| Author | Messages | |
ioplex
Posts:0
 | | 02/27/2008 8:56 PM |
| I'm trying to understand how clients get referral information for
domain based roots that are not hosted on a domain controller (meaning
they're hosted on regular file servers). When the roots are on a
domain controller then they're listed under the domain name like a
regular share. But if they're not on a DC then how does the client
know the path is a DFS path and how does it get referral information?
My best guess currently is that it does a NetDfsEnum w/ level 200 to
get the root names and then because it now knows those names are DFS
points it then does a referral with the DC to find out the name of the
fileserver.
I realize this is a deep question but any thoughts would be appreciated.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| h2bear@msn.com
Posts:51
| | 02/27/2008 9:26 PM |
| Hi
Here is a good FAQ that you may not have already found.
http://www.microsoft.com/windowsserver2003/techinfo/overview/dfsfaq.mspx#E4C
Here is another good article on DFS
http://technet2.microsoft.com/windowsserver/en/library/20ffb860-f802-455c-9c
a2-5194f79a9eb41033.mspx?mfr=true
But in the simplest terms, The Domain Controller knows about the Namespace
servers which host the namespace. The DCs refer you to one of them and the
Namespace servers that keep track of target servers and they refer you to
the appropriate closest target. In Windows 2003 R2 the systems are better
are locating the target systems that are closest to them. In Windows 2000
the site awareness was not as good or resilient.
Hugh
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael B Allen
Sent: Wednesday, February 27, 2008 5:54 PM
To: ActiveDir
Subject: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
Controllers?
I'm trying to understand how clients get referral information for
domain based roots that are not hosted on a domain controller (meaning
they're hosted on regular file servers). When the roots are on a
domain controller then they're listed under the domain name like a
regular share. But if they're not on a DC then how does the client
know the path is a DFS path and how does it get referral information?
My best guess currently is that it does a NetDfsEnum w/ level 200 to
get the root names and then because it now knows those names are DFS
points it then does a referral with the DC to find out the name of the
fileserver.
I realize this is a deep question but any thoughts would be appreciated.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ZJORZ
Posts:131
| | 02/28/2008 4:00 AM |
| Queries for Domain Based DFS root always start at the domain controller. The client does not know anything, it is the server side that does the work for the client (as least most of it)...
for example: \\MY.DOMAIN.COM\SOMEROOT\SOMELINK
Q to DNS: DC for \\MY.DOMAIN.COM
Q to DC: DFS ROOT referral for:\\MY.DOMAIN.COM <file://MY.DOMAIN.COM/> \SOMEROOT
Q to DFS ROOT: DFS LINK referral for: \\MY.DOMAIN.COM\SOMEROOT\SOMELINK
Q to DNS: IP for DFS link referral: \\SOMESERVER.MY.DOMAIN.COM\SOMESHARE
it is something like this ;-)
Which target is selected depends on sites configuration, subnets configuration, DFS configuration, etc
REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
Met vriendelijke groeten / Kind regards,
Ing. Jorge de Almeida Pinto
Senior Infrastructure Consultant
MVP Windows Server - Directory Services
Logica Nederland B.V. (BU ISA Eindhoven)
( Tel : +31-(0)40-29.57.777
( Mobile : +31-(0)6-26.26.62.80
* E-mail : Jorge.de.Almeida.Pinto@logica.com
________________________________
From: ActiveDir-owner@mail.activedir.org on behalf of Michael B Allen
Sent: Thu 2008-02-28 02:54
To: ActiveDir
Subject: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain Controllers?
I'm trying to understand how clients get referral information for
domain based roots that are not hosted on a domain controller (meaning
they're hosted on regular file servers). When the roots are on a
domain controller then they're listed under the domain name like a
regular share. But if they're not on a DC then how does the client
know the path is a DFS path and how does it get referral information?
My best guess currently is that it does a NetDfsEnum w/ level 200 to
get the root names and then because it now knows those names are DFS
points it then does a referral with the DC to find out the name of the
fileserver.
