, which is used by many clients to verify that responses signed with the signing certificate are valid.</maml:para>
</maml:alertSet>

<maml:para>If the CA is installed on a computer running Windows Server 2003, you must complete the following procedure in order to configure the policy module on the CA to issue certificates that include this extension.</maml:para>

<maml:para>You must be a local administrator to complete this procedure. For more information about administering a PKI, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To prepare a computer running Windows Server 2003 to issue OCSP Response Signing certificates</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the server hosting the CA, open a command prompt, and type:</maml:para>

<dev:code>certutil -v -setreg policy\EnableRequestExtensionList +1.3.6.1.5.5.7.48.1.5</dev:code>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Stop and restart the CA. You can do this at a command prompt by running the following commands:</maml:para>

<dev:code>net stop certsvc
net start certsvc</dev:code>
</maml:section></maml:sections></maml:step></maml:procedure>

<maml:para>To configure your CA for OCSP, you must use the Certification Authority snap-in to complete the following CA configuration steps:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>Add the location of the Online Responder or OCSP responder to the authority information access extension.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>Enable the certificate template for the CA. </maml:para>
</maml:listItem>
</maml:list>

<maml:para>You must be a CA administrator to complete this procedure. For more information about administering a PKI, see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>. </maml:para>

<maml:procedure><maml:title>To configure a CA to support an Online Responder or OCSP responder services</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Certification Authority snap-in. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click the name of the CA. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the <maml:ui>Action</maml:ui> menu, click <maml:ui>Properties</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Click the <maml:ui>Extensions </maml:ui>tab. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the <maml:ui>Select extension </maml:ui>list, click <maml:ui>Authority Information Access (AIA)</maml:ui>, and then click<maml:ui> Add</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Specify the locations from which users can obtain certificate revocation data, such as <maml:replaceable>http://computername/ocsp</maml:replaceable>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Select the <maml:ui>Include in the online certificate status protocol (OCSP) extension </maml:ui>check box.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree of the Certification Authority snap-in, right-click <maml:ui>Certificate Templates</maml:ui>, and then click <maml:ui>New Certificate Templates to Issue</maml:ui>. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In <maml:ui>Enable Certificate Templates</maml:ui>, select the <maml:ui>OCSP Response Signing</maml:ui> template and any other certificate templates that you configured previously, and then click <maml:ui>OK</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Double-click <maml:ui>Certificate Templates</maml:ui>, and verify that the modified certificate templates appear in the list.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting Up Online Responder Services in a Network</maml:linkText><maml:uri href="mshelp://windows/?id=1eb5a9e3-de04-44a0-8972-bc744ca43320"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Renew OCSP Response Signing Certificates with an Existing Key</maml:linkText><maml:uri href="mshelp://windows/?id=82ad05ce-4f9f-4cb0-889b-b0e21bb4766c"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Revocation Provider Properties</maml:title><maml:introduction>
<maml:para>The revocation provider retrieves the certificate revocation list (CRL) from a certification authority (CA) and uses the revocation list to determine the revocation status of a certificate. Use the <maml:ui>Revocation Provider</maml:ui> property sheet to specify one or more locations for a CRL and optional delta CRL, and to define the refresh interval for retrieving updated CRLs.</maml:para>
</maml:introduction><maml:content><maml:sections><maml:section><maml:title>Base CRL and delta CRL locations</maml:title>
<maml:introduction>
<maml:para>The location of CRLs and delta CRLs can be specified in the formats described in the table below. Any CRL locations defined in the CRL distribution point extension of the CA certificate are added to the revocation provider during installation of the Online Responder service.</maml:para>

<maml:table><maml:tableHeader><maml:row><maml:entry><maml:para>Location format</maml:para></maml:entry><maml:entry><maml:para>Example</maml:para></maml:entry></maml:row></maml:tableHeader>
<maml:row><maml:entry><maml:para>HTTP</maml:para></maml:entry><maml:entry><maml:para>http://OnlineResponderHost/OCSP/CRLFile.crl</maml:para></maml:entry></maml:row>
<maml:row><maml:entry><maml:para>LDAP</maml:para></maml:entry><maml:entry><maml:para>ldap:///CN=CACommonName,CN=CAHostName,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=Fabrikam,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint</maml:para></maml:entry></maml:row>
</maml:table>
<maml:para></maml:para>
<maml:para>Multiple locations can be provided for a CRL. The order of the list defines the order of precedence. A CRL listed at a higher position is used if any two CRLs do not contain the same revocation list.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Refresh interval</maml:title><maml:introduction>
<maml:para>The default refresh interval is defined as the CRL validity period. The interval can also be defined in minutes to refresh the CRLs more frequently.</maml:para>
</maml:introduction></maml:section><maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem><maml:para><maml:navigationLink><maml:linkText>Creating a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087"></maml:uri></maml:navigationLink></maml:para></maml:listItem>
</maml:list>
</maml:introduction></maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Delete a Revocation Configuration</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Revocation configurations are versatile and can be modified at any time, unless the changes would conflict with settings on the Array controller. However, there may be times when you need to delete a revocation configuration. For example:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>The CA certificate has expired, and the revocation configuration is no longer needed.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The revocation configuration becomes corrupted, and it would be easier to install a new revocation configuration in place of the corrupted revocation configuration.</maml:para>
</maml:listItem>
</maml:list>

<maml:para>You must have <maml:ui>Manage Online Responder</maml:ui> permissions on the server hosting the Online Responder to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To delete a revocation configuration for an Online Responder</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Open the Online Responder snap-in.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the console tree, click <maml:ui>Revocation Configuration</maml:ui>. </maml:para>

<maml:para>A list of existing revocation configurations appears in the details pane.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>Right-click the revocation configuration that you want to delete, and then click <maml:ui>Delete</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ab84268d-9e10-4f7f-afd1-333a96739de8"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Revocation Configuration Changes</maml:linkText><maml:uri href="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Online Responder Security</maml:linkText><maml:uri href="mshelp://windows/?id=08866e6b-fa9e-44c9-9a15-4ea6d156bf85"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Revocation Data by Using Local CRLs</maml:linkText><maml:uri href="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Components of an Online Responder</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>The Online Responder role service in Windows Server 2008 R2 is made up of the following components.</maml:para>

<maml:table>
<maml:tableHeader>
<maml:row>
<maml:entry>
<maml:para>Component</maml:para>
</maml:entry>
<maml:entry>
<maml:para>Description</maml:para>
</maml:entry></maml:row>
</maml:tableHeader>

<maml:row>
<maml:entry>
<maml:para>Online Responder service</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The Online Responder service decodes a revocation status request for a specific certificate, evaluates the status of this certificate, and sends back a signed response containing the requested certificate status information. The Online Responder service is a separate component from a certification authority (CA).</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Online Responder</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A computer on which the Online Responder service and Online Responder Web proxy are running. A computer that hosts a CA can also be configured as an Online Responder, but you should maintain CAs and Online Responders on separate computers. A single Online Responder can provide revocation status information for certificates issued by a single CA or multiple CAs. CA revocation information can be supported by more than one Online Responder. </maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>An Online Responder can be installed on any computer running Windows Server 2008 R2 Enterprise or Windows Server 2008 R2 Datacenter. The certificate revocation data is derived from a published certificate revocation list (CRL) that can come from a CA on a computer running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server, or from a non-Microsoft CA. </maml:para>
</maml:alertSet>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Online Responder Web proxy</maml:para>
</maml:entry>
<maml:entry>
<maml:para>The service interface for the Online Responder is implemented as an Internet Server API (ISAPI) extension hosted by Internet Information Services (IIS). The Web proxy receives and decodes requests, and caches responses for a configurable period of time.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Revocation configuration</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A revocation configuration includes all of the settings that are needed to respond to certificate status requests that have been issued by using a specific CA key. These configuration settings include the CA certificate, the signing certificate for the Online Responder, and the type of revocation provider to use.</maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Revocation provider</maml:para>
</maml:entry>
<maml:entry>
<maml:para>A revocation provider is the software module that, in conjunction with other revocation configuration settings, enables an Online Responder to check the status of a certificate. The revocation provider in Windows Server 2008 R2 uses data from CRLs to provide this status information. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Online Responder Array</maml:para>
</maml:entry>
<maml:entry>
<maml:para>An Online Responder Array contains one or more member Online Responders. Additional Online Responders can be added to an Online Responder Array for a number of reasons, including geographic considerations, scalability, network design considerations, or fault tolerance if an individual Online Responder becomes unavailable. Responders in an Online Responder Array are referred to as Array members. </maml:para>
</maml:entry></maml:row>

<maml:row>
<maml:entry>
<maml:para>Online Responder Array controller</maml:para>
</maml:entry>
<maml:entry>
<maml:para>When multiple Online Responders are combined in an Array, one member of the Array must be designated as the Array controller. Although each Online Responder in an Array can be configured and managed independently, in case of conflicts the configuration information for the Array controller will override configuration options set on other Array members. </maml:para>
</maml:entry></maml:row>
</maml:table>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>What Is an Online Responder?</maml:linkText><maml:uri href="mshelp://windows/?id=3e9ef5f6-355b-4a95-a7b8-fb498355674d"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>How Online Responders Work</maml:linkText><maml:uri href="mshelp://windows/?id=8f3e2ed9-d1a3-4538-9d52-9103b6556396"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Revocation Configuration</maml:title><maml:introduction>
<maml:para>Procedures are available to complete the following revocation management tasks:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Audit Revocation Configuration Changes</maml:linkText><maml:uri href="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354"></maml:uri></maml:navigationLink> </maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Online Responder Security</maml:linkText><maml:uri href="mshelp://windows/?id=08866e6b-fa9e-44c9-9a15-4ea6d156bf85"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Manage Revocation Data by Using Local CRLs</maml:linkText><maml:uri href="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Delete a Revocation Configuration</maml:linkText><maml:uri href="mshelp://windows/?id=ce0c522b-93f8-4965-badf-189a9a926e9f"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction><maml:content><maml:sections></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Verify an Online Responder Installation</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>After you have completed setting up an Online Responder, you can verify that it is functioning properly by confirming that you can autoenroll certificates, revoke certificates, and make accurate revocation data available from the Online Responder.</maml:para>

<maml:para>You must be a certification authority (CA) administrator to complete this procedure. For more information about administering a public key infrastructure (PKI), see <maml:navigationLink><maml:linkText>Implement Role-Based Administration</maml:linkText><maml:uri href="mshelp://windows/?id=c651f8cf-5c84-42c0-9a61-37e0000e6989"></maml:uri></maml:navigationLink>.</maml:para>

<maml:procedure><maml:title>To verify that the Online Responder functions properly</maml:title><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the CA, configure several certificate templates for autoenrollment by computers and users. </maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>After the new certificate templates have been published to Active Directory Domain Services (AD DS), open a command prompt on the client computer and enter the following command to start certificate autoenrollment:</maml:para>

