sync: auto-sync from HOWARD-HOME at 2026-06-25 19:20:21

Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-25 19:20:21
This commit is contained in:
2026-06-25 19:20:47 -07:00
parent d1de83a6d3
commit db73af2866
5 changed files with 86 additions and 54 deletions

View File

@@ -1,10 +0,0 @@
{
"success": true,
"message": "Scan started successfully",
"results": [
{
"type": "EDR",
"userTaskId": "632536cf-2534-4212-8c54-7a5f4daafc4e"
}
]
}

View File

@@ -1,42 +0,0 @@
{
"userId": "8aaa6ea7-c258-48a2-b393-d912c98cffe6",
"createdOn": "2026-06-25T22:20:20.380Z",
"endedOn": null,
"id": "632536cf-2534-4212-8c54-7a5f4daafc4e",
"message": "Scanning 1 host...",
"name": "Scanning Scan - EDR",
"data": {
"options": {
"driver": true,
"events": true,
"memory": true,
"module": true,
"account": true,
"process": true,
"artifact": true,
"autostart": true,
"installed": true,
"interfaces": false,
"application": true
},
"locationId": [
"c3ba0672-e6bb-4784-9a37-2f434fc6f08c"
],
"isPolicyScan": false,
"locationName": [
"[TEST] RMM-TEST-MACHINE"
],
"organizationId": "ac78844a-2d44-4c10-acc8-c9bcb6106346",
"organizationName": "Arizona Computer Guru"
},
"progress": 0,
"itemCount": 1,
"relatedId": "c3ba0672-e6bb-4784-9a37-2f434fc6f08c",
"jobId": null,
"agentId": null,
"startedOn": "2026-06-25T22:20:20.380Z",
"status": "Active",
"type": "Scan - EDR",
"stats": null,
"archived": false
}

