azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-06-24 10:21:03

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-24 10:21:03
This commit is contained in:
Howard Enos
2026-06-24 10:21:31 -07:00
parent befd701678
commit 0d05c1a4a4
3 changed files with 114 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.claude/memory/MEMORY.md
View File

@@ -33,6 +33,7 @@
- [INKY outbound breaks DMARC](reference_inky_outbound_breaks_dmarc.md) — Reverse-resolve DMARC rua failing IPs before blaming a sender: ipw-outbound.inkyphishfence.com / us.cloud-sec-av.com = INKY re-injection breaking DKIM+SPF. INKY is in-M365 (connectors+transport rules) per enrolled tenant, but hosting-level (IX/cPanel website) outbound also routes through it independent of M365 enrollment. Fix is INKY-side (outbound DKIM/SPF/ARC), not cPanel DNS.
- [Syncro prepay: full-GET only](feedback_syncro_prepay_full_get_only.md) — read prepay_hours ONLY from GET /customers/{id}; the customer search/list endpoint returns null/stale prepay. Never assert "no block" in a billing preview from search data.
- [Syncro priority/type format](feedback_syncro_priority_type_format.md) — every ticket create needs a number-prefixed priority ("2 Normal", not bare "Normal" which renders blank) AND a valid problem_type. Winter flagged #32193/#32194. Use the syncro skill's create flow.
- [RMM drive-map Explorer refresh](reference_rmm_drive_map_explorer_refresh.md) — drive mapped via RMM user_session works but the user's running Explorer won't show it until SHChangeNotify(DRIVEADD); also UNC \\ gets eaten in heredoc+jq, build it from [char]92.
- [AAD Connect msDS-KeyCredentialLink writeback](reference_aadconnect_keycredlink_writeback.md) — "completed-export-errors" + 8344 INSUFF_ACCESS_RIGHTS on a protected admin account = WHfB key writeback blocked by AdminSDHolder. Diagnose with csexport /f:x; fix with dsacls WP;msDS-KeyCredentialLink on AdminSDHolder + SDProp.
- [UniFi Site Manager cloud API](reference_unifi_site_manager_api.md) — `api.ui.com` + `X-API-KEY` (vault `services/unifi-site-manager`) = remote access to the WHOLE ACG UniFi fleet (~36 consoles) outside UOS. Tier1 `/v1/hosts|sites|devices|isp-metrics` = inventory+health+WAN. Tier2 CONNECTOR `/v1/connector/consoles/{id}/proxy/network/api/s/default/stat/{device,sta}` = **full UOS parity** (per-radio cu_total airtime + per-client RSSI) for ANY console, remote. Backend `unifi-wifi/scripts/gw-sitemanager.sh` (`fleet|devices|sites|isp|net`). Standalone UDM WAN SSH usually firewalled; per-console SSH pw at `clients/<slug>/udm-ssh`.
- [reference_sqlx_migrations_immutable](reference_sqlx_migrations_immutable.md) -- NEVER edit an already-applied sqlx migration file — even a comment. sqlx::migrate! checksums each file at compile time and validates against _sqlx_migrations at startup; a changed checksum crash-loops the server with "migration N was previously applied but has been modified". Code review MUST flag any edit to an applied migration.

34
.claude/memory/reference_rmm_drive_map_explorer_refresh.md Normal file
View File

