From 29355584bf12f7630b894a00d16df27584f0d73d Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Wed, 1 Jul 2026 12:28:32 -0700 Subject: [PATCH] wiki: compile scileppi-law (full) -- NAS/mount root-cause, no-sleep fix, ScreenConnect, corrected billing + Mac identity --- wiki/clients/scileppi-law.md | 143 +++++++++++++++++++---------------- wiki/index.md | 2 +- 2 files changed, 77 insertions(+), 68 deletions(-) diff --git a/wiki/clients/scileppi-law.md b/wiki/clients/scileppi-law.md index 37bc2899..446814d2 100644 --- a/wiki/clients/scileppi-law.md +++ b/wiki/clients/scileppi-law.md @@ -3,9 +3,14 @@ type: client name: scileppi-law display_name: The Law Offices of Chris Scileppi last_compiled: 2026-07-01 -compiled_by: DESKTOP-0O8A1RL/claude-main +compiled_by: Howard-Home/claude-main sources: - clients/scileppi-law/session-logs/2026-05-07-howard-sylvia-mac-mini-mail-memory.md + - clients/scileppi-law/session-logs/2026-07/2026-07-01-howard-sylvia-server-mount-nosleep-screenconnect.md + - clients/scileppi-law/docs/overview.md + - clients/scileppi-law/docs/issues/log.md + - clients/scileppi-law/PROJECT_STATE.md + - session-logs/2026-06/2026-06-16-mike-scileppi-downloads-amt-harness.md aliases: [scileppi] --- @@ -13,19 +18,23 @@ aliases: [scileppi] ## Overview -- **Business type:** Law firm -- **Syncro Customer ID:** 9601863 -- **Billing model:** Time and materials [unverified] -- **Billing rate:** $175/hr (onsite business, product 26118) -- **Contract status:** Unknown -- **Note:** As of 2026-05-07, Sylvia's billing line item was logged but deliberately NOT invoiced — held for later disposition per Mike's instruction. +- **Business type:** Law firm (small; Apple-leaning user environment). +- **Site:** 115 W Washington Street, Tucson, AZ 85701. +- **Email domain:** scileppilaw.com. +- **Syncro Customer ID:** 9601863. +- **Billing model:** Recurring monthly managed-services agreement (~$481/mo, billed ~12th of the month) **plus** break-fix time-and-materials labor on top. **No prepaid hour block** (`prepay_hours = 0`, verified 2026-07-01). +- **Labor rates:** Remote $150/hr (product 1190473); Onsite $175/hr (product 26118). +- **Managed devices (Syncro assets):** 1. ## Contacts -| Name | Role | Notes | -|---|---|---| -| Chris Scileppi | Owner / attorney | Client namesake | -| Sylvia | Employee | Primary user of the Mac mini with memory issue; single user account `sylvia` on machine | +| Name | Role | Contact | Notes | +|---|---|---|---| +| Andrew Ross | Primary contact | andrew@scileppilaw.com · (520) 449-8446 · mobile (971) 218-6707 | Main point of contact for the firm | +| Chris Scileppi | Owner / attorney | — | Client namesake | +| Sylvia | Employee | — | Primary user of the Mac mini; single local account `sylvia` (uid 501) | + +Invoice CC: info@scileppilaw.com. ## Infrastructure @@ -33,98 +42,98 @@ aliases: [scileppi] | Asset | Hostname | Model | RAM | Storage | OS | Status | |---|---|---|---|---|---|---| -| Sylvia's Mac mini | `Sylvias-Mini` | Apple Mac14,3 (M2 base) | 8 GB LPDDR5 (Hynix, soldered — no upgrade path) | 256 GB SSD (92.78 GB free as of 2026-05-07) | macOS 14.4.1 (23E224) | Mail disabled; on webmail | +| Sylvia's Mac mini | `Mac-mini-2` (formerly `Sylvias-Mini`) | Apple Mac14,3 (M2 base) | 8 GB LPDDR5 (soldered — no upgrade path) | 256 GB SSD (+ external "Sylvia External" drive) | macOS 14.x | In service; enrolled in GuruRMM | -**Current state of Sylvias-Mini:** -- Apple Mail disabled at System Settings → Internet Accounts (Mail toggle off; Calendar/Contacts left enabled). -- Sylvia using outlook.office.com (webmail) for daily mail. -- Machine is usable but 8 GB with Office + OneDrive + Safari is tight without Mail running. -- Machine is NOT enrolled in GuruRMM (enrollment attempted 2026-05-07, failed — see notes). +**Current state of the Mac (`Mac-mini-2`, user `sylvia`, on Wi‑Fi `en1` = `192.168.242.154`):** +- **Enrolled in GuruRMM** (agent `1386d9fd-...