azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-06-15 11:20:33

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-15 11:20:33
This commit is contained in:
Mike Swanson
2026-06-15 11:20:52 -07:00
parent 5f4a2b1eca
commit 6e1c65877f
14 changed files with 585 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
wiki/clients/cryoweave.md
View File

@@ -62,8 +62,16 @@ CryoWeave manufactures custom cryogenic cable assemblies (millikelvin to 300K) f
### Email & Identity
- **Domain:** cryoweave.com
- **Email:** Hosted externally [unverified — mail provider not documented]
- **Greg's email:** greg@cryoweave.com
- **Email:** **Microsoft 365 / Exchange Online** (confirmed 2026-06-15 — MX `cryoweave-com.mail.protection.outlook.com`, `autodiscover``autodiscover.outlook.com`). The IX/cPanel box only hosts the website, not mail.
- **M365 tenant:** Cryoweave | Tenant ID `44705a37-b5d8-4bb1-882d-e18775612ada` | initial domain `cryoweave.onmicrosoft.com`
- **Remediation suite:** onboarded 2026-06-15 (all ComputerGuru apps consented + roles; no MDE). ACG Global Admin `sysadmin@cryoweave.com` created (creds: SOPS `clients/cryoweave/m365-sysadmin.sops.yaml` + 1Password Clients). MFA not yet registered on it.
- **Greg's email:** greg@cryoweave.com (Greg Schickling, owner/GA)
- **DNS (zone on ns1/ns2.acghosting.com / IX) as of 2026-06-15:**
- **SPF** OK: `v=spf1 +a +mx +ip4:72.194.62.5 +ip4:162.248.93.233 +ip4:162.248.93.81 +include:spf.protection.outlook.com -all` (authorizes M365, aligned).
- **DMARC** `_dmarc``v=DMARC1; p=quarantine; sp=quarantine; fo=1; rua=mailto:rua@azcomputerguru.com` (hardened from p=none to **p=quarantine** 2026-06-15; **promote to p=reject** after ~1 week of clean aggregate reports confirm all legit senders — incl. the IX website/contact form — align). Cross-domain report authorization published on the azcomputerguru.com Cloudflare zone: `cryoweave.com._report._dmarc.azcomputerguru.com TXT "v=DMARC1;"` (2026-06-15). `rua@azcomputerguru.com` **shared mailbox created** in ACG's tenant (DisplayName "DMARC Reports", GUID 46b898f8-cfac-4b81-8980-e681b13fb833, mike@ FullAccess+automap) — full reporting chain live; aggregate reports arrive within ~24h. (NB: a single `*._report._dmarc` wildcard does NOT cover a 2-label reported domain; add one per-client record on the azcomputerguru.com Cloudflare zone.)
- **DKIM** (M365 selector1/2): CNAMEs published + **signing ENABLED 2026-06-15** (`Get-DkimSigningConfig`: Enabled=True, Status=Valid, 2048-bit). Targets `selector1-cryoweave-com._domainkey.cryoweave.w-v1.dkim.mail.microsoft` (+ selector2).
- Stale `mail.cryoweave.com` CNAME → old Neptune (67.206.163.124) **removed**.
- **Outbound-email issue (open):** Greg reports mail not reaching recipients. SPF passes/aligns, so auth isn't hard-failing; pending **message trace** (EXO app-only access still propagating after onboarding) + Greg's NDR to pinpoint restriction/reject/junk. DKIM+DMARC gaps were the most likely junking cause.
### Network

96
wiki/clients/russo-law.md Normal file
View File

@@ -0,0 +1,96 @@
---
type: client
name: russo-law
display_name: Russo Law Firm
last_compiled: 2026-06-15
compiled_by: GURU-5070/claude-main
sources:
- clients/russo-law/session-logs/2026-06/2026-06-15-mike-russo-sharepoint-storage-eval.md
---
# Russo Law Firm
> Tucson law practice; ACG managed-services client (GPS + AV + backup + Seafile hosting + Office
> subs, $543.50/mo) + OITVOIP phone. First documented 2026-06-15 around a pre-sales question:
> moving ~6.5 TB of data from ACG-hosted Seafile into Microsoft 365 SharePoint.
## Overview
- **Business:** Russo Law Firm (law practice), Tucson AZ.
- **Address:** 3505 N Campbell Ave, Tucson, AZ 85719.
- **Main phone:** 520-529-1515.
- **Billing model:** managed services (recurring) + 12 prepaid hours on account.
- **Syncro customer ID:** 23331699.
## Contacts
| Name | Phone | Email | Role |
|---|---|---|---|
| Steve Russo | 520-975-9024 | — | Principal (firm namesake) |
| Carolyn Russo | 520-591-4303 | — | — |
| Shannon Trionfo | 520-248-0244 | (account contact) | Account / billing contact |
| Pat Broom | 520-850-6832 | pebroom@rrs-law.com | — |
Account email on file: stever@rrs-law.com. (Email domain: rrs-law.com.)
