azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-05-26 16:02:01

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-26 16:02:01
This commit is contained in:
Mike Swanson
2026-05-26 16:02:05 -07:00
parent c7e5dfc673
commit 6130c36f56
1 changed files with 113 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
session-logs/2026-05-26-session.md
View File

@@ -620,3 +620,116 @@ Investigated a Datto Workplace "Deletion request denied by OS" alert on Grabb &
- Grabb & Durando: ticket #32279 (id 110305905), comment id 413112462, todo 1bf0cfef (due 2026-05-27) — https://computerguru.syncromsp.com/tickets/110305905
- Coord messages to Howard (HOWARD-HOME/claude-main): ac6b35e2 (gaps+packaging), 43f8795b (dual-mode), 1e5c92a9 (signing)
- GuruScan: projects/msp-tools/guru-scan/ (6 PowerShell scripts; scanner chain RKill->AdwCleaner->Emsisoft->HitmanPro->ESET)
---
## Update: 15:52 PT -- Quantum WMS Onboarding + UniFi OS Fix
### User
- **User:** Mike Swanson (mike)
- **Machine:** GURU-5070 (DESKTOP-0O8A1RL)
- **Role:** admin
- **Session span:** 2026-05-26 ~14:00-16:00 PT
### Session Summary
Session started for a 2pm meeting with John Velez at Quantum WMS. The prior todo (37f2196c) had an incorrect tenant ID (ddf3d2c9 from the sheilaperess.com tenant) for the consent link. The correct tenant was johnvelez.com (plan@johnvelez.com is the GoDaddy-provisioned M365 admin). Resolved the johnvelez.com tenant ID by fetching the OpenID configuration endpoint, which embeds the GUID in the token_endpoint URL: tenant 8f7eaff4-f913-4d3f-b8b9-92e695d987c6 (NETORGFT2570783.onmicrosoft.com). Correct consent URL generated and provided; John consented.
Ran onboard-tenant.sh for the johnvelez.com tenant. Security Investigator SP encountered 4 permission grant errors due to a replication race condition (SP was created but grant_app_role calls fired before it was fully replicated in Azure). Non-blocking -- Exchange Administrator role was still assigned successfully to all SPs. All directory roles confirmed: Conditional Access Administrator (Tenant Admin), Exchange Administrator (Security Investigator + Exchange Operator), User Administrator + Authentication Administrator (User Manager).
Pulled tenant inventory via Graph API. Tenant created 2016-12-05 (GoDaddy-provisioned). Four user accounts found: plan@johnvelez.com (John Velez, O365 Business Essentials + Flow Free), admin@NETORGFT2570783.onmicrosoft.com (GoDaddy admin, no license), john__quantumwms.com@NETORGFT2570783.onmicrosoft.com (shell account, created 2026-03-16, no mailbox), migrationapp@NETORGFT2570783.onmicrosoft.com (old SkyKick 2016 migration app). quantumwms.com is NOT a verified domain in this tenant -- email runs entirely through Intermedia.
Performed DNS investigation on quantumwms.com. Found three critical email security deficiencies: DMARC record completely missing (CEO fraud/spoofing vector), two conflicting SPF records violating RFC 7208 (intermedia.net record + ppe-hosted.com/secureserver.net record), and DKIM not configured. Also: no DNSSEC. Confirmed mail routes through Intermedia cluster exch090.serverdata.net (IPs 64.78.25.106/64.78.25.107) -- this is Exchange Server software hosted by Intermedia, carrying full CVE exposure (ProxyLogon 2021, ProxyShell 2021, ProxyNotShell 2022, OWASSRF 2022).
John and Sheila believed their Broker/Dealer requires Intermedia. Documented FINRA Rule 4511 / SEC Rule 17a-4 analysis: regulations require WORM archiving (non-rewritable, non-erasable, 3yr accessible / 6yr total, indexed, supervisory review) but do NOT name any vendor. Microsoft Purview (included in M365 Business Premium) has Cohasset Associates certification for SEC 17a-4(f) and CFTC Rule 1.31. The majority of FINRA-registered broker/dealers run on Exchange Online. Recommended architecture: 2x M365 Business Premium (quantumwms.com, firm accounts) + Exchange Online Plan 1 (sheilaperess.com personal) + Mailprotector frontend.
Action required from Sheila before 2026-05-27 14:00: written policy from Broker/Dealer that specifies email/security compliance requirements. If no such document names Intermedia as a required vendor (expected), migration proceeds.
