azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-06-02 20:00:25

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-02 20:00:25
This commit is contained in:
Howard Enos
2026-06-02 20:00:32 -07:00
parent e0643310a0
commit bba57a1d3e
3 changed files with 185 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
wiki/clients/dataforth.md
View File

@@ -2,7 +2,7 @@
type: client
name: dataforth
display_name: Dataforth Corporation
last_compiled: 2026-05-24
last_compiled: 2026-06-02
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- clients/dataforth/docs/overview.md
@@ -40,6 +40,7 @@ sources:
- clients/dataforth/session-logs/2026-06-01-aoi-xp-vlan-share.md
- clients/dataforth/docs/aoi-xp-vlan-backup-runbook.md
- clients/dataforth/session-logs/2026-06-01-cbell-m365-bobbi-outlook.md
- clients/dataforth/session-logs/2026-06-02-session.md
backlinks:
- projects/dataforth-dos
- systems/jupiter
@@ -69,11 +70,13 @@ Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing
| Theresa Dean | tdean | Admin | tdean@dataforth.com |
| Joel Lohr | jlohr | **RETIRED 2026-03-31** — account intentionally kept enabled; inbox rule forwards ntirety.com notifications to mike@azcomputerguru.com | jlohr@dataforth.com |
| Ken Hoffman | khoffman / oemdata | TestDataSheetUploader author, external; also owns Dataforth product API | — |
| Winter | — | Dataforth contact who requested Syncro asset cleanup 2026-06-02 | — |
- **External distributor:** Ginger (gy@quatronix-cn.com) — Quatronix China; receives datasheets
- **Billing rate:** Prepaid block; all invoices show $0.00 — hours drawn from block
- **Hours remaining:** 46.5 hrs as of 2026-05-03 (after 1 hr billed that session). Always live-check Syncro before billing — `GET /customers/578095`.
- **Syncro customer ID:** 578095
- **Invoice CC:** jantar@dataforth.com
---
@@ -163,6 +166,71 @@ Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing
---
## Syncro Asset Inventory (2026-06-02 Reconciliation)
Pulled full Syncro asset list for customer_id `578095`: **78 assets** across 2 pages.
### Reconciliation Result
| Bucket | Count | Meaning |
|---|---|---|
| KEEP | 20 | Active in Syncro (<150 days since last check-in) |
| SAVE + FLAG | 21 | Alive in ScreenConnect or Bitdefender but Syncro agent broken; do NOT delete — reinstall agent |
| REMOVE | 28 | Dead in all three systems (Syncro + ScreenConnect + Bitdefender) |
| VERIFY | 9 | Servers with no agent anywhere; could be live console-only; confirm before removing |
**Governing rule (Howard's 3-system OR):** A machine is saved if it has been online within 150 days in ANY of Syncro, ScreenConnect, or Bitdefender. Removal only if dead in all three.
### SAVE + FLAG — alive but Syncro agent broken (21 machines)
AD1, AD2, SAGE-SQL, FILES-D1, ENG-DEV-SERVER, D2-MFG-001, D1-ENGI-012, MY9-PC, D1-CUST-003, DANC0619, DFORTH-SHIP, DF-LEE11-I9, DFASLB0519, D2-AS-26, HGHAUBNER, D1-PWRM, D1-ENGI-EMCLAB1, D1-CONF-002, D2-HIPOT-SURFAC, D2-AS-34, TS-41 (shows as STATION_41 in ScreenConnect)
### VERIFY — servers with no agent (9 machines)
APPS, EXCHANGE, EXCHANGE16, AD-3, AD-4, OLD-AD2, SAGETS-1, EPICOR, D2-ASSY-001
Likely dead: OLD-AD2, EXCHANGE16, SAGETS-1. Confirm before removing: APPS, AD-3, AD-4, EXCHANGE, EPICOR, D2-ASSY-001.
### REMOVE — confirmed dead in all systems (28 asset IDs)
Syncro asset IDs: 23845, 149614, 9708445, 9357407, 9276901, 9212922, 9078651, 8824875, 8824867, 8726494, 8726485, 8657233, 8606209, 8572160, 8523941, 8411908, 8410614, 8632009, 8726495, 8421223, 9081717, 8726493, 8423782, 8726481, 8525650, 8622969, 8361459, 8670944
**Deletion method:** Syncro GUI only (`https://computerguru.syncromsp.com/customer_assets?customer_id=578095`). API route `DELETE /customer_assets/{id}` returns HTML 404 for this integration token — not exposed.