@@ -0,0 +1,34 @@
---
name: reference_rmm_drive_map_explorer_refresh
description: Mapping a drive for a user via RMM user_session works but their running Explorer won't show it until a shell DRIVEADD notify; also UNC \\ gets eaten in heredoc+jq dispatch
metadata:
type: reference
---
When you map a persistent network drive **for a logged-on user** via the GuruRMM agent's
`context: user_session` (`net use` / `New-SmbMapping -Persistent $true`), two things bite:
1. **The map lands in the user's session but their already-running Explorer won't display it.**
The drive IS mounted (verify: `user_session` SID == `explorer.exe` SID via
`Get-CimInstance Win32_Process -Filter "Name='explorer.exe'"`) and `Test-Path X:\` is True,
but "This PC" doesn't show the icon because the shell never got the add notification.
**Fix (no disruption, runs in user_session = the user's session 1):**
```powershell
$sig = @'
[DllImport("shell32.dll", CharSet=CharSet.Unicode)] public static extern void SHChangeNotify(int eventId, uint flags, string item1, string item2);
'@
$sh = Add-Type -MemberDefinition $sig -Name ShellNotify -Namespace W -PassThru
$sh::SHChangeNotify(0x00000100, 0x0005, 'X:' + [char]92, $null) # SHCNE_DRIVEADD, SHCNF_PATHW
```
The persistent map (`HKCU\Network\X`) auto-reconnects + shows on the user's NEXT logon anyway,
so this is only to surface it in the current session. Restarting explorer.exe also works but
closes the user's open windows. An interactive scheduled task (`LogonType Interactive`) to
"remap in the session" returned `LastTaskResult=2` and did NOT help — use SHChangeNotify.
2. **UNC double-backslashes get mangled to single in the heredoc -> jq -> agent -> PowerShell chain.**
`\\cs-server\share` arrives as `\cs-server\share` -> "error 67 / network name not found" or net-use
hangs (looks like a missing/broken share). Single-backslash local paths (`D:\Shares`) are fine.
**Fix:** build the UNC at runtime from `[char]92` so no literal `\\` traverses the dispatch:
`$bs=[char]92; $unc = "{0}{0}server{0}share" -f $bs`. See [[feedback_windows_quote_stripping]].
Proven 2026-06-24 on Cascades #32193 (Executive share, E: for Ashley.Jensen + Meredith.Kuhn).

79
clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-ticket-review-and-cascades-consolidation.md
View File

