|
|
|
|
@@ -0,0 +1,80 @@
|
|
|
|
|
## User
|
|
|
|
|
- **User:** Howard Enos (howard)
|
|
|
|
|
- **Machine:** Howard-Home
|
|
|
|
|
- **Role:** tech
|
|
|
|
|
|
|
|
|
|
## Session Summary
|
|
|
|
|
|
|
|
|
|
Resolved a front-desk scanner failure at Wolkin Law: the Sharp MX-B557F could not scan to the `\\front\scans` SMB share and reported "invalid share name." Diagnosed the root cause as fragile workgroup name resolution — the office is a workgroup with no DNS/WINS authority for the hostname "front," so the name only resolves via broadcast (NetBIOS/LLMNR), which Bob's desktop happened to do but the scanner could not. The laptop additionally had a leftover hosts override (`10.147.19.199 FRONT`) from the ZeroTier remote-access setup that pinned the name to the ZT IP in-office.
|
|
|
|
|
|
|
|
|
|
Pinned FRONT to a static IP using its exact current values (`192.168.1.153/24`, gw `192.168.1.1`, dns `192.168.1.1`) via RMM so the scanner can target the IP reliably. The netsh change blipped the agent (status `interrupted`, "Agent restarted during execution") but it reconnected on the same IP; verified PrefixOrigin=Manual, DHCP=Disabled, gateway reachable. Identified the gateway as a Verizon Fios Router — no admin credentials in vault or 1Password, no remote recovery path (Fios uses a per-unit sticker password); recommended a DHCP reservation as the proper long-term fix once router access is obtained.
|
|
|
|
|
|
|
|
|
|
Verified the FRONT side was airtight before reconfiguring the scanner: `Scans` share exists (`C:\Scans`, Everyone+Administrators Full), `FRONT\Localadmin` enabled with non-expiring password and FullControl on `C:\Scans`. The user provided the scanner web-admin credential and later confirmed `FRONT\Localadmin` / `r3tr0gradE99#` as the SMB auth — both vaulted.
|
|
|
|
|
|
|
|
|
|
The user exported the printer settings (`exported.zip`, a Lexmark bundle — the MX-B557F is a rebadged Lexmark engine) and asked me to fix the scan destinations for re-import. Edited `esf_settings.xml`: removed the second broken eSF "Scan to Network" profile (`\\FRONT\Scans2` / Owner — Scans2 share does not exist), corrected the surviving profile to `192.168.1.153\Scans` (no leading `\\` per the device's SMB connector, per user), set username `localadmin` and added the password. Reduced `shortcuts.ucf` to one native one-touch shortcut (`DISPLAY=1`, `LABEL=Scan to Front`, `RUNIMMEDIATELY=1`) for a home-screen one-click scan. Repackaged as `exported-fixed.zip`. The user reported a post-import error on `deviceQuota` — confirmed benign (that app has `started=false`, so the device skips its settings; must NOT be started or it would enforce print quotas).
|
|
|
|
|
|
|
|
|
|
Finally created Syncro ticket #32465 (Emergency - scanner scan-to-folder repair) for Robert Wolkin, posted a public work-summary note, and invoiced 1.0 hr emergency remote at $225.00 (invoice #67885). Confirmed no prepaid block before billing.
|
|
|
|
|
|
|
|
|
|
## Key Decisions
|
|
|
|
|
|
|
|
|
|
- Set FRONT static with **identical** current values (not a new address) to eliminate blackout risk during the netsh change — the interface keeps the same IP/gw/dns, only the lease source changes.
|
|
|
|
|
- Pointed the scanner at the **IP** rather than fixing name resolution, because an IP needs no name resolution at all — the robust fix for an appliance on a nameless workgroup.
|
|
|
|
|
- Corrected eSF `de_network_address` to `192.168.1.153\Scans` **without** the leading `\\` per the user's instruction (the device's SMB connector prepends it). The native `shortcuts.ucf` keeps `FOLDERPATH=\\192.168.1.153` because that is the device's own export format for that different field.
|
|
|
|
|
- Removed the second eSF profile entirely (pointed at the nonexistent `Scans2` share as `Owner`) rather than repairing it — user wanted one profile.