## Cloud / M365
- **Microsoft 365** tenant **rrs-law.com**, ~3 seats, Exchange Online (email).
- **Global Admin:** `guru@rrs-law.com` — vaulted at `clients/russo-law/m365-admin.sops.yaml`
(MFA/2FA held by Mike). [WARNING] The password was found in plaintext in the Syncro customer
note; it is now vaulted and should be scrubbed from the Syncro note.
## Data / Storage
- **Primary data store:** ACG-hosted **Seafile** (~6.5 TB), billed under the "Hosting" line of the
managed bundle. This is the system the client is considering moving off of.
## Billing (Syncro recurring schedules)
| Schedule | What | Frequency | Amount |
|---|---|---|---|
| 509659 | GPS + AV + data backup + **Hosting (Seafile)** + Office subs | Monthly | **$543.50** |
| 499925 | OIT phone bill (OITVOIP / PacketDial) | Monthly | $45.44 |
Prepaid: 12.0 hrs on account. (History: 13.5 hrs moved to Syncro 1/16/26; 17.5 hrs to AT 8/15/25.)
Note: schedule 224454 was deleted during Syncro API research 2026-05-26 and recreated as 509659.
## Active Question — SharePoint storage move (2026-06)
The client wants to move **~6.5 TB from Seafile into Microsoft 365 SharePoint**. A phone meeting is
being scheduled (client had not responded as of 2026-06-15). Cost analysis, kept Microsoft-only at
the client's request:
SharePoint pooled storage = 1 TB base + 10 GB/licensed user. At **3 seats** only ~1.03 TB is
included, so nearly all 6.5 TB is billable overage.
| Option | Rate | ~Monthly for 6.5 TB | Notes |
|---|---|---|---|
| **SharePoint Online Extra File Storage** | $0.20/GB/mo | **~$1,120/mo (~$13.4K/yr)** | live storage; ~5.47 TB billable after the pool. CSP-monthly +20% -> ~$1,345/mo |
| **Microsoft 365 Archive** | ~$0.05/GB/mo | ~$333/mo + retrieval | cold/inactive sites only; not for live working data |
| **Self-hosted SharePoint Server** | storage -> disk via RBS | licensing + infra + labor | escapes the $0.20/GB tax but SharePoint Server + SQL + Windows + SA + heavy ops is disproportionate for 3 users (~$8-15K one-time + maintenance). Not recommended. |
For ACG's internal read (cheaper alternatives, not necessarily quoted MS-only): they already have
Seafile; Backblaze B2 wholesale (~$0.006/GB) is ~$40/mo for 6.5 TB at ACG cost, and a managed-archive
resell (~$0.03/GB ≈ $200/mo) would be ~5-6x cheaper than Microsoft with margin.
### Recommendation / call talking points
1. **Ask why SharePoint** (specific feature like Office co-authoring / Teams, or just "we want it"?).
2. A full live move is a **~$1,100/mo new line item (~$13.4K/yr)** — roughly triples their current
ACG monthly. Set that expectation before they commit.
3. Preferred path: **SharePoint Online for the working subset + keep the 6.5 TB bulk in Seafile,
linked** — gets the SharePoint UX without the storage tax.
4. If they only want files-with-web-access, Seafile already does it — no change needed.
5. Don't self-host SharePoint Server for 3 seats.
## Open Items
- Client has not responded to the meeting request (phone meeting pending).
- Scrub the M365 admin password from the Syncro customer note (now vaulted).
- Deliver the SharePoint cost picture on the call; steer toward the hybrid unless a hard
requirement forces a full move.
## Backlinks
- [[internal-infrastructure]] — ACG hosting infra (Seafile runs on Jupiter).
- [[msp-pricing]] — GPS / hosting pricing basis.

