From b430c4c7c74ef3cb28838fe3e6e2ccd2004218c3 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Tue, 2 Jun 2026 14:20:17 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-02 14:20:08 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-02 14:20:08 --- .../session-logs/2026-06-02-session.md | 67 +++++++++++++++++++ wiki/clients/lonestar-electrical.md | 29 +++++++- wiki/index.md | 2 +- 3 files changed, 94 insertions(+), 4 deletions(-) create mode 100644 clients/lonestar-electrical/session-logs/2026-06-02-session.md diff --git a/clients/lonestar-electrical/session-logs/2026-06-02-session.md b/clients/lonestar-electrical/session-logs/2026-06-02-session.md new file mode 100644 index 0000000..b48b460 --- /dev/null +++ b/clients/lonestar-electrical/session-logs/2026-06-02-session.md @@ -0,0 +1,67 @@ +## User +- **User:** Howard Enos (howard) +- **Machine:** Howard-Home +- **Role:** tech + +# Lone Star Electrical — Unraid Server USB Replacement & Re-registration (2026-06-02) + +## Session Summary + +The Lone Star Electrical Unraid server was failing to boot, halting at `bzfirmware checksum error - press ENTER key to reboot...`. The boot console showed Unraid verifying its boot files against stored SHA256 sums; `bzimage`, `bzroot`, `bzroot-gui`, and `bzmodules` all passed, but `bzfirmware` failed its checksum, so the OS never mounted and the box looped on reboot. The flash drive (label UNRAID, `/dev/sda1`, Generic 8GB) was detected and `fsck.fat` ran clean (758 files, no FAT errors), isolating the fault to the corrupt `bzfirmware` file content rather than the filesystem. + +This was first triaged earlier in the day on another machine. The initial fix — replacing the corrupt `bzfirmware` file on the existing USB — did not hold: after rebooting, the same checksum error recurred. The recurrence confirmed the original diagnosis that the 8GB generic USB flash drive itself was failing (the #1 wear item on Unraid), not a one-off file corruption. + +Howard migrated the server to a new USB flash drive. He used the official **Unraid USB Creator** to write **Unraid 7.1.4** to the new stick (which handles FAT32 format, the `UNRAID` volume label, the `bz*` OS files, and installing the syslinux bootloader / boot flag in one step). He then copied the **`config/` folder from the old flash drive** onto the new stick to preserve the array configuration (`super.dat` disk assignments, shares, network settings, and the existing license `.key`). + +Because a new USB has a new GUID, the existing license key would not validate against it. Howard completed the license **re-registration / key transfer** to bind the license to the new flash GUID. The server is now booting off the new stick. Mike is having a Claude session run a check on the server to verify health/array state. This log is being saved so a Syncro ticket can be created and notes updated. + +## Key Decisions + +- Replaced the entire USB flash drive rather than re-replacing the `bzfirmware` file again — the recurrence after a file-level fix confirmed the stick was failing, so a fresh stick was the correct remediation. +- Used the Unraid USB Creator (vs. manual file copy + `make_bootable`) to guarantee a properly bootable stick with correct label/bootloader. +- Preserved the old `config/` folder verbatim on the new stick to retain disk assignments and avoid reconfiguring the array; only the OS files were fresh (from 7.1.4). +- Completed the license key transfer to the new GUID rather than running indefinitely in Trial mode. + +## Problems Encountered + +- **Recurring `bzfirmware` checksum error on boot.** Initial fix (replacing the `bzfirmware` file on the old USB) failed — error returned after reboot. Root cause: failing USB flash drive. Resolved by migrating to a new USB stick written with the Unraid USB Creator (7.1.4) + copied `config/`. +- **New USB = new GUID, old license invalid.** The copied `.key` would not validate against the new flash GUID. Resolved by completing the Unraid license key transfer/re-registration to the new stick. + +## Configuration Changes + +- New Unraid boot USB flash drive created for the Lone Star Unraid server (Unraid **7.1.4** via USB Creator). +- Old `config/` folder (super.dat / shares / network / `.key`) copied from the failing stick onto the new stick. +- Unraid license re-registered / transferred to the new flash GUID. + +## Credentials & Secrets + +- **No Lone Star Unraid credential is vaulted.