I realize this is a deep question but any thoughts would be appreciated.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
| | | |
| ioplex
Posts:0
| | 02/28/2008 11:13 AM |
| Well I'm really interested in the specifics and from looking at
captures it's not obvious what's happening with caching getting in the
way. So far it looks like the following:
DNS A query for example.com gives ips of dcs (e.g. first is dc1)
NetDfsEnum to dc1 for example.com level 200 gives 'root1', 'root2', 'root3'
referral to dc1 for \example.com gives dc2
referral to dc2 for \example.com\root1 gives file server (e.g. fs1)
file ops on \fs1.example.com\target1
I have not actually seen the NetDfsEnum but I assume it must be used
because I don't see how the client could otherwise gain knowledge of
the root names.
Mike
On 2/28/08, Almeida Pinto, Jorge de <jorge.de.almeida.pinto@logica.com> wrote:
> Queries for Domain Based DFS root always start at the domain controller. The client does not know anything, it is the server side that does the work for the client (as least most of it)...
>
> for example: \\MY.DOMAIN.COM\SOMEROOT\SOMELINK
>
> Q to DNS: DC for \\MY.DOMAIN.COM
> Q to DC: DFS ROOT referral for:\\MY.DOMAIN.COM <file://MY.DOMAIN.COM/> \SOMEROOT
> Q to DFS ROOT: DFS LINK referral for: \\MY.DOMAIN.COM\SOMEROOT\SOMELINK
> Q to DNS: IP for DFS link referral: \\SOMESERVER.MY.DOMAIN.COM\SOMESHARE
>
> it is something like this ;-)
>
> Which target is selected depends on sites configuration, subnets configuration, DFS configuration, etc
>
>
> REMARK: E-mail address change: "@logicacmg.com" is now "@logica.com".
>
> Met vriendelijke groeten / Kind regards,
> Ing. Jorge de Almeida Pinto
> Senior Infrastructure Consultant
> MVP Windows Server - Directory Services
>
> Logica Nederland B.V. (BU ISA Eindhoven)
> ( Tel : +31-(0)40-29.57.777
> ( Mobile : +31-(0)6-26.26.62.80
> * E-mail : Jorge.de.Almeida.Pinto@logica.com
>
> ________________________________
>
> From: ActiveDir-owner@mail.activedir.org on behalf of Michael B Allen
> Sent: Thu 2008-02-28 02:54
>
> To: ActiveDir
> Subject: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain Controllers?
>
>
>
>
> I'm trying to understand how clients get referral information for
> domain based roots that are not hosted on a domain controller (meaning
> they're hosted on regular file servers). When the roots are on a
> domain controller then they're listed under the domain name like a
> regular share. But if they're not on a DC then how does the client
> know the path is a DFS path and how does it get referral information?
>
> My best guess currently is that it does a NetDfsEnum w/ level 200 to
> get the root names and then because it now knows those names are DFS
> points it then does a referral with the DC to find out the name of the
> fileserver.
>
> I realize this is a deep question but any thoughts would be appreciated.
>
> Mike
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
>
>
>
>
>
> This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
>
>
>
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ioplex
Posts:0
| | 02/29/2008 3:50 PM |
| Does domain based DFS work with domains that the client is not in?
Given a UNC like "\\foo.example.com\bar" how does a client know that
it needs to retrieve DFS roots for "foo.example.com" for comparing
with "bar"? More specifically, how does the client know if
"foo.example.com" is a domain or a server name?
>From studying DFS in general it seems to me that the client needs to
know if the name supplied in a UNC path is a domain name or a server
name so that it knows to retrieve the list of roots (for trapping DFS
paths and subsequently doing referrals). A DNS SRV query can determine
that easily enough but from looking at captures I don't see that
behavior.
Meaning, is "foo.example.com" a server name or a domain name? If it's
a domain name then ok, it's not a problem because it's probably
already in the cache of DFS roots. But if it's a regular server name
it's not in any cache so we have to do an SRV lookup. Only then does
the redirector know if it is a domain name and thus that it needs to
get the roots for it.
