From db73af2866d9b290aa23bd90b281cdc42c509492 Mon Sep 17 00:00:00 2001 From: Howard Enos Date: Thu, 25 Jun 2026 19:20:47 -0700 Subject: [PATCH] sync: auto-sync from HOWARD-HOME at 2026-06-25 19:20:21 Author: Howard Enos Machine: HOWARD-HOME Timestamp: 2026-06-25 19:20:21 --- .edr_scan_resp.json | 10 --- .edr_task.json | 42 ---------- ...-scanner-scan-to-folder-front-static-ip.md | 80 +++++++++++++++++++ errorlog.md | 2 + wiki/clients/wolkin.md | 6 +- 5 files changed, 86 insertions(+), 54 deletions(-) delete mode 100644 .edr_scan_resp.json delete mode 100644 .edr_task.json create mode 100644 clients/wolkin/session-logs/2026-06/2026-06-25-howard-scanner-scan-to-folder-front-static-ip.md diff --git a/.edr_scan_resp.json b/.edr_scan_resp.json deleted file mode 100644 index 9c8a4765..00000000 --- a/.edr_scan_resp.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "success": true, - "message": "Scan started successfully", - "results": [ - { - "type": "EDR", - "userTaskId": "632536cf-2534-4212-8c54-7a5f4daafc4e" - } - ] -} diff --git a/.edr_task.json b/.edr_task.json deleted file mode 100644 index ee85f85e..00000000 --- a/.edr_task.json +++ /dev/null @@ -1,42 +0,0 @@ -{ - "userId": "8aaa6ea7-c258-48a2-b393-d912c98cffe6", - "createdOn": "2026-06-25T22:20:20.380Z", - "endedOn": null, - "id": "632536cf-2534-4212-8c54-7a5f4daafc4e", - "message": "Scanning 1 host...", - "name": "Scanning Scan - EDR", - "data": { - "options": { - "driver": true, - "events": true, - "memory": true, - "module": true, - "account": true, - "process": true, - "artifact": true, - "autostart": true, - "installed": true, - "interfaces": false, - "application": true - }, - "locationId": [ - "c3ba0672-e6bb-4784-9a37-2f434fc6f08c" - ], - "isPolicyScan": false, - "locationName": [ - "[TEST] RMM-TEST-MACHINE" - ], - "organizationId": "ac78844a-2d44-4c10-acc8-c9bcb6106346", - "organizationName": "Arizona Computer Guru" - }, - "progress": 0, - "itemCount": 1, - "relatedId": "c3ba0672-e6bb-4784-9a37-2f434fc6f08c", - "jobId": null, - "agentId": null, - "startedOn": "2026-06-25T22:20:20.380Z", - "status": "Active", - "type": "Scan - EDR", - "stats": null, - "archived": false -} diff --git a/clients/wolkin/session-logs/2026-06/2026-06-25-howard-scanner-scan-to-folder-front-static-ip.md b/clients/wolkin/session-logs/2026-06/2026-06-25-howard-scanner-scan-to-folder-front-static-ip.md new file mode 100644 index 00000000..0856e02c --- /dev/null +++ b/clients/wolkin/session-logs/2026-06/2026-06-25-howard-scanner-scan-to-folder-front-static-ip.md @@ -0,0 +1,80 @@ +## User +- **User:** Howard Enos (howard) +- **Machine:** Howard-Home +- **Role:** tech + +## Session Summary + +Resolved a front-desk scanner failure at Wolkin Law: the Sharp MX-B557F could not scan to the `\\front\scans` SMB share and reported "invalid share name." Diagnosed the root cause as fragile workgroup name resolution — the office is a workgroup with no DNS/WINS authority for the hostname "front," so the name only resolves via broadcast (NetBIOS/LLMNR), which Bob's desktop happened to do but the scanner could not. The laptop additionally had a leftover hosts override (`10.147.19.199 FRONT`) from the ZeroTier remote-access setup that pinned the name to the ZT IP in-office. + +Pinned FRONT to a static IP using its exact current values (`192.168.1.153/24`, gw `192.168.1.1`, dns `192.168.1.1`) via RMM so the scanner can target the IP reliably. The netsh change blipped the agent (status `interrupted`, "Agent restarted during execution") but it reconnected on the same IP; verified PrefixOrigin=Manual, DHCP=Disabled, gateway reachable. Identified the gateway as a Verizon Fios Router — no admin credentials in vault or 1Password, no remote recovery path (Fios uses a per-unit sticker password); recommended a DHCP reservation as the proper long-term fix once router access is obtained. + +Verified the FRONT side was airtight before reconfiguring the scanner: `Scans` share exists (`C:\Scans`, Everyone+Administrators Full), `FRONT\Localadmin` enabled with non-expiring password and FullControl on `C:\Scans`. The user provided the scanner web-admin credential and later confirmed `FRONT\Localadmin` / `r3tr0gradE99#` as the SMB auth — both vaulted. + +The user exported the printer settings (`exported.zip`, a Lexmark bundle — the MX-B557F is a rebadged Lexmark engine) and asked me to fix the scan destinations for re-import. Edited `esf_settings.xml`: removed the second broken eSF "Scan to Network" profile (`\\FRONT\Scans2` / Owner — Scans2 share does not exist), corrected the surviving profile to `192.168.1.153\Scans` (no leading `\\` per the device's SMB connector, per user), set username `localadmin` and added the password. Reduced `shortcuts.ucf` to one native one-touch shortcut (`DISPLAY=1`, `LABEL=Scan to Front`, `RUNIMMEDIATELY=1`) for a home-screen one-click scan. Repackaged as `exported-fixed.zip`. The user reported a post-import error on `deviceQuota` — confirmed benign (that app has `started=false`, so the device skips its settings; must NOT be started or it would enforce print quotas). + +Finally created Syncro ticket #32465 (Emergency - scanner scan-to-folder repair) for Robert Wolkin, posted a public work-summary note, and invoiced 1.0 hr emergency remote at $225.00 (invoice #67885). Confirmed no prepaid block before billing. + +## Key Decisions + +- Set FRONT static with **identical** current values (not a new address) to eliminate blackout risk during the netsh change — the interface keeps the same IP/gw/dns, only the lease source changes. +- Pointed the scanner at the **IP** rather than fixing name resolution, because an IP needs no name resolution at all — the robust fix for an appliance on a nameless workgroup. +- Corrected eSF `de_network_address` to `192.168.1.153\Scans` **without** the leading `\\` per the user's instruction (the device's SMB connector prepends it). The native `shortcuts.ucf` keeps `FOLDERPATH=\\192.168.1.153` because that is the device's own export format for that different field. +- Removed the second eSF profile entirely (pointed at the nonexistent `Scans2` share as `Owner`) rather than repairing it — user wanted one profile. +- Did NOT hand-edit `homescreen.json` (FIXED layout) to add the home button — too risky to malform; used the UCF `DISPLAY=1`/`RUNIMMEDIATELY=1` shortcut instead and documented the panel-side fallback. +- Did NOT enable the `deviceQuota` app to clear its import warning — it is configured to enforce print/copy/scan quotas, so starting it would cause a real problem. Leaving it skipped is correct. +- Billed emergency remote at $225.00 (product 26184, qty 1.0) after confirming `prepay_hours: null` via the full