|
|
|
|
|
- Did NOT hand-edit `homescreen.json` (FIXED layout) to add the home button — too risky to malform; used the UCF `DISPLAY=1`/`RUNIMMEDIATELY=1` shortcut instead and documented the panel-side fallback.
|
|
|
|
|
- Did NOT enable the `deviceQuota` app to clear its import warning — it is configured to enforce print/copy/scan quotas, so starting it would cause a real problem. Leaving it skipped is correct.
|
|
|
|
|
- Billed emergency remote at $225.00 (product 26184, qty 1.0) after confirming `prepay_hours: null` via the full customer GET (not the search result).
|
|
|
|
|
|
|
|
|
|
## Problems Encountered
|
|
|
|
|
|
|
|
|
|
- **netsh static IP blipped the RMM agent** — command returned `interrupted` ("Agent restarted during execution"). Resolved by waiting for reconnect (same IP) and re-reading config to confirm the static settings persisted.
|
|
|
|
|
- **PowerShell 5.1 lacked `-SkipCertificateCheck`** on the gateway/scanner HTTP fingerprint. Resolved by adding a `System.Net.ServicePointManager.CertificatePolicy` trust-all type.
|
|
|
|
|
- **First eSF instance-removal script matched 4 `<instance>` blocks**, not 2 — other eSF apps also use `<instance>`. Resolved by scoping the regex to the `ssa_network` `<app>` block before removing its 2nd instance; validated well-formed XML afterward.
|
|
|
|
|
- **`zip` not available in Git Bash.** Repackaged the bundle with .NET `System.IO.Compression.ZipFile.CreateFromDirectory` via PowerShell (files at archive root).
|
|
|
|
|
- **Post-import `deviceQuota` error** worried the user — confirmed pre-existing and benign (app `started=false`), unrelated to the scan edits.
|
|
|
|
|
|
|
|
|
|
## Configuration Changes
|
|
|
|
|
|
|
|
|
|
- **FRONT (`192.168.1.153`)** — Ethernet (Intel I219-V) converted from DHCP to **static**: `192.168.1.153/24`, gw `192.168.1.1`, dns `192.168.1.1`. DHCP disabled.
|
|
|
|
|
- **`C:\Users\Howard\Documents\ComputerGuru Connect v2\Files\exported-fixed.zip`** (new) — fixed Lexmark settings bundle. Original `exported.zip` left intact.
|
|
|
|
|
- `esf_settings.xml`: removed 2nd `ssa_network` instance (guid A8, "front desk scans" -> `\\FRONT\Scans2`/Owner); surviving instance (guid A25, "scans") -> `de_network_address=192.168.1.153\Scans`, `de_network_username=localadmin`, added `de_network_password`.
|
|
|
|
|
- `shortcuts.ucf`: reduced 2 shortcuts -> 1; `DISPLAY=1`, `LABEL=Scan to Front`, `FILENAME=Scan`, `RUNIMMEDIATELY=1`, `FOLDERPATH=\\192.168.1.153`, `NAME=Scans`, `USERNAME=localadmin`.
|
|
|
|
|
- **Vault** — created `clients/wolkin/sharp-mfp.sops.yaml`, `clients/wolkin/front-localadmin.sops.yaml` (both committed + pushed).
|
|
|
|
|
- **Wiki** — `wiki/clients/wolkin.md`: recorded FRONT static IP + MAC, scanner-must-use-IP detail, vault pointers, export-fix note.
|
|
|
|
|
|
|
|
|
|
## Credentials & Secrets
|
|
|
|
|
|
|
|
|
|
- **Sharp MX-B557F web admin (EWS)** `http://192.168.1.158` — `admin` / `r3tr0gradE99#`. Vault: `clients/wolkin/sharp-mfp.sops.yaml`.
|
|
|
|
|
- **FRONT\Localadmin** (Windows local admin on FRONT; scanner SMB auth to `\\192.168.1.153\Scans`) — `localadmin` / `r3tr0gradE99#` (same string as the MFP admin). Vault: `clients/wolkin/front-localadmin.sops.yaml`.
|
|
|
|
|
|
|
|
|
|
## Infrastructure & Servers
|
|
|
|
|
|
|
|
|
|
- **FRONT** — office print/file server. LAN `192.168.1.153` (now static), ZeroTier `10.147.19.199`. NIC Intel I219-V, MAC `A0:AD:9F:95:C4:01`. Win11 Home, workgroup. RMM agent id `877d311a-4b24-462c-97b1-d2a0f7730a71`.