View File

@@ -0,0 +1,80 @@
## User
- **User:** Howard Enos (howard)
- **Machine:** Howard-Home
- **Role:** tech
## Session Summary
Resolved a front-desk scanner failure at Wolkin Law: the Sharp MX-B557F could not scan to the `\\front\scans` SMB share and reported "invalid share name." Diagnosed the root cause as fragile workgroup name resolution — the office is a workgroup with no DNS/WINS authority for the hostname "front," so the name only resolves via broadcast (NetBIOS/LLMNR), which Bob's desktop happened to do but the scanner could not. The laptop additionally had a leftover hosts override (`10.147.19.199 FRONT`) from the ZeroTier remote-access setup that pinned the name to the ZT IP in-office.
Pinned FRONT to a static IP using its exact current values (`192.168.1.153/24`, gw `192.168.1.1`, dns `192.168.1.1`) via RMM so the scanner can target the IP reliably. The netsh change blipped the agent (status `interrupted`, "Agent restarted during execution") but it reconnected on the same IP; verified PrefixOrigin=Manual, DHCP=Disabled, gateway reachable. Identified the gateway as a Verizon Fios Router — no admin credentials in vault or 1Password, no remote recovery path (Fios uses a per-unit sticker password); recommended a DHCP reservation as the proper long-term fix once router access is obtained.
Verified the FRONT side was airtight before reconfiguring the scanner: `Scans` share exists (`C:\Scans`, Everyone+Administrators Full), `FRONT\Localadmin` enabled with non-expiring password and FullControl on `C:\Scans`. The user provided the scanner web-admin credential and later confirmed `FRONT\Localadmin` / `r3tr0gradE99#` as the SMB auth — both vaulted.
The user exported the printer settings (`exported.zip`, a Lexmark bundle — the MX-B557F is a rebadged Lexmark engine) and asked me to fix the scan destinations for re-import. Edited `esf_settings.xml`: removed the second broken eSF "Scan to Network" profile (`\\FRONT\Scans2` / Owner — Scans2 share does not exist), corrected the surviving profile to `192.168.1.153\Scans` (no leading `\\` per the device's SMB connector, per user), set username `localadmin` and added the password. Reduced `shortcuts.ucf` to one native one-touch shortcut (`DISPLAY=1`, `LABEL=Scan to Front`, `RUNIMMEDIATELY=1`) for a home-screen one-click scan. Repackaged as `exported-fixed.zip`. The user reported a post-import error on `deviceQuota` — confirmed benign (that app has `started=false`, so the device skips its settings; must NOT be started or it would enforce print quotas).
Finally created Syncro ticket #32465 (Emergency - scanner scan-to-folder repair) for Robert Wolkin, posted a public work-summary note, and invoiced 1.0 hr emergency remote at $225.00 (invoice #67885). Confirmed no prepaid block before billing.
## Key Decisions
- Set FRONT static with **identical** current values (not a new address) to eliminate blackout risk during the netsh change — the interface keeps the same IP/gw/dns, only the lease source changes.
- Pointed the scanner at the **IP** rather than fixing name resolution, because an IP needs no name resolution at all — the robust fix for an appliance on a nameless workgroup.
- Corrected eSF `de_network_address` to `192.168.1.153\Scans` **without** the leading `\\` per the user's instruction (the device's SMB connector prepends it). The native `shortcuts.ucf` keeps `FOLDERPATH=\\192.168.1.153` because that is the device's own export format for that different field.
- Removed the second eSF profile entirely (pointed at the nonexistent `Scans2` share as `Owner`) rather than repairing it — user wanted one profile.
- Did NOT hand-edit `homescreen.json` (FIXED layout) to add the home button — too risky to malform; used the UCF `DISPLAY=1`/`RUNIMMEDIATELY=1` shortcut instead and documented the panel-side fallback.
- Did NOT enable the `deviceQuota` app to clear its import warning — it is configured to enforce print/copy/scan quotas, so starting it would cause a real problem. Leaving it skipped is correct.
- Billed emergency remote at $225.00 (product 26184, qty 1.0) after confirming `prepay_hours: null` via the full customer GET (not the search result).
## Problems Encountered
- **netsh static IP blipped the RMM agent** — command returned `interrupted` ("Agent restarted during execution"). Resolved by waiting for reconnect (same IP) and re-reading config to confirm the static settings persisted.
- **PowerShell 5.1 lacked `-SkipCertificateCheck`** on the gateway/scanner HTTP fingerprint. Resolved by adding a `System.Net.ServicePointManager.CertificatePolicy` trust-all type.
- **First eSF instance-removal script matched 4 `<instance>` blocks**, not 2 — other eSF apps also use `<instance>`. Resolved by scoping the regex to the `ssa_network` `<app>` block before removing its 2nd instance; validated well-formed XML afterward.