<maml:para><maml:codeInline>certutil -pulse</maml:codeInline></maml:para>

<maml:alertSet class="note"><maml:title>Note </maml:title>
<maml:para>It can take several hours for information about new certificates to be replicated to all domain controllers.</maml:para>
</maml:alertSet>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the client computer, use the Certificates snap-in to verify that the new certificates have been issued. If they have not been issued, repeat step 2. You can also restart the client computer to start certificate autoenrollment.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>On the CA, use the Certification Authority snap-in to view and revoke one or more of the issued certificates by clicking <maml:ui>Certification Authority (Computer)\CA name\Issued Certificates</maml:ui> and selecting the certificate you want to revoke. On the <maml:ui>Action</maml:ui> menu, point to <maml:ui>All Tasks</maml:ui>, and then click <maml:ui>Revoke Certificate</maml:ui>. Select the reason for revoking the certificate, and click <maml:ui>Yes</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the Certification Authority snap-in, publish a new certificate revocation list (CRL) by clicking <maml:ui>Certification Authority (Computer)\CA name\Revoked Certificates</maml:ui> in the console tree. Then, on the <maml:ui>Action</maml:ui> menu, point to <maml:ui>All Tasks</maml:ui>, and then click <maml:ui>Publish</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>On the client computer, use the Certificates snap-in to export one of the issued certificates and save it as an X.509 file.</maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title><maml:para>Open a command prompt, and type the following command:
</maml:para><maml:para><maml:codeInline>certutil –url &lt;exportedcert.cer&gt;</maml:codeInline></maml:para></maml:section></maml:sections></maml:step><maml:step><maml:sections><maml:section><maml:title></maml:title>
<maml:para>In the  <maml:ui>URL Retrieval Tool</maml:ui> dialog box, select <maml:ui>OCSP (from AIA)</maml:ui>, and then click <maml:ui>Retrieve</maml:ui>.  After the CRL is retrieved, the status will display <maml:ui>Verified</maml:ui>.</maml:para>
</maml:section></maml:sections></maml:step></maml:procedure>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Setting Up Online Responder Services in a Network</maml:linkText><maml:uri href="mshelp://windows/?id=1eb5a9e3-de04-44a0-8972-bc744ca43320"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><maml:conceptual contentType="conceptual" xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"><maml:title>Assess Array Member Status</maml:title><maml:introduction></maml:introduction><maml:content><maml:sections><maml:section><maml:title></maml:title><maml:introduction>
<maml:para>Although an Online Responder should perform reliably after it has been set up, an administrator should check the status of the Array and its members regularly. </maml:para>

<maml:para>You can check the status of the Array and its members by using the Online Responder snap-in. Error and warning messages, if any, will appear in the status pane of the snap-in.</maml:para>

<maml:para>If you see an error message or warning message, you may need to check each member of the Array to find out if:</maml:para>

<maml:list class="unordered">
<maml:listItem>
<maml:para>A network connection exists. If not, you need to decide how to reestablish connectivity.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The service is running. If not, the service needs to be restarted.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The certification authority (CA) or signing certificates are about to expire. If so, plan to renew them before they expire.</maml:para>
</maml:listItem>

<maml:listItem>
<maml:para>The CA or signing certificates have expired. If so, renew them immediately.</maml:para>
</maml:listItem>
</maml:list>
</maml:introduction>
<maml:sections>
<maml:section><maml:title></maml:title><maml:introduction></maml:introduction>
<maml:sections>
<maml:section>
<maml:title>Additional references</maml:title><maml:introduction>
<maml:list class="unordered">
<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Managing an Online Responder Array</maml:linkText><maml:uri href="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>

