sync: auto-sync from HOWARD-HOME at 2026-06-30 10:37:25
Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-30 10:37:25
This commit is contained in:
@@ -153,6 +153,7 @@
|
||||
- [Cascades](project_cascades.md) — Active state: Syncro ticket #110680053 + plan file (machine-specific path on Howard's box), admin accounts (sysadmin@=Howard, admin@=Mike — daily-driver, NOT break-glass), Phase-B caregiver CA pilot (SG-Caregivers-Pilot, group-scoped never tenant-wide), prepaid block ~37.5h (rate TBD), pilot cleanup checklist.
|
||||
- [Cascades history](project_cascades_history.md) — fdeploy 502/ACL root cause (Flags=1211→187 fix), 2026-04-29 CA-rescoping decision (Howard pulled the brakes on tenant-wide), 2026-05-14 per-user-security-group decision rationale.
|
||||
- [Cascades isolated-VLAN pattern](project_cascades_isolated_vlan_pattern.md) — pfSense: the GUEST VLAN (VLAN50/igc1.50) is the isolation template (4 any-proto quick rules: block 192.168.0.0/22 + 10.0.0.0/8 + 172.16.0.0/12, then pass any; public DNS via DHCP). VLAN20 is NOT isolated. Verify with `pfctl -sr`, not config.xml. Protocol MUST be Any (TCP-only leaks UDP). VOICE VLAN30 built to this 2026-06-17.
|
||||
- [Cascades VLAN20 migration + routing](project_cascades_vlan20_migration_routing.md) — Staff machines/printers moving to VLAN20 (10.0.20.0/24). CS-SERVER couldn't reach VLAN20 printers because the LAN "allow LAN to any" rule policy-routes via WAN_Group → add a top LAN pass rule (src CS-SERVER 192.168.2.248, dst 10.0.20.0/24, gw=default) to bypass. pfSense SSH from VPN is blocked (do firewall in GUI). Printer client-map via GPO or SYSTEM `printui /ga` to dodge the 0x800702e4 PrintNightmare prompt; build UNC with [char]92.
|
||||
- [Cascades KPI dashboard (parked)](project_cascades_kpi_dashboard.md) — Ashley Jensen wants one dashboard across their reporting SaaS (ALIS/QuickBooks/Bill.com/Relias/You've Got Leads/TELS/Focus HR/Helpany/POS). Power BI Gateway is the WRONG frame (on-prem only). Recommended Tier1→Tier2: scheduled exports → SharePoint → Power BI Pro, automate API-capable systems (Bill.com/QBO) via Power Automate later. Full notes: `clients/cascades-tucson/docs/proposals/kpi-dashboard.md`. Next: draft client one-pager.
|
||||
- [Sync script bug — untracked files (RESOLVED)](project_sync_script_bug.md) — FIXED 2026-05-21: sync.sh now uses `git status --porcelain` for change detection (repo + vault).
|
||||
- [MasterBooter Side Project](project_masterbooter.md) — Howard's Rust+Slint Windows deployment toolkit at C:\MasterBooter, separate from client work. Do not log to clients/.
|
||||
|
||||
73
.claude/memory/project_cascades_vlan20_migration_routing.md
Normal file
73
.claude/memory/project_cascades_vlan20_migration_routing.md
Normal file
@@ -0,0 +1,73 @@
|
||||
---
|
||||
name: project_cascades_vlan20_migration_routing
|
||||
description: Cascades CSC ENT->VLAN20 migration — pfSense WAN_Group policy-route breaks LAN<->VLAN20; fix + printer-migration mechanics
|
||||
metadata:
|
||||
type: project
|
||||
---
|
||||
|
||||
Cascades is migrating staff machines + printers off the flat old LAN (192.168.0.0/22,
|
||||
"CSC ENT") onto the isolated **Staff VLAN 20 (10.0.20.0/24, gw 10.0.20.1)** ("CSCNET").
|
||||
Printers are being re-IP'd to 10.0.20.x (static) and re-shared on the CS-SERVER print
|
||||
server. Key operational facts learned 2026-06-30 (Howard, front-desk ET-5800 + Life
|
||||
Enrichment Canon MF741CDW):
|
||||
|
||||
**pfSense gotcha (the big one):** CS-SERVER (on the old LAN) could not reach ANY VLAN 20
|
||||
printer (.221/.220/.94/.78:9100) even though it pinged the VLAN20 gateway 10.0.20.1. Root
|
||||
cause was NOT a block — the LAN "Default allow LAN to any" rule has **Gateway = WAN_Group**
|
||||
(dual-WAN policy routing), so LAN->internal-VLAN traffic gets shoved out the WAN and dies.
