sync: auto-sync from GURU-5070 at 2026-06-25 12:35:22

Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-25 12:35:22
This commit is contained in:
2026-06-25 12:36:24 -07:00
parent 0f803c2d9c
commit e61b39b5c8
4 changed files with 66 additions and 0 deletions

View File

@@ -17,6 +17,12 @@ Categories (the `[type]` tag): _(none)_ = skill/command execution failure ·
<!-- Append entries below this line -->
2026-06-25 | GURU-5070 | remediation-tool/EOP | [friction] checking ACG own-tenant EOP quarantine: reached for investigator-exo (401 - Exchange Admin role only on Exchange OPERATOR SP, not Investigator), then RecipientAddress needs JSON array not string (400); skill has no EOP/quarantine section at all [ctx: ref=feedback_exchange_role_recurring_gap]
2026-06-25 | GURU-5070 | sync/tailscale | [correction] diagnosed 172.16.3.x unreachable as transient blip; real cause was Tailscale node KEY EXPIRY on the subnet-router node (pfSense advertising 172.16.0.0/22) dropping it off the tailnet [ctx: fix=disabled key expiration on the node; symptom=internet OK but whole 172.16.3.x dead]
2026-06-25 | GURU-5070 | sync/gitea | fetch failed: could not connect to 172.16.3.20:3000 (Gitea unreachable, exit 128) [ctx: host=172.16.3.20:3000 machine=GURU-5070]
2026-06-25 | Howard-Home | remediation-tool/reset-password.sh | JIT cleanup cannot self-remove: after elevating the Tenant Admin SP to Privileged Authentication Administrator to reset a password, the DELETE of that role assignment is performed BY the same SP and Graph blocks it (HTTP 400 'Removing self from built-in role is not allowed'), leaving a STANDING PAA role on the SP - needs a Global Admin/portal removal; script should detect this and surface portal steps instead of a bare WARNING [ctx: tenant=cascadestucson SP=ComputerGuru-Tenant-Admin role=PrivilegedAuthAdmin]
2026-06-25 | Howard-Home | rmm/dispatch | [friction] embedded escaped quotes " , " in a PowerShell -join inside the jq/heredoc dispatch chain caused a parse error (script failed pre-exec, wasted one dispatch); fix: build strings with + concatenation or [char]44, never escaped quotes in RMM PowerShell payloads [ctx: ref=feedback_windows_quote_stripping]