- **`zip` not available in Git Bash.** Repackaged the bundle with .NET `System.IO.Compression.ZipFile.CreateFromDirectory` via PowerShell (files at archive root).
- **Post-import `deviceQuota` error** worried the user — confirmed pre-existing and benign (app `started=false`), unrelated to the scan edits.
## Configuration Changes
- **FRONT (`192.168.1.153`)** — Ethernet (Intel I219-V) converted from DHCP to **static**: `192.168.1.153/24`, gw `192.168.1.1`, dns `192.168.1.1`. DHCP disabled.
- **`C:\Users\Howard\Documents\ComputerGuru Connect v2\Files\exported-fixed.zip`** (new) — fixed Lexmark settings bundle. Original `exported.zip` left intact.
- `esf_settings.xml`: removed 2nd `ssa_network` instance (guid A8, "front desk scans" -> `\\FRONT\Scans2`/Owner); surviving instance (guid A25, "scans") -> `de_network_address=192.168.1.153\Scans`, `de_network_username=localadmin`, added `de_network_password`.
- `shortcuts.ucf`: reduced 2 shortcuts -> 1; `DISPLAY=1`, `LABEL=Scan to Front`, `FILENAME=Scan`, `RUNIMMEDIATELY=1`, `FOLDERPATH=\\192.168.1.153`, `NAME=Scans`, `USERNAME=localadmin`.
- **Vault** — created `clients/wolkin/sharp-mfp.sops.yaml`, `clients/wolkin/front-localadmin.sops.yaml` (both committed + pushed).
- **Wiki** — `wiki/clients/wolkin.md`: recorded FRONT static IP + MAC, scanner-must-use-IP detail, vault pointers, export-fix note.
## Credentials & Secrets
- **Sharp MX-B557F web admin (EWS)** `http://192.168.1.158``admin` / `r3tr0gradE99#`. Vault: `clients/wolkin/sharp-mfp.sops.yaml`.
- **FRONT\Localadmin** (Windows local admin on FRONT; scanner SMB auth to `\\192.168.1.153\Scans`) — `localadmin` / `r3tr0gradE99#` (same string as the MFP admin). Vault: `clients/wolkin/front-localadmin.sops.yaml`.
## Infrastructure & Servers
- **FRONT** — office print/file server. LAN `192.168.1.153` (now static), ZeroTier `10.147.19.199`. NIC Intel I219-V, MAC `A0:AD:9F:95:C4:01`. Win11 Home, workgroup. RMM agent id `877d311a-4b24-462c-97b1-d2a0f7730a71`.
- **Sharp MX-B557F** MFP — `192.168.1.158` (rebadged Lexmark; web server `Lexmark_Web_Server`, FW `MXTGW.081.215`). Print raw TCP 9100, print share `\\front\Sharp`. Scan-to-folder -> `\\192.168.1.153\Scans` as `FRONT\Localadmin`.
- **Gateway** — Verizon Fios Router `192.168.1.1`, MAC `74:90:BC:AD:C6:C5`, web admin 80/443. No credentials held.
- **`C:\Scans`** on FRONT — scan target. Share `Scans` ACL Everyone+Administrators Full; NTFS grants Localadmin/Owner/julie/Administrators/SYSTEM FullControl.
- Office LAN `192.168.1.0/24`; ZeroTier mesh `17d709436c834c9b` (10.147.19.0/24).
## Commands & Outputs
- Static IP: `netsh interface ipv4 set address name="Ethernet" static 192.168.1.153 255.255.255.0 192.168.1.1` + `set dnsservers ... static 192.168.1.1 primary`. Verified `PrefixOrigin=Manual`, `Dhcp=Disabled`, gateway reachable.
- Gateway/scanner fingerprint via FRONT `Invoke-WebRequest` with trust-all CertificatePolicy (PS 5.1 has no `-SkipCertificateCheck`).
- eSF instance removal scoped to `<app name="ssa_network">` block; XML validated with `xml.dom.minidom`.
- Repackage: `[System.IO.Compression.ZipFile]::CreateFromDirectory($src,$out,Optimal,$false)`.
## Pending / Incomplete Tasks
- **User to import `exported-fixed.zip`** via the EWS and run a test scan; confirm a PDF lands in `C:\Scans`. If auth fails, re-enter `localadmin`/`r3tr0gradE99#` on the panel once (export strips passwords).
- **Home-screen button:** if the "Scan to Front" shortcut does not auto-appear after import, add it via the panel (Home Screen Customization). `homescreen.json` was intentionally not edited.
- **DHCP reservation** for FRONT (`A0:AD:9F:95:C4:01` -> `.153`) on the Verizon Fios router once admin access is obtained; then optionally revert FRONT to DHCP so the router DNS re-registers "front" (restores `\\front` name resolution fleet-wide) and drop the stale `10.147.19.199 FRONT` hosts line on RSW-Laptop.
- **Offered:** live-watch `C:\Scans` via RMM during a test scan (not yet run).
- Pre-existing open follow-up: rotate `front\julie` (password transited RMM log during prior diagnosis).
## Reference Information
- Syncro ticket **#32465** (id `113088983`) — https://computerguru.syncromsp.com/tickets/113088983 — status Invoiced.
- Syncro invoice **#67885** (id `1650805533`) — $225.00, 1.0 hr emergency remote (product 26184).
- Customer: Wolkin, Robert (id `796910`), `prepay_hours: null` (no block).
- RMM: base `http://172.16.3.30:3001`; FRONT agent `877d311a-4b24-462c-97b1-d2a0f7730a71`.
- Vault: `clients/wolkin/sharp-mfp.sops.yaml`, `clients/wolkin/front-localadmin.sops.yaml`.
- Files: `C:\Users\Howard\Documents\ComputerGuru Connect v2\Files\exported.zip` (original), `exported-fixed.zip` (fixed).