### Root Cause — Fleet-wide Syncro Agent Break ~2025-10-06
57 of 78 assets show `updated_at` frozen at or before 2025-10-06, while the remaining 21 show recent check-ins. This is a hard cutoff, not gradual attrition — indicating a fleet-wide Syncro agent failure around that date. The machines stayed online (visible in ScreenConnect); only the Syncro agent stopped reporting. Root cause not yet investigated. Flag for Dan Center / Winter when replying.
### Pending Actions (Coord todo tree, parent `103c48ad-7b31-4967-9388-065a91888e7c`, assigned to Howard)
1. Delete the 28 confirmed-dead assets in Syncro GUI.
2. Decide the 9 VERIFY servers.
3. Reinstall Syncro agent on the 21 SAVE+FLAG machines.
4. Switch Dataforth to metered Syncro asset billing once clean.
5. Reply to Winter; flag the ~2025-10-06 fleet-wide agent break for investigation.
---
## Third-Party Tool Inventory
### Bitdefender GravityZone
- **Company ID:** `64c94ef310db128bfa0d908f` (suffix `_578095` confirms Dataforth mapping)
- **Status:** Dataforth is being **phased off Bitdefender**. Only 4 of 57 GravityZone endpoints remain in "Custom Groups" (actively managed); 53 are in the "Deleted" folder (mostly unmanaged).
- **[WARNING] Bitdefender absence is NOT a decommission signal for Dataforth.** A machine missing from BD may simply have had its BD agent uninstalled as part of the phase-off. Use Syncro or ScreenConnect as liveness indicators.
- GravityZone company owner field: Lee Payne.
### ScreenConnect
- **Host:** `https://computerguru.screenconnect.com`
- **Extension GUID:** `2d558935-686a-4bd0-9991-07539f5fe749`
- **Vault:** `msp-tools/screenconnect.sops.yaml` (fields `credentials.username`, `credentials.api_secret`)
- **Working API auth (determined 2026-06-02):** `CTRLAuthHeader: <raw api_secret>` (NO "Basic " prefix) + `Origin: https://computerguru.screenconnect.com`. Basic-auth or "Basic <b64>" in CTRLAuthHeader both return 401.
- **Only exposed method:** `POST /App_Extensions/<guid>/Service.ashx/GetSessionsByName` with body `{"sessionName":"<name>"}`. All other Get* method names return 500. Agent `Name` fields are blank for unattended sessions — this API cannot enumerate the full Dataforth fleet; name-based lookup only.
- Custom session properties: CP1=Company, CP2=Site, CP3=Tag.
---
## Access
### Domain / Server Access
@@ -237,11 +305,18 @@ Signal conditioning / data acquisition manufacturer in Tucson, AZ. Long-standing
- **Entra ID P2 not licensed** — IdentityRiskyUser risk check returns 403 even with scope consented. Would need P2 upgrade to enable Identity Protection.
- **IdentityRiskyUser.Read.All scope:** Consented to Security Investigator app but unusable (no P2 license).
### Syncro Asset Management
- **Fleet-wide Syncro agent break ~2025-10-06:** ~half of Dataforth machines stopped reporting to Syncro on or around that date while remaining online in ScreenConnect. Do NOT auto-remove machines frozen at that date without cross-checking ScreenConnect. Root cause unknown — needs investigation.
- **Bitdefender is NOT a liveness signal:** Dataforth is being phased off BD; 53 of 57 GravityZone endpoints are in the "Deleted" folder. Missing from BD = BD agent uninstalled, not machine dead.
- **API delete not available:** `DELETE /customer_assets/{id}` returns HTML 404 for the current integration token. All asset deletions must go through the Syncro GUI.
---
## Active Work
As of 2026-06-01:
As of 2026-06-02:
- **Syncro asset cleanup (2026-06-02):** 78-asset reconciliation complete. 28 confirmed-dead assets pending GUI deletion; 21 alive-but-broken machines need Syncro agent reinstall; 9 servers in VERIFY bucket. Move to metered billing once clean. Reply to Winter pending. Coord todo tree assigned to Howard (parent `103c48ad-7b31-4967-9388-065a91888e7c`). See [Syncro Asset Inventory](#syncro-asset-inventory-2026-06-02-reconciliation) above.