Any thoughts?
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| mbarker
Posts:13
| | 02/29/2008 5:31 PM |
| Yes, a DFS aware client can access domain based DFS within trusted
domains or domains of trusted forests. This usually requires the use of
the FQDN rather than NetBIOS names which is best practice anyway.
DFS is higher in the communications stack than the redirector. Before a
DFS enabled client connects it compares the target name to the trusted
domains cache (which is periodically retrieved by connecting to IPC$ on
its domain controller). If the name has a match then the client knows it
is handling a domain referral, if not then it's a standalone DFS.
That's the nickel version if you want the whole dollar then you should
read the TechNet "How DFS Works" article. There tons of great info
there...
http://technet2.microsoft.com/windowsserver/en/library/a9096e88-1634-4da
6-b820-537341d349061033.mspx?mfr=true
Mike
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael B Allen
Sent: Friday, February 29, 2008 3:49 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
Controllers?
Does domain based DFS work with domains that the client is not in?
Given a UNC like "\\foo.example.com\bar" how does a client know that
it needs to retrieve DFS roots for "foo.example.com" for comparing
with "bar"? More specifically, how does the client know if
"foo.example.com" is a domain or a server name?
>From studying DFS in general it seems to me that the client needs to
know if the name supplied in a UNC path is a domain name or a server
name so that it knows to retrieve the list of roots (for trapping DFS
paths and subsequently doing referrals). A DNS SRV query can determine
that easily enough but from looking at captures I don't see that
behavior.
Meaning, is "foo.example.com" a server name or a domain name? If it's
a domain name then ok, it's not a problem because it's probably
already in the cache of DFS roots. But if it's a regular server name
it's not in any cache so we have to do an SRV lookup. Only then does
the redirector know if it is a domain name and thus that it needs to
get the roots for it.
Any thoughts?
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ioplex
Posts:0
| | 02/29/2008 6:48 PM |
| On 2/29/08, Michael A. Barker <mbarker@cyrusnetworks.com> wrote:
> Yes, a DFS aware client can access domain based DFS within trusted
> domains or domains of trusted forests. This usually requires the use of
> the FQDN rather than NetBIOS names which is best practice anyway.
>
> DFS is higher in the communications stack than the redirector. Before a
> DFS enabled client connects it compares the target name to the trusted
> domains cache (which is periodically retrieved by connecting to IPC$ on
> its domain controller). If the name has a match then the client knows it
> is handling a domain referral, if not then it's a standalone DFS.
Hi Mike,
Ahh, this is exactly what I wanted to know. So theres a trusted
domains cache. I see this is also referred to as the SPC cache.
What communication over IPC$ is that exactly? I assume it's some RPC?
I tried dfsutil /spcflush and then getting a capture but I nothing
pops out at me as getting a list of trusted domains.
> That's the nickel version if you want the whole dollar then you should
> read the TechNet "How DFS Works" article. There tons of great info
> there...
>
> http://technet2.microsoft.com/windowsserver/en/library/a9096e88-1634-4da
> 6-b820-537341d349061033.mspx?mfr=true
Yes, I'm familiar with this document. I guess I didn't read the
relevant parts carefully enough.
Thanks,
Mike
> -----Original Message-----
> Subject: Re: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
> Controllers?
>
>
> Does domain based DFS work with domains that the client is not in?
>
> Given a UNC like "\\foo.example.com\bar" how does a client know that
> it needs to retrieve DFS roots for "foo.example.com" for comparing
> with "bar"? More specifically, how does the client know if
> "foo.example.com" is a domain or a server name?
>
> >From studying DFS in general it seems to me that the client needs to
> know if the name supplied in a UNC path is a domain name or a server
> name so that it knows to retrieve the list of roots (for trapping DFS
> paths and subsequently doing referrals). A DNS SRV query can determine
> that easily enough but from looking at captures I don't see that
> behavior.