|
||||
**Fix = a pass rule at the TOP of the LAN interface** (Firewall/Rules/LAN), Source =
|
||||
CS-SERVER 192.168.2.248, Dest = 10.0.20.0/24, protocol any, **Gateway = default** (do NOT
|
||||
set WAN). This bypasses the policy route so internal traffic routes normally. Scoped to the
|
||||
server's source IP => residents (own /28 VLANs) + guests (VLAN 50) can't match it (rule is
|
||||
on the LAN interface, sourced from the server only). This also un-broke the already-migrated
|
||||
Business Office/Life Enrichment/MC Reception shares. VLAN20->server (SMB) was already fine.
|
||||
|
||||
**pfSense SSH from the VPN is BLOCKED** (tcp/22 dropped; GUI 443 open). The `unifi-wifi`
|
||||
skill's `pfsense-ssh.sh` therefore returns empty (it sends ssh stderr to /dev/null). Did the
|
||||
rule via the GUI instead. To use the skill remotely later, add an OpenVPN-side allow for 22.
|
||||
|
||||
**Printer migration mechanics:**
|
||||
- CS-SERVER side: repoint the share's port to TCP_10.0.20.<x>:9100 (Set-Printer -PortName),
|
||||
drop the old 192.168.2.x port; keep the same ShareName so client mappings survive.
|
||||
- Client side: mapping `\\CS-SERVER\<share>` as a standard domain user triggers a
|
||||
PrintNightmare elevation prompt (HRESULT 0x800702e4) EVEN when the driver is already local
|
||||
— see [[feedback_rmm_printer_elevation]] / errorlog. Promptless options: GPO printer
|
||||
deployment (they already do this for caregivers — the scalable answer), or push as SYSTEM
|
||||
via `rundll32 printui.dll,PrintUIEntry /ga /n"\\CS-SERVER\<share>"` (per-machine, appears
|
||||
at the user's NEXT logon), or set Point-and-Print "Approved server = CS-SERVER" so user-
|
||||
context maps are promptless+immediate.
|
||||
- Old room-named shares (e.g. `1F-132-RecRoom-Canon`) were renamed on the server during
|
||||
migration, leaving ORPHANED per-user client mappings; a spooler restart auto-drops them.
|
||||
- Build UNC paths in RMM PowerShell with `[char]92`, not literal `\\` (jq/agent pipeline
|
||||
mangles literal backslashes — [[feedback_windows_quote_stripping]]).
|
||||
|
||||
**Point-and-Print is the REAL promptless fix (proven 2026-06-30 on the LE machines).** The
|
||||
0x800702e4 prompt AND the `/ga` per-machine path silently failing at logon (PrintService
|
||||
event 513, error 0xBCB) are BOTH the same default `RestrictDriverInstallationToAdministrators`
|
||||
(ON when unset) blocking the standard user from pulling the driver. We're domain admin, but
|
||||
the *end user* isn't — so apply admin rights via the Point-and-Print policy:
|
||||
`HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers` `RestrictDriverInstallationToAdministrators=0`
|
||||
+ subkey `PointAndPrint` `Restricted=1,TrustedServers=1,ServerList=CS-SERVER,InForest=0,`
|
||||
`NoWarningNoElevationOnInstall=1,UpdatePromptSettings=2` (scopes silent install to CS-SERVER
|
||||
only). After that, `WScript.Network.AddWindowsPrinterConnection` in the user session is
|
||||
promptless+immediate. **Correct durable fix = put this in a computer GPO fleet-wide** (the
|
||||
caregiver machines already have it; that's why their printer GPO works), then deploy printers
|
||||
via GPO. Existing GPOs: `CSC - Life Enrichment Printers`, `CSC - Printer Deployment`,
|
||||
`CSC - Caregiver Workstation`, `CSC - Reception Workstation Policy` (the LE one likely still
|
||||
pushes the OLD share name — repoint it to the new share).
