diff --git a/.claude/memory/MEMORY.md b/.claude/memory/MEMORY.md index b896578..be295e7 100644 --- a/.claude/memory/MEMORY.md +++ b/.claude/memory/MEMORY.md @@ -83,7 +83,7 @@ - [Dashboard beta-first deploy](feedback_dashboard_beta_first.md) — Dashboard auto-builds to rmm-beta.azcomputerguru.com on push; prod (rmm.azcomputerguru.com) is explicit promote-only via promote-dashboard.sh --confirm. Never hand-rsync prod. One artifact, nginx sub_filter BETA banner. Stood up 2026-06-02. ### Cascades -- [Cascades operational rules](feedback_cascades.md) — Two active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU. +- [Cascades operational rules](feedback_cascades.md) — Active rules: (1) folder redirection (fdeploy) needs subfolders PRE-CREATED before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1. (2) ALWAYS ask which security group(s) a new user goes into — never auto-derive from OU. (3) Do NOT lock down the legacy Main\Company Web Docs\Accounting (Everyone:Full) folder — still in active use. - [Cascades FR GPO fix](reference_cascades_fr_gpo_fix.md) — Native Folder Redirection was DOA on every machine: redirect targets were in a misnamed `fdeploy1.ini` (Windows reads `fdeploy.ini`) → empty target path → silent no-op → per-user registry workaround every time. Fixed 2026-06-08 (correct fdeploy.ini + version bump). Also: CS-SERVER live RMM agent is `c39f1de7...` (old `6766e973` stale). ## Machine diff --git a/.claude/memory/cyndyoffice-physical-hp-lockups.md b/.claude/memory/cyndyoffice-physical-hp-lockups.md index be3c30e..723e057 100644 --- a/.claude/memory/cyndyoffice-physical-hp-lockups.md +++ b/.claude/memory/cyndyoffice-physical-hp-lockups.md @@ -36,6 +36,18 @@ Startup fixes, next step = full hardware diagnostic (extended mem + drive/PSU) plus backup + clean Windows reinstall; ~1-2 days machine downtime. PSU is the prime remaining hardware suspect. +BILLED 2026-06-10: 1.0h onsite, $175, invoice #67810 (client emailed summary + +contingency). Universal Minerals is BREAK-FIX - no prepaid block, NOT an RMM/ +monitoring client (prepay_hours 0.0). The GuruRMM agent was installed ONLY to +diagnose and was REMOVED same-day 2026-06-10 (agent's own `uninstall` via a +detached one-time scheduled task + sc delete of GuruRMMAgent/GuruRMMWatchdog + +deleted C:\Program Files\GuruRMM and C:\ProgramData\GuruRMM; server-side record +DELETE /api/agents/ -> 204). So freeze monitoring is now manual/customer- +reported, not via RMM. Client wiki seeded at wiki/clients/universal-minerals.md +([[universal-minerals]] slug). To remove a GuruRMM Windows agent generally: it +has built-in verbs (install/uninstall/start/stop/status) - run `uninstall` +DETACHED (scheduled task) so it survives killing its own service. + **Why:** future "look at CyndyOffice" requests will assume VM tuning; it's a physical box needing a memtest/PSU/BIOS path. **How to apply:** treat as physical hardware; resolve UUID live every time. diff --git a/.claude/memory/feedback_cascades.md b/.claude/memory/feedback_cascades.md index 2d0c953..a14db6f 100644 --- a/.claude/memory/feedback_cascades.md +++ b/.claude/memory/feedback_cascades.md @@ -1,6 +1,6 @@ --- name: Cascades-specific operational rules (folder redirect, security groups) -description: Two active rules for Cascades work — (1) folder redirection (fdeploy) needs subfolders pre-created before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1; (2) always ASK which security group(s) a new user goes into — never auto-derive from OU. Root-cause / incident detail in project_cascades_history.md. +description: Active rules for Cascades work — (1) folder redirection (fdeploy) needs subfolders pre-created before first logon or it caches a failure forever; recovery via fix-shell-redirect.ps1; (2) always ASK which security group(s) a new user goes into — never auto-derive from OU; (3) do NOT lock down the legacy Main\Company Web Docs\Accounting (Everyone:Full) folder — still in active use. Root-cause / incident detail in project_cascades_history.md. type: feedback --- @@ -39,3 +39,9 @@ When creating or being asked to create any Cascades user account (AD or M365), a OU placement is mechanical (controls Entra Connect sync scope); group membership is an access-control decision and must be made consciously. **Caregivers example:** account goes in `OU=Caregivers` (sync scope) AND must be deliberately