>
> Meaning, is "foo.example.com" a server name or a domain name? If it's
> a domain name then ok, it's not a problem because it's probably
> already in the cache of DFS roots. But if it's a regular server name
> it's not in any cache so we have to do an SRV lookup. Only then does
> the redirector know if it is a domain name and thus that it needs to
> get the roots for it.
>
> Any thoughts?
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| mbarker
Posts:13
| | 03/02/2008 10:26 AM |
| I'm not so sure it's not SMB traffic but I can't say for sure. I did
quite a bit of investigation just as you're doing but that was many
years ago. In fact it would have been Windows 2000 RTM. We were early
users of DFS back in the unstable days running the DFS client on Win95
and the NT4 server components.
The whitepaper is loaded with information. It's one of those documents
that is so dense with info you can read it a fifth time and still learn
something you didn't get before.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael B Allen
Sent: Friday, February 29, 2008 6:46 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
Controllers?
On 2/29/08, Michael A. Barker <mbarker@cyrusnetworks.com> wrote:
> Yes, a DFS aware client can access domain based DFS within trusted
> domains or domains of trusted forests. This usually requires the use
of
> the FQDN rather than NetBIOS names which is best practice anyway.
>
> DFS is higher in the communications stack than the redirector. Before
a
> DFS enabled client connects it compares the target name to the
trusted
> domains cache (which is periodically retrieved by connecting to IPC$
on
> its domain controller). If the name has a match then the client knows
it
> is handling a domain referral, if not then it's a standalone DFS.
Hi Mike,
Ahh, this is exactly what I wanted to know. So theres a trusted
domains cache. I see this is also referred to as the SPC cache.
What communication over IPC$ is that exactly? I assume it's some RPC?
I tried dfsutil /spcflush and then getting a capture but I nothing
pops out at me as getting a list of trusted domains.
> That's the nickel version if you want the whole dollar then you
should
> read the TechNet "How DFS Works" article. There tons of great info
> there...
>
>
http://technet2.microsoft.com/windowsserver/en/library/a9096e88-1634-4da
> 6-b820-537341d349061033.mspx?mfr=true
Yes, I'm familiar with this document. I guess I didn't read the
relevant parts carefully enough.
Thanks,
Mike
> -----Original Message-----
> Subject: Re: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
> Controllers?
>
>
> Does domain based DFS work with domains that the client is not in?
>
> Given a UNC like "\\foo.example.com\bar" how does a client know that
> it needs to retrieve DFS roots for "foo.example.com" for comparing
> with "bar"? More specifically, how does the client know if
> "foo.example.com" is a domain or a server name?
>
> >From studying DFS in general it seems to me that the client needs to
> know if the name supplied in a UNC path is a domain name or a server
> name so that it knows to retrieve the list of roots (for trapping DFS
> paths and subsequently doing referrals). A DNS SRV query can
determine
> that easily enough but from looking at captures I don't see that
> behavior.
>
> Meaning, is "foo.example.com" a server name or a domain name? If it's
> a domain name then ok, it's not a problem because it's probably
> already in the cache of DFS roots. But if it's a regular server name
> it's not in any cache so we have to do an SRV lookup. Only then does
> the redirector know if it is a domain name and thus that it needs to
> get the roots for it.
>
> Any thoughts?
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ioplex
Posts:0
| | 03/02/2008 2:08 PM |
| On 3/2/08, Michael A. Barker <mbarker@cyrusnetworks.com> wrote:
> I'm not so sure it's not SMB traffic but I can't say for sure. I did
I doubt it's a referral. I would expect it to be an MSRPC over an SMB
named pipe but I suppose it could be some other transport. Or maybe
it's LDAP but that would be out of character.
> quite a bit of investigation just as you're doing but that was many
> years ago. In fact it would have been Windows 2000 RTM. We were early
> users of DFS back in the unstable days running the DFS client on Win95
> and the NT4 server components.
>
> The whitepaper is loaded with information. It's one of those documents
> that is so dense with info you can read it a fifth time and still learn
> something you didn't get before.
Ok. Thanks.