`) and running the **ScreenConnect** access agent (as of 2026-07-01). +- Apple Mail disabled at System Settings → Internet Accounts (Mail toggle off); Sylvia uses outlook.office.com (webmail) for daily mail — see 2026-05-07 Mail event. Do NOT re-enable Mail (see Anti-Patterns). +- Downloads and large case files are steered **off** the local SSD onto the NAS share (`/Volumes/Data/StorageTemp`) via browser download-location settings + a catch-all LaunchAgent `com.acg.downloads-to-share` (deployed 2026-06-16). 7-day Trash auto-purge (`com.acg.trashcleanup`) also deployed. +- Mounts the NAS `Data` share at `/Volumes/Data` via LaunchAgent `com.acg.mount-server` (RunAtLoad + every 300 s). +- `pmset` set to `sleep 0 / displaysleep 0` (2026-07-01) so idle display-sleep no longer drops the Wi‑Fi link. -### Replacement Mac (planned, not yet ordered) +> **Machine identity (verify):** the May 2026 record named this unit `Sylvias-Mini` (M2, 8 GB, 256 GB, macOS 14.4.1); by June 2026 it appears in GuruRMM as `Mac-mini-2` (same user `sylvia`, agent `1386d9fd-...`). Treated here as the **same unit renamed + enrolled**, with the 8 GB replacement still pending. Confirm on next onsite whether the 8 GB M2 was ever replaced. -- **Target spec:** M4 Mac mini, 16 GB minimum, 24 GB preferred. 256 GB SSD sufficient; 512 GB optional. -- **Migration plan:** Migration Assistant over wired Ethernet or Thunderbolt, then reconfigure Mail with Download Attachments = None. +### File server (NAS) + +| Asset | Hostname | Address | Type | Storage | Shares | +|---|---|---|---|---|---| +| Office file server | `SL-SERVER` | `192.168.242.5` | Synology NAS (netatalk cedarview build; no systemd) | btrfs `/volume1` (`/dev/mapper/cachedev_0`), 25 TB pool | `Data` at `/volume1/Data` (AFP 548 + SMB 445/139) | + +- Enrolled in GuruRMM (agent `0186e9d5-...`, reported os_type linux). +- Resolves reliably as **`SL-SERVER.local`**. The AFP-service Bonjour name `SL-SERVER._afpovertcp._tcp.local` is **unreliable after NAS reboots** (Synology stops advertising it) — always mount by `SL-SERVER.local`. + +### Replacement Mac (planned — status verify) + +- **Target spec:** M4 Mac mini, 16 GB minimum, 24 GB preferred; 256 GB SSD sufficient (512 GB optional). Quote pending as of last update. +- **Migration plan:** Migration Assistant over wired Ethernet/Thunderbolt, then reconfigure Mail with Download Attachments = None. ## Network - **Subnet:** `192.168.242.0/24`; gateway/DNS `192.168.242.1`. -- **File server (NAS):** `SL-SERVER` = `192.168.242.5` — **Synology**, btrfs `/volume1` (25 TB pool), primary share **`Data`** at `/volume1/Data`. Serves AFP (548) + SMB (445/139). - - Resolves reliably via mDNS as **`SL-SERVER.local`**. The AFP-service Bonjour name `SL-SERVER._afpovertcp._tcp.local` is **unreliable after NAS reboots** (Synology stops advertising it) — mount by `SL-SERVER.local`, not the `_afpovertcp` name. -- **Sylvia's Mac mini connects over Wi‑Fi (`en1`, `192.168.242.154`)**, not Ethernet. It has a wired port — moving it to Ethernet is the durable fix for idle network drops. +- **NAS:** `SL-SERVER` = `192.168.242.5` (see File server above). +- **Sylvia's Mac mini is on Wi‑Fi (`en1`, `192.168.242.154`)**, not Ethernet. It has an unused wired port — moving to Ethernet is the durable fix for idle network drops (Wi‑Fi drops on