azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-11 08:02:42

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-11 08:02:42
This commit is contained in:
Mike Swanson
2026-06-11 08:02:55 -07:00
parent 6bd3210e21
commit 55445d78dc
4 changed files with 55 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.claude/memory/MEMORY.md
View File

@@ -124,3 +124,4 @@
- [Refresh session history first](feedback_refresh_session_history_first.md) — read prior incident logs before acting; do not re-remediate already-handled accounts
- [Autonomy scope](feedback_autonomy_scope.md) — confirm only for client-affecting actions; internal docs/wiki/ClaudeTools = act autonomously
- [Check for client-slug fragmentation](feedback_client_slug_fragmentation.md) — Before concluding a client has no records, grep broadly (company/owner/initials/hostname/"Last, First") across clients/, wiki/, session-logs/, vault — one client gets split across slug variants (Wolkin was 4: wolkin/wolkin-law/rswolkin/robert-wolkin). Consolidate to one canonical slug; action prior logs' Pending items.
- [RMM user_session = false SMB failures](feedback_rmm_user_session_smb_false_negative.md) — GuruRMM net use/net view/Add-Printer to a remote \HOST fail with error 67 / RPC 1702 (even with valid creds) because user_session is a WTS-impersonated non-interactive token that can't do authenticated SMB. The share/printer may work fine interactively. Treat RMM SMB results as "can't tell"; verify via ScreenConnect.

35
.claude/memory/feedback_rmm_user_session_smb_false_negative.md Normal file
View File

@@ -0,0 +1,35 @@
---
name: RMM user_session gives FALSE SMB/printer failures (error 67 / RPC 1702) — verify interactively
description: GuruRMM commands (even context user_session) run under a WTS-impersonated, non-interactive token that CANNOT establish authenticated SMB to a remote host. net use / net view / Add-Printer to \\HOST fail with error 67 / RPC 1702 even when the share+printer work fine in the user's real interactive logon. Treat RMM SMB results as "can't tell," not "broken."
type: feedback
---
When diagnosing remote file-share or network-printer reachability, do NOT trust results from
GuruRMM `net use` / `net view` / `Add-Printer -ConnectionName \\HOST\...` — including in
`context: user_session`. That context is a **WTS-impersonated, non-interactive token**, which
cannot stand up an authenticated SMB session to a remote server. It returns **System error 67
("network name cannot be found")** and **RPC 1702 ("binding handle invalid")** regardless of how
healthy the path is — and even when you pass explicit valid credentials. It is not measuring what
the logged-on user actually sees.
**Why:** Mike, 2026-06-11 (Wolkin / RSW-Laptop printer). Julie reported "no printers." Over RMM I
verified ZeroTier up, name resolution, TCP 445/139 open, MTU 2800 full DF packets, FRONT spooler
running + `Sharp` shared + Private profile + SMB-In allowed, laptop adapter bindings present — yet
every RMM `net use \\front\IPC$` (by name AND by IP, with valid `front\julie` creds) returned
error 67, and I spent a long chain concluding it was a "stubborn SMB-over-ZeroTier wall needing a
manual fix." Then Mike remoted in (real interactive session) and **the printer worked fine.** The
error 67 was an artifact of the RMM impersonation context, not a fault. This also explained the
2026-06-07 "wall" (same artifact; the earlier "manual fix" worked only because it was interactive).
**How to apply:**
- RMM is great for SYSTEM-scope facts (services, drivers, shares hosted locally, firewall, profiles,
IP/MTU/ping/TCP-port reachability). It is the WRONG instrument for "can the user reach
`\\REMOTEHOST\share` / a `\\HOST`-connected printer." For that, use the **real interactive
session** — ScreenConnect — or have the user confirm.
- If RMM `net use`/`net view`/`Add-Printer` to a remote host returns 67/1702, read it as
**"cannot determine from this context,"** not "broken." Do not chase the plumbing — verify
interactively first.
- A genuinely broken share/printer will also fail interactively; an artifact fails only via RMM.
So: reproduce in the real session before declaring a fault or burning cycles on root cause.
- Related: [[feedback_rmm_password_limitation]] (RMM also can't set local passwords — another
impersonation/agent-context limitation; use ScreenConnect). Wolkin context: [[wolkin]].