<maml:listItem>
<maml:para><maml:navigationLink><maml:linkText>Troubleshoot Online Responders</maml:linkText><maml:uri href="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2"></maml:uri></maml:navigationLink></maml:para>
</maml:listItem>
</maml:list>
</maml:introduction></maml:section>
</maml:sections>
</maml:section>
</maml:sections>
</maml:section></maml:sections></maml:content></maml:conceptual><?xml version="1.0" encoding="utf-8"?>
<HelpCollection Id="ocsp" DTDVersion="1.0" FileVersion="" LangId="1033" Copyright="© 2005 Microsoft Corporation. All rights reserved." Title="Online Responder" xmlns="http://schemas.microsoft.com/help/collection/2004/11">
	<CompilerOptions CompileResult="H1S" CreateFullTextIndex="Yes" BreakerId="Microsoft.NLG.en.WordBreaker">
		<IncludeFile File="ocsp.H1F" />
	</CompilerOptions>
	<TOCDef File="ocsp.H1T" Id="ocsp_TOC" />
	<VTopicDef File="ocsp.H1V" />
	<KeywordIndexDef File="ocsp_AssetId.H1K" />
	<KeywordIndexDef File="ocsp_BestBet.H1K" />
	<KeywordIndexDef File="ocsp_LinkTerm.H1K" />
	<KeywordIndexDef File="ocsp_SubjectTerm.H1K" />
	<ItemMoniker Name="!DefaultTOC" ProgId="HxDs.HxHierarchy" InitData="AnyString" />
	<ItemMoniker Name="!DefaultFullTextSearch" ProgId="HxDs.HxFullTextSearch" InitData="AnyString" />
	<ItemMoniker Name="!DefaultAssetIdIndex" ProgId="HxDs.HxIndex" InitData="AssetId" />
	<ItemMoniker Name="!DefaultBestBetIndex" ProgId="HxDs.HxIndex" InitData="BestBet" />
	<ItemMoniker Name="!DefaultAssociativeIndex" ProgId="HxDs.HxIndex" InitData="LinkTerm" />
	<ItemMoniker Name="!DefaultKeywordIndex" ProgId="HxDs.HxIndex" InitData="SubjectTerm" />
</HelpCollection><?xml version="1.0" encoding="utf-8"?>
<HelpFileList xmlns="http://schemas.microsoft.com/help/filelist/2004/11">
	<File Url="assets\076ea64b-625f-49c5-99c7-bd56526b2954.xml" />
	<File Url="assets\08866e6b-fa9e-44c9-9a15-4ea6d156bf85.xml" />
	<File Url="assets\16d5bc20-c781-481a-9dc4-36b7a706f651.xml" />
	<File Url="assets\1e4b6432-977c-4e21-a245-5ce30ae80cc4.xml" />
	<File Url="assets\1eb5a9e3-de04-44a0-8972-bc744ca43320.xml" />
	<File Url="assets\20de243e-bbff-4364-b9e6-6647ce8832ca.xml" />
	<File Url="assets\2979e21a-28f0-4e84-b978-e52514a86f90.xml" />
	<File Url="assets\2c78c461-1d3f-40f4-b435-1d87f03c299a.xml" />
	<File Url="assets\2f8eda99-cfc2-4065-a69f-34f8d46a02c2.xml" />
	<File Url="assets\3d31dd67-df01-4e8e-809e-22e5bd0a4a32.xml" />
	<File Url="assets\3e9ef5f6-355b-4a95-a7b8-fb498355674d.xml" />
	<File Url="assets\4aaea26c-e132-4c04-9849-e5106f93d042.xml" />
	<File Url="assets\4e8b3e8f-0fab-4bd5-8f35-016650d37d1b.xml" />
	<File Url="assets\5f0ade5e-30e9-4517-a196-37598d609a85.xml" />
	<File Url="assets\6de0bf42-5ccb-4ead-bf09-657a2b3627f8.xml" />
	<File Url="assets\74abcd5f-c2c7-474b-b154-8cfe285a1754.xml" />
	<File Url="assets\82ad05ce-4f9f-4cb0-889b-b0e21bb4766c.xml" />
	<File Url="assets\8aadcbf3-9146-4b0e-897e-f41de6520157.xml" />
	<File Url="assets\8b0d6773-0c22-46d1-8ebd-22bf489ac671.xml" />
	<File Url="assets\8d3dcbf1-d83e-4be6-866a-a1e9449b3adc.xml" />
	<File Url="assets\8f3e2ed9-d1a3-4538-9d52-9103b6556396.xml" />
	<File Url="assets\910c18a2-6b51-4bc5-8f02-9ff32ffc3087.xml" />
	<File Url="assets\925ac0ac-cd91-436d-ad52-9b6e19f36e7e.xml" />
	<File Url="assets\a793d37c-717c-4b41-ab67-87bf559f4d80.xml" />
	<File Url="assets\ab84268d-9e10-4f7f-afd1-333a96739de8.xml" />
	<File Url="assets\b1cb8a2b-db02-4713-803e-50dfae5df354.xml" />
	<File Url="assets\b3d53f51-56f6-4031-8aad-ebdc4c71cb56.xml" />
	<File Url="assets\bb63e84f-9313-4b54-b3f2-5a3c8490f250.xml" />
	<File Url="assets\c651f8cf-5c84-42c0-9a61-37e0000e6989.xml" />
	<File Url="assets\c6fde0cd-3964-42ef-b3af-de1ef683f534.xml" />
	<File Url="assets\cba53c53-a842-42b1-8de4-7235e0b3c5fc.xml" />
	<File Url="assets\ce0c522b-93f8-4965-badf-189a9a926e9f.xml" />
	<File Url="assets\da078730-9d61-41b6-830e-b8b8b7554c12.xml" />
	<File Url="assets\e1a86a0c-3d78-4bb6-bafc-aa13109f8437.xml" />
	<File Url="assets\e8c88a49-84e8-48a8-a303-9aab2e68a1db.xml" />
	<File Url="assets\f5299379-e3ca-49b0-97fa-7e7e67ddfa61.xml" />
</HelpFileList><?xml version="1.0" encoding="utf-8"?>
<VTopicSet DTDVersion="1.0" xmlns="http://schemas.microsoft.com/help/vtopic/2004/11">
	<Vtopic Url="assets\076ea64b-625f-49c5-99c7-bd56526b2954.xml" RLTitle="Remove a Member from an Array">
		<Attr Name="assetid" Value="076ea64b-625f-49c5-99c7-bd56526b2954" />
		<Keyword Index="AssetId" Term="076ea64b-625f-49c5-99c7-bd56526b2954" />
		<Keyword Index="AssetId" Term="076ea64b-625f-49c5-99c7-bd56526b29541033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="076ea64b-625f-49c5-99c7-bd56526b2954" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\08866e6b-fa9e-44c9-9a15-4ea6d156bf85.xml" RLTitle="Manage Online Responder Security">
		<Attr Name="assetid" Value="08866e6b-fa9e-44c9-9a15-4ea6d156bf85" />
		<Keyword Index="AssetId" Term="08866e6b-fa9e-44c9-9a15-4ea6d156bf85" />
		<Keyword Index="AssetId" Term="08866e6b-fa9e-44c9-9a15-4ea6d156bf851033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="08866e6b-fa9e-44c9-9a15-4ea6d156bf85" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\16d5bc20-c781-481a-9dc4-36b7a706f651.xml" RLTitle="Manage Revocation Data by Using Local CRLs">
		<Attr Name="assetid" Value="16d5bc20-c781-481a-9dc4-36b7a706f651" />
		<Keyword Index="AssetId" Term="16d5bc20-c781-481a-9dc4-36b7a706f651" />
		<Keyword Index="AssetId" Term="16d5bc20-c781-481a-9dc4-36b7a706f6511033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="16d5bc20-c781-481a-9dc4-36b7a706f651" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1e4b6432-977c-4e21-a245-5ce30ae80cc4.xml" RLTitle="Add the Online Responder Snap-in to a Console">
		<Attr Name="assetid" Value="1e4b6432-977c-4e21-a245-5ce30ae80cc4" />
		<Keyword Index="AssetId" Term="1e4b6432-977c-4e21-a245-5ce30ae80cc4" />
		<Keyword Index="AssetId" Term="1e4b6432-977c-4e21-a245-5ce30ae80cc41033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1e4b6432-977c-4e21-a245-5ce30ae80cc4" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\1eb5a9e3-de04-44a0-8972-bc744ca43320.xml" RLTitle="Setting Up Online Responder Services in a Network">
		<Attr Name="assetid" Value="1eb5a9e3-de04-44a0-8972-bc744ca43320" />
		<Keyword Index="AssetId" Term="1eb5a9e3-de04-44a0-8972-bc744ca43320" />
		<Keyword Index="AssetId" Term="1eb5a9e3-de04-44a0-8972-bc744ca433201033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="1eb5a9e3-de04-44a0-8972-bc744ca43320" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\20de243e-bbff-4364-b9e6-6647ce8832ca.xml" RLTitle="Revocation Providers">
		<Attr Name="assetid" Value="20de243e-bbff-4364-b9e6-6647ce8832ca" />
		<Keyword Index="AssetId" Term="20de243e-bbff-4364-b9e6-6647ce8832ca" />
		<Keyword Index="AssetId" Term="20de243e-bbff-4364-b9e6-6647ce8832ca1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="20de243e-bbff-4364-b9e6-6647ce8832ca" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2979e21a-28f0-4e84-b978-e52514a86f90.xml" RLTitle="Revocation Provider Signing">
		<Attr Name="assetid" Value="2979e21a-28f0-4e84-b978-e52514a86f90" />
		<Keyword Index="AssetId" Term="2979e21a-28f0-4e84-b978-e52514a86f90" />
		<Keyword Index="AssetId" Term="2979e21a-28f0-4e84-b978-e52514a86f901033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2979e21a-28f0-4e84-b978-e52514a86f90" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2c78c461-1d3f-40f4-b435-1d87f03c299a.xml" RLTitle="Managing Online Responders">
		<Attr Name="assetid" Value="2c78c461-1d3f-40f4-b435-1d87f03c299a" />
		<Keyword Index="AssetId" Term="2c78c461-1d3f-40f4-b435-1d87f03c299a" />
		<Keyword Index="AssetId" Term="2c78c461-1d3f-40f4-b435-1d87f03c299a1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2c78c461-1d3f-40f4-b435-1d87f03c299a" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\2f8eda99-cfc2-4065-a69f-34f8d46a02c2.xml" RLTitle="Troubleshoot Online Responders">
		<Attr Name="assetid" Value="2f8eda99-cfc2-4065-a69f-34f8d46a02c2" />
		<Keyword Index="AssetId" Term="2f8eda99-cfc2-4065-a69f-34f8d46a02c2" />
