azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from HOWARD-HOME at 2026-05-06 15:10:59

Browse Source 
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-05-06 15:10:59
This commit is contained in:
Howard Enos
2026-05-06 15:11:04 -07:00
parent 4da4e5bac5
commit d63dcde679
6 changed files with 175 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
clients/cascades-tucson/session-logs/2026-05-06-howard-lauren-teams-john-email-diagnostic.md
View File

@@ -91,3 +91,17 @@ Two FYIs from today:
- Remediation tool: Security Investigator app (`bfbc12a4-...`), Graph + EXO read scopes only. Token cached at `/tmp/remediation-tool/207fa277-e9d8-4eb7-ada1-1064d2221498/`.
- No write actions taken on any tenant.
## 4. Cascades 4-UPS install billing -- ticket #32101 (later same day)
Closed out the long-running "Estimate - UPS/battery back ups" ticket #32101. Hardware (4x CyberPower 500v/300w UPS @ $399.99 + 1x APC UPS 1500 @ $889.99) had already been invoiced on 2026-04-03 (invoice #67341). Howard had performed the four mechanical-room installs (1st through 4th floor, each protecting that floor's UniFi switch; 1st floor also protects the phone switches); installed the larger Memory Care unit several days earlier separately.
Billed onsite labor only -- 4 installs x 0.5 hr = 2.0 hrs at product `26118` Labor - Onsite Business ($175/hr) -- against Cascades' prepay block. No emergency multiplier (regular onsite work).
- Comment posted (customer-visible)
- Timer 39053175, charged -> line item 42328604 (1.0 line, 2.0 qty, $350 total)
- Invoice #67569 created at $0 (fully covered by prepay)
- Cascades prepay: 48.5 -> **46.5 hrs** (2.0 debited)
- Ticket status: Waiting for Parts -> Invoiced
Memory Care install was excluded from this billing per Howard's direction (confirmed: 4 installs, not 5).

48
clients/horseshoe-management/session-logs/2026-05-06-howard-ups-bypass-relay-fault-onsite.md Normal file
View File

@@ -0,0 +1,48 @@
# Horseshoe Management -- APC Smart-UPS bypass relay fault -- 2026-05-06
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home
- **Role:** tech
## Summary
Onsite emergency response for Horseshoe Management (Bill Young). APC Smart-UPS 1350 was throwing a "P.17" / Event 17 error -- this is the APC code for **Bypass Relay Weld fault**, where the internal transfer relay has stuck and the unit can no longer switch between line power and battery power.
Cleared the error via a full power-cycle: disconnected all loads, unplugged the UPS from the wall, removed the batteries, held the power button for 10 seconds to discharge residual capacitance, reinstalled the batteries, plugged back in, reconnected loads, powered everything up. Error code cleared and the UPS is now operating normally.
**Underlying concern:** This site has now gone through several batteries and two complete UPS units, all reporting battery-related errors. That pattern doesn't fit normal battery wear -- it points to a likely **electrical issue at the wall outlet or branch circuit** feeding this equipment (voltage irregularities, poor grounding, or a shared circuit with a high-draw load). Recommended (in the customer-visible resolution comment on the ticket) that they have a licensed electrician verify the wiring before purchasing more batteries / replacement units.
## Ticket + billing
- **Ticket:** Syncro #32256 -- "Emergency onsite - Server making strange noise" (the ticket subject was set when the call came in; actual issue was the UPS, not the server)
- **Customer:** Horseshoe Management (Bill Young, Syncro 625269), 2325 E Grant Rd, Tucson
- **Time:** 1.0 hr emergency onsite
- **Customer has prepay block:** 33.25 hrs at start of session
Per the Syncro emergency-billing branch for prepay customers: bill Onsite Business (`26118`, $175/hr) at `qty = actual_hours x 1.5`, NOT the Emergency product `26184`. Stacking would double-count the time-and-a-half. So:
- Product: `26118` Labor - Onsite Business
- Qty: 1.5 hrs (1.0 actual x 1.5 emergency multiplier)
- Rate: $175/hr
- Line total: $262.50 (debits 1.5 hrs from prepay block; customer owes $0)
- Invoice: #67568, total $0.00 (fully covered by prepay)
- Prepay balance after: 33.25 -> **31.75 hrs**
- Ticket status: New -> Invoiced
## Findings to flag
1. **Repeat battery / UPS failures point to electrical issue.** Recommended electrician evaluation in the customer-visible resolution comment on ticket #32256. Worth following up with Bill in a few days to confirm whether they've engaged an electrician.
2. **Stale plaintext credentials in customer notes.** While billing this ticket, noticed the Syncro customer record's free-text notes field contains plaintext passwords for Donna, Bill, Randy, Frank, Sam, "Bill Server", and -- most concerning -- the M365 admin password (`Bill@horseshoemgt.com / Passw0rd!`). These should be migrated to the SOPS vault under `clients/horseshoe-management/` and stripped from Syncro. Not urgent for today's ticket but a real exposure.
## Files / state changes
- Syncro ticket #32256 closed out (comment, timer, line item, invoice, status -> Invoiced).
- No file changes in this repo.
- No on-site config changes beyond the UPS power-cycle.
## Tools used
- Onsite physical work: UPS power-cycle.
- Syncro REST API: comment + timer_entry + charge_timer_entry + invoice (1.5 hr emergency-on-prepay billing pattern).

