diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index 9384f0ef..ea81ed99 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -33,6 +33,7 @@ - [INKY outbound breaks DMARC](reference_inky_outbound_breaks_dmarc.md) — Reverse-resolve DMARC rua failing IPs before blaming a sender: ipw-outbound.inkyphishfence.com / us.cloud-sec-av.com = INKY re-injection breaking DKIM+SPF. INKY is in-M365 (connectors+transport rules) per enrolled tenant, but hosting-level (IX/cPanel website) outbound also routes through it independent of M365 enrollment. Fix is INKY-side (outbound DKIM/SPF/ARC), not cPanel DNS. - [Syncro prepay: full-GET only](feedback_syncro_prepay_full_get_only.md) — read prepay_hours ONLY from GET /customers/{id}; the customer search/list endpoint returns null/stale prepay. Never assert "no block" in a billing preview from search data. - [Syncro priority/type format](feedback_syncro_priority_type_format.md) — every ticket create needs a number-prefixed priority ("2 Normal", not bare "Normal" which renders blank) AND a valid problem_type. Winter flagged #32193/#32194. Use the syncro skill's create flow. +- [RMM drive-map Explorer refresh](reference_rmm_drive_map_explorer_refresh.md) — drive mapped via RMM user_session works but the user's running Explorer won't show it until SHChangeNotify(DRIVEADD); also UNC \\ gets eaten in heredoc+jq, build it from [char]92. - [AAD Connect msDS-KeyCredentialLink writeback](reference_aadconnect_keycredlink_writeback.md) — "completed-export-errors" + 8344 INSUFF_ACCESS_RIGHTS on a protected admin account = WHfB key writeback blocked by AdminSDHolder. Diagnose with csexport /f:x; fix with dsacls WP;msDS-KeyCredentialLink on AdminSDHolder + SDProp. - [UniFi Site Manager cloud API](reference_unifi_site_manager_api.md) — `api.ui.com` + `X-API-KEY` (vault `services/unifi-site-manager`) = remote access to the WHOLE ACG UniFi fleet (~36 consoles) outside UOS. Tier1 `/v1/hosts|sites|devices|isp-metrics` = inventory+health+WAN. Tier2 CONNECTOR `/v1/connector/consoles/{id}/proxy/network/api/s/default/stat/{device,sta}` = **full UOS parity** (per-radio cu_total airtime + per-client RSSI) for ANY console, remote. Backend `unifi-wifi/scripts/gw-sitemanager.sh` (`fleet|devices|sites|isp|net`). Standalone UDM WAN SSH usually firewalled; per-console SSH pw at `clients//udm-ssh`. - [reference_sqlx_migrations_immutable](reference_sqlx_migrations_immutable.md) -- NEVER edit an already-applied sqlx migration file — even a comment. sqlx::migrate! checksums each file at compile time and validates against _sqlx_migrations at startup; a changed checksum crash-loops the server with "migration N was previously applied but has been modified". Code review MUST flag any edit to an applied migration. diff --git a/.claude/memory/reference_rmm_drive_map_explorer_refresh.md b/.claude/memory/reference_rmm_drive_map_explorer_refresh.md new file mode 100644 index 00000000..bdb759ce --- /dev/null +++ b/.claude/memory/reference_rmm_drive_map_explorer_refresh.md @@ -0,0 +1,34 @@ +--- +name: reference_rmm_drive_map_explorer_refresh +description: Mapping a drive for a user via RMM user_session works but their running Explorer won't show it until a shell DRIVEADD notify; also UNC \\ gets eaten in heredoc+jq dispatch +metadata: + type: reference +--- + +When you map a persistent network drive **for a logged-on user** via the GuruRMM agent's +`context: user_session` (`net use` / `New-SmbMapping -Persistent $true`), two things bite: + +1. **The map lands in the user's session but their already-running Explorer won't display it.