customer GET (not the search result). + +## Problems Encountered + +- **netsh static IP blipped the RMM agent** — command returned `interrupted` ("Agent restarted during execution"). Resolved by waiting for reconnect (same IP) and re-reading config to confirm the static settings persisted. +- **PowerShell 5.1 lacked `-SkipCertificateCheck`** on the gateway/scanner HTTP fingerprint. Resolved by adding a `System.Net.ServicePointManager.CertificatePolicy` trust-all type. +- **First eSF instance-removal script matched 4 `` blocks**, not 2 — other eSF apps also use ``. Resolved by scoping the regex to the `ssa_network` `` block before removing its 2nd instance; validated well-formed XML afterward. +- **`zip` not available in Git Bash.** Repackaged the bundle with .NET `System.IO.Compression.ZipFile.CreateFromDirectory` via PowerShell (files at archive root). +- **Post-import `deviceQuota` error** worried the user — confirmed pre-existing and benign (app `started=false`), unrelated to the scan edits. + +## Configuration Changes + +- **FRONT (`192.168.1.153`)** — Ethernet (Intel I219-V) converted from DHCP to **static**: `192.168.1.153/24`, gw `192.168.1.1`, dns `192.168.1.1`. DHCP disabled. +- **`C:\Users\Howard\Documents\ComputerGuru Connect v2\Files\exported-fixed.zip`** (new) — fixed Lexmark settings bundle. Original `exported.zip` left intact. + - `esf_settings.xml`: removed 2nd `ssa_network` instance (guid A8, "front desk scans" -> `\\FRONT\Scans2`/Owner); surviving instance (guid A25, "scans") -> `de_network_address=192.168.1.153\Scans`, `de_network_username=localadmin`, added `de_network_password`. + - `shortcuts.ucf`: reduced 2 shortcuts -> 1; `DISPLAY=1`, `LABEL=Scan to Front`, `FILENAME=Scan`, `RUNIMMEDIATELY=1`, `FOLDERPATH=\\192.168.1.153`, `NAME=Scans`, `USERNAME=localadmin`. +- **Vault** — created `clients/wolkin/sharp-mfp.sops.yaml`, `clients/wolkin/front-localadmin.sops.yaml` (both committed + pushed). +- **Wiki** — `wiki/clients/wolkin.md`: recorded FRONT static IP + MAC, scanner-must-use-IP detail, vault pointers, export-fix note. + +## Credentials & Secrets + +- **Sharp MX-B557F web admin (EWS)** `http://192.168.1.158` — `admin` / `r3tr0gradE99#`. Vault: `clients/wolkin/sharp-mfp.sops.yaml`. +- **FRONT\Localadmin** (Windows local admin on FRONT; scanner SMB auth to `\\192.168.1.153\Scans`) — `localadmin` / `r3tr0gradE99#` (same string as the MFP admin). Vault: `clients/wolkin/front-localadmin.sops.yaml`. + +## Infrastructure & Servers + +- **FRONT** — office print/file server. LAN `192.168.1.153` (now static), ZeroTier `10.147.19.199`. NIC Intel I219-V, MAC `A0:AD:9F:95:C4:01`. Win11 Home, workgroup. RMM agent id `877d311a-4b24-462c-97b1-d2a0f7730a71`. +- **Sharp MX-B557F** MFP — `192.168.1.158` (rebadged Lexmark; web server `Lexmark_Web_Server`, FW `MXTGW.081.215`). Print raw TCP 9100, print share `\\front\Sharp`. Scan-to-folder -> `\\192.168.1.153\Scans` as `FRONT\Localadmin`. +- **Gateway** — Verizon Fios Router `192.168.1.1`, MAC `74:90:BC:AD:C6:C5`, web admin 80/443. No credentials held. +- **`C:\Scans`** on FRONT — scan target. Share `Scans` ACL Everyone+Administrators Full; NTFS grants Localadmin/Owner/julie/Administrators/SYSTEM FullControl. +- Office LAN `192.168.1.0/24`; ZeroTier mesh `17d709436c834c9b` (10.147.19.0/24). + +## Commands & Outputs + +- Static IP: `netsh