azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync: auto-sync from GURU-5070 at 2026-05-26 07:05:06

Browse Source 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-05-26 07:05:06
This commit is contained in:
Mike Swanson
2026-05-26 07:05:10 -07:00
parent 29666be268
commit f962cb87d0
3 changed files with 116 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
wiki/clients/internal-infrastructure.md
View File

@@ -115,7 +115,7 @@ Neptune is ACG's on-premises Exchange Server 2016, hosting mail for multiple cli
- **AD Domain:** acg.local
- **DNS Server (primary):** ACG-DC16 at 172.16.3.52 (also .50)
- **Mailboxes:** 56 total (N-Hosting1 DB: 809 GB / 54 boxes; N-LargeBoxes DB: 313 GB / 2 boxes)
- **Let's Encrypt cert:** CN=mail.acghosting.com, expires 2026-05-31 [WARNING] — renewal needed
- **Let's Encrypt cert:** CN=mail.acghosting.com, expires 2026-05-31 — auto-renewal configured (win-acme or equivalent); no manual action needed unless renewal client reports failure
- **Internal transport cert:** Thumbprint `E58BFCBAEFEFDCAED0BF9E894127A3DE64CE9C69`, expires 2026-07-22 [WARNING]
- **Access:** Local PowerShell with Exchange Management Shell snapin (`Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn`); must run as administrator.ACG on the box or via domain-admin WinRM
- **Vault:** `infrastructure/neptune-exchange.sops.yaml` [unverified — check vault for current entry name]
@@ -228,7 +228,7 @@ Neptune is Exchange 2016 running on an unsupported OS (WS2022 after the 2026-04-
**Pending transport cert renewal:** Thumbprint `E58BFCBAEFEFDCAED0BF9E894127A3DE64CE9C69` expires 2026-07-22.
**Pending Neptune Let's Encrypt renewal:** CN=mail.acghosting.com cert expires 2026-05-31 — URGENT.
**Neptune Let's Encrypt renewal:** CN=mail.acghosting.com cert expires 2026-05-31 — auto-renewal configured; monitor for renewal client errors only.
**Incomplete domain MX fixes from 2026-03-17** (still unresolved as of last session):
- `airandspaceacademy.com`: DNS on GoDaddy still points MX to mail.acghosting.com (direct, no filter) — being rejected by the transport inbound restriction rule. Needs changing to Mailprotector inbound.
@@ -259,7 +259,7 @@ The Claude Code hooks (user-prompt-submit, task-complete) spawn background `sync
As of last session (2026-04-23):
- **Neptune Exchange migration** — Build Exchange 2019 on fresh WS2022 VM. Runbook at `C:\NeptuneConfigExport-20260423\MIGRATION-RUNBOOK.md` on Neptune. Mike building the VM. Critical gate: **back up ACG-DC16 before running `/PrepareSchema`** (forest-permanent, no rollback).
- **Neptune Let's Encrypt cert** — expires 2026-05-31. Renewal critical.
- **Neptune Let's Encrypt cert** — expires 2026-05-31; auto-renewal configured. No manual action unless renewal client fails.
- **Neptune internal transport cert** — expires 2026-07-22.
- **DkimSigner re-enable / replace** — outbound mail currently unsigned. Evaluate whether Exchange DkimSigner is runtime-compatible post-KB5084071, or replace with alternative.
- **MAIL server AD decommission** — once Exchange 2019 is live and mailboxes moved: `Remove-ADObject -Recursive` on the MAIL carcass. After that, remove hosts file entries for MAIL/mail.acg.local and DC-side DNS records (n-hosting1, n-largeboxes, mail can remain or be repurposed for the new server).

6
wiki/clients/western-tire.md
View File

@@ -49,7 +49,7 @@ System/automated (not notified): `donotreply, storealert, integrilogic, receipts
- **Home dir:** 62 GB
- **Mailboxes:** 30 accounts under westerntire.com
- **MySQL:** None (account does not use MySQL)
- **SSL:** Wildcard `*.westerntire.com` from Let's Encrypt, valid to 2026-05-30 (AutoSSL should renew)
- **SSL:** `mail.westerntire.com` managed by AutoSSL (renewed 2026-05-26, expires 2026-08-24). Wildcard `*.westerntire.com` expired 2026-05-30 — other subdomains (www, webmail, cpanel, autodiscover, webdisk, cpcontacts, cpcalendars, westerntire.com) remain AutoSSL-excluded; all excluded domains redirect or are unused. Only mail.westerntire.com matters for live service.
### Key file paths on IX
@@ -109,7 +109,7 @@ System/automated (not notified): `donotreply, storealert, integrilogic, receipts
|---|---|---|
| P1 | Monitor for user mail client issues after email setup guide was sent (new IMAP/SMTP settings) | Mike |
| P2 | Bill ticket #32199 when scope is confirmed | Mike |
| P2 | westerntire.com SSL cert (`*.westerntire.com`) expires 2026-05-30 — verify AutoSSL renewed | Mike |
| P2 | Bill ticket #32199 when scope is confirmed | Mike |
| P3 | Update Syncro customer property "DNS Detail" field — currently says "Email is on Websvr" (now IX) | Mike |
### User mail client settings (from setup guide sent 2026-04-22)
@@ -152,7 +152,7 @@ A duplicate ticket #32198 was inadvertently created and deleted.
## Anti-Patterns / Warnings
- [WARNING] Plaintext SSH credentials for websvr and IX appeared in session log. Always retrieve from vault — never hardcode.
- [WARNING] SSL cert `*.westerntire.com` expires 2026-05-30 — check AutoSSL renewal immediately if it's past that date.
- SSL: only `mail.westerntire.com` is AutoSSL-managed (renewed 2026-05-26). Other subdomains are excluded; the wildcard expired 2026-05-30 but none of those domains carry live services.
- Do NOT use `${sg{}{\\\.}{-}}` in exim.conf.local on WHM servers — WHM buildeximconf strips backslash levels and breaks the regex. Use `${tr{}{.}{-}}` instead.
- Do NOT use tainted `$sender_address_domain` directly in file path lookups in exim 4.94+ — use `dsearch` (returns untainted value) for DKIM private key paths.
- Do NOT look for westerntire.com mail on websvr — migration is complete; mail lives on IX.