View File

@@ -21,6 +21,8 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
2026-06-26 | GURU-BEAST-ROG | email-investigation | [correction] assumed tedards.net also uses GuruProtect/Inky; correct: only ACG uses Inky for inbound. Tedards routes directly to Exchange Online.
2026-06-26 | Howard-Home | rmm/acl | [friction] Set-Acl/icacls ACL propagation on a large folder tree (Carrie Documents) exceeded the RMM command timeout twice; because stdout is dropped on timeout, a randomly-generated password printed in the same script was lost each time. Fix: generate the password LOCALLY (retain it) and inject via placeholder, and run ACL propagation as a separate long-timeout (>=600s) command isolated from any value you need back. [ctx: host=REDNOURCARRIEVI skill=rmm op=Set-Acl]
2026-06-25 | Howard-Home | wiki-compile | [friction] Sonnet subagent hit 32k output-token cap regenerating full ~600-line article via Write; wrote nothing [ctx: fix=targeted staged edits of deltas for large existing articles, not full regen]
2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=raw]

View File

@@ -38,7 +38,7 @@ backlinks: []
| System | Role | ZeroTier IP | LAN IP | GuruRMM Status | Notes |
|--------|------|-------------|--------|----------------|-------|
| FRONT | Office PC / print + file server | 10.147.19.199 | 192.168.1.153 | Enrolled | Hosts SMB shares (canonical `C:\Shared Data\CLIENT FILES`), Sharp printer; VSS shadow copies on C: |
| FRONT | Office PC / print + file server | 10.147.19.199 | 192.168.1.153 (**static** since 2026-06-25; was DHCP) | Enrolled | Hosts SMB shares (canonical `C:\Shared Data\CLIENT FILES`), Sharp printer; VSS shadow copies on C:. NIC: Intel I219-V, MAC A0:AD:9F:95:C4:01 |
| RSW-Laptop | Julie's remote laptop | 10.147.19.54 | N/A | Enrolled | Windows remote worker |
| DESKTOP-V1JT1SE | Bob's personal desktop | (not recorded) | (not recorded) | Enrolled | Owner's workstation |
@@ -79,11 +79,13 @@ backlinks: []
- `\\front\ClientFiles``C:\Shared Data\CLIENT FILES` (canonical 413-matter repo; corrected 2026-06-08, share ACL Authenticated Users, `front\julie` NTFS Modify)
- `\\front\Forms``C:\Users\Owner\OneDrive\Desktop\Forms`
- `\\front\Pleadings``C:\Users\Owner\OneDrive\Desktop\Pleading Forms and Filing`
- `\\front\Scans``C:\Scans`
- `\\front\Scans``C:\Scans` (share ACL Everyone:Full; **Sharp MFP scans here authenticating as `FRONT\Localadmin`**). The Sharp MX-B557F scan-to-folder destination must use **IP `192.168.1.153`** in the host field + share path `Scans` (NOT `\\front\scans` — name resolution is unreliable on this workgroup LAN: `\\front` resolves for DESKTOP-V1JT1SE but not for the scanner, and RSW-Laptop has a hosts override `10.147.19.199 FRONT` that points it at ZeroTier in-office). FRONT pinned to static .153 (2026-06-25) so the IP never drifts.
- `\\front\Sharp` → Sharp MX-B557F print share
## Access
- **FRONT\julie** (local Windows acct on both FRONT and RSW-Laptop; used for laptop→FRONT SMB/print auth): vault **`clients/wolkin/front-julie.sops.yaml`** (vaulted 2026-06-11).
- **FRONT\Localadmin** (local admin on FRONT; used by the **Sharp scanner** to auth to `\\192.168.1.153\Scans`): vault **`clients/wolkin/front-localadmin.sops.yaml`** (vaulted 2026-06-25). Password is the SAME string as the Sharp MFP web-admin.
- **Sharp MX-B557F MFP web admin** (`http://192.168.1.158`, rebadged Lexmark): vault **`clients/wolkin/sharp-mfp.sops.yaml`** (vaulted 2026-06-25). The settings export (ComputerGuru Connect) was edited 2026-06-25 to fix the scan-to-folder profile: eSF `de_network_address` `front\scans`/`\\FRONT\Scans2` -> `192.168.1.153\Scans` (no `\\` — the device's SMB connector adds it), single `localadmin` profile, plus a one-touch home-screen native shortcut. Re-import via the EWS.
- **M365 users** (robert@ / julie@ rswolkin.com): vault **`clients/wolkin/m365-users.sops.yaml`** (vaulted 2026-06-11; previously plaintext in the retired wolkin-law.md).
- **RDP/SSH:** None configured. **ScreenConnect:** used for hands-on (the GuruRMM agent cannot set local passwords — see Patterns).
- **VPN:** ZeroTier mesh `17d709436c834c9b` (10.147.19.0/24) — front 10.147.19.199, RSW-Laptop 10.147.19.54. `front` resolves via a hosts entry on the laptop (`10.147.19.199 FRONT`).