interface ipv4 set address name="Ethernet" static 192.168.1.153 255.255.255.0 192.168.1.1` + `set dnsservers ... static 192.168.1.1 primary`. Verified `PrefixOrigin=Manual`, `Dhcp=Disabled`, gateway reachable. +- Gateway/scanner fingerprint via FRONT `Invoke-WebRequest` with trust-all CertificatePolicy (PS 5.1 has no `-SkipCertificateCheck`). +- eSF instance removal scoped to `` block; XML validated with `xml.dom.minidom`. +- Repackage: `[System.IO.Compression.ZipFile]::CreateFromDirectory($src,$out,Optimal,$false)`. + +## Pending / Incomplete Tasks + +- **User to import `exported-fixed.zip`** via the EWS and run a test scan; confirm a PDF lands in `C:\Scans`. If auth fails, re-enter `localadmin`/`r3tr0gradE99#` on the panel once (export strips passwords). +- **Home-screen button:** if the "Scan to Front" shortcut does not auto-appear after import, add it via the panel (Home Screen Customization). `homescreen.json` was intentionally not edited. +- **DHCP reservation** for FRONT (`A0:AD:9F:95:C4:01` -> `.153`) on the Verizon Fios router once admin access is obtained; then optionally revert FRONT to DHCP so the router DNS re-registers "front" (restores `\\front` name resolution fleet-wide) and drop the stale `10.147.19.199 FRONT` hosts line on RSW-Laptop. +- **Offered:** live-watch `C:\Scans` via RMM during a test scan (not yet run). +- Pre-existing open follow-up: rotate `front\julie` (password transited RMM log during prior diagnosis). + +## Reference Information + +- Syncro ticket **#32465** (id `113088983`) — https://computerguru.syncromsp.com/tickets/113088983 — status Invoiced. +- Syncro invoice **#67885** (id `1650805533`) — $225.00, 1.0 hr emergency remote (product 26184). +- Customer: Wolkin, Robert (id `796910`), `prepay_hours: null` (no block). +- RMM: base `http://172.16.3.30:3001`; FRONT agent `877d311a-4b24-462c-97b1-d2a0f7730a71`. +- Vault: `clients/wolkin/sharp-mfp.sops.yaml`, `clients/wolkin/front-localadmin.sops.yaml`. +- Files: `C:\Users\Howard\Documents\ComputerGuru Connect v2\Files\exported.zip` (original), `exported-fixed.zip` (fixed). diff --git a/errorlog.md b/errorlog.md index e65e275a..c72bfb92 100644 --- a/errorlog.md +++ b/errorlog.md @@ -21,6 +21,8 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure · 2026-06-26 | GURU-BEAST-ROG | email-investigation | [correction] assumed tedards.net also uses GuruProtect/Inky; correct: only ACG uses Inky for inbound. Tedards routes directly to Exchange Online. +2026-06-26 | Howard-Home | rmm/acl | [friction] Set-Acl/icacls ACL propagation on a large folder tree (Carrie Documents) exceeded the RMM command timeout twice; because stdout is dropped on timeout, a randomly-generated password printed in the same script was lost each time. Fix: generate the password LOCALLY (retain it) and inject via placeholder, and run ACL propagation as a separate long-timeout (>=600s) command isolated from any value you need back. [ctx: host=REDNOURCARRIEVI skill=rmm op=Set-Acl] + 2026-06-25 | Howard-Home | wiki-compile | [friction] Sonnet subagent hit 32k output-token cap regenerating full ~600-line article via Write; wrote nothing [ctx: fix=targeted staged edits of deltas for large existing articles, not full regen] 2026-06-25 | Howard-Home | datto-edr | Datto EDR HTTP 500: {"error":{"statusCode":500,"message":"Internal Server Error"}} [ctx: cmd=raw] diff --git a/wiki/clients/wolkin.md b/wiki/clients/wolkin.md index 88d60f03..dc82b791 100644 --- a/wiki/clients/wolkin.md +++ b/wiki/clients/wolkin.md @@ -38,7 +38,7 @@ backlinks: [] | System | Role | ZeroTier IP | LAN IP | GuruRMM Status | Notes | |--------|------|-------------|--------|----------------|-------| -| FRONT | Office PC / print + file server | 10.147.19.199 | 192.168.1.153 | Enrolled | Hosts SMB shares (canonical `C:\Shared Data\CLIENT FILES`), Sharp printer; VSS shadow copies on C: | +| FRONT | Office PC / print + file server | 10.147.19.199 | 192.168.1.153 (**static** since 2026-06-25; was DHCP) | Enrolled | Hosts SMB shares (canonical `C:\Shared Data\CLIENT FILES`), Sharp printer; VSS shadow copies on C:. NIC: Intel I219-V, MAC A0:AD:9F:95:C4:01 | | RSW-Laptop | Julie's remote laptop | 10.147.19.54 | N/A | Enrolled | Windows remote worker | | DESKTOP-V1JT1SE | Bob's personal desktop | (not recorded) | (not recorded) | Enrolled | Owner's workstation | @@ -79,11 +79,13 @@ backlinks: [] - `\\front\ClientFiles` → `C:\Shared Data\CLIENT FILES` (canonical 413-matter repo; corrected 2026-06-08, share ACL Authenticated Users, `front\julie` NTFS Modify) - `\\front\Forms` → `C:\Users\Owner\OneDrive\Desktop\Forms` - `\\front\Pleadings` → `C:\Users\Owner\OneDrive\Desktop\Pleading Forms and Filing` -- `\\front\Scans` → `C:\Scans` +- `\\front\Scans` → `C:\Scans` (share ACL Everyone:Full; **Sharp MFP scans here authenticating as `FRONT\Localadmin`**). The Sharp MX-B557F scan-to-folder destination must use **IP `192.168.1.153`** in the host field + share path `Scans` (NOT `\\front\scans` — name resolution is unreliable on this workgroup LAN: `\\front` resolves for DESKTOP-V1JT1SE but not for the scanner, and RSW-Laptop has a hosts override `10.147.19.199 FRONT` that points it at ZeroTier in-office). FRONT pinned to static .153 (2026-06-25) so the IP never drifts. - `\\front\Sharp` → Sharp MX-B557F print share ## Access - **FRONT\julie** (local Windows acct on both FRONT and RSW-Laptop; used for laptop→FRONT SMB/print auth): vault **`clients/wolkin/front-julie.sops.yaml`** (vaulted 2026-06-11). +- **FRONT\Localadmin** (local admin on FRONT; used by the **Sharp scanner** to auth to `\\192.168.1.153\Scans`): vault **`clients/wolkin/front-localadmin.sops.yaml`** (vaulted 2026-06-25). Password is the SAME string as the Sharp MFP web-admin. +- **Sharp MX-B557F MFP web admin** (`http://192.168.1.158`, rebadged Lexmark): vault **`clients/wolkin/sharp-mfp.sops.yaml`** (vaulted 2026-06-25). The settings export (ComputerGuru Connect) was edited 2026-06-25 to fix the scan-to-folder profile: eSF `de_network_address` `front\scans`/`\\FRONT\Scans2` -> `192.168.1.153\Scans` (no `\\` — the device's SMB connector adds it), single `localadmin` profile, plus a one-touch home-screen native shortcut. Re-import via the EWS. - **M365 users** (robert@ / julie@ rswolkin.com): vault **`clients/wolkin/m365-users.sops.yaml`** (vaulted 2026-06-11; previously plaintext in the retired wolkin-law.md). - **RDP/SSH:** None configured. **ScreenConnect:** used for hands-on (the GuruRMM agent cannot set local passwords — see Patterns). - **VPN:** ZeroTier mesh `17d709436c834c9b` (10.147.19.0/24) — front 10.147.19.199, RSW-Laptop 10.147.19.54. `front` resolves via a hosts entry on the laptop (`10.147.19.199 FRONT`).