diff --git a/projects/msp-tools/guru-rmm b/projects/msp-tools/guru-rmm index 1ed5596..7ab38ca 160000 --- a/projects/msp-tools/guru-rmm +++ b/projects/msp-tools/guru-rmm @@ -1 +1 @@ -Subproject commit 1ed55964db77d3964b330370b4e68de6fce2c3d6 +Subproject commit 7ab38ca1f2a362bcc96d72b4af7d3f379cf3939e diff --git a/session-logs/2026-05-24-wiki-layer.md b/session-logs/2026-05-24-wiki-layer.md index 7cb22a9..38e895e 100644 --- a/session-logs/2026-05-24-wiki-layer.md +++ b/session-logs/2026-05-24-wiki-layer.md @@ -186,3 +186,102 @@ GuruRMM required significant corrections. The BB-SERVER and RECEPTIONIST-PC lagg - Wiki root: `wiki/` - GuruRMM API agents endpoint: `GET http://172.16.3.30:3001/api/agents` (JWT required) - Coord message to Howard: ID `33d1576d-02d2-4940-8e97-7d8c5140e8c0` + +--- + +## Update: ~17:30 PT — Wiki seeding continued (Dataforth, 11 more clients) + +### Session Summary + +Continued wiki seeding pass. Verified all previously seeded articles against live data and Mike's corrections, then seeded 13 additional articles across clients and projects. + +Dataforth Corporation and the dataforth-dos project were seeded together via a single agent that read 23 client session logs, 15 docs, 10 project session logs, CONTEXT.md, and 7 memory files. The resulting articles are among the most detailed in the wiki: 278 lines for the client (64 DOS test stations, full contact table, all server IPs, M365/CA policy IDs, security incident history, GuruRMM enrollment workaround) and 474 lines for the project (pipeline architecture diagram, PostgreSQL schema, FAIL→PASS retest rule, H-prefix decode table, full security incident timeline with IC3 submission ID, D2TESTNAS role, Neptune SBR routing, Hoffman API endpoints). Mike reviewed both and confirmed they looked correct. + +Instrumental Music Center and Valley Wide Plastering were seeded in parallel. IMC surfaced a critical SQL instance naming trap (SQL Server 2019 Standard installed as `SQLEXPRESS` — not the Express edition) and a phantom DC (`ServerIMC` 192.168.0.63) causing intermittent slow logons. Valleywide surfaced a VB6/Access 97 app modernization project with 130 tables and 791 Crystal Reports, plus a certified payroll legal requirement that constrains the rewrite approach. + +Nine more client articles were seeded in a second parallel batch: internal-infrastructure, peaceful-spirit, cryoweave, glaztech, pavon, grabb-durando, stamback-septic, sombra-residential, birth-biologic. Several critical findings emerged: Neptune's Let's Encrypt cert expires 2026-05-31 and DkimSigner is currently disabled (unsigned outbound mail). Grabb & Durando's README contains a plaintext database password. Sombra Residential's "Server2013" is actually Windows Server 2012 (EOL Oct 2023), unpatched and on the network. Glaz-Tech had two phishing campaigns bypass MailProtector via a secondary MX record — both fixed, but no MFA enforcement is in place. + +### Key Decisions + +- **Live API verification before documenting fleet state** — queried `GET /api/agents` with JWT to get the authoritative agent list. Confirmed BB-SERVER and RECEPTIONIST-PC are on 0.6.38 (laggard note was stale within the same day). Full 12-client list written to gururmm.md from live data. +- **Batch small clients into parallel agent runs** — clients with 1-3 session logs were grouped (3-4 per agent) to minimize total wall-clock time while keeping article quality high. +- **Dataforth + dataforth-dos seeded as a single agent pass** — the two articles share heavy source overlap (same session logs, same memory files). One agent reading everything once is cheaper than two agents redundantly reading the same files. +- **Neptune cert urgency flagged in commit message** — expiry 2026-05-31 is days away; surfaced in commit subject so it appears in git log without needing to open the article. + +### Problems Encountered + +- **Push rejected (fetch first) — 3 occurrences** — remote had incoming commits between local commit and push each time (sync from another session or machine). Resolved with `git pull --rebase && git push` each time. +- **Coord message parse failure on em dash** — inline JSON with `—` in subject field caused "error parsing