azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-12 13:21:22

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-12 13:21:22
This commit is contained in:
Mike Swanson
2026-06-12 13:21:39 -07:00
parent 9b02a508d6
commit 401ecca9a2
2 changed files with 100 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.claude/skills/remediation-tool/references/tenants.md
View File

@@ -38,7 +38,7 @@ that will fail the next email task; fix it with `assign-exchange-role.sh <domain
| JR Kennedy Company | jrkco.com | a92594b9-c8ad-4dba-8b40-14fcd32c723c | NO | |
| Khalsa Montessori School | khalsamontessorischools.onmicrosoft.com | b2950f9d-81f8-40e4-85d9-2854d1d4f31b | NO | |
| Kittle Design & Construction | kittlearizona.com | 3d073ebe-806a-4a5e-9035-3c7c4a264fc0 | YES | Sec Inv + Exchange Operator + Tenant Admin consented (2026-06-08 BEC remediation). Exchange Admin role IS assigned to Exch Op SP (verified 2026-06-09 — prior "NOT assigned" note was stale). BEC EXO persistence re-verified clean 2026-06-09: malicious inbox rules gone, no forwarding, no transport rules, no rogue delegates. Open (need Ken): "Christina Micek" StopProcessing rule on Ken + Ken FullAccess to Accounting. |
| LeeAnn Parkinson | lamaddux.com | 2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929 | NO | |
| LeeAnn Parkinson | lamaddux.com | 2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929 | YES | All apps consented 2026-06-12 (Sec Inv + Exch Op Exchange Admin, User Mgr User Admin + Auth Admin, Tenant Admin CA Admin); no MDE. Onboarded for Jim Parkinson (jparkinsonaz.com) mailbox migration off Neptune. |
| Marty Ryan | martylryan.com | 48581923-2153-48b9-82b3-6a3587813041 | YES | Sec Inv + Tenant Admin consented; all roles assigned 2026-04-20 |
| MVAN Enterprises, Inc | mvan.onmicrosoft.com | 5affaf1e-de89-416b-a655-1b2cf615d5b1 | NO | |
| Patient Care Advocates | pcatucson.com | 463b462d-0995-4e51-9e41-82c208015c7f | NO | |

99
session-logs/2026-06-12-mike-jparkinson-mail-migration.md Normal file
View File