added to `SG-Caregivers` (CA policy coverage) — two separate, intentional steps; neither auto-derived from the other. + +--- + +## 3. Do NOT lock down the legacy `Main\Company Web Docs\Accounting` folder + +The accounting folder under the Synology-Drive-synced tree (`D:\Shares\Main\Company Web Docs\Accounting`, `Everyone:FullControl`) stays as-is — Howard confirmed 2026-06-10 the team is **still actively using it**. Do not scope/tighten its ACL or "clean it up" as a HIPAA hardening step, even though the wide-open Everyone:Full looks like an obvious target. The 2026-06-09 scan-to-folder build deliberately created a *separate* clean share (`\\CS-SERVER\AcctDept` → `D:\Shares\Accounting`) rather than reusing this folder; that is the lockdown story, and the legacy folder is intentionally left untouched. diff --git a/clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md b/clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md index 86be60f..1efd24a 100644 --- a/clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md +++ b/clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md @@ -136,3 +136,39 @@ None discovered or created this session. RMM and Syncro auth via existing vault - Memory file: .claude/memory/cyndyoffice-physical-hp-lockups.md - RMM commands this session: diagnostics + remediation dispatched to agent 28708e66-342f-4130-b192-e308b582f00b. + +## Update: 13:15 PT — Billing, RMM removal, client wiki + +Billed and closed out the diagnostic engagement, removed the temporary RMM agent, and +seeded the client wiki article. + +**Billing (Syncro #32397):** 1.0h onsite (product 26118, $175.00). Posted a public +resolution comment WITH `do_not_email: false` so the client was emailed the work summary +plus the verbatim contingency note (if freezing recurs -> full hardware diagnostic + +backup/clean Windows reinstall, ~1-2 days downtime). Line item 42807858; invoice **#67810** +(id 1650637398), total $175.00. Ticket left **In Progress** (monitoring), not marked +Invoiced. Invoice PDF email is a Syncro GUI step — no verified API endpoint, did not probe. + +**RMM removal (client is break-fix / no-RMM):** Confirmed CyndyOffice belongs to Universal +Minerals (customer 34844920, prepay 0.0) — the agent was a temporary diagnostic tool. The +Windows agent exposes built-in verbs (`install/uninstall/start/stop/status/watchdog`). +Because running `uninstall` through the agent would kill the command mid-execution, wrote a +removal script to `C:\Windows\Temp\rmm-remove.ps1` and ran it via a **detached one-time +scheduled task** (`GuruRMM-Removal`, SYSTEM) that fires ~8s after the agent acks: runs +`gururmm-agent.exe uninstall`, `taskkill /F`, `sc delete GuruRMMWatchdog/GuruRMMAgent`, +removes `C:\Program Files\GuruRMM` + `C:\ProgramData\GuruRMM`, self-deletes the task. Agent +went offline immediately (service gone). Server-side record cleaned up: +`DELETE /api/agents/28708e66-...` -> HTTP 204, confirmed removed from the dashboard. +Consequence: the freeze monitoring window is now manual / customer-reported, not via RMM. + +**Client wiki seeded:** Created `wiki/clients/universal-minerals.md` (break-fix profile, +CyndyOffice hardware/specs, freeze + QuickBooks patterns, #32397 active work, history) and +added the client to `wiki/index.md` (Clients table + Cross-Reference). To be expanded as +more of the environment is learned, per the standard client-wiki pattern. + +**Config changes (this update):** updated `.claude/memory/cyndyoffice-physical-hp-lockups.md` +(billing + RMM-removal + general Windows-agent removal method); created +`wiki/clients/universal-minerals.md`; edited `wiki/index.md`. + +**Reference:** invoice #67810 (id 1650637398); Syncro comments 418397979 (billing, emailed); +removal command `a25eaab4-...`; removed agent UUID `28708e66-342f-4130-b192-e308b582f00b`. diff --git a/wiki/clients/universal-minerals.md b/wiki/clients/universal-minerals.md new file mode 100644 index 0000000..31a482f --- /dev/null +++ b/wiki/clients/universal-minerals.md @@ -0,0 +1,142 @@ +--- +type: client +name: universal-minerals +display_name: Universal Minerals International Inc +last_compiled: 2026-06-10 +compiled_by: HOWARD-HOME/claude-main +sources: + - clients/universal-minerals/session-logs/2026-06/2026-06-10-howard-cyndyoffice-freeze-diagnosis.md + - Syncro customer 34844920 + - Syncro ticket #32397 (112445840) + - .claude/memory/cyndyoffice-physical-hp-lockups.md +backlinks: [] +--- + +# Universal Minerals International Inc + +Mineral / commodities business in Tucson, AZ. ACG client on a **per-incident (break-fix) +basis — NO prepaid block and NOT an RMM / monitoring client.