Seeded wiki/clients/quantumwms.md with full client article covering tenant details, DNS gaps, Intermedia infrastructure, B/D compliance analysis, recommended architecture, migration steps, and open items. Added row to wiki/index.md.
Generated client-facing HTML assessment document at clients/quantumwms/reports/2026-05-26-email-infrastructure-assessment.html. First version used Inter font and navy header. Ran /impeccable skill: full redesign eliminating three design law violations. Final version uses Jost (Google Fonts), OKLCH colors throughout, amber cap strip (top brand mark, not side stripe), 2x2 DNS gap card grid (all danger-colored), amber action box for the Sheila action-required section (real hierarchy vs. the navy header), timeline as 3-column CSS grid with amber dot/line gutters (no banned border-right), FINRA rule box with amber circle bullets via ::before, comparison table with OKLCH-colored .badge elements. No em dashes. All content intact.
Between the Quantum WMS work, investigated why the ACG office UniFi OS Server at 172.16.3.29 had been offline for 2 days. Connected to Jupiter (virsh host), found the VM running but networking unresponsive. SSH via VM console showed the network was up but the UniFi OS web interface was unreachable. Root cause: a failed auto-update from UOS 5.0.6 to 5.0.8. The update process stopped the Podman-managed containers, then immediately checked whether the ports were still bound -- kernel cleanup lag meant the ports were still briefly bound, so the installer aborted. The installer binary (/tmp/next-uos-installer, 818 MB) remained in /tmp. Re-running it two days later, when all ports had fully cleared, succeeded: ran with `echo y | /tmp/next-uos-installer`. UOS 5.0.8 installed, services came up.
### Key Decisions
- **Used OpenID configuration endpoint to resolve johnvelez.com tenant ID** -- GoDaddy federation blocks userrealm API and GetCredentialType (both return null for federated namespaces). The openid-configuration endpoint at login.microsoftonline.com/{domain}/v2.0/.well-known/openid-configuration embeds the tenant GUID in the token_endpoint URL reliably.
- **Broker/Dealer compliance framing: obtain written policy, not direct challenge** -- Rather than telling John/Sheila their belief is incorrect, asked Sheila to produce the written policy. If Intermedia is named, that becomes a compliance attorney discussion; if not (expected), migration proceeds with no confrontation.
- **M365 Business Premium over Business Basic for both firm accounts** -- Financial advisors handling client data; Defender for Business, Intune, Conditional Access, Entra P1 are compliance-appropriate for their regulatory environment.
- **Amber action box, not navy, for Sheila section** -- Creates real visual hierarchy over the rest of the document. The meeting-prep section needs to read as the highest-urgency item at a glance.
- **Timeline as 3-column CSS grid** -- Eliminates the banned border-right side stripe while preserving the visual vertical-line-with-dot timeline aesthetic.
- **UniFi: ran existing installer rather than downloading fresh** -- The 818 MB binary was already in /tmp; ports had cleared over 2 days. Re-running was faster and safer than a fresh download.
### Problems Encountered
- **Wrong tenant ID on consent URL** -- Prior todo had ddf3d2c9 (sheilaperess.com tenant, from earlier afternoon work). johnvelez.com resolves to 8f7eaff4 via OpenID configuration. Updated todo + wiki.
- **quantumwms.com has no AAD tenant** -- openid-configuration returned AADSTS90002. Not a blocker; quantumwms.com email runs through Intermedia and quantumwms.com is not registered in any M365 tenant (yet).
- **Security Investigator SP replication race** -- 4 permission grant errors: "Resource does not exist or queried reference-property objects not present." SP was created but Azure had not replicated it before grant_app_role was called. Non-blocking; Exchange Administrator role was still assigned via the directory roles API.
- **UniFi installer exit 126 on bash** -- `bash /tmp/next-uos-installer` returned exit 126 (binary, not shell script). Fixed by running `/tmp/next-uos-installer` directly.
- **UniFi installer prompted for confirmation** -- Running the binary prompted "Proceed? (y/N)" and exited with no input. Fixed with `echo y | /tmp/next-uos-installer`.
- **virsh domifaddr returned no IP** -- Guest agent not installed or not reporting. Resolved by getting MAC from `virsh domiflist` and matching to the pfSense ARP table to get 172.16.3.29.
- **Session log append failing** -- Single quotes in content (contractions, domain names with apostrophes) conflicted with both bash heredoc and Python triple-single-quote methods in the -c argument context. Resolved using the Edit tool with surrounding context anchoring.