|
|
|
|
|
- **Sharp MX-B557F** MFP — `192.168.1.158` (rebadged Lexmark; web server `Lexmark_Web_Server`, FW `MXTGW.081.215`). Print raw TCP 9100, print share `\\front\Sharp`. Scan-to-folder -> `\\192.168.1.153\Scans` as `FRONT\Localadmin`.
|
|
|
|
|
- **Gateway** — Verizon Fios Router `192.168.1.1`, MAC `74:90:BC:AD:C6:C5`, web admin 80/443. No credentials held.
|
|
|
|
|
- **`C:\Scans`** on FRONT — scan target. Share `Scans` ACL Everyone+Administrators Full; NTFS grants Localadmin/Owner/julie/Administrators/SYSTEM FullControl.
|
|
|
|
|
- Office LAN `192.168.1.0/24`; ZeroTier mesh `17d709436c834c9b` (10.147.19.0/24).
|
|
|
|
|
|
|
|
|
|
## Commands & Outputs
|
|
|
|
|
|
|
|
|
|
- Static IP: `netsh interface ipv4 set address name="Ethernet" static 192.168.1.153 255.255.255.0 192.168.1.1` + `set dnsservers ... static 192.168.1.1 primary`. Verified `PrefixOrigin=Manual`, `Dhcp=Disabled`, gateway reachable.
|
|
|
|
|
- Gateway/scanner fingerprint via FRONT `Invoke-WebRequest` with trust-all CertificatePolicy (PS 5.1 has no `-SkipCertificateCheck`).
|
|
|
|
|
- eSF instance removal scoped to `<app name="ssa_network">` block; XML validated with `xml.dom.minidom`.
|
|
|
|
|
- Repackage: `[System.IO.Compression.ZipFile]::CreateFromDirectory($src,$out,Optimal,$false)`.
|
|
|
|
|
|
|
|
|
|
## Pending / Incomplete Tasks
|
|
|
|
|
|
|
|
|
|
- **User to import `exported-fixed.zip`** via the EWS and run a test scan; confirm a PDF lands in `C:\Scans`. If auth fails, re-enter `localadmin`/`r3tr0gradE99#` on the panel once (export strips passwords).
|
|
|
|
|
- **Home-screen button:** if the "Scan to Front" shortcut does not auto-appear after import, add it via the panel (Home Screen Customization). `homescreen.json` was intentionally not edited.
|
|
|
|
|
- **DHCP reservation** for FRONT (`A0:AD:9F:95:C4:01` -> `.153`) on the Verizon Fios router once admin access is obtained; then optionally revert FRONT to DHCP so the router DNS re-registers "front" (restores `\\front` name resolution fleet-wide) and drop the stale `10.147.19.199 FRONT` hosts line on RSW-Laptop.
|
|
|
|
|
- **Offered:** live-watch `C:\Scans` via RMM during a test scan (not yet run).
|
|
|
|
|
- Pre-existing open follow-up: rotate `front\julie` (password transited RMM log during prior diagnosis).
|
|
|
|
|
|
|
|
|
|
## Reference Information
|
|
|
|
|
|
|
|
|
|
- Syncro ticket **#32465** (id `113088983`) — https://computerguru.syncromsp.com/tickets/113088983 — status Invoiced.
|
|
|
|
|
- Syncro invoice **#67885** (id `1650805533`) — $225.00, 1.0 hr emergency remote (product 26184).
|
|
|
|
|
- Customer: Wolkin, Robert (id `796910`), `prepay_hours: null` (no block).
|
|
|
|
|
- RMM: base `http://172.16.3.30:3001`; FRONT agent `877d311a-4b24-462c-97b1-d2a0f7730a71`.
|
|
|
|
|
- Vault: `clients/wolkin/sharp-mfp.sops.yaml`, `clients/wolkin/front-localadmin.sops.yaml`.
|
|
|
|
|
- Files: `C:\Users\Howard\Documents\ComputerGuru Connect v2\Files\exported.zip` (original), `exported-fixed.zip` (fixed).
|