display sleep). ## Cloud / M365 -- **Mail platform:** Exchange/M365 (Sylvia's mailbox is an IMAP/Exchange account accessed via Apple Mail or Outlook Web). -- **Webmail URL:** outlook.office.com -- Tenant domain and ID not documented in this session log. +- **Mail platform:** Exchange Online / M365; domain **scileppilaw.com**. Sylvia's mailbox accessed via Outlook Web (outlook.office.com); Apple Mail deliberately disabled on the Mac. +- Tenant ID and admin details not yet documented (verify). ## GuruRMM -- **GuruRMM site:** Main Office (`WEST-MEADOW-9025`) +- **GuruRMM site:** Main Office (`WEST-MEADOW-9025`). - **Enrolled agents (as of 2026-07-01):** - `Mac-mini-2.localdomain` (macOS, Sylvia's Mac) — agent `1386d9fd-ac16-423c-ada0-5abad5b61838`. - - `SL-SERVER` (Synology/Linux, file server) — agent `0186e9d5-e1cc-4603-a81a-adb1f2230702`. -- **Note:** the internal RMM API (`172.16.3.30:3001`) is only reachable on ACG's LAN; from off-net, auth/drive via the public endpoint **`https://rmm.azcomputerguru.com`** (same vault creds). -- **ScreenConnect:** installed on `Mac-mini-2` 2026-07-01 (session `Mac-mini-2`, Company "The Law Offices of Chris Scileppi" / Site "Main Office" / Tag "Mac"). `SL-SERVER` is a headless Synology — not a ScreenConnect target. -- **Historical — Sylvias-Mini enrollment:** FAILED as of 2026-05-07. macOS installer not yet available on GuruRMM server; Cloudflare bot challenge also blocked install one-liner. Documented separately at `session-logs/2026-05-07-howard-gururmm-macos-installer-and-cf-bot-block.md`. -- Enrollment to be retried on the replacement Mac after migration, once Mike ships the macOS agent. + - `SL-SERVER` (Synology, file server) — agent `0186e9d5-e1cc-4603-a81a-adb1f2230702`. +- **Off-LAN access:** the internal RMM API (`172.16.3.30:3001`) and coord API (`:8001`) are LAN-only; from off-net, drive RMM via the public endpoint **`https://rmm.azcomputerguru.com`** (same vault creds; `rmm-auth.sh` hardcodes the internal URL, so authenticate manually against the public host off-LAN). +- **ScreenConnect:** installed on `Mac-mini-2` 2026-07-01 (session `Mac-mini-2`; Company "The Law Offices of Chris Scileppi" / Site "Main Office" / Tag "Mac"). `SL-SERVER` is a headless Synology — **not** a ScreenConnect target. ## Active Projects / Open Items | Priority | Action | Owner | |---|---|---| -| P1 | Spec, quote, and order replacement Mac mini (M4, 16 or 24 GB) | Mike | -| P2 | When new Mac arrives: run Migration Assistant from Sylvias-Mini; reconfigure Mail with Download Attachments = None | Howard | -| P2 | Enroll new Mac in GuruRMM (gated on macOS agent availability from Mike) | Howard | -| P3 | Re-enable Mail in Internet Accounts on new machine after migration verified | Howard | -| P3 | Invoice Syncro ticket #32262 (line item 42350646 exists, $175.00 × 1.0 — not yet invoiced per Mike's instruction) | Mike | +| P2 | Move `Mac-mini-2` to **wired Ethernet** — durable fix for Wi‑Fi idle drops (`displaysleep 0` is the interim mitigation) | Howard (onsite) | +| P2 | Verify NAS-share auto-mount from a clean login/boot now that the agent uses `SL-SERVER.local` (not exercised from scratch on 2026-07-01) | Howard | +| P2 | Confirm replacement-Mac status (was the 8 GB M2 ever replaced?); if not, spec/quote/order M4 (16/24 GB) | Mike / Howard | +| P3 | On any replacement: Migration Assistant + Mail Download Attachments = None; re-enable Mail only on 16 GB+ hardware | Howard | +| P3 | Historical: Syncro #32262 line item 42350646 ($175 × 1.0) — was held un-invoiced per Mike (verify disposition) | Mike | ## Key Events / History ### 2026-07-01 — Sylvia "can't connect to server" (dropped drive) + no-sleep + ScreenConnect -**Reported:** Sylvia couldn't reach the server; her mapped drive (`/Volumes/Data`) was gone. Handled remotely via GuruRMM (public endpoint). +**Syncro #32493** (Howard). Reported: mapped drive gone; handled remotely via GuruRMM (public endpoint). 