|
||||
|
||||
**Driver/PDL trap — Canon MF741/743 = UFR II ONLY (not PCL).** The rebuilt `LifeEnrichment`
|
||||
share was created with **Canon Generic Plus PCL6**; the MF741 can't parse PCL → spools OK,
|
||||
nothing prints, panel shows **Error #822** (unsupported/corrupt data). Fix = use the **UFR II**
|
||||
driver (`Canon Generic Plus UFR II V250`, INF cnlb0ma64.inf). CS-SERVER only had PCL6/PS3/XPS
|
||||
staged; pulled UFR II from a client's DriverStore (`C:\Windows\System32\DriverStore\
|
||||
FileRepository\cnlb0ma64.inf_amd64_*`) using the vaulted `cs-server` `sysadmin` domain-admin
|
||||
cred. **Transfer direction matters:** CS-SERVER (192.168.2.x) CANNOT reach a client's C$
|
||||
(client host-firewall scopes File/Print sharing to LocalSubnet, and CS-SERVER is off-subnet)
|
||||
-> have the CLIENT push to `\\CS-SERVER\C$` instead (client->server SMB works). Then
|
||||
`pnputil /add-driver <inf> /install`, `Add-PrinterDriver -Name "<exact INF model name>"`,
|
||||
`Set-Printer -DriverName`. Get the exact driver name from the INF's quoted strings, not a guess.
|
||||
When the server driver changes, refresh each client connection (Remove+AddWindowsPrinterConnection)
|
||||
so it drops the stale cached PCL6 driver.
|
||||
|
||||
Related: wiki clients/cascades-tucson (network/VLANs), [[project-cascades-migration-plan]].
|
||||
@@ -0,0 +1,90 @@
|
||||
## User
|
||||
- **User:** Howard Enos (howard)
|
||||
- **Machine:** Howard-Home
|
||||
- **Role:** tech
|
||||
|
||||
## Session Summary
|
||||
|
||||
Migrated the front-desk Epson ET-5800 and the Life Enrichment Canon MF741CDW onto the new Staff VLAN 20 (10.0.20.0/24 / "CSCNET"), as part of the ongoing move of staff machines + printers off the flat old LAN ("CSC ENT", 192.168.0.0/22). All work driven via GuruRMM (CS-SERVER + the client agents) plus one pfSense GUI change.
|
||||
|
||||
First, the front-desk ET-5800: confirmed RECEPTIONIST-PC is two physical boxes (frontdesk = serial MJ0KQHNP at 10.0.20.102; the other is Memory Care reception). Repointed the CS-SERVER `FrontDesk` share from `TCP_192.168.2.147` to `TCP_10.0.20.221` (printer set to static .221 by Howard), removed the old port, removed the stale local `ET-5800 Series(Network)` printer from the frontdesk box, mapped `\\CS-SERVER\FrontDesk` and set it default. Test page printed.
|
||||
|
||||
Hit a hard blocker: CS-SERVER could not reach ANY VLAN 20 printer (.221/.220/.94/.78:9100) even though it pinged the VLAN20 gateway 10.0.20.1. Root cause was not a firewall block — the LAN "Default allow LAN to any" rule has Gateway = WAN_Group (dual-WAN policy routing), shoving LAN->internal-VLAN traffic out the WAN. Fixed with one pass rule at the top of the pfSense LAN interface (source CS-SERVER 192.168.2.248, dest 10.0.20.0/24, gateway = default). This also un-broke the already-migrated Business Office/Life Enrichment/MC Reception shares. (pfSense SSH from the VPN is blocked, so the unifi-wifi pfsense-ssh.sh skill returned empty; did the rule in the GUI.)
|
||||
|
||||
Then Life Enrichment (room 132, users sharon.edwards @ DESKTOP-DLTAGOI and susan.hicks @ DESKTOP-ROK7VNM). The old per-user mapping `\\CS-SERVER\1F-132-RecRoom-Canon` was orphaned (share renamed to `LifeEnrichment` on the server). Added `\\CS-SERVER\LifeEnrichment` for both users (defaults left as `Copy Room` per Howard). Mapping initially failed with the PrintNightmare elevation prompt (0x800702e4) and the per-machine `/ga` path silently failed at logon (PrintService event 513 / error 0xBCB) — both are the default `RestrictDriverInstallationToAdministrators` blocking the standard user from pulling the driver. Resolved by setting the Point-and-Print policy (scoped to CS-SERVER) on both machines, after which the user-session add was promptless+immediate.