		<Keyword Index="AssetId" Term="2f8eda99-cfc2-4065-a69f-34f8d46a02c21033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="2f8eda99-cfc2-4065-a69f-34f8d46a02c2" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3d31dd67-df01-4e8e-809e-22e5bd0a4a32.xml" RLTitle="Set Up an Online Responder">
		<Attr Name="assetid" Value="3d31dd67-df01-4e8e-809e-22e5bd0a4a32" />
		<Keyword Index="AssetId" Term="3d31dd67-df01-4e8e-809e-22e5bd0a4a32" />
		<Keyword Index="AssetId" Term="3d31dd67-df01-4e8e-809e-22e5bd0a4a321033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3d31dd67-df01-4e8e-809e-22e5bd0a4a32" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\3e9ef5f6-355b-4a95-a7b8-fb498355674d.xml" RLTitle="What Is an Online Responder?">
		<Attr Name="assetid" Value="3e9ef5f6-355b-4a95-a7b8-fb498355674d" />
		<Keyword Index="AssetId" Term="3e9ef5f6-355b-4a95-a7b8-fb498355674d" />
		<Keyword Index="AssetId" Term="3e9ef5f6-355b-4a95-a7b8-fb498355674d1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="3e9ef5f6-355b-4a95-a7b8-fb498355674d" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\4aaea26c-e132-4c04-9849-e5106f93d042.xml" RLTitle="Revocation Configuration CA Certificates">
		<Attr Name="assetid" Value="4aaea26c-e132-4c04-9849-e5106f93d042" />
		<Keyword Index="AssetId" Term="4aaea26c-e132-4c04-9849-e5106f93d042" />
		<Keyword Index="AssetId" Term="4aaea26c-e132-4c04-9849-e5106f93d0421033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="4aaea26c-e132-4c04-9849-e5106f93d042" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\4e8b3e8f-0fab-4bd5-8f35-016650d37d1b.xml" RLTitle="Online Responder">
		<Attr Name="assetid" Value="4e8b3e8f-0fab-4bd5-8f35-016650d37d1b" />
		<Keyword Index="AssetId" Term="4e8b3e8f-0fab-4bd5-8f35-016650d37d1b" />
		<Keyword Index="AssetId" Term="4e8b3e8f-0fab-4bd5-8f35-016650d37d1b1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="4e8b3e8f-0fab-4bd5-8f35-016650d37d1b" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\5f0ade5e-30e9-4517-a196-37598d609a85.xml" RLTitle="Add Array Members">
		<Attr Name="assetid" Value="5f0ade5e-30e9-4517-a196-37598d609a85" />
		<Keyword Index="AssetId" Term="5f0ade5e-30e9-4517-a196-37598d609a85" />
		<Keyword Index="AssetId" Term="5f0ade5e-30e9-4517-a196-37598d609a851033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="5f0ade5e-30e9-4517-a196-37598d609a85" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\6de0bf42-5ccb-4ead-bf09-657a2b3627f8.xml" RLTitle="Designate a Controller for the Array">
		<Attr Name="assetid" Value="6de0bf42-5ccb-4ead-bf09-657a2b3627f8" />
		<Keyword Index="AssetId" Term="6de0bf42-5ccb-4ead-bf09-657a2b3627f8" />
		<Keyword Index="AssetId" Term="6de0bf42-5ccb-4ead-bf09-657a2b3627f81033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="6de0bf42-5ccb-4ead-bf09-657a2b3627f8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\74abcd5f-c2c7-474b-b154-8cfe285a1754.xml" RLTitle="Modify the Online Responder Web Proxy">
		<Attr Name="assetid" Value="74abcd5f-c2c7-474b-b154-8cfe285a1754" />
		<Keyword Index="AssetId" Term="74abcd5f-c2c7-474b-b154-8cfe285a1754" />
		<Keyword Index="AssetId" Term="74abcd5f-c2c7-474b-b154-8cfe285a17541033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="74abcd5f-c2c7-474b-b154-8cfe285a1754" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\82ad05ce-4f9f-4cb0-889b-b0e21bb4766c.xml" RLTitle="Renew OCSP Response Signing Certificates with an Existing Key">
		<Attr Name="assetid" Value="82ad05ce-4f9f-4cb0-889b-b0e21bb4766c" />
		<Keyword Index="AssetId" Term="82ad05ce-4f9f-4cb0-889b-b0e21bb4766c" />
		<Keyword Index="AssetId" Term="82ad05ce-4f9f-4cb0-889b-b0e21bb4766c1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="82ad05ce-4f9f-4cb0-889b-b0e21bb4766c" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8aadcbf3-9146-4b0e-897e-f41de6520157.xml" RLTitle="Synchronize Members with an Array Configuration">
		<Attr Name="assetid" Value="8aadcbf3-9146-4b0e-897e-f41de6520157" />
		<Keyword Index="AssetId" Term="8aadcbf3-9146-4b0e-897e-f41de6520157" />
		<Keyword Index="AssetId" Term="8aadcbf3-9146-4b0e-897e-f41de65201571033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8aadcbf3-9146-4b0e-897e-f41de6520157" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8b0d6773-0c22-46d1-8ebd-22bf489ac671.xml" RLTitle="Checklist: Create an Online Responder Array">
		<Attr Name="assetid" Value="8b0d6773-0c22-46d1-8ebd-22bf489ac671" />
		<Keyword Index="AssetId" Term="8b0d6773-0c22-46d1-8ebd-22bf489ac671" />
		<Keyword Index="AssetId" Term="8b0d6773-0c22-46d1-8ebd-22bf489ac6711033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8b0d6773-0c22-46d1-8ebd-22bf489ac671" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8d3dcbf1-d83e-4be6-866a-a1e9449b3adc.xml" RLTitle="Administer an Online Responder from Another Computer">
		<Attr Name="assetid" Value="8d3dcbf1-d83e-4be6-866a-a1e9449b3adc" />
		<Keyword Index="AssetId" Term="8d3dcbf1-d83e-4be6-866a-a1e9449b3adc" />
		<Keyword Index="AssetId" Term="8d3dcbf1-d83e-4be6-866a-a1e9449b3adc1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8d3dcbf1-d83e-4be6-866a-a1e9449b3adc" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\8f3e2ed9-d1a3-4538-9d52-9103b6556396.xml" RLTitle="How Online Responders Work">
		<Attr Name="assetid" Value="8f3e2ed9-d1a3-4538-9d52-9103b6556396" />
		<Keyword Index="AssetId" Term="8f3e2ed9-d1a3-4538-9d52-9103b6556396" />
		<Keyword Index="AssetId" Term="8f3e2ed9-d1a3-4538-9d52-9103b65563961033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="8f3e2ed9-d1a3-4538-9d52-9103b6556396" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\910c18a2-6b51-4bc5-8f02-9ff32ffc3087.xml" RLTitle="Creating a Revocation Configuration">
		<Attr Name="assetid" Value="910c18a2-6b51-4bc5-8f02-9ff32ffc3087" />
		<Keyword Index="AssetId" Term="910c18a2-6b51-4bc5-8f02-9ff32ffc3087" />
		<Keyword Index="AssetId" Term="910c18a2-6b51-4bc5-8f02-9ff32ffc30871033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="910c18a2-6b51-4bc5-8f02-9ff32ffc3087" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\925ac0ac-cd91-436d-ad52-9b6e19f36e7e.xml" RLTitle="Managing an Online Responder Array">
		<Attr Name="assetid" Value="925ac0ac-cd91-436d-ad52-9b6e19f36e7e" />
		<Keyword Index="AssetId" Term="925ac0ac-cd91-436d-ad52-9b6e19f36e7e" />
		<Keyword Index="AssetId" Term="925ac0ac-cd91-436d-ad52-9b6e19f36e7e1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="925ac0ac-cd91-436d-ad52-9b6e19f36e7e" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\a793d37c-717c-4b41-ab67-87bf559f4d80.xml" RLTitle="Audit Online Responder Operations">
		<Attr Name="assetid" Value="a793d37c-717c-4b41-ab67-87bf559f4d80" />
		<Keyword Index="AssetId" Term="a793d37c-717c-4b41-ab67-87bf559f4d80" />
		<Keyword Index="AssetId" Term="a793d37c-717c-4b41-ab67-87bf559f4d801033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="a793d37c-717c-4b41-ab67-87bf559f4d80" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ab84268d-9e10-4f7f-afd1-333a96739de8.xml" RLTitle="Managing a Revocation Configuration">
		<Attr Name="assetid" Value="ab84268d-9e10-4f7f-afd1-333a96739de8" />
		<Keyword Index="AssetId" Term="ab84268d-9e10-4f7f-afd1-333a96739de8" />
		<Keyword Index="AssetId" Term="ab84268d-9e10-4f7f-afd1-333a96739de81033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ab84268d-9e10-4f7f-afd1-333a96739de8" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b1cb8a2b-db02-4713-803e-50dfae5df354.xml" RLTitle="Audit Revocation Configuration Changes">
		<Attr Name="assetid" Value="b1cb8a2b-db02-4713-803e-50dfae5df354" />
		<Keyword Index="AssetId" Term="b1cb8a2b-db02-4713-803e-50dfae5df354" />
		<Keyword Index="AssetId" Term="b1cb8a2b-db02-4713-803e-50dfae5df3541033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b1cb8a2b-db02-4713-803e-50dfae5df354" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\b3d53f51-56f6-4031-8aad-ebdc4c71cb56.xml" RLTitle="Add OCSP Locations to Issued Certificates">
		<Attr Name="assetid" Value="b3d53f51-56f6-4031-8aad-ebdc4c71cb56" />
		<Keyword Index="AssetId" Term="b3d53f51-56f6-4031-8aad-ebdc4c71cb56" />
		<Keyword Index="AssetId" Term="b3d53f51-56f6-4031-8aad-ebdc4c71cb561033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="b3d53f51-56f6-4031-8aad-ebdc4c71cb56" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\bb63e84f-9313-4b54-b3f2-5a3c8490f250.xml" RLTitle="Revocation Configuration Signing Certificates">