0.5h remote labor logged ($75). -- **Root cause:** `SL-SERVER` (Synology NAS) rebooted ~09:34 local and was slow to bring SMB/AFP back up; while down, the Mac's AFP mount failed (error `-5014`). Data volume (`/volume1`, 25 TB) was mounted and healthy throughout — no data risk. Services recovered on their own. -- **Recurring bug found:** the Mac's auto-mount LaunchAgent (`com.acg.mount-server`) targeted the Bonjour name `afp://SL-SERVER._afpovertcp._tcp.local/Data`, which the Synology **stops advertising after a reboot** (NORESOLVE), while `SL-SERVER.local` resolves fine. **Fix:** repointed the agent to `afp://SL-SERVER.local/Data`; retired a stale duplicate agent `com.azcomputerguru.mount-slserver` (both had the fragile name). Backup: `com.acg.mount-server.plist.bak-20260701`. -- **Meta-cause of session instability:** the Mac mini is on **Wi‑Fi** and had `displaysleep 10` — when the display slept, the Wi‑Fi link dropped (system `sleep` was already 0). **Fix:** `pmset -a sleep 0 displaysleep 0 womp 1 powernap 1 tcpkeepalive 1` (display never sleeps → network stays up). Long-term: move the mini to Ethernet. -- **ScreenConnect** installed on `Mac-mini-2` (per Mike's request) — session self-tagged Company/Site/Tag as above. +- **Root cause:** `SL-SERVER` (Synology) rebooted ~09:34 local and was slow to bring SMB/AFP back up; while down, the Mac's AFP mount failed (error `-5014`). `/volume1` (25 TB) stayed mounted and healthy — no data risk. Services recovered on their own. +- **Recurring bug found + fixed:** the mount LaunchAgent `com.acg.mount-server` targeted the Bonjour name `afp://SL-SERVER._afpovertcp._tcp.local/Data`, which the Synology stops advertising after a reboot (NORESOLVE), while `SL-SERVER.local` resolves fine. Repointed the agent to `afp://SL-SERVER.local/Data`; retired stale duplicate agent `com.azcomputerguru.mount-slserver`. Backup: `com.acg.mount-server.plist.bak-20260701`. +- **Meta-cause of instability + fixed:** the Mac (Wi‑Fi) had `displaysleep 10`; when the display slept the Wi‑Fi link dropped (system `sleep` was already 0). Set `pmset -a sleep 0 displaysleep 0 womp 1 powernap 1 tcpkeepalive 1`. Long-term: Ethernet. +- **ScreenConnect** installed on `Mac-mini-2` (self-tagged Company/Site/Tag). + +### 2026-06-16 — Disk-full remediation + downloads-to-share redesign (Mike) + +**Syncro #32333** — resolved no-charge. `Mac-mini-2` had recurring home-folder/disk-full problems. Cleared Trash (358 GB) and Apple Mail cache (~27 GB); deployed a 7-day Trash auto-purge. Redesigned how downloads stay off the local disk: restored local `~/Downloads` (fixed the broken Finder favorite), pointed browsers' download location directly at the share (`/Volumes/Data/StorageTemp`), and deployed a catch-all LaunchAgent `com.acg.downloads-to-share` that moves stray downloads onto the share every 10 min via cross-volume `mv` (never routes to Trash). ### 2026-05-07 — Sylvia's Mac mini: Apple Mail memory exhaustion -**Syncro ticket #32262** — "Sylvia is having applications crash and getting errors regarding low memory." -**Technician:** Howard Enos. Status: Resolved. +**Syncro ticket #32262** (Howard). Status: Resolved (interim). -**Root cause:** Apple Mail's local cache (Envelope Index + message cache under `~/Library/Mail/V10/`) had grown beyond what 8 GB unified RAM can