|
||||
|
||||
Final blocker: jobs spooled but nothing printed; the Canon panel showed Error #822. Diagnosis: the rebuilt `LifeEnrichment` share used the wrong PDL — `Canon Generic Plus PCL6` — but the MF741 is UFR II only (can't parse PCL). CS-SERVER only had PCL6/PS3/XPS staged. Pulled the `Canon Generic Plus UFR II V250` driver from a client's DriverStore to CS-SERVER (using the vaulted sysadmin domain-admin cred), installed it, and switched the share to it. Test prints from the server, Susan's machine, and Sharon's machine all printed (Howard confirmed at the printer). Both LE machines verified on the UFR II driver, defaults unchanged.
|
||||
|
||||
## Key Decisions
|
||||
|
||||
- **pfSense fix = policy-route bypass, not an allow rule.** The traffic was never blocked; it was misrouted out the WAN by the LAN catch-all's WAN_Group gateway. Added a top LAN pass rule with gateway=default scoped to CS-SERVER's source IP, so residents (per-unit /28 VLANs) and guests (VLAN 50) can't match it (different ingress interface + different source). Did it in the GUI because pfSense SSH/22 is blocked from the OpenVPN subnet.
|
||||
- **Point-and-Print policy is the correct "apply our admin rights" fix**, not making end users local admins and not a security bypass. Scoped silent driver install to CS-SERVER only. This is the prerequisite a printer-deployment GPO needs; without it a GPO-pushed printer fails the same 0xBCB way. The caregiver machines already have this (why their printer GPO works).
|
||||
- **Server-share model kept** (Howard's preference) rather than falling back to direct-IP printers, even when the UFR II driver wasn't on the server — pulled the driver across with the domain-admin cred instead.
|
||||
- **Driver transfer direction = client -> server.** CS-SERVER (192.168.2.x) cannot reach a client's C$ (client host-firewall scopes File/Print sharing to LocalSubnet; CS-SERVER is off-subnet). The client pushes to `\\CS-SERVER\C$` instead.
|
||||
- **Defaults left untouched** on the LE users per explicit instruction (they keep `Copy Room`).
|
||||
|
||||
## Problems Encountered
|
||||
|
||||
- **CS-SERVER could not reach VLAN 20 printers** -> LAN "allow LAN to any" rule policy-routed via WAN_Group. Fixed with top LAN pass rule, gateway=default, src CS-SERVER, dst 10.0.20.0/24.
|
||||
- **pfSense SSH from VPN timed out** (tcp/22 dropped, GUI 443 open) -> the unifi-wifi pfsense-ssh.sh skill silently returned empty (sends ssh stderr to /dev/null). Worked around via the pfSense GUI.
|
||||
- **Printer mapping elevation prompt (0x800702e4)** for standard users, and per-machine `/ga` silently failing at logon (event 513 / 0xBCB) -> set Point-and-Print policy (RestrictDriverInstallationToAdministrators=0 + trusted CS-SERVER) -> promptless.
|
||||
- **LE Canon: spooled but nothing printed, Error #822** -> wrong driver (PCL6) on an UFR-II-only device -> installed Canon Generic Plus UFR II V250 on CS-SERVER and switched the share.
|
||||
- **Stale cached driver on clients** after the server driver swap -> refreshed each client connection (Remove + AddWindowsPrinterConnection) so it dropped PCL6 and pulled UFR II.
|
||||
- **Backslash mangling** in RMM PowerShell payloads (literal `\\` -> single `\` through jq/agent) -> build UNC with `[char]92`. Logged to errorlog as friction.
|
||||
|
||||
## Configuration Changes
|
||||
|
||||
- pfSense (Cascades, 192.168.0.1): added LAN firewall rule (top) — Pass, IPv4, proto Any, Source 192.168.2.248, Dest 10.0.20.0/24, Gateway = default. Description "CS-SERVER to VLAN20 (full server access, bypass WAN policy-route)".
|
||||
- CS-SERVER `FrontDesk` share: port `TCP_192.168.2.147` -> `TCP_10.0.20.221`; old port removed; ShareName `FrontDesk` unchanged.
|
||||
- CS-SERVER `Life Enrichment - Canon MF741CDW` share (`LifeEnrichment`): driver `Canon Generic Plus PCL6` -> `Canon Generic Plus UFR II V250` (port TCP_10.0.20.94 unchanged). Installed UFR II driver package (now `oem15.inf`); staging files left at `C:\Temp\ufr2drv` on CS-SERVER (can be deleted).