		<Attr Name="assetid" Value="bb63e84f-9313-4b54-b3f2-5a3c8490f250" />
		<Keyword Index="AssetId" Term="bb63e84f-9313-4b54-b3f2-5a3c8490f250" />
		<Keyword Index="AssetId" Term="bb63e84f-9313-4b54-b3f2-5a3c8490f2501033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="bb63e84f-9313-4b54-b3f2-5a3c8490f250" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c651f8cf-5c84-42c0-9a61-37e0000e6989.xml" RLTitle="Implement Role-Based Administration">
		<Attr Name="assetid" Value="c651f8cf-5c84-42c0-9a61-37e0000e6989" />
		<Keyword Index="AssetId" Term="c651f8cf-5c84-42c0-9a61-37e0000e6989" />
		<Keyword Index="AssetId" Term="c651f8cf-5c84-42c0-9a61-37e0000e69891033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c651f8cf-5c84-42c0-9a61-37e0000e6989" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\c6fde0cd-3964-42ef-b3af-de1ef683f534.xml" RLTitle="Configure a CA to Support OCSP Responders">
		<Attr Name="assetid" Value="c6fde0cd-3964-42ef-b3af-de1ef683f534" />
		<Keyword Index="AssetId" Term="c6fde0cd-3964-42ef-b3af-de1ef683f534" />
		<Keyword Index="AssetId" Term="c6fde0cd-3964-42ef-b3af-de1ef683f5341033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="c6fde0cd-3964-42ef-b3af-de1ef683f534" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\cba53c53-a842-42b1-8de4-7235e0b3c5fc.xml" RLTitle="Revocation Provider Properties">
		<Attr Name="assetid" Value="cba53c53-a842-42b1-8de4-7235e0b3c5fc" />
		<Keyword Index="AssetId" Term="cba53c53-a842-42b1-8de4-7235e0b3c5fc" />
		<Keyword Index="AssetId" Term="cba53c53-a842-42b1-8de4-7235e0b3c5fc1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="cba53c53-a842-42b1-8de4-7235e0b3c5fc" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\ce0c522b-93f8-4965-badf-189a9a926e9f.xml" RLTitle="Delete a Revocation Configuration">
		<Attr Name="assetid" Value="ce0c522b-93f8-4965-badf-189a9a926e9f" />
		<Keyword Index="AssetId" Term="ce0c522b-93f8-4965-badf-189a9a926e9f" />
		<Keyword Index="AssetId" Term="ce0c522b-93f8-4965-badf-189a9a926e9f1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="ce0c522b-93f8-4965-badf-189a9a926e9f" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\da078730-9d61-41b6-830e-b8b8b7554c12.xml" RLTitle="Components of an Online Responder">
		<Attr Name="assetid" Value="da078730-9d61-41b6-830e-b8b8b7554c12" />
		<Keyword Index="AssetId" Term="da078730-9d61-41b6-830e-b8b8b7554c12" />
		<Keyword Index="AssetId" Term="da078730-9d61-41b6-830e-b8b8b7554c121033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="da078730-9d61-41b6-830e-b8b8b7554c12" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e1a86a0c-3d78-4bb6-bafc-aa13109f8437.xml" RLTitle="Revocation Configuration">
		<Attr Name="assetid" Value="e1a86a0c-3d78-4bb6-bafc-aa13109f8437" />
		<Keyword Index="AssetId" Term="e1a86a0c-3d78-4bb6-bafc-aa13109f8437" />
		<Keyword Index="AssetId" Term="e1a86a0c-3d78-4bb6-bafc-aa13109f84371033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e1a86a0c-3d78-4bb6-bafc-aa13109f8437" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\e8c88a49-84e8-48a8-a303-9aab2e68a1db.xml" RLTitle="Verify an Online Responder Installation">
		<Attr Name="assetid" Value="e8c88a49-84e8-48a8-a303-9aab2e68a1db" />
		<Keyword Index="AssetId" Term="e8c88a49-84e8-48a8-a303-9aab2e68a1db" />
		<Keyword Index="AssetId" Term="e8c88a49-84e8-48a8-a303-9aab2e68a1db1033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="PreLaunchTest" Value="Longhorn" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="e8c88a49-84e8-48a8-a303-9aab2e68a1db" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
	<Vtopic Url="assets\f5299379-e3ca-49b0-97fa-7e7e67ddfa61.xml" RLTitle="Assess Array Member Status">
		<Attr Name="assetid" Value="f5299379-e3ca-49b0-97fa-7e7e67ddfa61" />
		<Keyword Index="AssetId" Term="f5299379-e3ca-49b0-97fa-7e7e67ddfa61" />
		<Keyword Index="AssetId" Term="f5299379-e3ca-49b0-97fa-7e7e67ddfa611033" />
		<Attr Name="appliesToProduct" Value="Windows Server 2008 R2" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHDATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISENOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDNOHVSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHSTANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="LHWEBSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2DATACENTERSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISEIA64SERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2ENTERPRISESERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2STANDARDSERVER" />
		<Attr Name="APPLIESTOPRODUCTSPECIFIC" Value="WS08R2WEBSERVER" />
		<Attr Name="appliesToSite" Value="BWCOnly" />
		<Attr Name="CommunityContent" Value="1" />
		<Attr Name="WillHaveMamlFeed" Value="True" />
		<Attr Name="zzpub_assetBug" Value="1755" />
		<Attr Name="zzpub_MtpsProductFamily" Value="WS" />
		<Attr Name="zzpub_MTPSVersion" Value="11" />
		<Attr Name="Locale" Value="kbEnglish" />
		<Attr Name="AssetID" Value="f5299379-e3ca-49b0-97fa-7e7e67ddfa61" />
		<Attr Name="TopicType" Value="kbArticle" />
	</Vtopic>
</VTopicSet><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpTOC>
<HelpTOC xmlns="http://schemas.microsoft.com/help/toc/2004/11" DTDVersion="1.0" Id="ocsp_TOC" FileVersion="" LangId="1033" ParentNodeIcon="Book" PluginStyle="Hierarchical">
	<HelpTOCNode Url="mshelp://windows/?tocid=9ef125a9-38d4-440c-b911-4b2562193e54" Title="">
		<HelpTOCNode Url="mshelp://windows/?id=4e8b3e8f-0fab-4bd5-8f35-016650d37d1b" Title="Online Responder">
			<HelpTOCNode Url="mshelp://windows/?id=3e9ef5f6-355b-4a95-a7b8-fb498355674d" Title="What Is an Online Responder?">
				<HelpTOCNode Url="mshelp://windows/?id=da078730-9d61-41b6-830e-b8b8b7554c12" Title="Components of an Online Responder" />
				<HelpTOCNode Url="mshelp://windows/?id=8f3e2ed9-d1a3-4538-9d52-9103b6556396" Title="How Online Responders Work" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=1eb5a9e3-de04-44a0-8972-bc744ca43320" Title="Setting Up Online Responder Services in a Network">
				<HelpTOCNode Url="mshelp://windows/?id=c6fde0cd-3964-42ef-b3af-de1ef683f534" Title="Configure a CA to Support OCSP Responders" />
				<HelpTOCNode Url="mshelp://windows/?id=3d31dd67-df01-4e8e-809e-22e5bd0a4a32" Title="Set Up an Online Responder" />
				<HelpTOCNode Url="mshelp://windows/?id=910c18a2-6b51-4bc5-8f02-9ff32ffc3087" Title="Creating a Revocation Configuration">
					<HelpTOCNode Url="mshelp://windows/?id=4aaea26c-e132-4c04-9849-e5106f93d042" Title="Revocation Configuration CA Certificates" />
					<HelpTOCNode Url="mshelp://windows/?id=bb63e84f-9313-4b54-b3f2-5a3c8490f250" Title="Revocation Configuration Signing Certificates" />
					<HelpTOCNode Url="mshelp://windows/?id=cba53c53-a842-42b1-8de4-7235e0b3c5fc" Title="Revocation Provider Properties" />
					<HelpTOCNode Url="mshelp://windows/?id=2979e21a-28f0-4e84-b978-e52514a86f90" Title="Revocation Provider Signing" />
				</HelpTOCNode>
				<HelpTOCNode Url="mshelp://windows/?id=e8c88a49-84e8-48a8-a303-9aab2e68a1db" Title="Verify an Online Responder Installation" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=2c78c461-1d3f-40f4-b435-1d87f03c299a" Title="Managing Online Responders">
				<HelpTOCNode Url="mshelp://windows/?id=1e4b6432-977c-4e21-a245-5ce30ae80cc4" Title="Add the Online Responder Snap-in to a Console" />
				<HelpTOCNode Url="mshelp://windows/?id=a793d37c-717c-4b41-ab67-87bf559f4d80" Title="Audit Online Responder Operations" />
				<HelpTOCNode Url="mshelp://windows/?id=8d3dcbf1-d83e-4be6-866a-a1e9449b3adc" Title="Administer an Online Responder from Another Computer" />
				<HelpTOCNode Url="mshelp://windows/?id=74abcd5f-c2c7-474b-b154-8cfe285a1754" Title="Modify the Online Responder Web Proxy" />
				<HelpTOCNode Url="mshelp://windows/?id=b3d53f51-56f6-4031-8aad-ebdc4c71cb56" Title="Add OCSP Locations to Issued Certificates" />
				<HelpTOCNode Url="mshelp://windows/?id=82ad05ce-4f9f-4cb0-889b-b0e21bb4766c" Title="Renew OCSP Response Signing Certificates with an Existing Key" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=ab84268d-9e10-4f7f-afd1-333a96739de8" Title="Managing a Revocation Configuration">