body". Resolved by writing JSON to `/tmp/coord_msg.json` and using `-d @/tmp/coord_msg.json`. + +### Configuration Changes + +**Created (wiki articles):** +- `wiki/clients/dataforth.md` (278 lines) +- `wiki/projects/dataforth-dos.md` (474 lines) +- `wiki/clients/instrumental-music-center.md` +- `wiki/clients/valleywide.md` +- `wiki/clients/internal-infrastructure.md` +- `wiki/clients/peaceful-spirit.md` +- `wiki/clients/cryoweave.md` +- `wiki/clients/glaztech.md` +- `wiki/clients/pavon.md` +- `wiki/clients/grabb-durando.md` +- `wiki/clients/stamback-septic.md` +- `wiki/clients/sombra-residential.md` +- `wiki/clients/birth-biologic.md` + +**Modified:** +- `wiki/index.md` — Clients and Projects tables expanded; Cross-Reference expanded; compilation queue updated +- `wiki/projects/gururmm.md` — Fleet state corrected; enrolled client list expanded from 4 to 12 clients +- `wiki/overview.md` — Fleet count and client table updated +- `wiki/clients/cascades-tucson.md` — Syncro contact rule globalized +- `.claude/memory/feedback_syncro_cascades_contact.md` — narrowed to incident detail only +- `.claude/memory/MEMORY.md` — index entry updated + +### Credentials & Secrets + +- GuruRMM API JWT obtained from vault (`infrastructure/gururmm-server.sops.yaml`) for fleet verification. Not stored. No new credentials created. +- **[ACTION]** Grabb & Durando: plaintext DB password found in `clients/grabb-durando/website-migration/README.md` — needs to be moved to vault. + +### Infrastructure & Servers + +**Dataforth (verified from session logs):** +- AD1 192.168.0.27 (primary DC, C: at 90% — critical) +- AD2 192.168.0.6 (testdatadb, PostgreSQL, firewall disabled) +- D2TESTNAS 192.168.0.9 (SMB1 bridge, Neptune host) +- SAGE-SQL 192.168.0.153 (Sage ERP + RDS) +- UDM 192.168.0.254 (C2 iptables not persistent) +- M365 tenant: dataforth.com, ID `7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584` + +**ACG Internal (from internal-infrastructure article):** +- Neptune Exchange cert (Let's Encrypt) expires **2026-05-31** — urgent +- Neptune DkimSigner currently DISABLED — outbound mail unsigned +- Cloudflare tunnel deployed on Jupiter (Cox BGP workaround) — 9 hostnames tunneled +- `rmm-api.azcomputerguru.com` must remain grey-cloud (WebSocket) + +**Peaceful Spirit:** PST-SERVER 192.168.0.2, UCG WAN 98.190.129.150 +**Glaztech:** M365 tenant ID `82931e3c-de7a-4f74-87f7-fe714be1f160`, Syncro ID 143932 + +### Pending / Incomplete Tasks + +- **Neptune cert renewal — URGENT** — Let's Encrypt cert expires 2026-05-31. Days away. +- **Neptune DkimSigner** — currently disabled; outbound mail unsigned. Re-enable after cert renewal. +- **Grabb & Durando plaintext password** — vault it from `clients/grabb-durando/website-migration/README.md` +- **C2 iptables on Dataforth UDM** — not persistent; add 80.76.49.18 and 45.88.91.99 to UniFi UI permanently +- **Glaztech MFA rollout** — service account auth audit required first; do not enable Security Defaults yet +- **Sombra Residential Server2013** — actually WS2012 EOL; present EOL recommendation to client +- **Stamback Septic Syncro duplicate** — possible second record 34021422; investigate +- **BirthBiologic SharePoint migration** — SPMT completion unconfirmed; check status +- **Pavon Nextcloud migration** — deferred to 3–6 month window; OwnCloud data dir at 74% capacity +- **NPM stale proxy** — `rmm-api.azcomputerguru.com → 172.16.3.20:3001` should be `.30:3001` +- **Wiki — remaining unseeded clients:** kittle, anaise, khalsa, bg-builders, evs, furrier, horseshoe-management, kittle-design, scileppi-law, western-tire, lens-auto-brokerage, at-trebesch, sandteko-machinery, mvan-inc +- **Wiki — unseeded projects:** discord-bot, radio-show, msp-pricing +- **Wiki — systems:** neptune, d2testnas still in compilation queue + +### Reference Information + +- Commits this update: `85e8342`/`63109d9` (Dataforth), `da40eeb`/`b583aee` (IMC + Valleywide), `32f64a9` (9 clients) +- GuruRMM live fleet: 55 agents, 12 clients, 40/55 on v0.6.38 +- Dataforth DOS pipeline stats: 469K records, 458.5K live, daily task 02:30 AM +- Dataforth IC3 submission: `1c32ade367084be9acd548f23705736f` +- Neptune cert expiry: 2026-05-31 (Let's Encrypt)