|
||||
- DESKTOP-ROK7VNM (susan.hicks) + DESKTOP-DLTAGOI (sharon.edwards): set Point-and-Print policy (HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers): `RestrictDriverInstallationToAdministrators=0`; subkey `PointAndPrint`: `Restricted=1, TrustedServers=1, ServerList=CS-SERVER, InForest=0, NoWarningNoElevationOnInstall=1, UpdatePromptSettings=2`. Added `\\CS-SERVER\LifeEnrichment` (UFR II), removed orphaned `1F-132-RecRoom-Canon`. Defaults unchanged.
|
||||
- RECEPTIONIST-PC (frontdesk box, MJ0KQHNP): removed local `ET-5800 Series(Network)`; mapped `\\CS-SERVER\FrontDesk`, set default.
|
||||
- Memory: updated `.claude/memory/project_cascades_vlan20_migration_routing.md` (+ MEMORY.md index line). Errorlog: 2 friction entries (UNC backslash, rmm printer elevation).
|
||||
|
||||
## Credentials & Secrets
|
||||
|
||||
- Used the vaulted CS-SERVER admin: `clients/cascades-tucson/cs-server.sops.yaml` (username `sysadmin`, domain admin on cascades.local) — for the cross-machine driver pull. No new credentials created or discovered. Not exposed here (already vaulted).
|
||||
|
||||
## Infrastructure & Servers
|
||||
|
||||
- CS-SERVER 192.168.2.254 / 192.168.2.248 (DC, DNS, File + Print server), GuruRMM agent `c39f1de7-d5b6-45ae-b132-e06977ab1713`. Routes to VLAN20 from .248.
|
||||
- pfSense 192.168.0.1 (Plus 25.07). LAN = 192.168.0.0/22. Dual-WAN (WAN_Group). VLAN 20 (Staff/Internal) 10.0.20.0/24 gw 10.0.20.1. SSH/22 blocked from OpenVPN subnet (GUI 443 open).
|
||||
- Printers (VLAN 20, static): Front Desk Epson ET-5800 = 10.0.20.221 (RAW 9100); Life Enrichment Canon MF741CDW = 10.0.20.94 (RAW 9100, UFR II); Business Office Brother = 10.0.20.220 (was powered off this session); MC Reception Epson ET-5800 = 10.0.20.78; Life Enrichment also reachable .94.
|
||||
- Agents: DESKTOP-ROK7VNM (susan.hicks) `4832ff97-196d-4de5-a3b9-dadf9adb2c7a`; DESKTOP-DLTAGOI (sharon.edwards) `4bdf92f6-7a84-4b71-81df-75d59febf39d`; RECEPTIONIST-PC frontdesk box `2e8d8b73-82f6-4151-a3ce-879c55de4b82`; MemCare reception box `57f19e17-8792-46cc-b9fd-f1909836cd17`.
|
||||
|
||||
## GPO Reference (for the printer-GPO work Howard flagged)
|
||||
|
||||
Existing GPOs on cascades.local (from CS-SERVER `Get-GPO -All`):
|
||||
`CSC - Always Wait For Network`, `CSC - Caregiver Device Lockdown`, `CSC - Caregiver Workstation`, `CSC - Drive Mappings`, `CSC - Folder Redirection`, `CSC - Folder Redirection (LE)`, **`CSC - Life Enrichment Printers`**, **`CSC - Printer Deployment`**, `CSC - Reception Workstation Policy`, `CSC - Security Baseline`, `CSC - Windows Update`, `Power Options`, + the two Defaults.
|
||||
|
||||
For the printer GPO to work promptlessly, it needs TWO layers:
|
||||
1. **Point-and-Print policy (computer GPO, fleet-wide)** = the exact registry values set manually this session (see Configuration Changes). Caregiver machines already have it; staff/LE machines did not. Put this in a computer GPO so every staff machine can silently install CS-SERVER printers.
|
||||
2. **Printer deployment** = GPP Printers item / Deployed Printers mapping `\\CS-SERVER\<share>` to the right users/OU/room. `CSC - Life Enrichment Printers` likely still references the OLD share name (`1F-132-RecRoom-Canon`) — repoint it to `\\CS-SERVER\LifeEnrichment`. NOTE: `CSC - Printer Deployment` is the known disabled/empty/reference-only one.
|
||||
|
||||
Per-user/room printer map confirmed this session (extend as machines migrate):
|
||||
- Front desk (RECEPTIONIST-PC frontdesk box) -> `\\CS-SERVER\FrontDesk` (Epson ET-5800, default).