				<HelpTOCNode Url="mshelp://windows/?id=b1cb8a2b-db02-4713-803e-50dfae5df354" Title="Audit Revocation Configuration Changes" />
				<HelpTOCNode Url="mshelp://windows/?id=08866e6b-fa9e-44c9-9a15-4ea6d156bf85" Title="Manage Online Responder Security" />
				<HelpTOCNode Url="mshelp://windows/?id=16d5bc20-c781-481a-9dc4-36b7a706f651" Title="Manage Revocation Data by Using Local CRLs" />
				<HelpTOCNode Url="mshelp://windows/?id=ce0c522b-93f8-4965-badf-189a9a926e9f" Title="Delete a Revocation Configuration" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=925ac0ac-cd91-436d-ad52-9b6e19f36e7e" Title="Managing an Online Responder Array">
				<HelpTOCNode Url="mshelp://windows/?id=8b0d6773-0c22-46d1-8ebd-22bf489ac671" Title="Checklist: Create an Online Responder Array" />
				<HelpTOCNode Url="mshelp://windows/?id=5f0ade5e-30e9-4517-a196-37598d609a85" Title="Add Array Members" />
				<HelpTOCNode Url="mshelp://windows/?id=6de0bf42-5ccb-4ead-bf09-657a2b3627f8" Title="Designate a Controller for the Array" />
				<HelpTOCNode Url="mshelp://windows/?id=8aadcbf3-9146-4b0e-897e-f41de6520157" Title="Synchronize Members with an Array Configuration" />
				<HelpTOCNode Url="mshelp://windows/?id=f5299379-e3ca-49b0-97fa-7e7e67ddfa61" Title="Assess Array Member Status" />
				<HelpTOCNode Url="mshelp://windows/?id=076ea64b-625f-49c5-99c7-bd56526b2954" Title="Remove a Member from an Array" />
			</HelpTOCNode>
			<HelpTOCNode Url="mshelp://windows/?id=2f8eda99-cfc2-4065-a69f-34f8d46a02c2" Title="Troubleshoot Online Responders" />
		</HelpTOCNode>
	</HelpTOCNode>
</HelpTOC><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="AssetId" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="BestBet" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="LinkTerm" /><?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE HelpIndex>
<HelpIndex DTDVersion="1.0" Name="SubjectTerm" /> yT`!VU?#{)RT)2JZ ALLDLhB	"T1*;(@s[o2y媃,teЄKƂ!VFZ*dMPbVI`D.@X=C
)o@Wz^e5qyuptm>ȱt|K\z@>Q|ȏwkyv7
"g>y;S'nWjWqJ8;qlMя㼍g~g^y{ַxįmj*l,Oo+|>46uߏNx{ގk3]ggx/~F<<ߋڔ|c*yO~6oWgCooI]߯on?P~yUG~op;vgq=7gmg;=jF~C>{}{zo}%6o9g=nq/wqqq7dzO\qwnぢx7Ʌ^{Hzݷ\ort/'wzzrg|s;Pq[v?2}oWZ/{wF
?;77og,_lؠx_gyTTy+<ΝT<{_l/*T
x;ok<XpxϪfpv|v<Ugp6x{gp1ۆ|]8EE$黟<둞ȳ;r?>vRWOw~^k	<o߿`<$nn?č{œcX~5ύc9..9ǺǖmrWؗ͹A3c}c{lOz+Ot)_.yy/~~?ol(k,Wf9s쏽OKqWC} _ئE`=5u/yvA;5Mk]c=vuW:ǻnm)_x#_ۺbsl-&W3G:=cn
뱮[o=uz؊͗}c=6wnTmm|ǿֺ9ϻa^|,[=ַ?ַuЅЉo]k~GFzIVҷ&췯ዛ}_l>:;oNMvkv޿lvmv޾ݼnw޿=o]wpw޿q~roCxkS=_;ϻԷoݝU捪OyMy_qUݺZK~>rW{5}/.{SӀ/חY/5ׂ̃/חk—zkZ/ׇj__j_گ/׋ӌ/חZ[\/׍Վ//5׏u֐/חw]__%{]__')__+]l_Ծv ^v81e,6;<k~v;!8ڻ1>vdjvC毆l|G>ɵ\z8>!wmЇ>u</'~uã }Gy}0q>wC>w\7<1n~wzW1ק՜c3)s:_5xuO~7vߛ~?wߥć}b)Jg|tN靑)y'S:gtJ鼙N)ҝ)s=S:=:Ss=S:g{Jt^Jgn{tOoOOq,N)y:GS3=S::tJ{tSҙ)s=:SJg{tW}Oҝ))9:gS>S:3>:S:t|JtFħJV|t|Jtf[Ιҝ))ҝ#)sK>S:g|JtʧJg|t_S:gvJ<N)s>:[SJg|vN)1)9:SJgvOΚN)s>:sSs{>S:g|Jto:ǹSJg<wOΠOΙ:׻SJg}twLN):SJg6}twJ鼨OΙҝS)s>S:>:SJgn}tS:gxJ<sL%)<L<t&_޿q[x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^x^/ŋx/^R>
%;4{|4N=>
)GCa
G|4f5>
ÚGh?7Ώ!hq4~GÿGhG>
ÝGѐ~4
}G4~
áGѐHhF?ÒGhh"O>
(ҏah4L~
CGѰt|4W>
,ӏhFR?ѰhR_>
êGh^X?ØGp4|?Z֏h4~
CGhh4|>
s:ÝG!h>
@àGh4}>B]^`00``00``00``00``00``00``00``00`_~?∈ϸM%^}?_x׷n?hcn>m7u:A${7ݽ7!?,12x$Sy+182'S?CNx-}6DZA#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b#Fb1F#Ĉ1b																																																																																																																																																																																																																																																														y	{LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLcy2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!CȐ2dC!d2!Ck7=(*?9ڮ#]v¸p.\…p\.¸p.\…pqp\.¸p.\…p\.¸pl\p\.…p\.¸ppᮬ¸p.\…p_}]…p\.¸p.\…p\.¸pk\;]fv;Pc͇؎h;nk\;C3-twac~=i>}8c|R;c~;Z^x!"gB>w..|`4MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44M]ޭjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjڵ<~fi0i{.iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii??[mVmV[[mVmV[[mVmV[շmkmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVmV[[mVݶ<iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii/{wnᦸpޝ.l׳ښjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjګjjڵ<~fi0iiiiiiiiiiiiiiiiiiiiiiiߥ@iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiimiiiiiiiiiiiiiiiiiiiiiiiiiiii~ҦiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiwM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM44MM4oeyiiݶyk}:j9QWsѩӟNRWu-|w#o_??_v.v/#g>>}USAxώ
~^/׹*gn;N~"
Yaoww6CSC@_lylZ0j;.&Ry03mvC8//;T:UWJ~ffh;odw{=C)!#ᴽH-QKj-d4LDfk30)R@$5U<dx*C֫ʫ1YoZB'SKhi	?AMF̪.ǙMUk#\X -
+࿆(N#1H5oL&_[N!sab{Szt/]f: r6vzDH}$b(("Y?⨤B4)LXըV_i,E\_)뽣@""f5?"J@+vh=1$19Iqn#0#UV¥HAeoAwu+HsH H d8]c/RFg~ C4!Q`?_QgXԝ?ml_ycLk g&_|c<֕rx&1=f\c(A&³PW=>%e9ᲇdws¼YzY+.D
>6in.-ΪXόd\:C
q8>*(=h  
ojcmKwIeq+"sOKeuɩPހl-+u>wPz&59jL%щama`PpUtFwkkOTUVBu)C[#E檕$Oni*bl_r$
nHI|Kx<cW57
oU$r9QjxME͆_"W<;5'[fXAo?!"wJMJDhJ5|uzVH0lkMg1!t>Q5tZ`sϥ79uݥt
GI4m*K<ŗ9šx
Mkd=K*q!+{	dv,C;~ӻƑ`ELߥϠ߽[N:chcR՘A4k7%~˅\I9qA`Q}n.މXٞ0~N=-vC=_@2?`e7 80BQC2lTXW{6f!$qrYJrxc@Y|C!9Vz#=P&iEX}ƺfƔ]+RDT)8$=g\"9
_X`f.I4H?Ov"G\XXt
 .+X!:w2=XLqX|Rbs#akCc5x-Dn}"^9SWK+7<
I2Ppf_Q}($k3E(Bf8/2a̴
yh%Vml{/
3aK}^sCpZʅRwK=5
L}9sdBl߿`w.Zmo=[r_=2cd<ZN)ڤUYfy+^լ<:.W %G·:evcs9fշr6!k)+D7dun[Hv'0*P#7f{>ֵ@2o6~/^XUDG]ǪC\ˆTbi#M.|_vZDsY5 ݮ_Ͻ8nJ	7peOp`f)BFɺ^?vK&~IBS\shzrUucfmu`Mo_[-<4nWgQ{:}`^bPap_.p|dTwukxd?jr6kS
nm:j.2 ӯLopWj+ZWV	5>5zd_6:/+LK"7Ӆ_/2-A9Ki% }Iʤ&*S7!70IBENQ|Ze
OAÌL6
YޱR?RY0ɏ &$(VZӂ}w(W1I
3o	2#?Ib߲dJmڴy܈YOl67tY/	.MPƬZ4E ~(9=ѥ9F"BVҺP(RxlS{5z=9(R[o%*8m'\Ǝ.'|:9iY;Y
៎˯u"ze-ff`'y
zpGs&D1Aa8٪gjS뻀mMuӾ}BI ڥe&-)q̃POՖbj抦GJBԐڙtuK1AIY48
Eq:q'ڛȌGɯ譙.eLpwYSweK;
sL#Xo-tW
wN S.	s %@j=āǚqA,?5Fˆ4[]߅'%d0<,:+љxSmR+ +L(gpUfڮJ0qZ͡J1XjNvR6U똅H*2:*ׄ= ѓ,<]CM>WZxЖZ'mxEr\u&CUYhtl-(RNpE;1ۏ;!l2v	yb0N:0f n1(DBmwkalY/frp[sLMj-ŒEpphPp??JD\gTD:vDNKhq<Iʴtrth x,UVAeDFm'?nj;ԉ,3uZ	a&g:${٣ZiRk<Mg0-'
ؽŃ/5	JĂEB
BTnlɗ:b>8r7r$9&CA۵}+3TQM@F=#-$THԢ.#'DO9#K`:#+{$RVVʡdXHI4@uZհ 5尨fOij8?IDjq((=ځ@LxnR;)䈤Pu=W[[NB,:q7Z2cI;.%9zlAQ]2f*.yŃf	w['42$=7T-9֦{ؙ1˨4>ҾGӏd)ʒDp䡦SuR|T<K;#ÈtZa/Rr1"㕻_};=_9\hcd
Hs~GSߘKեy]09$WU~v~?;p}$d>:CX=*	
;֨,:PxD}7,[Z8E3m\mZY;+~K3Z(lْm䡉Vڲy"\dˎ)u,R<vNhlWvC̛,S^ܭXC͔E_h*: pzdo˘e6MO)	u4k+m)UF.){XZ7H$?G᫋PxV>M
ѽk?\e]BVK$o$5n=J=ɧ&88MDS2'|.nDm]ⱻv_c3@ri'
2;`.9]
hv8N`d8t` 5A&(88|1,J}ư-̑}٪32LdJX zk?:
,^.m5WENʆV<fK@l0<c3L#
jqts}		d0ѥ(
\+hGե {P[PuG7-|{)ϙdr
+|[[+Y/0<lVY+WVOʓ<Y}m5*9Uoѳk}cMJXT%sMVzkPY}ؿNYdqXKdM͜jen7~HLtPOBIż4`X+9)N>iN/ak-|jTD5	p;A	#r}/~iY
VŐ|bT'YׇFsU2$	w5D^9(Pr&7ޙKb4-	;'iTdj!;@}1E']et@zAo<dU"W
	C]䉥Z8t6cvZ׵ew#jM֪ZE^SwV/(r<a+~>/.6?Kl4}]>S1Fpp?jaSx 7#hK&Ճ|B^8@O:<\ܩES^1=)Ԕff4f1CE,SSG
( bM[:'L<_}	WXid/{0HQd$3fDd*iԣJ.ol)ѐRd
Oa3דm2>fm57A?_	rdJrԨpa*kOf`in+=86肩$;p(?ɪFׅ3G35J0llG\d͓k y|DfĥlU7	&;Sʖ˞Z yɌW	B_T`0@Ђނ6c]o١ZY:!և|="	}OZDMF"4+Pȅ̓jM]|H$cė?Ix		çg@;cAp#u&@};v.0]1QQ9~*0<W>F%E"[rN}	ݲ3cy% ծ}^U|3551%[ɃwJJm9QհsKG0\<!2,wY^ʖ3"pDBpaylvbybHo"6}*Of(I&
`xɥT,JYMޜTb-^5U*&I+M3yI_*{bfz"7n&M:%_i[dֳ<V\&vgczDݚ0`37l}kڙXٙ*$rl*Qv,Rw$9p5pA
8U2pL(.\>~nboa<@0QCl…MS6֓*?dcXo	u/\
GFR^WesA.[v50%K`dx3{oI\_oHx/6G-]Dk#3׎^ oы3%8@`_|^pˤJ	F<xB3GmomcblX}/WyIɪc0.R侢?`PJX-ō4Trej-|L@!AB9р\
h%?| 4ߓ]$7",Eazޑo+0㽀@@@@@@@@O\HU)40:FΟA\sW97D/
2杚bbDQ˕~
wF9FYFZ
W&6cXѻ[
MaQˈAB:NE)l-3:vu6X$
˦
Yf"j6gt+HS^$529`!c\$K_kYH&[q:$71p?a~Qά$I%
l趘\0Vhe6NuςPբԖEf)b\_Mm|Yx-ps9*5ulȐWH[R⧨I.C5!32fȵ?'&ZNF-$
zpÂɼ]-4NYGƤ8'MI!3A|"#{`IvYՓ4O'f#@k`})Oyլsx$\%*>G8YTkD"t!zVK#CճW=0gd	[`"2/M^9W+tWXA~$@B`]^IߤQ#b;e$G}2V\$B>K:KUFsn7FϝEu1`vXZ{9:_N72DMu/qQ3	8M=LOve<-ĆMv=v:
-QZ~N3C,nHsOcSiq
 ŏHz5vYU/~)Y~SO6d=TUz?]j	t?\+{=ϛOPNLJ6C""t-oi:X(N):㭘}9m]ABV4:DEєŖO=GzueϨ8eu:ΔEZUdt9C:pHSI&o,,WƜyAR,IbBmߐŅmI;yq+@XG@_B>o4=|
"Gz<ܠvPZ4\5Z`8k#Kxiwl+g֕t,|ɈX^=	!mm㕛Es0樺U(7w"+<Y:vKcvP$"7Kx)Ylt]N"'hcxu 7R+}uZ8~!ˆ[)`=&s0;þXdDC%cQwxpCNZ3!4̦.m`.אR=ɷ.Ţ㋋TMߊ6zD#55	EK2{lm"Pb]?z'#0Sl|ڌe]N].*huSgrMULZμ]3v<‰_>p:$Lu~!kM
C1XXKR	n;`P܏~HO>/I~i"`ma(tBg%`(>qܹfKt\hv.^F/U9ʍ]DǚhGG߈`:fdbtddk^r#Nry
 uL,]0?;k?rRCd:Y.L`ѻR|R',9b?
9A8BZ`ĕߺXc=,w
uV{=BERm8ح#4#BL,¾q9rzž!OiFpwdнfyr0fmUܑ<_ql_ngFi{<c!lʧbt8ʟ5	Ǔmo`,,g/s>1$Cu+fq]ĻԃE*XkVCnIuŠ7bMإVr5/19GaEy=oߣzj8֬>d=TVnƕwP_ZJT]>F-Мn˷dǖR=L
妪$HCMOaUnjDBAw,ka
MXdž/7tTRDzɥٳX.I>\=}E*=ɑ9^σG_kapzDARTX!%
8%.0LYh#=ךYvYL=<U~2KD^߼82S/ZdO`JB (mbRJ53K%$PhMSDo	7
0nW;V}A;
6Jx<
PR:	&JNKf`??NG*0<!kF
+sFږD옰`4;r/{l Tg1Jvr=gKJ
,BS'Tq.kҥ;b؄?:f07=8?r^s1~xWoDwƩz}ozKt'Eȵ37X)>"kjS䯭b!ЩN#@۬]ή0L+2ޥ7ӄ=QIaZ,">NvQ-nwZX#rrSEO=l	kqBCTApK9$%WlNmIqSx/91L+%׏7K9K