@@ -0,0 +1,99 @@
# 2026-06-12 — Jim Parkinson mail migration (Neptune -> lamaddux M365) + RMM log triage + IX API token
## User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070
- **Role:** admin
## Summary
Multi-thread session. Headline: migrated **Jim Parkinson** (`jparkinsonaz.com`, mail on on-prem
Neptune Exchange) into **LeeAnn Maddux's** existing **lamaddux.com** M365 tenant to fix shared-calendar
sync issues (Syncro #32411). Also: triaged a stale GuruRMM AI log-analysis report (filed 2 root-caused
bugs + a signal-design refinement), recovered the lost IX WHM API access method (now a vaulted full-access
token), restored the "vault every credential" CORE rule, and handled a Bardach M365 sign-in error.
## Threads
### 1. Bardach (barbara@bardach.net) — AADSTS165000 on iPhone
Client-side session-cookie failure (Missing session context cookie). NOT password/MFA/Smart-Lockout, and
NOT caused by our 2026-06-05 Security Defaults change (she passed password + Authenticator). Gave iPhone
fix steps (full Safari not in-app webview, allow cookies, clear site data, fresh single-pass sign-in,
auto date/time). Offered Entra sign-in-log lookup for Correlation Id `71fa2d99-2607-4cfc-a032-da30b925d04d`.
Tenant: bardach.net `dd4a82e8-85a3-44ac-8800-07945ab4d95f`.
### 2. GuruRMM log-analysis triage (stale report reconciliation)
Report came from GuruRMM's own `/api/logs/analyze` (cut over to Claude Haiku today). Reconciled vs live logs:
- **Ollama unreachable** = HEALED (cutover; last stray 13:27 pre-deploy).
- "1,100+ WS errors" = real (~1504/24h) but benign reconnect churn + deploy restart-storms; fleet reconnecting.
- Auth timeouts 7/24h = benign.
- **2 real bugs filed** in `projects/msp-tools/guru-rmm/docs/RMM_THOUGHTS.md` (submodule, pushed `8d5bb9d`):
1. Hardware inventory NUL -> Postgres jsonb reject (7 Windows agents: IMC1, Seth-PC, QWM-JOHN, QWM-SHEILA,
goldstar19, SIF-SERVER, Christine-Win10). Fix: strip NUL before jsonb insert in `upsert_agent_hardware`.
2. Update scanner execs non-.exe binaries for `--version`; macOS Mach-O can't run on the Linux server ->
`continue`-skipped -> macOS/Linux agents never offered updates. Fix: trust filename version for non-Windows.
3. Feature 4a refinement: alert on STATE (offline-past-budget / flapping / mass-drop) not the disconnect
event; reclassify "connection reset without closing handshake" ERROR->INFO (ships standalone).
### 3. IX WHM API access recovered (the ~1h time-sink)
Password+legacy `json-api` basic-auth to `ix.azcomputerguru.com:2087` now returns **403 pre-auth** (not
cpHulk/Imunify IP block — WHM login page 200s; bad creds also 403). Mike created a **full-access root WHM
API token "ClaudeTools"**. Correct method: header `Authorization: whm root:<token>`, force `curl -4`.
Stored at vault `infrastructure/ix-server` `credentials.whm-api-token` + documented in entry notes.
Restored CORE rule in `.claude/CLAUDE.md` ("vault + document EVERY in-session credential, via the vault
skill"); added memories `ix-whm-dns-api-access` + `feedback-vault-every-credential`.
### 4. Leeann Maddux RMM onboarding
New RMM client **Leeann Maddux** + site **Home** (`DARK-OCEAN-9950`, site_id `7357db16-114c-4404-92be-4a587056d9e5`,
client_id `bd8c4027-7cbe-41c0-bc2c-c8e6c4846b62`). Enrollment key vaulted `clients/lamaddux/gururmm-site-home.sops.yaml`.
Jim's 2 machines enrolled: **DESKTOP-EDN9UDO** (`2b24e8de-a774-4277-bad3-689c00f9eacc`) + **DESKTOP-M0GBKF3**
(`4fdecea6-19d9-4dd0-bf6c-f2b1ab6c6c28`). (jpark = logged-in user on M0G, SID ...-1014.)
### 5. Jim Parkinson mail migration (the main work)
- **Tenant lamaddux.com** `2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929` (LeeAnn Maddux) onboarded via single-consent
(`onboard365`); all apps + roles provisioned (recorded YES in remediation-tool `tenants.md`).
- Added + verified custom domain `jparkinsonaz.com` (TXT `MS=ms74863246`); Mike added the domain in portal
(our Tenant Admin app lacks `Domain.ReadWrite.All` — flagged as future automation item).
- Created **jim@jparkinsonaz.com** (obj `387dc966-fd91-4512-9b0f-d80b125769f4`) + **Exchange Online Plan 1**
(skuId `4b9405b0-7788-4568-add1-99614e613b69`; Mike bought the 2nd license). Mailbox provisioned, primary
SMTP matches source.
- **DNS cutover** on IX (token) to O365 + zone cleanup: MX `jparkinsonaz-com.mail.protection.outlook.com`,
SPF `v=spf1 include:spf.protection.outlook.com -all`, autodiscover CNAME -> `autodiscover.outlook.com`,
**DKIM** selector1/selector2 CNAMEs -> `selector{1,2}-jparkinsonaz-com._domainkey.lamaddux.a-v1.dkim.mail.microsoft`
(new MS format, resolves to live keys). Removed: **root A** (was -> Neptune 67.206.163.124), `mail` CNAME,
4x CalDAV/CardDAV SRV + path TXTs, cPanel `_cpanel-dcv-test-record` + `_acme-challenge`.
- **PST export** off Neptune: `New-MailboxExportRequest` -> `\\NEPTUNE\PSTExport$\jim-jparkinsonaz.pst`,
Completed 100%, 1.776 GB, 8316 items. Mike to copy + Outlook-import himself.
- **Outlook autodiscover fix (Exclude365):** ran undo of `C:\Users\guru\ownCloud\Toolbox\!-Utils\RegistryFixes\Exclude365-Final.reg`
on both machines (removed exclusions + acghosting RedirectServers pins, HKLM policy + user hives incl offline).
Fresh profile still hit mail.acghosting.com because **root A pointed to Neptune** -> root-domain autodiscover
probe answered on-prem. Set `ExcludeHttpsRootDomain=1` on both machines (interim), then **removed the root A
record** (permanent global fix -> root probe NXDOMAIN -> falls through to autodiscover CNAME -> O365).
- Set password + MFA: see Credentials.
### 6. Syncro #32411 (id 112542872, LeeAnn Parkinson, customer 139908)
PUT status -> In Progress, problem_type -> Server Migration; posted customer-visible (no-email) note scoping
it to a mail migration to resolve calendar sync. Comment id 418758100.
## Credentials (unredacted — private repo)
- **jim@jparkinsonaz.com** / `jP48504850$` (permanent, no force-change). MFA mobile **+1 520-349-2222**.
Vaulted `clients/lamaddux/jim-parkinson-m365.sops.yaml`.
- **IX WHM API token "ClaudeTools"** (FULL-ACCESS ROOT): `HAUGCPQGJGDK3YDAMVA0B4ELR9CVNAQ6`.
Vaulted `infrastructure/ix-server` `credentials.whm-api-token`. Use: header `Authorization: whm root:<token>`,
`curl -4`. Password basic-auth on json-api now 403s.
- Leeann Maddux RMM site key: vaulted `clients/lamaddux/gururmm-site-home.sops.yaml`.
## Infrastructure
- IX: `ix.azcomputerguru.com` = 72.194.62.5 (WHM:2087). Public NS `ns1/ns2.acghosting.com` = 52.52.94.202
(cluster; edits auto-sync). Neptune external 67.206.163.124 / 172.16.3.11 (mail.acghosting.com, Exchange 2016).
- RMM API `http://172.16.3.30:3001`. (Brief `.30` outage mid-session — networking, Mike fixed.)
- Imunify360 (cpHulk disabled) gated WHM; whitelisted our IPv4 98.97.118.217 + IPv6 2605:59c0:43a6:9710::/64.
## Pending / next
1. Mike: copy PST + Outlook-import on M0G/EDN9; confirm it connects to **Microsoft** (root-A removal is the fix).
2. Mike: **Enable DKIM signing** for jparkinsonaz.com in Defender portal (CNAMEs are live).
3. After import confirmed: **final delta export + decommission `jparkinsonaz.com` on Neptune** (remove accepted
domain/mailbox/DKIM/routing); then **close #32411**. Optional: remove stale `s1`/`default` DKIM TXT;
remove the now-redundant `ExcludeHttpsRootDomain` reg value.
4. GuruRMM: 2 bugs + Feature 4a filed (ROOT-CAUSED) — await build decision.
5. Future: add `Domain.ReadWrite.All` to Tenant Admin app to automate domain-adds (Mike: "wire this up").
6. Bardach: Barbara to retry per iPhone steps; sign-in-log lookup on standby.