** Vault search returned only ACG's own Unraid boxes: `infrastructure/jupiter-unraid-primary.sops.yaml` (Jupiter, 172.16.3.20) and `infrastructure/uranus-unraid.sops.yaml` (Uranus, 172.16.3.21) — neither is the Lonestar server. +- Unraid login is always user `root`; the root password is stored in `config/shadow` on the flash, so the original Lonestar root password carried over with the copied `config/` folder. +- **TODO:** capture the Lonestar Unraid root password and create a vault entry for this server (hostname, IP, Unraid 7.1.4, license type). Not yet vaulted. + +## Infrastructure & Servers + +- **Lone Star Electrical Unraid server** — exact hostname / LAN IP / license type not yet documented (verify and add to vault + wiki). +- Boot device (failed): label UNRAID, `/dev/sda1`, Generic Flash Disk 8GB (8.05 GB / 7.50 GiB). +- Now running: Unraid **7.1.4** on a new USB flash drive. +- Client: Lone Star Electrical Systems LLC — Syncro customer ID `33809612`. Google Workspace shop (`lonestarelectrical.net`), ManageEngine MDM. Primary contact: Robin Eneix (robine@lonestarelectrical.net). + +## Commands & Outputs + +- Boot failure (verbatim from console): `Verifying bzfirmware checksum ...` → `bzfirmware checksum error - press ENTER key to reboot...`; preceding `umount: /: not mounted`. +- `fsck.fat 4.2 (2021-01-31)`: `/dev/sda1: 758 files, 231850/1961984 clusters` (clean — filesystem healthy, file content corrupt). + +## Pending / Incomplete Tasks + +- **Create Syncro ticket** for Lone Star Electrical documenting the Unraid USB failure + replacement + re-registration (this is the explicit reason for saving). +- **Mike's Claude session is running a health check on the server** — capture results (array start state, disk assignments, parity validity, registration status) and fold into the ticket/notes. +- **Verify array integrity before/after start:** confirm all disks landed in correct slots from the copied `super.dat`; ensure no unwanted parity rebuild was triggered. +- **Vault the Lonestar Unraid credentials** (root password) and **document the server in the wiki** (hostname, IP, Unraid 7.1.4, license type). +- Keep the old failing USB stick as a temporary backup until the new stick is confirmed stable; then retire it. + +## Reference Information + +- Unraid downloads / USB Creator: https://unraid.net +- License transfer/registration: webGUI → Tools → Registration → Replace Key (self-service transfer limited to once per 12 months; LimeTech support for dead-stick reissue). +- Files on a bootable Unraid stick: `bzimage`, `bzroot`, `bzroot-gui`, `bzmodules`, `bzfirmware` (+ matching `.sha256`), `syslinux/`, `make_bootable*`. The `config/` folder holds array/license state and must be preserved across migrations. +- Lonestar wiki: `wiki/clients/lonestar-electrical.md`. Syncro customer: `33809612`. diff --git a/wiki/clients/lonestar-electrical.md b/wiki/clients/lonestar-electrical.md index 6c25f39..78ddfbe 100644 --- a/wiki/clients/lonestar-electrical.md +++ b/wiki/clients/lonestar-electrical.md @@ -2,9 +2,10 @@ type: client name: lonestar-electrical display_name: Lone Star Electrical Systems LLC -last_compiled: 2026-06-01 -compiled_by: GURU-5070/claude-main +last_compiled: 2026-06-02 +compiled_by: HOWARD-HOME/claude-main sources: + - clients/lonestar-electrical/session-logs/2026-06-02-session.md - clients/lonestar-electrical/session-logs/2026-06-01-session.md - clients/lonestar-electrical/session-logs/2026-05-29-sophos-removal.md - clients/lonestar-electrical/docs/apple-mdm-setup-reference.md @@ -64,6 +65,19 @@ Electrical contractor in Tucson, AZ. ACG-managed client. Distinctive in the flee - **LS-1, LS-2** — Windows workstations at the **Norris site**; both upgraded to Win11 on 2026-05-04 (Syncro #32244). Both were inherited from the **previous MSP** with **Sophos Endpoint Protection** (managed via the previous MSP's Sophos Central — no ACG access). Sophos removal is in progress (see Patterns and Active Work). Both enrolled in **GuruRMM** during the 2026-05 removal work; ScreenConnect + GuruRMM agents registered for Safe Mode (`SafeBoot\Network`). +### Unraid Server + +- **Status:** Running Unraid **7.1.4** as of 2026-06-02 (migrated to new USB flash drive). +- **Hostname:** [verify] +- **LAN IP:** [verify] +- **License type:** [verify — Basic / Plus / Pro] +- **Boot device:** New USB flash drive (written via Unraid USB Creator, 7.1.4). Original failed stick: label `UNRAID`, `/dev/sda1`, Generic Flash Disk 8GB — retired but kept as temporary backup until new stick confirmed stable. +- **Config:** Old `config/` folder (array assignments `super.dat`, shares, network settings, license `.key`) copied from the failing stick onto the new one. Disk layout and array configuration preserved; only the OS files are fresh. +- **License:** Re-registered to the new USB GUID via Unraid webGUI Tools > Registration > Replace Key on 2026-06-02. +- **Root credentials:** Carried over from the old `config/shadow`; root password is NOT yet vaulted for this client. Only ACG's own Unraid boxes are vaulted (`infrastructure/jupiter-unraid-primary.sops.yaml`, `infrastructure/uranus-unraid.sops.yaml`). [verify and vault] +- **Array/disk layout:** [verify — confirm all disks landed in correct slots from copied `super.dat`] +- **Health check:** Mike's Claude session was running a check on 2026-06-02 post-migration — results pending. + --- ## Access @@ -72,6 +86,7 @@ Electrical contractor in Tucson, AZ. ACG-managed client. Distinctive in the flee - **ManageEngine MDM:** mike@azcomputerguru.com (Zoho Super Admin) — https://mdm.manageengine.com/webclient - **GWS service account (programmatic):** `ACG-MSP-Access (Google Workspace)` (vault: MSP Tools); key file `temp/acg-msp-access-8f72339997e5.json` - **Vault root:** `clients/lonestar-electrical/` in vault repo +- **Unraid server:** root credentials not yet vaulted [verify and vault] --- @@ -82,6 +97,7 @@ Electrical contractor in Tucson, AZ. ACG-managed client. Distinctive in the flee - **ManageEngine + Google Workspace dual-EMM trap (resolved 2026-03-24).** A personal phone repeatedly prompted for MDM enrollment when the user added their Lonestar Google account. Root cause was **two independent triggers**: (1) ManageEngine MDM self-enrollment was enabled for all directory groups, AND (2) ManageEngine was configured as a **third-party EMM provider inside Google Workspace** (Devices > Mobile & endpoints > Settings > Third-party integrations). The Google integration enforces enrollment on any device that adds a Lonestar account — independent of ManageEngine's own self-enrollment setting. **Fix required both:** disable ManageEngine self-enrollment (Enrollment > Self Enrollment > Disable) AND remove ManageEngine as the third-party EMM in the GWS Admin Console. Disabling only one leaves the prompt in place. Company tablets enrolled directly via QR code are unaffected by either change. - **Google Workspace, not M365.** Reach for GWS Admin Console + the ACG-MSP-Access service account for identity work. The M365 remediation-tool app suite does not apply to this client. - **Field/mobile-first.** Most tickets are phone/tablet/field-device oriented (iPhone field setup, tablet PDF editing). Expect mobile, not desktop, as the primary support surface — the LS-1/LS-2 desktop work is the exception, not the norm. +- **Recurring `bzfirmware` checksum boot error = failing USB flash drive.** Replace the stick (Unraid USB Creator + copy old `config/` + re-register license to new GUID). Do NOT just replace the file — if the error recurs after a file-level fix, the stick itself is failing. Reusable for any Unraid box. --- @@ -90,6 +106,11 @@ Electrical contractor in Tucson, AZ. ACG-managed client. Distinctive in the flee No open Syncro tickets as of 2026-06-01. - **Sophos removal on LS-1 / LS-2 (IN PROGRESS).** `SophosED.sys` kernel boot driver still present and active on both machines; most user-mode Sophos services removed from LS-2. Offline WinRE completion step pending on both (delete driver, disable SED service in offline hive, reboot, `SophosZap --confirm`). Handed off to Howard via coord message `689cfb7c` (2026-06-01). A Syncro ticket "Sophos Endpoint Removal - LS-1 and LS-2" was drafted — verify it exists before logging time. +- **Unraid server USB replacement done (2026-06-02); PENDING:** + - Create Syncro ticket documenting the USB failure, replacement (Unraid 7.1.4 via USB Creator), config copy, and license re-registration. + - Capture and fold in the results of Mike's server health check (array start state, disk assignments, parity validity, registration status). + - Verify array integrity: confirm all disks landed in correct slots from the copied `super.dat`; ensure no unwanted parity rebuild was triggered. + - Vault the Lonestar Unraid root password and document the server in the wiki (hostname, IP, Unraid 7.1.4, license type). --- @@ -106,16 +127,18 @@ No open Syncro tickets as of 