25
wiki/clients/valleywide.md
View File

@@ -61,7 +61,7 @@ Plastering / stucco subcontractor based in Arizona. Active ACG client. Primary w
| VWP-QBS | 172.16.9.169 | QuickBooks server + RDS/RemoteApp host | Windows Server 2022 Standard | **Physical Dell server** (NOT a VM). Has DRAC. Runs IIS (RD Web Access). WinRM on 5985. Reach from ADSRVR via `Invoke-Command -ComputerName VWP-QBS -Credential` with `vwp\sysadmin` PSCredential. |
| Dell DRAC (VWP-QBS) | [undocumented] | Out-of-band management for VWP-QBS Dell | — | DRAC functional as of 2026-04-22. IP not yet documented. Vault: `clients/valleywide/quickbooks-server-idrac`. |
| VWP-HYPERV1 | 172.16.9.184 | Hyper-V host — primary VM host for new infrastructure | Windows Server 2025 | Dell R740, 112 vCPU / 255 GB RAM, C: 10.7 TB. One external vSwitch on Intel 10G NIC. VHDs in `C:\VHD`. GuruRMM agent `bdc3e142-...`. Added 2026-06-13. |
| VWP-FILES | 172.16.9.132 (primary) + 192.168.0.20 (VLAN 2) | G: file share server (19 SMB shares) | Windows Server 2019 Gen2 VM on VWP-HYPERV1 | Block-migrated from SERVER3 G: VDI (100 GB, ~88 GB used). Dual-homed: primary on 172.16.9.0/24; secondary vNIC tagged VLAN 2 holds 192.168.0.20 for IP-based stragglers (see Patterns). DNS registration disabled on the .20 NIC. GuruRMM enrolled (site Main Office, agent `8e02fbbc-...`). MSP360 backup running green. |
| VWP-FILES | 192.168.0.20 (single-homed, VLAN 2; gw 192.168.0.1) | G: file share server (19 SMB shares) | Windows Server 2019 Gen2 VM on VWP-HYPERV1 | Block-migrated from SERVER3 G: VDI (100 GB, ~88 GB used). **Single-homed on 192.168.0.20 since 2026-06-15** — the former 172.16.9.132 vNIC was disconnected at the Hyper-V host to fix cross-VLAN scan-to-folder (the Brother copier hard-codes `\\192.168.0.20`; the multi-homed config had a gateway only on the .132 NIC, so replies to off-subnet clients were dropped — see Patterns). The .132 vNIC is DISCONNECTED at the host (reversible), not removed. DNS registers .20 only. GuruRMM enrolled (site Main Office, agent `8e02fbbc-...`). MSP360 backup running green. |
| XenServer | 192.168.0.104 | VM hypervisor — hosts remaining VMs | XenServer 7.6 (PowerEdge R720) | SERVER3 VM (the old "server 2003", upgraded in-place to 2008) is now **powered off and retired**; snapshots retained for rollback. Vault: `clients/vwp/xenserver`. |
| WINFileSvr | 192.168.0.35 | File server — serves **O:** (`Office_Archive`, ~570 GB / 138K files) + **P:** (`Estimating Archive` = F: root, ~545 GB / 142K files), both GPO-mapped to all staff; actively used daily | Windows Server 2019 | Old Net (VLAN 2). **VMware VM on the ESXi host (VMID 11, `WINFilrSrvr`)** — see ESXi inventory. ~1.1 TB live data. Holds `F:\Darv\Darv.rar` (51 GB Darv dev-machine backup) + `F:\Darv\Darv-rar` (extract, trimmed 135→26 GB on 2026-06-14). GuruRMM `62db0264-...`. Candidate to consolidate into VWP-FILES (retire the VM). Do not delete `Darv.rar` until VB6 source verified to compile. |
@@ -113,8 +113,8 @@ and let the VM be retired.
- **Firewall / Router:** UniFi Dream Machine at 172.16.9.1
- **VPN:** OpenVPN on UDM. Client pool: `192.168.4.0/24`. Pushes routes for `172.16.9.0/24`, `192.168.0.0/24`, `192.168.3.0/24`. DNS pushed as `192.168.4.1` (UDM).
- **Subnets:**
- `172.16.9.0/24` — primary internal network (new servers, VWP-QBS, UDM, iLO, HYPERV1, VWP-FILES primary NIC); untagged
- `192.168.0.0/24`**"Old Net" = VLAN 2 on UDM** (gw 172.16.9.1, DHCP .100-.199, DNS → 192.168.0.25 + 8.8.8.8). Hosts: VWP_ADSRVR (.25), WINFileSvr (.35), XenServer (.104), Yealink phones (.17/.54/.130/.140/.222), VWP-FILES secondary NIC (.20). **[WARNING: conflicts with IMC's LAN — verify client context when switching VPNs.]**
- `172.16.9.0/24` — primary internal network (new servers, VWP-QBS, UDM, iLO, HYPERV1); untagged
- `192.168.0.0/24`**"Old Net" = VLAN 2 on UDM** (gw 192.168.0.1, DHCP .100-.199, DNS → 192.168.0.25 + 8.8.8.8). Hosts: VWP_ADSRVR (.25), WINFileSvr (.35), XenServer (.104), Yealink phones (.17/.54/.130/.140/.222), VWP-FILES (.20, single-homed 2026-06-15). **[WARNING: conflicts with IMC's LAN — verify client context when switching VPNs.]**
- `192.168.3.0/24` — Management VLAN 99
- `192.168.4.0/24` — OpenVPN client pool
- **Static DNS (UDM):** `vwp-qbs.vwp.us``172.16.9.169` (typo `qwp-qbs` fixed 2026-04-16)
@@ -190,9 +190,23 @@ Same double-hop constraint applies to GPMC (`Get-GPO`/`Set-GPO`) — fails `0x80
VWP's Old Net (VLAN 2, `192.168.0.0/24`) is the same RFC1918 range as IMC (another ACG client). When switching between client VPN contexts, verify which 192.168.0.x addresses are targeted. This is a silent risk.