service. Mail's virtual memory footprint exceeded 45 GB on an 8 GB machine, forcing constant swap. ~4.4 million swapouts observed in 9 minutes of uptime. +**Root cause:** Apple Mail's local cache (`~/Library/Mail/V10/`) grew beyond what 8 GB unified RAM can service; Mail's VM footprint exceeded 45 GB on the 8 GB machine, forcing constant swap (~4.4M swapouts in 9 min uptime). -**Diagnosis process:** -1. Attempt 1: Backed up and rebuilt Envelope Index. Memory footprint rose to 12 GB before Mail was killed by OS for memory pressure. -2. Attempt 2: Fresh index rebuild — footprint climbed to 28 GB while downloading 349 messages (ETA shown: "69 hours"). This conclusively ruled out index corruption — the mailbox itself is too large for 8 GB. +**Diagnosis:** two Envelope Index rebuilds (footprint climbed to 12 GB then 28 GB) conclusively ruled out index corruption — the mailbox itself is too large for 8 GB. -**Interim fix applied:** -- Force-quit Mail. -- Disabled Mail toggle in System Settings → Internet Accounts. -- Verified Mail no longer auto-relaunches after reboot. -- Walked Sylvia through outlook.office.com in Safari for daily mail. +**Interim fix:** force-quit Mail, disabled Mail toggle in System Settings → Internet Accounts, verified no auto-relaunch, moved Sylvia to outlook.office.com webmail. -**Billing artifacts:** - -| Artifact | ID | -|---|---| -| Syncro ticket | #32262 | -| Resolution comment | 409686752 | -| Timer entry | 39082403 (3600 s, billable) | -| Line item | 42350646 ($175.00 × 1.0, non-taxable) | -| Invoice | None — deliberately not created | +**Billing artifacts:** ticket #32262; resolution comment 409686752; timer entry 39082403 (3600 s); line item 42350646 ($175.00 × 1.0, non-taxable); invoice — held per Mike (verify). ## Anti-Patterns / Warnings -- [WARNING] Do NOT re-enable Apple Mail on Sylvias-Mini. The machine has 8 GB soldered RAM with no upgrade path — Mail will reproduce the memory exhaustion immediately. Machine stays on webmail until replaced. -- [WARNING] After migration to new Mac mini, configure Mail → Settings → Accounts → Mail Behaviors → Download Attachments = None. Skipping this on a large mailbox will eventually reproduce the same issue even on 16/24 GB. -- 8 GB M2 Mac mini RAM is **soldered and not upgradeable** — do not quote a RAM upgrade to the client. -- GuruRMM macOS enrollment is blocked until Mike ships the macOS agent — do not attempt install one-liner again without confirming agent availability first. +- [WARNING] **Mount the NAS by `SL-SERVER.local`, never the AFP Bonjour name** `SL-SERVER._afpovertcp._tcp.local` — Synology stops advertising it after a reboot, which silently breaks auto-mount (AFP error `-5014`). +- [WARNING] **The Mac mini is on Wi‑Fi and drops its link when the display sleeps.** Keep `displaysleep 0`; the real fix is wired Ethernet. Idle drops also knock the RMM agent offline, which makes remote work flap. +- [WARNING] **Do NOT re-enable Apple Mail** on the 8 GB Mac. RAM is soldered (no upgrade path) — Mail will immediately reproduce the memory exhaustion. Stays on webmail until replaced with 16 GB+ hardware. +- [WARNING] After migration to a new Mac mini, set Mail → Settings → Accounts → Mail Behaviors → Download Attachments = None; skipping this on a large mailbox reproduces the issue even on 16/24 GB. +- 8 GB M2 Mac mini RAM is soldered and not upgradeable — do not quote a RAM upgrade. +- Keep local downloads/case files off the 256 GB SSD — they belong on the NAS share (`/Volumes/Data`); the `com.acg.downloads-to-share` mover enforces this. ## Backlinks -- `session-logs/2026-05-07-howard-gururmm-macos-installer-and-cf-bot-block.md` — related