84
clients/sombra-residential/session-logs/2026-05-06-howard-bryan-sombrahomes-ghost-account-cleanup.md Normal file
View File

@@ -0,0 +1,84 @@
# Sombra Residential -- Bryan sombrahomes ghost account cleanup -- 2026-05-06
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home
- **Role:** tech
## Summary
Amy at Sombra Residential called reporting that Word would not close on Bryan's PC (DESKTOP-UQRN4K3, one of the two new computers we set up the week prior). The error stated "Word could not close because it had an open dialog box" but no dialog was visible. Howard force-closed Word via Task Manager, reopened it, and saw a credential prompt asking for `bryan@sombrahomes.com` -- the company's old email domain from before the rebrand to `sombraresidential.com`. Same prompt appeared on opening Excel. New Outlook app worked fine.
Investigation traced the prompts to stale Microsoft 365 identity references that Transwiz had carried over from Bryan's old machine during the new-PC setup, all bound to the pre-rebrand `bryan@sombrahomes.com` account. Removed the stale data in stages, with full backups + auto-generated revert scripts at each step. After the final cleanup pass (classic MAPI Outlook profiles, both 15.0 and 16.0 trees), the prompts stopped. Verified by Howard with all Office apps + reboot + retest.
Total time on the issue: ~30 min remote diagnostic + cleanup. Billed against ticket #32225 (the original new-PC setup ticket) as **warranty / no-charge** -- the issue is a direct side effect of the data transfer we performed during that ticket. New invoice #67572 generated at $0 against the warranty product.
## Customer + machine context
- **Customer:** Sombra Residential LLC (Syncro customer 32971820)
- **Caller:** Amy
- **Affected user:** Bryan Menie -- accounts now `bryan@sombraresidential.com`, formerly `bryan@sombrahomes.com`
- **Machine:** DESKTOP-UQRN4K3
- **Bryan's SID:** `S-1-5-21-2758790109-566389284-3601084329-1002`
- **GuruRMM agent ID:** `6dc0fb03-d6c4-4e3e-a58c-d9d015ff588a` (site `787d497a-eb1d-4468-a8ac-51d3c23954cb` "main office")
- **Office product:** OneNote Free + O365 Business Retail, Click-to-Run, version 16.0.19929.20106
## Diagnostic findings
The ghost prompts came from data Transwiz had carried over wholesale from Bryan's old machine. Key root cause: company rebranded `sombrahomes.com` -> `sombraresidential.com` at some point post-2022, but Bryan's classic Office identity store still had the old `bryan@sombrahomes.com` LiveId entries persisted (`ErrorState=6` -- stuck token, can't refresh). Office apps walk that store on startup and try to refresh the dead tokens, which is what surfaced as a credential prompt.
Notable diagnostic data points (from probe runs via GuruRMM):
| Probe pass | Key finding |
|---|---|
| v1 (HKCU as SYSTEM) | Empty -- agent runs as `nt authority\system`, so HKCU was the SYSTEM hive, not Bryan's. Confirmed HKLM was clean (413 MB dump, 0 matches). |
| v3 (HKU\<bryan-sid>) | Found stale `8a2ca986c32435e4_LiveId` in `Office\15.0\Common\Identity\` with `EmailAddress=bryan@sombrahomes.com`. Plus AutoDiscover XMLs and PB4S config files. |
| v4b (HKU full grep) | Word/Excel kept prompting after first cleanup; full hive grep found additional refs in `Office\15.0\Common\ServicesManagerCache\Identities\8a2ca986c32435e4_LiveId\` (the splash-screen "connected accounts" cache) and in classic MAPI Outlook profiles `Outlook` + `Outlook20221013` under both 15.0 and 16.0 trees, all bound to the old account. |
The new Outlook app uses WAM tokens (separate from classic config) and was correctly authenticated with `bryan@sombraresidential.com` (19 valid `.tbacct` files). That's why only Word and Excel showed the ghost prompt and the new Outlook app did not.
## Cleanup performed
Three cleanup passes, each with snapshot-first backup + auto-generated `revert.ps1` + manifest.json under `C:\ProgramData\ACG\sombrahomes-cleanup-<timestamp>\`. Office processes confirmed closed before each pass (script refused to run otherwise).