If I find out how clients get the trusted domains list I'll reply for posterity.
Mike
> -----Original Message-----
> From: ActiveDir-owner@mail.activedir.org
> [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Michael B Allen
>
> Sent: Friday, February 29, 2008 6:46 PM
> To: ActiveDir@mail.activedir.org
>
> Subject: Re: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
> Controllers?
>
> On 2/29/08, Michael A. Barker <mbarker@cyrusnetworks.com> wrote:
> > Yes, a DFS aware client can access domain based DFS within trusted
> > domains or domains of trusted forests. This usually requires the use
> of
> > the FQDN rather than NetBIOS names which is best practice anyway.
> >
> > DFS is higher in the communications stack than the redirector. Before
> a
> > DFS enabled client connects it compares the target name to the
> trusted
> > domains cache (which is periodically retrieved by connecting to IPC$
> on
> > its domain controller). If the name has a match then the client knows
> it
> > is handling a domain referral, if not then it's a standalone DFS.
>
> Hi Mike,
>
> Ahh, this is exactly what I wanted to know. So theres a trusted
> domains cache. I see this is also referred to as the SPC cache.
>
> What communication over IPC$ is that exactly? I assume it's some RPC?
>
> I tried dfsutil /spcflush and then getting a capture but I nothing
> pops out at me as getting a list of trusted domains.
>
> > That's the nickel version if you want the whole dollar then you
> should
> > read the TechNet "How DFS Works" article. There tons of great info
> > there...
> >
> >
> http://technet2.microsoft.com/windowsserver/en/library/a9096e88-1634-4da
> > 6-b820-537341d349061033.mspx?mfr=true
>
> Yes, I'm familiar with this document. I guess I didn't read the
> relevant parts carefully enough.
>
> Thanks,
> Mike
>
> > -----Original Message-----
> > Subject: Re: [ActiveDir] DFS Referrals for Roots Hosted on Non-Domain
> > Controllers?
> >
> >
> > Does domain based DFS work with domains that the client is not in?
> >
> > Given a UNC like "\\foo.example.com\bar" how does a client know that
> > it needs to retrieve DFS roots for "foo.example.com" for comparing
> > with "bar"? More specifically, how does the client know if
> > "foo.example.com" is a domain or a server name?
> >
> > >From studying DFS in general it seems to me that the client needs to
> > know if the name supplied in a UNC path is a domain name or a server
> > name so that it knows to retrieve the list of roots (for trapping DFS
> > paths and subsequently doing referrals). A DNS SRV query can
> determine
> > that easily enough but from looking at captures I don't see that
> > behavior.
> >
> > Meaning, is "foo.example.com" a server name or a domain name? If it's
> > a domain name then ok, it's not a problem because it's probably
> > already in the cache of DFS roots. But if it's a regular server name
> > it's not in any cache so we have to do an SRV lookup. Only then does
> > the redirector know if it is a domain name and thus that it needs to
> > get the roots for it.
> >
> > Any thoughts?
>
> --
> Michael B Allen
> PHP Active Directory SPNEGO SSO
> http://www.ioplex.com/
>
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
> List info : http://www.activedir.org/List.aspx
> List FAQ : http://www.activedir.org/ListFAQ.aspx
> List archive: http://www.activedir.org/ma/default.aspx
>
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
| ioplex
Posts:0
| | 03/06/2008 9:28 PM |
| On 3/2/08, Michael B Allen <ioplex@gmail.com> wrote:
> On 3/2/08, Michael A. Barker <mbarker@cyrusnetworks.com> wrote:
> > I'm not so sure it's not SMB traffic but I can't say for sure. I did
>
>
> I doubt it's a referral. I would expect it to be an MSRPC over an SMB
> named pipe but I suppose it could be some other transport. Or maybe
> it's LDAP but that would be out of character.
>
> If I find out how clients get the trusted domains list I'll reply for posterity.
Found it. To retrieve the list of trusted domains for the "trusted
domains cache" clients just do a referral with an empty string for a
path.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|