** + The drive IS mounted (verify: `user_session` SID == `explorer.exe` SID via + `Get-CimInstance Win32_Process -Filter "Name='explorer.exe'"`) and `Test-Path X:\` is True, + but "This PC" doesn't show the icon because the shell never got the add notification. + **Fix (no disruption, runs in user_session = the user's session 1):** + ```powershell + $sig = @' + [DllImport("shell32.dll", CharSet=CharSet.Unicode)] public static extern void SHChangeNotify(int eventId, uint flags, string item1, string item2); + '@ + $sh = Add-Type -MemberDefinition $sig -Name ShellNotify -Namespace W -PassThru + $sh::SHChangeNotify(0x00000100, 0x0005, 'X:' + [char]92, $null) # SHCNE_DRIVEADD, SHCNF_PATHW + ``` + The persistent map (`HKCU\Network\X`) auto-reconnects + shows on the user's NEXT logon anyway, + so this is only to surface it in the current session. Restarting explorer.exe also works but + closes the user's open windows. An interactive scheduled task (`LogonType Interactive`) to + "remap in the session" returned `LastTaskResult=2` and did NOT help — use SHChangeNotify. + +2. **UNC double-backslashes get mangled to single in the heredoc -> jq -> agent -> PowerShell chain.** + `\\cs-server\share` arrives as `\cs-server\share` -> "error 67 / network name not found" or net-use + hangs (looks like a missing/broken share). Single-backslash local paths (`D:\Shares`) are fine. + **Fix:** build the UNC at runtime from `[char]92` so no literal `\\` traverses the dispatch: + `$bs=[char]92; $unc = "{0}{0}server{0}share" -f $bs`. See [[feedback_windows_quote_stripping]]. + +Proven 2026-06-24 on Cascades #32193 (Executive share, E: for Ashley.Jensen + Meredith.Kuhn). diff --git a/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-ticket-review-and-cascades-consolidation.md b/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-ticket-review-and-cascades-consolidation.md index bb30356b..cee32175 100644 --- a/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-ticket-review-and-cascades-consolidation.md +++ b/clients/cascades-tucson/session-logs/2026-06/2026-06-24-howard-ticket-review-and-cascades-consolidation.md @@ -87,3 +87,82 @@ None discovered or created this session. - Tickets reviewed: 31767, 31771, 31794, 31849, 31889, 31947, 31953, 32021, 32023, 32030, 32138, 32160, 32179, 32193, 32194, 32202, 32203, 32211, 32229, 32230, 32254, 32256, 32319, 32342, 32370, 32380, 32397, 32398, 32443. - #31953 invoice: https://computerguru.syncromsp.com/tickets/105636717 — invoice 1650785061 ($150.00). - Cascades plan: `clients/cascades-tucson/PROJECT_STATE.md`; current truth: `wiki/clients/cascades-tucson.md` (compiled 2026-06-23). + +--- + +## Update: 10:20 PT — #32193 built/billed, drive-map troubleshooting, Syncro priority sweep + +### Session Summary (continued) + +Built and billed Cascades #32193 (restricted Ashley + Meredith share), fixed a Syncro +priority-format issue Winter flagged, swept recent tickets, and resolved a drive-map visibility +problem on Ashley's machine — then verified Meredith's. + +**#32193 — restricted Executive share (DONE + billed).** Recon on CS-SERVER confirmed AD accounts +`CASCADES\Ashley.Jensen` + `CASCADES\Meredith.Kuhn` (both Enabled, OU=Administrative) and the +share convention (`D:\Shares\`, CS-SERVER-local). Created `D:\Shares\Executive` + SMB share +`Executive`: inheritance off, NTFS = SYSTEM + Administrators (Full) + the two users (Modify); +share-access limited to the two + Administrators. Mapped `E: -> \\cs-server\Executive` (persistent) +on both ASSISTMAN-PC (Meredith) and DESKTOP-U2DHAP0 (Ashley); read+write verified on both. Billed +0.5 hr remote from the prepaid block: invoice #1650785728 $0.00, block 48.75 -> 48.25 (verified), +note "Block hours remaining: 48.25.", ticket -> Invoiced. + +**Drive-map "not visible" troubleshooting (Ashley).** After mapping, Ashley reported not seeing E:. +Two root causes found and fixed: (1) UNC double-backslashes were eaten to single in the +heredoc->jq->agent->PowerShell dispatch chain, so `net use \\cs-server\Executive` 67'd / hung — +fixed by building the UNC from `[char]92` at runtime. (2) The map was correctly mounted in her +session (confirmed user_session SID 1 == explorer.exe SID 1, `Test-Path E:\` True, persistent +`HKCU\Network\E`), but her already-running Explorer hadn't refreshed to show a programmatically +added drive. Fired `SHChangeNotify(SHCNE_DRIVEADD)` in session 1 to surface it without disruption; +applied the same to Meredith. Verified Meredith's E: read+write end-to-end (wrote/read/deleted a +test file). `cascades\ashley.jensen` is a standard user (Medium integrity), so no token split. + +**Syncro priority fix + sweep (Winter feedback).