2026-06-01. | 2026-05-05 | iPhone field setup (#32251) | | 2026-05-28/29 | Sophos removal on LS-1/LS-2 begun: enrolled in GuruRMM, removed Datto startup conflict (LS-2), registered Safe Mode agents, removed user-mode Sophos; blocked by `SophosED.sys` kernel driver — WinRE offline removal staged (Ventoy USB), completion pending | | 2026-06-01 | Recovered the (previously unlogged) Sophos removal context, reconstructed it into a session log, and handed the WinRE completion procedure to Howard via coordinator (msg `689cfb7c`) | +| 2026-06-02 | Unraid server USB flash drive failed (recurring bzfirmware checksum error); migrated to new stick (Unraid 7.1.4 via USB Creator), copied old config/, re-registered license to new GUID | --- ## Compilation Notes +- Refreshed 2026-06-02 (recompile by HOWARD-HOME/claude-main) to absorb the 2026-06-02 session log: added Unraid server infrastructure subsection, new `bzfirmware` checksum pattern, history row, and pending Active Work items. - Refreshed 2026-06-01 (full recompile) to incorporate the 2026-05-28/29 Sophos removal work, which had previously been lost — it was never written to a session log and survived only in a gitignored temp draft (`.claude/tmp/ollama_prompt.txt`) and coord message `8a5cb25c`. A proper session log was reconstructed at `clients/lonestar-electrical/session-logs/2026-05-29-sophos-removal.md` before this compile. - Seeded 2026-05-26 from two March session logs + credentials.md + vault entry + temp provisioning scripts, enriched with live Syncro data (customer 33809612). - **Vault slug is `lonestar-electrical`** (matches `clients/lonestar-electrical/` in the vault), though session logs and temp scripts use the un-hyphenated `lonestar`. - Lonestar work now lives in both `clients/lonestar-electrical/` (docs + session-logs) and root session logs / `temp/` scripts. -- Flagged `[verify]`: billing rate; exact roles/names for James, Kyla, Russ; full workstation inventory. +- Flagged `[verify]`: billing rate; exact roles/names for James, Kyla, Russ; full workstation inventory; Unraid server hostname/IP/license type/root credentials. ## Backlinks diff --git a/wiki/index.md b/wiki/index.md index 8d43621..f76c28e 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -41,7 +41,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Western Tire](clients/western-tire.md) | Tire retail (jackfurriers.com brand); Mike Furrier owner (Syncro ID 391491); email migrated from websvr to IX 2026-04-22; 30 mailboxes; SSL cert expires 2026-05-30 | 2026-05-24 | | [Kittle (general contractor)](clients/kittle.md) | General contractor Tucson AZ; Syncro 32460233; HPE MicroServer Gen11 WS2025 EVAL at 10.0.0.5; no backups, no firewall; DKIM/DMARC missing; 3 plaintext creds in Syncro notes; GuruRMM onboarding 2026-05-08 | 2026-05-24 | | [Khalsa (two-site)](clients/khalsa.md) | Two-site client (Camden + River); onboarding not completed; domain khalsa.local, DC TROUT at 10.11.12.254; Mac domain-join runbook documented; template docs otherwise empty | 2026-05-24 | -| [Lone Star Electrical Systems](clients/lonestar-electrical.md) | Electrical contractor Tucson AZ; Syncro 33809612, prepaid block 17.0 hrs; Google Workspace (not M365); ManageEngine MDM (Zoho); 2026-03 dual-EMM self-enrollment trap resolved; LS-1/LS-2 inherited-Sophos kernel-driver removal in progress; field/mobile-first | 2026-06-01 | +| [Lone Star Electrical Systems](clients/lonestar-electrical.md) | Electrical contractor Tucson AZ; Syncro 33809612, prepaid block 17.0 hrs; Google Workspace (not M365); ManageEngine MDM (Zoho); Unraid server (7.1.4, USB migrated 2026-06-02); LS-1/LS-2 inherited-Sophos kernel-driver removal in progress; field/mobile-first | 2026-06-02 | | [Anaise](clients/anaise.md) | Single workstation client; contact David (anaisedavid.office@gmail.com); DESKTOP-O8GF4SD; creds in vault at clients/anaise/desktop-o8gf4sd.sops.yaml; onboarding incomplete; M365 enrollment unconfirmed | 2026-05-24 | | [ACG Website (azcomputerguru.com)](clients/azcomputerguru.com.md) | Public website redesign (Astro); score 33/40; placeholder testimonials + no-backend form are pre-launch blockers; OKLCH token design system; see internal-infrastructure.md for ACG servers | 2026-05-24 | | [Quantum WMS](clients/quantumwms.md) | WMS company; quantumwms.com tenant (ddf3d2c9); GoDaddy decoupling + M365 migration; 2x Business Premium + Exchange Online Plan 1; deadline 2026-06-03; Tenant Admin consented 2026-05-26 | 2026-05-26 |