| Pass | Backup folder | Targets removed |
|---|---|---|
| v2 | `sombrahomes-cleanup-20260506-135723` | 3 reg keys (`Office\15.0\Common\Identity\Identities\8a2ca986c32435e4_LiveId`, `Profiles\8a2ca986c32435e4_LiveId`, `DocToIdMapping\8a2ca986c32435e4_LiveId`) + 2 files (`AutoD.bryan@sombrahomes.com.xml`, `PB4S-Configuration-bryan@sombrahomes.com.xml`) |
| v3 | `sombrahomes-cleanup-20260506-142613` | `ServicesManagerCache\Identities\8a2ca986c32435e4_LiveId` + `MSOIdentityCRL\UserExtendedProperties\microsoftonline.com::customerservice@sombrahomes.com` + OneAuth `Bryan@SombraHomes.com_identity_provider` blob |
| v4 | `sombrahomes-cleanup-20260506-143518` | 4 classic MAPI Outlook profiles (`Outlook` + `Outlook20221013` in both 15.0 and 16.0 trees, total ~245 KB of registry data) |
After v3 the prompt persisted in Word/Excel only; v4 cleared it. Howard verified after v4: opened Word, Excel, all other Office apps, rebooted, retested -- no prompts. New Outlook app continues working with `bryan@sombraresidential.com`.
Each backup folder contains a self-contained `revert.ps1` that re-imports all registry exports and copies files back. Reverting any single pass is one command.
## Billing
| Ticket | Comment | Time | Product | Invoice | Total |
|---|---|---|---|---|---|
| #32225 | Customer-visible follow-up describing issue + cleanup | 0.5 hr | `1049360` Labor- Warranty work | #67572 | $0.00 (warranty) |
Initial billing attempt (now corrected) had used product `1190473` Labor - Remote Business with `billable: false` and patched the price to $0. Howard caught it -- warranty has its own dedicated product (`1049360` Labor- Warranty work) and that's what should be selected. Patching `price_retail` to convert one labor product into another is wrong. Fixed: removed wrong line + timer, regenerated against the correct warranty product. Documented as `feedback_syncro_warranty_product.md`; updated `.claude/commands/syncro.md` rate table + workflow.
## Files / state changes
- `C:\ProgramData\ACG\sombrahomes-cleanup-20260506-*` -- 3 backup folders on Bryan's PC. All three include manifest.json + revert.ps1.
- Local cleanup scripts staged at `C:\claudetools\.claude\tmp\sombra-cleanup-v2.ps1` / `v3.ps1` / `v4.ps1` (and probes v1-v4b). Not committed -- one-off diagnostic.
- New feedback memory: `.claude/memory/feedback_syncro_warranty_product.md`
- Updated: `.claude/commands/syncro.md` (rate table + warranty workflow + never-patch-price rule)
- Updated: `.claude/memory/MEMORY.md` (index entry)
## Note for Mike + Winter
Couple of observations from this session that may be relevant elsewhere:
1. **Transwiz drag-along:** Whenever we use Transwiz on a domain-rebranded shop, expect this exact ghost-account symptom on the destination machine. Quickest indicator: classic Office MAPI profile name, `HKU\<sid>\Software\Microsoft\Office\16.0\Outlook\DefaultProfile`, and the ServicesManagerCache LiveId entries. Worth adding a "post-Transwiz Office identity sweep" step to our new-PC checklist.
2. **GuruRMM SYSTEM context:** The agent runs as `nt authority\system`. Probes that read `HKCU` or `$env:USERPROFILE` will hit SYSTEM's hive/profile, not the actual user's. For per-user investigations, resolve the target user's SID via `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList` and read from `HKU:\<sid>\` and `C:\Users\<user>\` directly.
3. **Syncro `billable: false` on `timer_entry` is silently ignored.** Setting `billable: false` does NOT prevent Syncro from generating a $-charged line item. The skill memory has been updated to reflect this -- always pick the correct product (warranty for warranty, etc.) rather than trying to neutralize a billable product with a flag or a patched price.
## Tools used
- GuruRMM: agent command POST + result polling. Read-only probes + targeted cleanup commands. SYSTEM context.
- Syncro REST API: ticket comment, timer_entry, charge_timer_entry, invoice CRUD.
- No write actions on any M365 tenant.