|
||||
- Life Enrichment room 132 -> `\\CS-SERVER\LifeEnrichment` (Canon MF741CDW, **UFR II driver**) for sharon.edwards + susan.hicks (NOT default; their default stays Copy Room).
|
||||
|
||||
CRITICAL driver note for any GPO deploying the LE Canon: it MUST use **Canon Generic Plus UFR II V250** (INF cnlb0ma64.inf), NOT PCL6 — PCL6 produces Error #822 (nothing prints).
|
||||
|
||||
## Commands & Outputs
|
||||
|
||||
- pfSense verify (RMM, CS-SERVER): `10.0.20.221:9100=True`, `.94=True`, `.78=True`, `.220=False` (powered off). VLAN20->CS-SERVER 445 = True.
|
||||
- Error #822 confirmation: raw PCL to 10.0.20.94:9100 -> Error 822 (printer can't parse PCL). `Get-PrinterDriver` on CS-SERVER had only PCL6/PS3/XPS Canon; client had `Canon Generic Plus UFR II V250` (InfPath cnlb0ma64.inf).
|
||||
- Driver install: client pushed package to `\\CS-SERVER\C$\Temp\ufr2drv` (159 files); `pnputil /add-driver cnlb0ma64.inf /install` -> oem15.inf; `Add-PrinterDriver -Name "Canon Generic Plus UFR II V250"`; `Set-Printer -DriverName`.
|
||||
- PrintService event 513 / error 0xBCB on DESKTOP-ROK7VNM = per-machine `/ga` failing to install driver for the standard user (pre Point-and-Print fix).
|
||||
|
||||
## Pending / Incomplete Tasks
|
||||
|
||||
- **Printer GPO (Howard's next focus):** put the Point-and-Print policy into a computer GPO fleet-wide; repoint `CSC - Life Enrichment Printers` to `\\CS-SERVER\LifeEnrichment` (UFR II); build out per-room printer-deployment items as the who-needs-what map firms up.
|
||||
- **Business Office printer (10.0.20.220)** was powered off / unreachable this session — verify it when onsite.
|
||||
- **Cascades printer skill (Howard's idea):** package this migration's how-to (VLAN routing/pfSense bypass, server-share repoint, Point-and-Print policy, UFR II driver, [char]92 UNC) into a reusable skill so future printer adds are one call.
|
||||
- Optional cleanup: delete `C:\Temp\ufr2drv` on CS-SERVER (driver staging files).
|
||||
- pfSense SSH-from-VPN still blocked (separate; only needed to use the pfsense-ssh.sh skill remotely).
|
||||
|
||||
## Reference Information
|
||||
|
||||
- GuruRMM API: http://172.16.3.30:3001 (vault infrastructure/gururmm-server.sops.yaml).
|
||||
- Memory: `.claude/memory/project_cascades_vlan20_migration_routing.md`.
|
||||
- UFR II driver: `Canon Generic Plus UFR II V250`, INF `cnlb0ma64.inf`, client DriverStore path `C:\Windows\System32\DriverStore\FileRepository\cnlb0ma64.inf_amd64_d4f4062dad259878`.
|
||||
- Point-and-Print policy key: `HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers` (+ `\PointAndPrint`).
|
||||
@@ -17,6 +17,14 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
|
||||
|
||||
<!-- Append entries below this line -->
|
||||
|
||||
2026-06-30 | Howard-Home | rmm/printer-map | [friction] Add-Printer -ConnectionName in user_session = HRESULT 0x800702e4 ELEVATION_REQUIRED (Point-and-Print); agent watchdog times out on the interactive UAC prompt. Use WScript.Network.AddWindowsPrinterConnection + have a user at console approve, or pre-stage driver/connection as SYSTEM
|
||||
|
||||
2026-06-30 | Howard-Home | rmm/powershell | [friction] literal UNC backslashes (hostshare) in a jq-built PS payload got mangled to a single backslash -> Add-Printer 'invalid name'; fix: build UNC with [char]92 instead of literal backslashes [ctx: ref=feedback_windows_quote_stripping host=RECEPTIONIST-PC]
|
||||
|
||||
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=fw-list]
|
||||
|
||||
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=fw-list]
|
||||
|
||||
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=audit]
|
||||
|
||||
2026-06-30 | Howard-Home | unifi-wifi/pfsense-ssh | SSH connect/auth failed (rc=255) [ctx: host=192.168.0.1:22 slug=cascades-tucson act=run]
|
||||
|
||||
Reference in New Issue
Block a user