From 2cbe246025f57aab2a5850f805fbf704e4fef6a6 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Tue, 26 May 2026 11:30:58 -0700 Subject: [PATCH] sync: auto-sync from GURU-5070 at 2026-05-26 11:30:54 Author: Mike Swanson Machine: GURU-5070 Timestamp: 2026-05-26 11:30:54 --- session-logs/2026-05-26-session.md | 107 +++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) diff --git a/session-logs/2026-05-26-session.md b/session-logs/2026-05-26-session.md index 0f21710..58a7561 100644 --- a/session-logs/2026-05-26-session.md +++ b/session-logs/2026-05-26-session.md @@ -441,3 +441,110 @@ curl -s -X PUT "http://172.16.3.30:8001/api/coord/todos/de50e82a-30d1-479b-bf9c- - Test todo id: `de50e82a-30d1-479b-bf9c-522ca223d2cc` (msp-pricing, due 14:00) - MSP pricing artifacts: `projects/msp-pricing/` — docs, calculators, HTML sheets, marketing - Western Tire Syncro ticket: #32199 (ID: 109325058) — not yet billed + +--- + +## Update: 12:45 PT — Autotask planning, IX/tucsonpaintball, ACG vault, QWM onboarding + Outlook fix + +## User +- **User:** Mike Swanson (mike) +- **Machine:** GURU-5070 +- **Role:** admin +- **Session span:** ~10:00–13:30 PT + +## Session Summary + +Session opened with continuation of the Autotask PSA skill planning discussion. Documented a full planning framework: API authentication (three-header model: Username/Secret/ApiIntegrationCode), zone-based URL discovery, POST-based query model for entity lookups, numeric picklist IDs requiring live lookup, contract-based billing complexity (T&M/Block Hours/Fixed/Recurring), and a six-phase build plan. Credentials need to be created in the Autotask admin panel first; coord todo created for this evening. + +Handled a tucsonpaintball.net WordPress password reset for user desertfox. SSH to IX failed initially with MaxAuthTries exhaustion (Windows SSH client offering all agent keys before password auth). Used WHM Fileman API to read wp-config.php for DB credentials, then connected via Python paramiko and ran a direct MySQL UPDATE on wp_users with the MD5 hash of the new password (d3$ertf0x!). WordPress accepts MD5 and auto-upgrades to phpass on first login. + +Diagnosed the IX SSH lockout root cause as MaxAuthTries 6 combined with Windows key exhaustion. No fail2ban or CSF present; server uses Imunify360. Added 172.16.0.0/22 to Imunify360 whitelist and raised MaxAuthTries to 12 in sshd_config. User independently added the same subnet via the Imunify360 web UI as "Local Lan" which superseded the CLI entry. + +Vaulted 10 ACG founding/incorporation documents from businessdocs.zip (Articles of Organization, EIN application, IRS EIN letter, Form 8832 approval, AZ Corporation Commission, Affidavit of Publication, business license, cover letter). Encrypted the ZIP directly with age stored as business/acg-founding-docs.age with a companion SOPS-encrypted index YAML. + +Began new client work for Quantum Wealth Management. Discovered quantumwms.com has a GoDaddy-managed M365 tenant (NETORG18235235, ddf3d2c9) with email on Intermedia. Added QWM as RMM client with Office site. Onboarded sheilaperess.com tenant (7f1597b4) after consent approval. Investigated Outlook Classic failure via RMM PowerShell: Bitdefender Endpoint Security Tools had injected five 127.0.0.1 hosts entries blocking Microsoft autodiscover endpoints. Removed entries, flushed DNS. Pulled sheilaperess.com license: Exchange Online Essentials, renews 2027-04-21. + +Planned GoDaddy decoupling for both domains. Sheila disclosed M365 Personal license (renewal disabled, lapses 2026-06-03 — hard deadline). Agreed architecture: 2x M365 Business Premium for firm quantumwms.com accounts (financial advisors — Defender for Business, Intune, CA, DfO P1), plus Exchange Online Plan 1 for personal domain accounts. quantumwms.com consent pending 2pm call with John Velez. + +## Key Decisions + +- **Paramiko over system SSH for IX:** Windows SSH client enumerates all agent keys before password, hitting MaxAuthTries=6. Paramiko with look_for_keys=False bypasses this entirely. +- **age-encrypted ZIP for vault documents:** Binary files do not encode cleanly in SOPS YAML. Direct age encryption of the archive is simpler and more reliably recoverable. SOPS YAML provides searchable metadata. +- **MD5 for WordPress password reset:** WordPress checks hash length <=32 chars and accepts MD5, upgrading to phpass on first login. Avoids needing WP-CLI or web-executed PHP. +- **Business Premium over Business Basic for QWM:** Financial advisors with client data — Defender for Business, Intune, Conditional Access, AIP P1 are compliance-appropriate. +- **Let sheilaperess.com GoDaddy Essentials ride to 2027:** No benefit to early cancellation; replace