** Work is billed per ticket +at standard rates. This is a thin seed article (first compiled 2026-06-10 from the +CyndyOffice freeze diagnosis); expand as more is learned, like the other client articles. + +--- + +## Profile + +- **Company type:** Minerals / commodities (domain `umint.com`) +- **Contract type:** Per-incident / break-fix. **Prepay hours: 0.0** (always re-check + `GET /customers/34844920` before billing). No monitoring or RMM contract. +- **Billing rate:** Onsite $175/hr (Syncro product 26118); standard non-prepaid rates. + [verify tax rate is assigned before any hardware/taxable billing] +- **Syncro customer ID:** `34844920` +- **Address:** 4620 South Coach Drive, Tucson, AZ 85714 +- **Main phone:** 520-838-0945 +- **Key contacts:** + - Amber R. — amberr@umint.com (Syncro primary email on file) + - Accounts Payable — accountspayable@umint.com (Syncro contact) + - **Cyndy** — primary user of the "CyndyOffice" workstation (the machine in ticket + #32397); [verify full name / role] +- **Active ticket:** #32397 (see Active Work) + +--- + +## Infrastructure + +> Sparse — only what surfaced during the 2026-06-10 freeze diagnosis. Expand as more +> of the environment is documented. + +### Workstations + +- **CyndyOffice** — Cyndy's primary desktop. + - **Hardware:** HP Pavilion Desktop **TP01-2xxx** (AMD, 16 logical CPUs, single 16 GB + Kingston DIMM, 1 TB WD SN530 NVMe). + - **Identifiers:** Product # (SKU) `318G6AA#ABA`; Serial / Service Tag `2MO21549RB`; + motherboard HP 8906; BIOS **F.38** (updated from F.36 on 2026-06-10). + - **OS:** Windows 11 Home, build 26200. + - **Line-of-business app:** QuickBooks **Enterprise 22.0** (2022 edition — past Intuit + support). QuickBooks Tool Hub installed. + - **RMM:** A GuruRMM agent was installed **temporarily for diagnosis only** on + 2026-06-10 and **fully removed the same day** (services + binary + data dir + uninstalled, server-side record deleted). This client does not pay for RMM/monitoring. + +### Email & Identity + +- Domain `umint.com`. Platform (M365 / Google / on-prem Exchange) **[verify]**. + +--- + +## Access + +- **Syncro:** customer `34844920`. +- **Vault root:** none yet (`clients/universal-minerals/` not created in vault — no + credentials captured this engagement). + +--- + +## Patterns & Known Issues + +- **CyndyOffice intermittent hard freeze / forced power-off (under investigation, + 2026-06-10).** The machine locks up solid and must be force-powered-off. Event-log + signature: ~20 occurrences over 6 weeks, each a **Kernel-Power 41 with bugcheck code 0 + and NO crash dump**, paired with a 6008 dirty-shutdown; **no WHEA hardware errors**. With + crash dumps confirmed enabled, the absence of any dump means these are **true + hardware/firmware freezes, not a Windows BSOD/software crash** — the event log goes + silent at each freeze and resumes only at next boot. Ruled out: SSD healthy (0% wear), + sleep/wake (no auto-sleep on AC), AV conflict (Defender only), idle thermal (~30C). + Fixes applied 2026-06-10: **BIOS F.36 -> F.38, Fast Startup disabled, Windows Memory + Diagnostic PASSED**, orphaned `mbamchameleon` (Malwarebytes leftover) service removed. + **Prime remaining hardware suspect = PSU** (stock HP Pavilion supply) if it recurs. + Diagnostic detail: [[cyndyoffice-physical-hp-lockups]]. + +- **QuickBooks messaging crash-loop (separate from the freeze).** + `QuickBooksMessaging.exe` crash-loops (~15/min) with a .NET + `System.ObjectDisposedException` updating its system-tray NotifyIcon. Log noise only, + not the freeze cause. Repaired via QuickBooks Tool Hub 2026-06-10 (confirm clear once the + company file is in active use). QB Enterprise 22.0 is past Intuit support — a version + upgrade is the longer-term fix. + +- **Break-fix client — confirm scope/authorization per incident.** No standing + monitoring or RMM. Any RMM agent used for diagnosis must be removed afterward (as was + done 2026-06-10). + +--- + +## Active Work + +- **Ticket #32397 — "Onsite - Computer intermittently freezing and shutting down" + (Universal Minerals, In Progress).