### VWP-FILES Dual-NIC / Asymmetric Routing
### VWP-FILES single-homed on 192.168.0.20 (resolved 2026-06-15)
VWP-FILES is dual-homed: 172.16.9.132 (primary, new net) + 192.168.0.20 (VLAN 2, Old Net — for IP-based stragglers whose UNC paths hard-code `.20`). DNS registration is **disabled** on the .20 NIC so that name resolution always returns .132. Asymmetric routing applies: cross-subnet or VPN clients cannot reach .20 (VWP-FILES replies via its .132 NIC); only same-VLAN Old Net devices can use .20 directly. Use 172.16.9.132 for all management and file pulls from outside Old Net.
VWP-FILES is **single-homed on 192.168.0.20** (VLAN 2 / Old Net, gw 192.168.0.1). The Brother
MFC-L3780CDW copier and other stragglers hard-code `\\192.168.0.20` for scan-to-folder, so the
server must own that address with a working gateway.
History / why this note exists: the server was briefly **dual-homed** (172.16.9.132 primary +
192.168.0.20 secondary). Only the .132 NIC had a default gateway, so the server could not reply
to off-subnet clients arriving on .20 — replies tried to egress via the .132 default route and
were dropped (multi-homed asymmetric routing). That silently broke scan-to-folder for the copier
after the 2026-06-13 cutover. **The UDM routes between all VLANs natively** — any host on any VLAN
can reach any other — so the earlier "only same-VLAN devices can reach .20" theory was wrong; the
real defect was the single-default-gateway asymmetry on a multi-homed host. Fix: drop to one NIC on
.20 with gw 192.168.0.1. Done host-side via `Disconnect-VMNetworkAdapter` on VWP-HYPERV1 (an
in-guest NIC change dropped the RMM agent and auto-rolled-back). The .132 vNIC is left
**disconnected** at the Hyper-V host (reversible — reconnect it in Hyper-V if .132 is ever needed),
not removed. Full procedure: 2026-06-15 session log.
### Syncro Billing for Prepaid Block Emergency
@@ -265,6 +279,7 @@ Power outage caused HP ProLiant NVRAM corruption (BIOS/iLO factory reset). VWP-Q
| 2026-06-13 | SERVER3 (XenServer "server 2003" VM, upgraded to 2008 in-place) retired. G: file share (100 GB) block-migrated via VDI export→VHDX to new **VWP-FILES** (Gen2 Server 2019 on **VWP-HYPERV1** 172.16.9.184). 19 SMB shares recreated; **MappedDrives GPO** repointed to `\\VWP-FILES\G-drive`. IP takeover: VWP-FILES holds 192.168.0.20 (VLAN 2) for IP-based stragglers. SERVER3 snapshotted and powered off. VWP-FILES enrolled in GuruRMM (site Main Office) + MSP360 backup green. Billed 3.5 h on #32418 (prepay 24.0→20.5). |
| 2026-06-13 | VB6 Orders source **fully recovered** from `F:\Darv\Darv.rar` on WINFileSvr (192.168.0.35). 12.2 MB staged to repo (`source-code/Orders-VWP_Current-2020/`). VB Decompiler Pro no longer needed. See [[projects/valleywide-orders-modernization]]. |
| 2026-06-13 | **Syncro** and **Datto RMM Agent** deployment GPOs disabled (`AllSettingsDisabled`, flags=3) via LDAP on VWP_ADSRVR. Existing agents not yet uninstalled — awaiting direction. |
| 2026-06-15 | **VWP-FILES scan-to-folder fix.** Copier scan-to-`\\192.168.0.20` broke after the 2026-06-13 cutover — root cause was the dual-homed server having a default gateway only on the 172.16.9.132 NIC, so replies on the .20 NIC to off-subnet clients were dropped (not a VLAN-routing limit; the UDM routes all VLANs). Fix: single-homed VWP-FILES on 192.168.0.20 (gw 192.168.0.1) by disconnecting the .132 vNIC host-side via `Disconnect-VMNetworkAdapter` on VWP-HYPERV1 (in-guest change dropped the RMM agent + auto-rolled-back). .132 vNIC left disconnected (reversible), not removed. Scanner = Brother MFC-L3780CDW (vault `clients/vwp/brother-mfc-l3780cdw`). |
---