with direct Exchange Online Plan 1 when firm accounts are live. + +## Problems Encountered + +- **IX SSH MaxAuthTries exhaustion:** Windows SSH client exhausted MaxAuthTries=6 with key enumeration. Fixed with paramiko and raised server limit to 12. +- **WHM Fileman savefile silently failed:** API returned success but PHP file never appeared. Switched to paramiko+MySQL which was cleaner for this use case. +- **Tailscale outage mid-session:** RMM at 172.16.3.30 timed out. Resumed after user restarted Tailscale. +- **Em dash in RMM JSON payload:** Rust/Axum parser rejected em dash in notes field. Replaced with plain hyphen. +- **GuruRMM command endpoint discovery:** /script, /execute, /run all 404. /command returned 422; probed error body to discover required command_type field. Complex PS payloads required Python construction. +- **Bitdefender autodiscover hijack:** Bitdefender wrote five 127.0.0.1 hosts entries for Microsoft autodiscover hostnames. Outlook autodiscover failed silently — no Event Log entries because Outlook never reached MAPI stage. Fixed via RMM PS. + +## Configuration Changes + +**IX server (172.16.3.10):** +- /etc/ssh/sshd_config: MaxAuthTries 6 -> 12; sshd reloaded +- Imunify360 whitelist: 172.16.0.0/22 (comment: "Local Lan") + +**QWM-SHEILA (agent f7da4083, Windows 11 22631):** +- C:\Windows\System32\drivers\etc\hosts: removed 5 Bitdefender 127.0.0.1 autodiscover entries +- DNS cache flushed; autodiscover-s.outlook.com resolves to 40.104.23.98 + +**Vault (D:/vault):** +- business/acg-founding-docs.age — NEW: age-encrypted ZIP, 10 ACG founding docs (4.2MB) +- business/acg-founding-docs-index.sops.yaml — NEW: SOPS-encrypted index with file manifest + decrypt instructions + +**guru-rmm submodule:** +- PRODUCT.md — NEW: product definition, users, brand personality, design principles +- .gitignore — added .claude/ + +**GuruRMM (172.16.3.30:3001):** +- Client: Quantum Wealth Management (QWM), id=7740ad05-bb5d-4378-a647-28fa82a87192 +- Site: Office, id=d6f0183a-b7e9-4c84-aa8b-3629b81fbe28, site_code=GREEN-CLOUD-1199, api_key=grmm_H15twRmMDF5KSMVt50-U6ySDxzJS7LN4 + +## Credentials & Secrets + +- tucsonpaintball.net WP DB: desertfox_maindb | desertfox_user | +h#(BH[TzQ)? +- desertfox WP new password: d3$ertf0x! (MD5: 8ef96b9708e44d2e69935d7e6a10892a) +- QWM RMM site key: grmm_H15twRmMDF5KSMVt50-U6ySDxzJS7LN4 (site: GREEN-CLOUD-1199) +- ACG vault new: business/acg-founding-docs.age | decrypt: age -d -i acg-founding-docs.age > businessdocs.zip + +## Infrastructure & Servers + +- IX: 172.16.3.10 | ext: 72.194.62.5 | root / t4qygLl7{1zJcUj#022W^FBQ>}qYp-Od | CloudLinux 9.7 | Imunify360 +- quantumwms.com tenant: ddf3d2c9-b76c-40d9-a216-9f11a1a26f97 (NETORG18235235.onmicrosoft.com) | GoDaddy | Intermedia email | NOT YET CONSENTED +- sheilaperess.com tenant: 7f1597b4-a132-4954-84b8-9b5ce36e743e (NETORGFT6384335.onmicrosoft.com) | GoDaddy | Exchange Online | CONSENTED + ONBOARDED +- sheilaperess.com license: EXCHANGE_S_ESSENTIALS, 1 seat, renews 2027-04-21 +- QWM-SHEILA: f7da4083 | Win11 22631 | Office 16.0.20026.20076 Monthly Enterprise | Bitdefender Endpoint Security Tools + +## Commands & Outputs + +``` +# RMM command pattern +POST http://172.16.3.30:3001/api/agents/{id}/command {"command_type":"powershell","command":"...","timeout":60} +GET http://172.16.3.30:3001/api/commands/{command_id} + +# sheilaperess.com onboard: all roles assigned, 2 minor SP replication timing errors (non-blocking) + +# autodiscover post-fix: [System.Net.Dns]::GetHostAddresses("autodiscover-s.outlook.com") -> 40.104.23.98 +``` + +## Pending / Incomplete Tasks + +- **2pm TODAY (todo 37f2196c):** Call John Velez — quantumwms.com consent + pull licenses + confirm users + Intermedia decision +- **DEADLINE 2026-06-03 (todo 46bda3ec):** Provision 2x M365 Business Premium before M365 Personal lapses +- **After John call:** bash onboard-tenant.sh ddf3d2c9-b76c-40d9-a216-9f11a1a26f97 +- **QWM GoDaddy decoupling:** DNS to Cloudflare, Business Premium purchase, Exchange Plan 1 personal accounts, Intermedia migration +- **Autotask skill (tonight):** Create API creds, vault, Phase 1 build +- **Western Tire Syncro #32199:** Not yet billed +- **Kittle HIGH:** WS2025 EVAL + possible active inbox compromise +- **GuruRMM fix/audit-2-remediation:** Awaiting merge + deploy + +## Reference Information + +- quantumwms.com consent URL: https://login.microsoftonline.com/ddf3d2c9-b76c-40d9-a216-9f11a1a26f97/adminconsent?client_id=709e6eed-0711-4875-9c44-2d3518c47063&redirect_uri=https://azcomputerguru.com&prompt=consent +- GuruRMM: http://172.16.3.30:3001 | admin@azcomputerguru.com / GuruRMM2025 +- Vault commit: 86a5586 | guru-rmm: 1a00912 | claudetools: 464d28a