** Winter flagged that some Claude-touched tickets +weren't getting priority/type. Audited: only #32193/#32194 (created 2026-04-22) had bare `Normal` +instead of canonical `2 Normal` (renders blank in UI) — fixed both to `2 Normal` (types were valid). +Swept all tickets created since 2026-06-01 (99): no other Claude-created malformed-priority tickets; +the 20 blank-priority ones are auto-ingested email/portal/integration tickets (payment notices, +calendar invites, CloudBerry, From Portal) = Winter's triage queue, left untouched per Howard. Did +NOT apply priority/type to the 4 genuine open service tickets (Howard declined). + +### Key Decisions (continued) + +- Named the share `Executive` (Exec Director + Asst Exec Director tier); direct NTFS ACL on the two + named users rather than a new SG group (2-person static restricted share). +- Billed #32193 at 0.5 hr remote from the block (Howard's call); invoice $0.00 is correct (prepaid). +- Left the 20 blank-priority auto-ingested tickets and the 4 open service tickets alone (Howard's call) + — only fixed the two genuinely malformed Claude-created tickets. + +### Problems Encountered (continued) + +- **UNC `\\` mangled to `\` in RMM dispatch** — looked like a missing/broken share (error 67 / hangs). + Fixed by constructing UNC from `[char]92`. Logged as `--friction`; memory `reference_rmm_drive_map_explorer_refresh`. +- **Mapped drive not shown in user's Explorer** — drive was mounted in her session; Explorer hadn't + refreshed. Fixed with `SHChangeNotify(SHCNE_DRIVEADD)` in-session. An interactive scheduled task + (`LogonType Interactive`) to remap returned LastTaskResult=2 and did not help. +- **Syncro priority `Normal` vs `2 Normal`** — bare word renders blank; Winter flagged. Fixed both + tickets; logged `--correction`; memory `feedback_syncro_priority_type_format`. + +### Configuration Changes (continued) + +- CS-SERVER: created `D:\Shares\Executive` + SMB share `Executive` (NTFS/share scoped to Ashley.Jensen + Meredith.Kuhn + admins/SYSTEM). +- DESKTOP-U2DHAP0 + ASSISTMAN-PC: persistent `E: -> \\cs-server\Executive` mapped + shell-notified. +- Syncro: #32193 resolution comment (420541806), line item (42998855), invoice 1650785728, status Invoiced; #32193/#32194 priority -> `2 Normal`. +- New memories: `feedback_syncro_priority_type_format.md`, `reference_rmm_drive_map_explorer_refresh.md` (+ MEMORY.md index lines). +- errorlog.md: 1 `--friction` (UNC mangling), 1 `--correction` (priority format). + +### Infrastructure & Servers (continued) + +- CS-SERVER agent id `c39f1de7-d5b6-45ae-b132-e06977ab1713`; IPs 192.168.2.248 (registered DNS `cs-server.cascades.local`, idx 16, Ethernet) + 192.168.2.254 (idx 4, Hyper-V vEthernet — does NOT cleanly serve SMB to clients). No DFS namespace. +- ASSISTMAN-PC (Meredith) agent `cf86fa5e-96a2-494d-9cb1-8be22a518ad0`; logged in as LOCAL `assistman-pc\meredithk` but authenticates to cs-server as her domain identity. +- DESKTOP-U2DHAP0 (Ashley) agent `636cfd2e-3fce-4e5c-b237-e2bd4acce8e1`; `cascades\ashley.jensen` standard user (Medium), console session 1. + +### Pending / Incomplete Tasks (continued) + +- Optional: confirm with Ashley she now sees E: in Explorer (shell-notified; logoff/logon or F5 is the guaranteed fallback). +- Remaining batch unchanged: 32211 (security — next), 32160, 32202, 32380, 32229, 31947; onsite-deferred 32230 (Karen out)/32194/32254/32319/32342/32370/32021. + +### Reference Information (continued) + +- #32193 invoice 1650785728 ($0.00, prepaid); ticket https://computerguru.syncromsp.com/tickets/109316877 +- Share: `\\cs-server\Executive` = `D:\Shares\Executive`; drive `E:` both machines.