o91'S'|{0:"Yۤd76!&Wc^>Յv2Gi`*/rdр5y$bf쑠`>5f֯"`0	Qs\SUY>{z.ALI3O(uYkꮭGaQ4/qa<cmH5:1
=:9TFOԕ$yqBS{^\3	joRt=vOrmKTxO?-jC.fu&W-4-ҦDlħ	`;

+9R&Nx8:zhߔlAtZ(3nAVY4Rw-ɜz/,EӅ~U<(]T;mo]>19{M}`KtqDڬ`/ҡY!ĉ6l9U{РT(t>My/E*YmBU/A1P
L_
Kt/I'B^pr޳x&6ʏ\T7lƢMW&[T0%JHjGʞ8+.bI;"eW'uJto.ȠaȌI[u|iflՙ]zཌྷ~϶K/D{u>078I	o1A"+EMoSeA_Lx:SG#۠Rw1Uw:nhu>c6#N8k'Xd7Xs9G;ΙJX+c!ex{s`+ը
_o̦bbb<7`5!AGm П$Hާ'!bah/?E{3Q-5e9ӵ,xщ=|S[<<0~Y6s?0{&*TNb8!Rcwٞ\IV17Rk5z'RaaG$`eLsj]AR~F4l^-ާ96<-/45\}G]N7PkEڨIK;A-WgSrGU
aѦjX#lb7K=Be"iz$:ŝR`Iք>
VwXj9(ZRYKA=(l_{9yբF@uy"H}
`nz[5nG	յ39KQX"Lz%6iɡ~^0W'\?Ҧq,/K3ΐe˘"7vr-
,#$VJJP*E8bHA$qI$KQH-q
TC6T
@
rP:D܇9A
EC'@,xoP?)aYyC"ԿKsþA=JD&=_I+wEBFwZ,A$bQdt$z=>~*-}5_Ύdz敉oDp!?"DAZJ$=P	vΞhMF;[&InuI|lN݂G+,LBnx?!ؓ:ݿV/ݲb}YUrb,,	,P')Y`Y%˴uuR2n!4%hLtfd;v/ڼKCt2,2lֲ^܃=IbA\PFr53]/~w}h<#Ӄa)?
6~3J0G̲2X:)r
%aґ]f*i
pZ,fRXc=ӓ~Cf	Fx1duA52sl"GBɴj5i9¥zd5lܟUE".[slkk=VX_ubya-ct799^ARJR2 uak*ŔJ대.&8*bAXfC}H÷K:>:hԙ}tdNkCČ&Duܚ2t̢2m9:5y$16j*|JKrs)1ӯoE{m|D:KMl"tK>5/U)	̮1+b*2P=ccWc01ʈONv/zgHn^'2	K|PN<Wxp{*
QFCW.3+Ĺvt*3G߫8,P=L#lA)-
=zMSM)(ׁ+N%0ϕ$`VE$DfO4CpNJl7aI,m27*ޯt!(zC¯)+7ZNID~z}rJA$^).ӌld2Krb,ZGEWE|=m`7ǢR&WTUY%,1Fm}vfe?~=)@I<gduVvj	N-RZr97V}Dg@!WՉ=OZGc~0	?G!ԭInv"18&2/I;-:0!(14їVeRl%ɏ^uHd;YEbj%ѯBb=lKp&+k!z#6&e
%m$r;@eɔ^nOڶfb;6Qgj&s(%LMαRuR&GPjZ4feK*hBYϓZ]v}nldv+fmDY%EIPJ<w2?NJMj#Βg6;~9EފD'kž<x`_ApP)Bph{>7WS$Ԯ^6Ĥ֟C[c]F{RL@({%Paun3OE:!݉ͣLr\!TbUsߔ<0sx6U?&`WíTkS%!^REEDe2A	L1ux3a
C]jWd,\`ҪF+l8bOvvrn{ޔI``gWI绤ȡK"Ih.)Ww/t`wpcy~_E2)fq&_*m/E)oY[?"_ojqS<w*ObW5*b	\^7PUsᄞ>p+az(<smzU8_`,)dn˛{c>Z錨#sP=&-vQ4/A*
mo70YPW)<c*k)Մ?(xc`y.(d6A(4ӧpqjzm׼VP,Spvgovdc$%3J֙=)i<`;\k3),O(uGGlW?]~9#?)*^hMhkYlnj_4G<7I椷9tj*bsNۛvhM~.-!'%3\Zȏx 6bJ5B9oI=ISOw@ò]Hſ< ܓ},X0?xx1Y(Ke?-v)E|	=S9}mEG߫4((q׊0*WYɦ̕yP=paO4OKN&Uahj|k
+UUu1(MC\r:!j1iy$$c{#v3lÒ$r\y;e}i{Ȟ%<c"E7923mlJS>N nz-gLק"R1%>}~ !%yyfp	}μ-7Zm@uc"<."~Ê\rrZeBϫ}5+jKɹzpjg;H[Z4H<mҞ_M!YƁ'"
h5i9M!55+hNomHjLlS%iK[Lv_zB3$uEpeDptPx[+)jx[arn$rZm<?Òl7ً[Rgk!D]1~,xuᓐwu9mν6N-S|֧l`C?/[
;\J_@^D&p_nA{|(@ⱳ!Tdy&A
I1c{|h_}5*A}0$#7O+nVZ,	"}^%
"9Q>G$Ht%lKXPs4\X+4:tFeM;W0]/Jpڣ/v64|C}}no
JnąoTפ~]YQHYhA219+<^(C:UeS"iׅ$.5u
f|S9]5]g5)4\B0uL`87>Kɦ*Op+3r!_LI|uJOy’tꌰ>қ-?.6&s1G[΄A`
s
Fɬ;113u,ۙSnT-.*p2ѸAe	eTt~OJ8lf<|I",^TFĜu}~T.m^3}Ycw,
>-^@ GnJ\
2I+E5B56y3MO52>.(+C0OpMz1/=Ea{<hi7b
ZB?3\2ʭOihƋnNnɞMfID}-6H1]~13OxjM4z}JrW
\j٣C_VBc\瓨\EaYLLSoĨJOo&@'V1G]21eOquy%N
G)W(7y|+-V3s,!._',r
ts4
	0TO#u_'̼ÉBt]kFSn˃UG*u*5"@~N߈J
Dp@j1:/TU7>g&
Ub!RSժ5qwXmɪ/3dt_(QՔM(L?Ϊ
QI_n,CELA25	>|f&>dj7@}qw	`@e-O]\XMD
s|F4W%;w><	ܟU()U
nT?٫jOBiWY-/喯sZЩh
IzlyM,7+)M6zL<F9
ZMSIaS]
E
o\]AGc
ynS}X`ߴ
tֲ4[V؛/[
scrie^=+τ;y
0<:*r&BZj=2aofTARPNmVpzDfx&ljypҬjV)TUU&gN,YY홨7*'ABRBPJ!Lx"FK% \gXe9"2A۬00 q
	᢫酓B<0hcIhVwk*~ ///&Z
O=Ty[o$cr(|k􁐎)3G?Yj`֣&"xvF7ԧc/66ow@.R\RYim43bSLo&szxBvh[|,EdO—rM좬(R>DK/Gnogn/Pn
,
X&"5$`@Y0\E'Bxt։P1+Ѯ#@H\ө5%нUocpUFwߨ"EԒJٍ:߽FܶE_٬ljwvfr2؋BzI#sV)h/B*Ə͍,E*R$aT*'⁩kA{-D
Z7cG1Vz"upnZ
2MpOʈo=ars&T<$oT;lFf`<\k=rW_9/nc]HCh"?*#z&C娔U7-#2sa6@Ù?h/i=ا
<26?`"U}IExI<^7J@P"5㸎R4\o|dplӉZ_9d0PoY$xojLJJ'@p{g_=HՌ+$ORҐxT=~ho2Rjo$wD,;*|n3Y	AF@1|mSI]jÈ?foz=7GR@S4#U5kV5Y,r46'>G\.0&
CF?
=+R#wF-)9njxZ5C2e!dJZ,;Yz\NRfo'\C_,M+oءl5鷛G_zj:E?*(Lg<4H"UG	G(=GVzg[a^8EV~A
9IZ9ҽpփ
otyjsF;GlOF]z%	.d	P’ř0NdHȒoo-Ժn39"kMT׷s@bTE~3mIp|"-Ծ5|`cH>4ouK[B?'kN,q]@-o+ܒ{+ݍ^
._<*@RM+r[RY{Fu65%@"/\_U~l>p/J=u$TxanA۟FԼ\0(A?	/ux60O귉M8,j*K&B˄a-/FQIÉמ=ϡݕd><xMD-~{6]`OT*jWiYaW=^
ˣޓlW٨MŒ"T;L9Yqrƶ1LA}:}
6hM̱rLG6d7ZxٷwwǾ>)gBUPcü;!	䗥JVF|-k-[ZdP+mҭLiF>ar#~jR0
cGԙ=
X0LGa)+4G*0
3ܐ磁7QeQy%/(FcYTIaT.H.bS
ƔXT7x	!onhȮJ*XCwMS#jФyLZ^n.wB^RX).|Ԗ+1E&cQ𧭌"tBHeъ%(IfH02 6λ]S4Y*K[?N6^Xcѿ[,q%b㡳/A kN/v|EZaԨ-G4!G1$Q}̡\G\+N'a<B9\0tKn.Ӕwlņ	<4[4vqX-{C˾"(}Fk^'añLMɓ;XXV%l&]k>Rq`,&xnXꟓ/<^Ҿ x:e#
D+f&݇_Uslf.yV.^$7~|{92	Qq6z0DCWFfhߗ.䑒,Fz9uRj"o9FؿfhM-2J+&;lxM1=-L&/2yQ8xQ::"c᭄Ti=Ϛ^O:T^L*K^
D:Xq|6x&@
? 'x`9%(&ֹ)UAi*+Yn|^.?H]a1VIߢ2d0La<.QYxFeE
s}V5Z~tݶ$VycXꨏ+N-qRq$Vt6	ry-a]O75o]n
h8W"1bV_v216mM׵nM810/Yk;s8*gʴAO7Q0әprhGi"O֎Ў`qșuݤg'r/	KA~Łh4d2
u(!$SvT:e~.UAWr"r<7&NaAM$V6뎹GW<}74R:g#nĝEN|	ꎟ91zƑ719x>GKRK=
ЧXB#WVDwlHvrsSM#/aIu#ax>]E_aGX50g^d Y&cMa*}zɰ'D)tΔ\elbonc18ܯ
ԇ5>A>0H/ε}aa!>*BVB8U!Y(I@HTZgV/ȕ[,ᠩR.MRPWĹ,(Ɖf=UJXX\guYDd%* (V,
T)qrBI0]&Vvnh\&xXIR՚3,%$
DU!#*(95	v0;>@Y=)!1gWWE|8'Ei3wlŏ!Ay_
xzK-?r<f&/͈r}*@}X0BŮa¾ǚ4;wDtLabр`Pp#DJ+!qgIT*jmZ.ҩ;k~UEiV8N$` N>`C&_R(KT1=5mz%g!Fj3^aV<|V"Ŏ $润E;P<RjEX-#G=3INcy$@|Qv!2笁ar$`Yo#>f5AzdᲵ_6~mROf<x"*C**jc%>xg,E٦b
.!Q} 'b:#%8n(PrniMpy˜7=o߁g0w&dZD:@(BK1yo{ 9`XҐP5`-ނ~'XE%/'@d[, asi`i|c4>nl/e,ޯ%.V1Gp“,ѽ*md&r>&ͼx䀞zHr@G'}\O?n_9ur:nzX߽oczlw/H*\t2R;"$0	_*aeSr":bR:dkC%Ȋ5X43Yi?~
R/R)+%6g
K:ՒԦ%'So	d*5ifDNAf.BJLSXh	Kt*fZ,VXUA[aV8*z:
WM0QUٙ9,6,	>`-qƗeF19ċ
h/hROKaa%nyܲtH3 g[`A;{1>QW>:!ދNsA=;>~mًtvTi!!X%ަs(.2x6%_d;IYX匩pWƸR[N@=,Fۥw,:<ޡft+-dN%:uɴ3MAQdnz?X=f9f0zG7-)/s­V!6PҨɳ#6Wݐ3f;E-Mhfv:y6LTgU
=Iʜ*h0rr=J:R.zvRq8G=	O%
bߌUq2suԒl$yX`".EW	̤$dM$!Cg#,2v#+BQ-`@̃"jtâ
`^i%AM[G:B/'Q㬌;ߔqM]U@&G[m<Բ5l*qz:xA.F/%lɤ޶)޶J`t!SҔZ.ieFƙ	g:rekAM,m!T~5nd.32yNJZb2w'ȴz5n~{ѽT.CHQVCW6gyL\:][)%ZX
0=obA̢MU4jM&=#-UH0-4ws,$L
\ST͙)
ƥօk	ci[b	J}~$$ffX&˜'ל1*k=ڗ1W9n31H"ؓy-O9Xwy[NUFB{8kE.n(~A#;v2Q}4z(7FQɉ52*հI;zK,E4+O+J]KQ;^"uA*1L[|[N*!dH.cBcX5rOVEoǴRSp8YM:zqLӲYj
_XR2r,"r>]rIXWkːUEqqf\GX8
	>WOE%zFFԹacz2fu56Yэ)nmNi,-?ШD'~huν[#]4&=`|O`+UUpIyGPbb3P;Zӷl͟BB8F/7)c	Փ\Yc!,3X	#cRvMObvaH-D+eg=%G.HvǾa'~FGݰΜh(7,)3\zuLeHE7z}E$S`.'65Ss%U7\1j39Ŏk8\v
5G4޶(oe(x):rPN>,)7҉NXy:OxN[Z0؊LP::QOSC)oAzq7ަ{
K)u67
isE7(I{e+P.JޟT^巎4(r'V"Y%=;O
e3xZN=顇8ԃSGqJ0QT飾ݓJTiHh[:e)+T:d,Y-l)|*-h㇏onfk<%e4~܊gJ9Bm}6\nSĜM`P^m:삋k!)@nzJ./XmJ98|0!i(dpǂ^x"NC#x[D
ib	~W?\Èm+öǑ]Hsۇ>2D0?} 	T!ͯU.)HzxˠvCyLm9FBŁO˸\oYe3VYf<W6fO¾Gƅgr6>B[diV;z-ʏJjJ&1NMIBF,vS_啇P*HD?/x\
u	8*i-X~bk-7=afS+lL
˫	<O0ro,R	eZy	L<1b
fqa5V&Do0GG;fm7CJGb)@d]9`*"^K
e7`|:RkgOYpt/w
sOëyp#Ɍ{)%5ssp.B":.+{fe|u	)0SQqnй:EEw*H$lt7]QV~Ze1|<S{ÛHSqY;&xbKl7Ha*[C:D?;|$~!YISrF8IH8*V.nZx~B]>5e`C>U$[Hr-nRH\7@|8B1ɰ4wk^pN+4[l,tO"Ou=
@"АPyjT1`:3B_X0N:}[(3"B	|Oիӂņ0 ׌ȫ?RQ00RU&Dh\b]{0	~_;Ŏ ]h)tUCM4w>"4U(lI%BLMq(Fڋ$5Ay&rCЄrjv6	QnQ|"
&b8jdhF)7WIGL|?Ŏ/tQV3͌pm67j[e̮6q}Ux(/{]2߃/*yy)5_sj$Cmٞ(j0RVUɐs׳ +X)ٛxg}w;;Ԇ1
X)w&al`n}ػt+jʒ+4X5ޑdr5-_d1S:iMH^Ŵ4TuZ
~	s:tx2`uYX#)[=C]Bm j.5Fnĕ5/yK\
p+YL+ttVLʿ:/85abb!4.;&S,T+A'dHo-U&Vx/Z/OrOvG/K6|m$DjDŽUJ96񳖗]{?jL+SТ@7;mؗ
YkSPㅎa<~7turRl#JOpD!
ɪM59`_R2'6Y:_&dm>]qh5#A|>ޞ:ϊy])EI"eV/|;sU*!yQ;I6.=@j-rUj~bp==հ-R
li;}j_T2z4xy@ew)-_Ȑ@@2N@ *(+N}O"&<&%!80	j0,6)@W@lDKP$'5
C.ߦD@F,5%ɇQeBǧ%Ԛ_ A.={}e.:͉58[q_K !wMڶ
lTʦY
!Y0.
ev*RˢB-CAg'!ck)HST4ÿH!'P3s&g}z*\aYVs
+vZ
tfUH9\393_I׳nA(f5lsʡ]_M%'&ae^YՉMQqc&8
ljo0(`KFa
J^xduID15(!C2<bO,>M\
AQvX1U"!nI!>2&sU*Z#-5w?5<Df%lٴ3M5U;)f"%?r >883k>lYCTgJNff"+ܕ,d7eG>-M0ӫuymJSXBeJw	٫1f^.OCD&:2@\:xQa)U!QFdĔ^e	"^Ya.>–,g<mjk8fpO1}YO8-D"Qi.Mo+9,4u&Gaj,!V)Q9]KfQj'ks`Uͬs[x!P[̅NUO0B|끙1M̦*0wisLe)Tr}abjuR1d XsiRkeOe*suɘ)تR7ZOMLVg.D"ssŗYmJ~U
/xf)u9ldG;ɓq	xc7ЪTCoqX̶bzR;3ٵs/5N臁jVfJ=i/:Ե3-^NbtL$)303\c_.8gA=`)%p$y5xNSU72fKHvVYcAl55	լr|CɳPZ:?!/l#+K[LTAiDߪM^7ٚjB5L=$OHUEgvkR1JDLt_(V66@X	wUNhtKVͣ>\[L@rL
!lۚT\HLVQ@&$pʍd6ku -K!RX$”N3}U@ѪaԇK !OFStIԢ*]/KYڵqJ+ZEsM6OC'Ff8
_r+
q,5gmrC0;MYK1*Q1#a]f\中uqdmD>E۳nL.KӒ亡)4M\35UAR`K'n^Y 64Vr5nVaȉ/eMn6c,nkՖM=ӑƂ!1ȍ$Rd9 CVcUtr䧄cԖ}~IkZWtW19ޑǔ3*5-IWi90O~W$+8Zvahbm)zCO[E+O""do=o~mEI"@id${@Ȑ>W
/xox	 1,-I=}P~x9_J>9EH%1ygU~rsf	'eh(VzAЯ.(LAE"hّq=9p!=|ްl7{后?tyJ<@E͆w/?K66HOP[#$O|3=D{sSk>@1cZȳ#BjC}|mк<ZEsX[-(!
l{7/ΙxePQ%}@݌/XJT?PlOQrdu+WJ㠇MؒH?=)E]
	z>	t##)#+DzE;H_D+s$_|ﵿ_4z@G=B$GU1mkeQZk^)n`ԃ\l_U/ҿvFJ閟v˸/6flj}F۫ф~!UFD+9L\@t~zW_;[ڊCXOd*niʮ84ҍ}]bvu4tmWF[݈[n3|~PlH۳B"hk&}{c4bgs hsvzCP@$R]\'F"큜ufA:\k}vюHl!P|
v{9/r<GnvD:b6Rz{XuZ݁#Xc_ghC7Uo#.):cybk4"T_pF8U۪IsꑣzG"phVk˖-bBs62Q؁m@4发Iɕj]Vhd<"AB4>nqCx}0s+:(H4}IiWe@NV,+ݭn>=lrp6Hv`/H#t{]Q~o/>v-
i6`qM٨q,`b8cmY/W9D5{ݵ!#ֻ3^Hz\/q!"/Wo]]hlBWnPTxG~l9}߳/oGV抷naآml 9_궺l?5[_462^qX=|we>*ߩ4\ʉusxף3B޽bxFv5uTbk;~umʸ@	_ljQ>*޼獋6~@HHhٱFҧ쬏sM:݁&ڀb7گ2Dsu^n ѡ;_
Fb@8dž{є㍲cMAB	XX6/6}twh5^o9}ӭb6 i;p[nѻH
,wu)7h=^㽏"]#PZ<*1 ;rbCo*IֶsȿWv.
7kJֺ;hL{*ǘ#\>5;gU(?^aSg^rd̎[	d߹C}ODN9Ř|s8EH>>F8\r$td.)ke}2EW1M=wh7(94;ϜLQb4H$wHظ
=Z݌|p9r;1B1\s3L")M싖J[MӔ'I5IN*ry!tL>Փ|EkH'fm-&ƦO~soAv[D|>NBΟШcCSd4{ xo=$ưɖ5PRȞU$*ܜBqS~`IE)&TYD):zXgO):b)l+<FD})"+FL*fSQr^!")>qinT!r"CHQ+4rEYitКO)=cGDC&zjsҥP+zW49GEuKXTq-Db"֚ᎈDФ&:Υ4KTr룎қbyA	Es;e7:+`#;ǭ{i}xq-Hu/΍ǹh9'hqM4):2I$ueĶZF9靏d(/"йinO(fsPhfW9(šEtfcvHߤ%\$V1ZP_ߝ1TCi"9ǡ_rpoE<	6|H4-G朢}6
$joƬ\7+Q_;l}2RJ^ӿOR1}-Cߢ2a{bLL?&JfM@87v2e?޻J><5A! G9>4Bz8_Z:}lpo+jt4[VW 
ۃDQU`X6 \
U`V