### Configuration Changes
**Wiki:**
- CREATED `wiki/clients/quantumwms.md` -- full client article
- MODIFIED `wiki/index.md` -- added Quantum WMS row to Clients table
**Client deliverables:**
- CREATED `clients/quantumwms/reports/2026-05-26-email-infrastructure-assessment.txt` -- plain text (superseded)
- CREATED `clients/quantumwms/reports/2026-05-26-email-infrastructure-assessment.html` -- polished HTML report (primary deliverable)
**UniFi OS Server (172.16.3.29):**
- Updated from UOS 5.0.6 to UOS 5.0.8 (installer was already in /tmp from failed auto-update 2 days prior)
### Credentials & Secrets
No new credentials. Quantum WMS tenant uses plan@johnvelez.com (GoDaddy admin account -- ACG has delegate access).
### Infrastructure & Servers
| Host | Detail |
|---|---|
| johnvelez.com M365 tenant | 8f7eaff4-f913-4d3f-b8b9-92e695d987c6 (NETORGFT2570783.onmicrosoft.com), GoDaddy-provisioned 2016-12-05 |
| quantumwms.com email | Intermedia exch090.serverdata.net cluster; IPs 64.78.25.106 / 64.78.25.107; Exchange Server (NOT Exchange Online) |
| UniFi OS Server | 172.16.3.29 (virsh VM on Jupiter 172.16.3.20); updated to UOS 5.0.8 |
### Commands & Outputs
```bash
# Resolve johnvelez.com tenant ID
curl -s "https://login.microsoftonline.com/johnvelez.com/v2.0/.well-known/openid-configuration" | grep -o '"token_endpoint":"[^"]*"'
# -> token_endpoint contains 8f7eaff4-f913-4d3f-b8b9-92e695d987c6
# Onboard tenant (after consent)
bash onboard-tenant.sh 8f7eaff4-f913-4d3f-b8b9-92e695d987c6
# -> Tenant Admin consented; all SP roles assigned; 4 Security Investigator permission errors (non-blocking)
# DNS checks for quantumwms.com
nslookup -type=txt quantumwms.com # -> two SPF records (RFC 7208 violation)
nslookup -type=mx quantumwms.com # -> exch090-east.serverdata.net + exch090-west.serverdata.net
nslookup -type=txt _dmarc.quantumwms.com # -> no records (DMARC missing)
# UniFi OS installer
ssh root@172.16.3.29 "echo y | /tmp/next-uos-installer"
# -> UOS 5.0.8 installed; all services up
```
### Pending / Incomplete Tasks
- **BLOCKER:** Sheila to produce written B/D compliance policy (due 2026-05-27 14:00) -- gates entire migration
- **2026-05-27 14:00:** Review B/D policy with John + Sheila; confirm migration go/no-go
- **Migration sequence (post-approval):** Purchase 2x Business Premium; add quantumwms.com as verified domain; create firm mailboxes; set up Mailprotector; fix DNS (DMARC, single SPF, DKIM); cut MX; migrate mail; cancel Intermedia; move DNS to Cloudflare; cancel GoDaddy hosting per account
- **Determine:** additional personal domain accounts beyond sheilaperess.com (affects Exchange Online Plan 1 seat count)
- **Confirm:** SkyKick 2016 migration app account (migrationapp@NETORGFT2570783.onmicrosoft.com) safe to delete
- **UniFi cleanup:** remove /tmp/next-uos-installer from 172.16.3.29 (818 MB)
- **UniFi:** confirm enrolled devices reconnected after 2-day outage; check for re-adoption issues
- (Carried) Western Tire Syncro #32199; Kittle HIGH; GuruRMM fix/audit-2-remediation merge; Grabb & Durando Glabman follow-up (todo 1bf0cfef, due 2026-05-27)
### Reference Information
- Consent URL (johnvelez.com tenant): https://login.microsoftonline.com/8f7eaff4-f913-4d3f-b8b9-92e695d987c6/adminconsent?client_id=709e6eed-0711-4875-9c44-2d3518c47063&redirect_uri=https://azcomputerguru.com&prompt=consent
- Quantum WMS wiki: wiki/clients/quantumwms.md
- Assessment HTML: clients/quantumwms/reports/2026-05-26-email-infrastructure-assessment.html
- Meeting: 2026-05-27 14:00 (John Velez + Sheila Peress)