@@ -87,3 +87,82 @@ None discovered or created this session.
- Tickets reviewed: 31767, 31771, 31794, 31849, 31889, 31947, 31953, 32021, 32023, 32030, 32138, 32160, 32179, 32193, 32194, 32202, 32203, 32211, 32229, 32230, 32254, 32256, 32319, 32342, 32370, 32380, 32397, 32398, 32443.
- #31953 invoice: https://computerguru.syncromsp.com/tickets/105636717 — invoice 1650785061 ($150.00).
- Cascades plan: `clients/cascades-tucson/PROJECT_STATE.md`; current truth: `wiki/clients/cascades-tucson.md` (compiled 2026-06-23).
---
## Update: 10:20 PT — #32193 built/billed, drive-map troubleshooting, Syncro priority sweep
### Session Summary (continued)
Built and billed Cascades #32193 (restricted Ashley + Meredith share), fixed a Syncro
priority-format issue Winter flagged, swept recent tickets, and resolved a drive-map visibility
problem on Ashley's machine — then verified Meredith's.
**#32193 — restricted Executive share (DONE + billed).** Recon on CS-SERVER confirmed AD accounts
`CASCADES\Ashley.Jensen` + `CASCADES\Meredith.Kuhn` (both Enabled, OU=Administrative) and the
share convention (`D:\Shares\<name>`, CS-SERVER-local). Created `D:\Shares\Executive` + SMB share
`Executive`: inheritance off, NTFS = SYSTEM + Administrators (Full) + the two users (Modify);
share-access limited to the two + Administrators. Mapped `E: -> \\cs-server\Executive` (persistent)
on both ASSISTMAN-PC (Meredith) and DESKTOP-U2DHAP0 (Ashley); read+write verified on both. Billed
0.5 hr remote from the prepaid block: invoice #1650785728 $0.00, block 48.75 -> 48.25 (verified),
note "Block hours remaining: 48.25.", ticket -> Invoiced.
**Drive-map "not visible" troubleshooting (Ashley).** After mapping, Ashley reported not seeing E:.
Two root causes found and fixed: (1) UNC double-backslashes were eaten to single in the
heredoc->jq->agent->PowerShell dispatch chain, so `net use \\cs-server\Executive` 67'd / hung —
fixed by building the UNC from `[char]92` at runtime. (2) The map was correctly mounted in her
session (confirmed user_session SID 1 == explorer.exe SID 1, `Test-Path E:\` True, persistent
`HKCU\Network\E`), but her already-running Explorer hadn't refreshed to show a programmatically
added drive. Fired `SHChangeNotify(SHCNE_DRIVEADD)` in session 1 to surface it without disruption;
applied the same to Meredith. Verified Meredith's E: read+write end-to-end (wrote/read/deleted a
test file). `cascades\ashley.jensen` is a standard user (Medium integrity), so no token split.
**Syncro priority fix + sweep (Winter feedback).** Winter flagged that some Claude-touched tickets
weren't getting priority/type. Audited: only #32193/#32194 (created 2026-04-22) had bare `Normal`
instead of canonical `2 Normal` (renders blank in UI) — fixed both to `2 Normal` (types were valid).
Swept all tickets created since 2026-06-01 (99): no other Claude-created malformed-priority tickets;
the 20 blank-priority ones are auto-ingested email/portal/integration tickets (payment notices,
calendar invites, CloudBerry, From Portal) = Winter's triage queue, left untouched per Howard. Did
NOT apply priority/type to the 4 genuine open service tickets (Howard declined).
### Key Decisions (continued)
- Named the share `Executive` (Exec Director + Asst Exec Director tier); direct NTFS ACL on the two
named users rather than a new SG group (2-person static restricted share).
- Billed #32193 at 0.5 hr remote from the block (Howard's call); invoice $0.00 is correct (prepaid).
- Left the 20 blank-priority auto-ingested tickets and the 4 open service tickets alone (Howard's call)
— only fixed the two genuinely malformed Claude-created tickets.
### Problems Encountered (continued)
- **UNC `\\` mangled to `\` in RMM dispatch** — looked like a missing/broken share (error 67 / hangs).
Fixed by constructing UNC from `[char]92`. Logged as `--friction`; memory `reference_rmm_drive_map_explorer_refresh`.
- **Mapped drive not shown in user's Explorer** — drive was mounted in her session; Explorer hadn't
refreshed. Fixed with `SHChangeNotify(SHCNE_DRIVEADD)` in-session. An interactive scheduled task
(`LogonType Interactive`) to remap returned LastTaskResult=2 and did not help.
- **Syncro priority `Normal` vs `2 Normal`** — bare word renders blank; Winter flagged. Fixed both
tickets; logged `--correction`; memory `feedback_syncro_priority_type_format`.
### Configuration Changes (continued)
- CS-SERVER: created `D:\Shares\Executive` + SMB share `Executive` (NTFS/share scoped to Ashley.Jensen + Meredith.Kuhn + admins/SYSTEM).
- DESKTOP-U2DHAP0 + ASSISTMAN-PC: persistent `E: -> \\cs-server\Executive` mapped + shell-notified.
- Syncro: #32193 resolution comment (420541806), line item (42998855), invoice 1650785728, status Invoiced; #32193/#32194 priority -> `2 Normal`.
- New memories: `feedback_syncro_priority_type_format.md`, `reference_rmm_drive_map_explorer_refresh.md` (+ MEMORY.md index lines).
- errorlog.md: 1 `--friction` (UNC mangling), 1 `--correction` (priority format).
### Infrastructure & Servers (continued)
- CS-SERVER agent id `c39f1de7-d5b6-45ae-b132-e06977ab1713`; IPs 192.168.2.248 (registered DNS `cs-server.cascades.local`, idx 16, Ethernet) + 192.168.2.254 (idx 4, Hyper-V vEthernet — does NOT cleanly serve SMB to clients). No DFS namespace.
- ASSISTMAN-PC (Meredith) agent `cf86fa5e-96a2-494d-9cb1-8be22a518ad0`; logged in as LOCAL `assistman-pc\meredithk` but authenticates to cs-server as her domain identity.
- DESKTOP-U2DHAP0 (Ashley) agent `636cfd2e-3fce-4e5c-b237-e2bd4acce8e1`; `cascades\ashley.jensen` standard user (Medium), console session 1.
### Pending / Incomplete Tasks (continued)
- Optional: confirm with Ashley she now sees E: in Explorer (shell-notified; logoff/logon or F5 is the guaranteed fallback).
- Remaining batch unchanged: 32211 (security — next), 32160, 32202, 32380, 32229, 31947; onsite-deferred 32230 (Karen out)/32194/32254/32319/32342/32370/32021.
### Reference Information (continued)
- #32193 invoice 1650785728 ($0.00, prepaid); ticket https://computerguru.syncromsp.com/tickets/109316877
- Share: `\\cs-server\Executive` = `D:\Shares\Executive`; drive `E:` both machines.