- **AOI XP backup + isolation (2026-06-01):** AOI optical-inspection XP PC moved to VLAN 2 (mydata/SMT) @ 192.168.1.175; locked-down SMB1 share `aoibackup` on D2TESTNAS (XP-only, user `admin`). Other NAS shares now deny the XP. Mike OK'd full SMT visibility ("it's part of SMT"). **Optional EOL hardening pending:** block XP → company LAN (except NAS 192.168.0.9) + Internet on the UDM, scoped to .175 (won't affect other SMT devices). Todo `37543f7f`.
@@ -279,6 +354,7 @@ As of 2026-06-01:
| 2026-05-12 | Pipeline audit + email notifications implemented (Graph API). jlohr forwarding configured (ntirety.com → mike@). DKIM keys rotated. |
| 2026-06-01 | AOI optical-inspection XP PC isolated onto VLAN 2 (mydata/SMT) @ 192.168.1.175; `aoibackup` SMB1 share created on D2TESTNAS locked to the XP only; other NAS shares set to deny the XP. D2TESTNAS confirmed Debian 13 / Samba 4.22.6 (repurposed Netgear ReadyNAS); vault + wiki OS corrected. Mike: AOI may see all of SMT; optional company-LAN/Internet block for the XP still pending. |
| 2026-06-01 | Chauncey Bell (cbell) M365 verified — active mailbox, licensed Microsoft 365 Business Standard (full Office + Exchange); AD password reset on AD2 (synced user, OU=Azure_Users), signed into Office. Bobbi's Outlook printing fixed by switching to Outlook (Classic). Ticket #32364 (0.5 hr onsite). |
| 2026-06-02 | Syncro asset reconciliation (78 assets): 20 keep / 21 save+flag / 28 remove / 9 verify. Root cause identified: fleet-wide Syncro agent break ~2025-10-06 silenced ~half the fleet while boxes stayed online (visible in ScreenConnect). Dataforth confirmed phasing off Bitdefender (only 4 of 57 GravityZone endpoints actively managed; 53 in Deleted folder). GUI delete list and 5-step todo tree handed to Howard. Move to metered billing pending cleanup. ScreenConnect API auth pattern documented (CTRLAuthHeader raw secret + Origin). |
---

2
wiki/index.md
View File

@@ -19,7 +19,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks.
| Article | Summary | Last Compiled |
|---|---|---|
| [Cascades of Tucson](clients/cascades-tucson.md) | Prepaid block $175/hr, ~28.0 hrs remaining; senior living; active domain migration + HIPAA compliance project; single DC on aging R610 hardware; open ticket #32370 (eFax + scanner onsite) | 2026-06-02 |
| [Dataforth Corporation](clients/dataforth.md) | Prepaid block ~$2,099/mo; signal conditioning manufacturer; 64 DOS test stations; 2025 crypto attack recovery; 2026-03-27 phishing incident + MFA rollout; active test datasheet pipeline project; Neptune Exchange colocated at D2 | 2026-05-24 |
| [Dataforth Corporation](clients/dataforth.md) | Prepaid block ~$2,099/mo; signal conditioning manufacturer; 64 DOS test stations; 2025 crypto attack recovery; 2026-03-27 phishing incident + MFA rollout; active test datasheet pipeline project; Neptune Exchange colocated at D2; 2026-06-02 Syncro asset reconciliation (78→20 keep/21 flag/28 remove/9 verify); fleet-wide Syncro agent break ~2025-10-06; Bitdefender phase-off in progress | 2026-06-02 |
| [Instrumental Music Center](clients/instrumental-music-center.md) | Prepaid block $175/hr, 12.5 hrs remaining; music retail/repair; AIMsi POS on SQL Server 2019; phantom DC causing slow logons; GuruRMM enrolled (IMC1) | 2026-05-24 |
| [Valley Wide Plastering](clients/valleywide.md) | Prepaid block, 10 hrs remaining; plastering/stucco contractor; HP DL360 Gen10 + XenServer; VB6 app modernization project; RDWeb brute-force incident; 11 Yealink phones pending | 2026-05-24 |
| [ACG Internal Infrastructure](clients/internal-infrastructure.md) | ACG's own hosting infra — Neptune Exchange (cert expires 2026-05-31, DkimSigner disabled), IX server, Cloudflare tunnel workaround, ACG M365 tenant gaps | 2026-05-24 |