`LNWF
 r@.ɱ"w6)Ӥi="L-P_
}_{FZv2IJ.;y[7lTT'ya*墅\E(\?W)&5E_:%hq3c'/c|+4MD5XE慢K./˥
kгnE?d.hy,i4'<йT$VV}ێ6ǥ91^?9Ks:G*,]H4ݸHYlDS,CBD;v*i['Ico$rrY}=f`'	TI~7_Ǯ	|ȓ	®rD0q$H@b8@d$Q@@"l=2o`9h0&Lay	Hlz7/>Q<9 B}&`뿕<ɜėx stu-TbI<i7ӷua4ׄ`y([b[OЬpp>0<FQ^~^<%wu2)k@ZuپnVtin}ט[/945֥KuPюR_co]?+z_]ڴoN!?kEKJ aUD#52`orUlm֛+VmU[g$G㜿mJ()%JN;e!I8N4B8zJ<w@ CE#w`]{y#ip2
A^3X^֎ֽϺ:q-ZY^yIgլC1^ʬb88"	xӆ&Lef3d#h}owKGiOF-BVtynwyɊF$$쇥RZHQAgFs:|qgfX)NvԤ誳s0gd%.#4'2gY@ӣ;.$CSrAw5Gc?o#ɔU7;IԞgsLR'j"G%3"3Ա ~=-=ڙ61|jS&:aCH8yW%ȕ/v.]$dUp5(qg$3ȞJl>RƛQ)ש
D(ԛ<
ko,ձ1l񔲊&S)MM?PROkNƻƖ1ΕC.aHDVJDl,AKc|
nO2C5#by,xB<R%xsnQl1gkG2Y%Q9*^ɏ(|kF٨:C	p:FfޑSE'hnꐤܬ~gɑey$Us5'ȿ״aVd.QO/w&kIˍ-b"&jO#0FjP{ԺX!ޘes3(89lDNC}]>KLeO.DI9-l4*MO2}j˦ÖĸCZG;v^.Qʢ&9e-0^V>T<quMyv	5\ԉQL;*X]cR{qv93ɠ=3,R&&bdMqzjhk
I3mY*y<fj0hS֛s4g1]63&2Q}<돨t!8kҎ6ҒAYMdD*t((WtgJ1Fkw1vԄ~JE>Q1w8KIЌ z<rTcg'אwz\vV]Jد6^1%j"?XZIܼw_]Sk'4i:枤y	Ǚ>pfJGbyWnu4/rQ$*QȐDjz)ތ
:,8ߏjŻXNҨF֬]81`;
+U{QUMdD'rj?@"f36`jnXPu@Y)QR2-7slNUƍS'$="RD|®
4RJƄkeᮙ]cSdt@#x+	xуTh->IGk{XRr@z|2>Kd>wVA"S{p8FАcɽ^c\y]ArB|Ӧ
3=K}:h ͹_
;=/*U`pǟ{#z4_LPJ_IN/P@c̝\V>dH-viﲢJ77#QЎ?,p^Zh+$s;^G#3N
lЮtTLMh_;a4-M	}EC!+2䒱v?'WMS9ӧW1,-riڂvfKk\i=5G<D,+Ŷ	/W
]vt3mwWKz-C[wͦ&R&$2}U1uxۆL0Iv%S."-Kf/B=}xuaH,d6nNa=`LKBrM%´4sQ5B/3/3,^01#@.ːD|f`o&x2cCh1Qte>3crdF̣2fpu]!:&"mf/P{[p!4v:Gaxt/_Oe'eمN̟~?39r|3&L|Y=#nYTpqhyE^X
gȦg3cw"yȳ֧_#AZ]MK-B^(8*V}Pݧ,%uTa_cF/K(-\nGĢuQXd7pIf&<{|Vy`>4|9n(cm.\|^	 ֎6'̴$'pdqKkGژ%IcYjKV;ܼ^)Zb$mJ糑O%\<EĤoƅ2nGKG.9.Z0i_+(Ml1O΃j/+B"*d-ˁvjW7OuiGDXX
XiLs41:hF R*\,Ne]":&ő-Vbt:L
^&2{Ҽ_3|s;\9G"^ِhEa9#=~_kXo-Z%Qf-ٕKCrRe=+%Bxhc8ew#uB1MW##n>ڬ\B}I)ifw>ɪn]jO@Xͥ]r8:䥚At?&wܡbAO蓓Ι9.I;p4iHQznH{\fr31yZ2&s醌;TvօFkyc{sqXL	H,g/GvLʲsOuBwwrrܸ=ިo[Єm~H?"]d`Vफ(QJQJߤH)*J؞*)Jh'jJ㢶}j'J})*Jբ}QJܤH7\3HtE+kM
¥SW-MU&i6*lV14ZIk8Q
&5,Z
#TIswYbW0AUfjo򶞖8qrXy`KGOɧHmxd)Ϣv\'kVBD,6<]DX.:"kԅ@̿<׶|/tӈ(nO	R{TjB;FqugW
L;8]fGN7ȑ`pօdYg[XE2#2F
Bp"<ă5I]st2 :p%ӭӸPպD`.tQ6P"B>]@"cd[$flwGfԴ/A7oܢΊC}f	J8Y{LT2Zޞ% VjZ#!szJ'xRlt){s-RtEbB-*X\j0\5BF[ˢ8zd̆ZZS1tP+Mll`@oQWJ:UӀk9D9oZ_#t mNY`S	 37*P]+o@6[8eCYUJuPANC@Q_˧rk}S'WT]xծ~}GqýM}^AtGR௹"[.܃-GIzF82oЏot~Ƀu֫OEoN6zW7qYueaa>U?1@Voz?~տ`,| 'ۆ8BGmA<٬߂W{D<9̦k?`07o|nd0sa=ZDaHZ5#in?~m;1u|>;W^q1]a8B^ݠkZ?^7|%?~OGD_>G4߈8zA_|O#>WK=ߐW~ꟿW+qedu6~s[P!}#[jn#T#BpD:Gޕ#aoE[]oKlն-Bc`/·ߩ'	7*^#7аvC##82:`YGT;Wk؄C+k'c!Mf:BQni^/_撿ݓU
{Kxlj7^%^ 6nV_նa֬\	Cp^q^m%&[rl'’	WS!DLj[`ӯFlװQV~mv>a*6<;\ـy#=C`{?a;b-N_McbӡFR_[AR ƪ\.v`A]l6
YkMIl!
*A2.4ΫX
OUg=k[ՠ[,Ol{n:Lpvh.'AL׳mw
@c!Ѹ1]-4m4}GcH{xLbd2Į6+_%QSNh'|N#VP21~LHc+N6{a
֘׽#SM%OLXC*F50U_6{񣫾R
pr3uo ZtIެ_1$j
:XiOrGc#+}|)yvZA+vGcp@`(c
(^

Anon7 - 2022
AnonSec Team