** + - Diagnosis complete; BIOS + Fast Startup fixes applied; RAM passed; boot-error cleanup + done. Machine is in a **monitoring window** to confirm the freezing has stopped (freezes + had been every 1-3 days). RMM removed, so monitoring is now manual / customer-reported. + - **Contingency (documented publicly on the ticket):** if freezing recurs, next step is a + full hardware diagnostic (extended memory + drive/power testing) plus a backup and clean + Windows reinstall to rule out OS corruption — ~1-2 days of machine downtime. + - **Billed:** 1.0h onsite, $175.00, invoice **#67810** (2026-06-10). Client emailed the + work summary + contingency note. Invoice PDF send is a GUI step (no verified API + endpoint). + +--- + +## History Highlights + +| Date | Event | +|---|---| +| 2026-06-09 | Ticket #32397 opened — CyndyOffice intermittently freezing and shutting down | +| 2026-06-10 | Diagnosed via temporary GuruRMM agent: confirmed hardware/firmware hard-freeze signature (Kernel-Power 41, bugcheck 0, no dump/WHEA). Applied BIOS F.38, disabled Fast Startup, ran memory test (passed), removed orphaned mbamchameleon service. Repaired QuickBooks messaging crash-loop (Tool Hub) | +| 2026-06-10 | Billed 1.0h onsite ($175, invoice #67810); client emailed summary + 1-2 day reinstall/HW-test contingency | +| 2026-06-10 | GuruRMM agent removed from CyndyOffice (uninstalled on endpoint + server record deleted) — client does not pay for RMM | + +--- + +## Compilation Notes + +- Seeded 2026-06-10 (HOWARD-HOME/claude-main) from the CyndyOffice freeze-diagnosis + session log, Syncro customer 34844920, and ticket #32397. First article for this client. +- **Break-fix / no-RMM client** — the GuruRMM agent on CyndyOffice was a temporary + diagnostic tool, removed same-day. +- Flagged `[verify]`: Cyndy's full name/role; email platform for umint.com; Syncro tax-rate + assignment; the rest of the on-site environment (server? other workstations? network?). + +## Backlinks + +*(none yet)* diff --git a/wiki/index.md b/wiki/index.md index 7e37ca3..c3c1917 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -52,6 +52,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | [Universal Cryogenics](clients/ucryo.md) | New client onboarded 2026-06-02; ucryo.local DC (UC2-SERVER), 8 agents, 2019 TrickBot remediated, Backblaze TLS backup fix | 2026-06-02 | | [Sif-oidak District - Tohono O'odham Nation](clients/sif-oidak.md) | Tribal government; SifOidak.local AD domain; SIF-SERVER (primary DC) + SIF-SERVER2 + 2 laptops GuruRMM enrolled; M365 sifoidak.onmicrosoft.com onboarded 2026-06-03 (all 4 ACG MSP apps; 11/11 seats); not yet in CIPP; Syncro 7694718 | 2026-06-03 | | [Starr Pass Realty](clients/starr-pass.md) | Real estate; Syncro 153298; flat-rate ~$92.93/mo; starrpass.com M365 tenant (222450dd) onboarded 2026-06-10; sole M365 user sysadmin@starrpass.com (Brian Shinn); DNS on ACG IX; legacy Neptune mailbox cansley@devconllc.com; 2 Syncro assets | 2026-06-10 | +| [Universal Minerals International](clients/universal-minerals.md) | Minerals/commodities, Tucson AZ; Syncro 34844920; **break-fix, no prepaid/RMM**; CyndyOffice (HP Pavilion TP01, Win11 Home, QuickBooks Enterprise 22.0) intermittent hard-freeze (Kernel-Power 41, no dump = hardware/firmware) — BIOS F.38 + Fast Startup off + memtest passed 2026-06-10, PSU prime remaining suspect; QB messaging crash-loop repaired; ticket #32397 monitoring; temporary diagnostic RMM agent removed same-day | 2026-06-10 | ## Projects @@ -119,6 +120,7 @@ Run `/wiki-lint` to check for stale entries and broken backlinks. | Scileppi Law | Sylvias-Mini (M2 Mac mini) | GuruRMM (enrollment pending) | | Universal Cryogenics | UC2-SERVER (172.29.0.5, DC, guest VM); WIN-709JUVCJ2DQ (172.29.0.4, Hyper-V/Veeam, Dell PowerEdge 2950); 6 workstations (ucryo.local, 172.29.0.x) | GuruRMM (8 agents, site LIGHT-WOLF-2305) | | Wolkin Law | FRONT (10.147.19.199 ZeroTier, office PC, SMB share host); RSW-Laptop (10.147.19.54 ZeroTier, remote); DESKTOP-V1JT1SE (out of scope); RICOH printer (172.17.110.110); M365 rswolkin.com | GuruRMM (3 Win11 agents, client Wolkin, Robert/Main); ZeroTier mesh VPN 17d709436c834c9b | +| Universal Minerals International | CyndyOffice (HP Pavilion TP01-2xxx, Win11 Home, S/N 2MO21549RB) — break-fix; no managed infra documented | — (RMM agent was temporary, removed 2026-06-10) | ---