GuruRMM macOS installer failure +- `session-logs/2026-05-07-howard-gururmm-macos-installer-and-cf-bot-block.md` — related GuruRMM macOS installer failure (enrollment has since succeeded). +- Skills: `/rmm`, `screenconnect`, `/syncro`. diff --git a/wiki/index.md b/wiki/index.md index 21d15e6b..b856efba 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -42,7 +42,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Horseshoe Management](clients/horseshoe-management.md) | Property management; prepaid block 31.75 hrs remaining at $175/hr; APC Smart-UPS P.17 bypass relay fault cleared; repeat UPS failures suggest electrical issue; plaintext creds in Syncro notes — needs vault migration | 2026-05-24 | | [Kittle Design & Construction](clients/kittle-design.md) | **SUPERSEDED → see [kittle.md](clients/kittle.md)** (consolidated 2026-06-09). Older M365-breach-only article; the canonical Kittle record now lives at clients/kittle.md. | 2026-06-09 | | [Wolkin Law](clients/wolkin.md) | Law practice; contract type (verify); Robert Wolkin (owner/attorney) + Julie (assistant/remote worker); M365 rswolkin.com (Julie has FullAccess to Robert's mailbox); 3 GuruRMM Win11 agents (FRONT office PC, RSW-Laptop remote, DESKTOP-V1JT1SE Bob's desktop); ZeroTier mesh VPN 17d709436c834c9b (10.147.19.199 FRONT, 10.147.19.54 RSW-Laptop); SMB shares Data/OneDrive/ClientFiles accessible via ZeroTier; printer access incomplete (deferred to Windows PC); active ticket #32369 remote work setup | 2026-06-07 | -| [The Law Offices of Chris Scileppi](clients/scileppi-law.md) | Law firm; Syncro ID 9601863; Sylvia Mac mini (M2 8 GB) mail memory exhaustion; Mail disabled; on webmail; replacement Mac mini (M4 16/24 GB) pending order; GuruRMM enrollment blocked | 2026-05-24 | +| [The Law Offices of Chris Scileppi](clients/scileppi-law.md) | Tucson law firm; Syncro ID 9601863; recurring managed (~$481/mo) + break-fix; Synology NAS `SL-SERVER` (192.168.242.5, `Data` share); Sylvia Mac `Mac-mini-2` on Wi-Fi (mount by `SL-SERVER.local`, keep displaysleep 0); GuruRMM + ScreenConnect enrolled; 8 GB Mail replacement pending (verify) | 2026-07-01 | | [Western Tire](clients/western-tire.md) | Tire retail (jackfurriers.com brand); Mike Furrier owner (Syncro ID 391491); email migrated from websvr to IX 2026-04-22; 30 mailboxes; SSL cert expires 2026-05-30 | 2026-05-24 | | [Kittle Design & Construction LLC](clients/kittle.md) | **Canonical Kittle article.** GC Tucson AZ; Syncro 32460233; M365 kittlearizona.com (tenant 3d073ebe); **major June 2026 BEC/ACH-fraud incident** — Ken+marco+Accounting compromised, fraudulent bank-change to City of Tucson + Town of Marana ($130K+ exposure, PREVENTED, no loss), IC3 filed; root cause = April credential theft + incomplete remediation (password never reset → ~2mo persistence); CA hardened + Entra P2 added 6/9; HPE MicroServer WS2025 EVAL, no backups/firewall | 2026-06-09 | | [Khalsa (two-site)](clients/khalsa.md) | Khalsa Montessori School (Syncro 9456554); two-site (Camden + River); domain khalsa.local on 10.11.12.0/22. **Server inventory captured 2026-06-19** (Syncro+ScreenConnect): TROUT (Camden, 10.11.12.254) = sole live DC+DNS+file(K:)+QuickBooks on aging Dell T110 II, ~490GB used, C: only 10% free; SALMON (River, 10.11.14.76) = standalone file/QB server; KHALSADC2 = intended 2nd DC OFFLINE since 2025-08 (no AD redundancy). **TROUT can't be removed as-is** (Schoolmaster gone but it now runs DC/DNS/QB) — needs role migration first. No server backups captured; VPN to ACG broken (manage via ScreenConnect). M365/contract terms still pending | 2026-06-19 |