From fc0d12d3cfd9aa6893b53d74c7098b7ed865e6a0 Mon Sep 17 00:00:00 2001 From: Mike Swanson Date: Fri, 20 Mar 2026 09:21:37 -0700 Subject: [PATCH] Session log: VWP infra docs, iDRAC fixes, XenServer inventory, PBX triage - Documented VWP XenServer, QB server, Hyper-V server details - Configured iDRAC 7 for HTML5 console and TLS 1.2 via racadm - Set up OpenVPN for VWP, resolved Tailscale routing conflict - Inventoried 5 XenServer VMs, snapshotted server 2003 (G: drive) - Triaged Dataforth PBX - transient FirstDigital issue, phones working - Planned XenServer to Hyper-V migration for weekend Co-Authored-By: Claude Opus 4.6 (1M context) --- credentials.md | 32 +++++ session-logs/2026-03-20-session.md | 192 +++++++++++++++++++++++++++++ 2 files changed, 224 insertions(+) diff --git a/credentials.md b/credentials.md index 095fba8..4f4a20e 100644 --- a/credentials.md +++ b/credentials.md @@ -907,6 +907,38 @@ - **Added:** 2025-12-22 - **Access Methods:** RDP, WinRM +### Citrix XenServer (PowerEdge R720) +- **Hypervisor:** XenServer 7.6.0 +- **Hostname:** valleywide +- **Management IP:** 192.168.0.104 (DHCP, eth0) +- **MAC:** ec:f4:bb:d0:69:f8 +- **Gateway:** 192.168.0.1 +- **SSH User:** root +- **SSH Password:** r3tr0gradE99! +- **iDRAC IP:** 192.168.3.30 +- **iDRAC MAC:** 78:45:C4:F1:CE:6E +- **User:** root +- **Password:** r3tr0gradE99# +- **Service Tag:** 52ZBVV1 +- **Express Service Code:** 11064185101 +- **BIOS:** 2.7.0 +- **iDRAC Firmware:** 2.60.60.60 (iDRAC 7) +- **Virtual Console:** Java-based (avctKVM), requires Java 8 + relaxed security +- **Notes:** Hostname "localhost" (not configured) + +### QuickBooks Server - iDRAC (PowerEdge R640) +- **Hostname:** VWP-QBS.VWP.US +- **OS:** Windows Server 2022 (10.0) +- **iDRAC IP:** 192.168.3.189 +- **iDRAC MAC:** 54:48:10:F2:A0:2E +- **iDRAC Firmware:** 7.00.00.174 (iDRAC 9) +- **User:** root +- **Password:** r3tr0gradE99# +- **Service Tag:** C84TTQ2 +- **BIOS:** 2.22.2 +- **License:** Enterprise +- **Notes:** iDRAC 9 supports HTML5 virtual console (no Java needed) + ### NPS RADIUS Configuration - **RADIUS Server:** 172.16.9.2 - **RADIUS Ports:** 1812 (auth), 1813 (accounting) diff --git a/session-logs/2026-03-20-session.md b/session-logs/2026-03-20-session.md index 7a27fb8..eaff07b 100644 --- a/session-logs/2026-03-20-session.md +++ b/session-logs/2026-03-20-session.md @@ -127,3 +127,195 @@ Continued work on azcomputerguru.com web properties. Three major accomplishments 6. **Radio site tracking durability** — HTML injection will be lost on next Astro rebuild/deploy. Should add to Astro layout component source instead. 7. **SSH key auth for IX** — Still using sshpass from CachyOS workstation. Should add ed25519 key. 8. **Broader Cloudflare API token** — Create one with WAF/Bot Management permissions for API-based AI crawler management. + +--- + +## Update: 09:30 — VWP Infrastructure, Dataforth PBX, XenServer Migration Planning + +### Session Summary + +Major multi-client session: VWP infrastructure documentation, iDRAC console access, XenServer VM inventory, Dataforth phone system triage, and XenServer migration planning. + +### 8. VWP Infrastructure Documentation + +Updated credentials.md with VWP server details: + +#### Citrix XenServer (PowerEdge R720) +- **Hypervisor:** XenServer 7.6.0 +- **Hostname:** valleywide +- **Management IP:** 192.168.0.104 (DHCP, eth0) +- **MAC:** ec:f4:bb:d0:69:f8 +- **Gateway:** 192.168.0.1 +- **SSH:** root / r3tr0gradE99! +- **iDRAC IP:** 192.168.3.30 +- **iDRAC MAC:** 78:45:C4:F1:CE:6E +- **iDRAC:** root / r3tr0gradE99# +- **Service Tag:** 52ZBVV1 +- **iDRAC Firmware:** 2.60.60.60 (iDRAC 7) + +#### QuickBooks Server (PowerEdge R640) +- **Hostname:** VWP-QBS.VWP.US +- **OS:** Windows Server 2022 +- **iDRAC IP:** 192.168.3.189 +- **iDRAC MAC:** 54:48:10:F2:A0:2E +- **iDRAC:** root / r3tr0gradE99# +- **Service Tag:** C84TTQ2 +- **iDRAC Firmware:** 7.00.00.174 (iDRAC 9, HTML5 console works) + +#### Hyper-V Server (PowerEdge R740) +- **Hostname:** VWP-HYPERV1 +- **OS:** Windows Server 2025 Standard +- **IP:** 172.16.9.184 +- **Domain:** VWP\VWP-HYPERV1 +- **Specs:** 64 vCPUs (Xeon Platinum 8180M), 256GB RAM +- **Serial:** BN82FX2 + +### 9. iDRAC 7 Virtual Console Fix (192.168.3.30) + +**Problem:** iDRAC 7 Java virtual console fails on modern systems, HTML5 console also fails. + +**Steps taken via racadm over SSH:** +- Set `PluginType` from 1 (Java) to 2 (HTML5): `racadm set iDRAC.VirtualConsole.PluginType 2` +- Set TLS to 1.2 Only (was TLS 1.1+): `racadm set iDRAC.Webserver.TLSProtocol 2` +- Disabled console encryption: `racadm set iDRAC.VirtualConsole.EncryptEnable 0` +- Reset iDRAC: `racadm racreset soft` + +**SSH command for iDRAC 7:** +``` +sshpass -p 'r3tr0gradE99#' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no -o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,aes256-cbc root@192.168.3.30 +``` + +**Java 8 setup for legacy iDRAC (if needed):** +- Installed `jre8-openjdk`, `jre8-openjdk-headless`, `icedtea-web` +- Set as default: `sudo archlinux-java set java-8-openjdk/jre` +- Relaxed security in `/usr/lib/jvm/java-8-openjdk/jre/lib/security/java.security`: + - `jdk.certpath.disabledAlgorithms=MD2` + - `jdk.tls.disabledAlgorithms=SSLv3, NULL, anon` +- Backup at `java.security.bak` + +**Status:** HTML5 console still not working in Chrome (TLS cipher mismatch even with 1.2). Firefox with relaxed TLS profile also had issues. May need iDRAC firmware update to 2.65.65.65. + +### 10. OpenVPN Setup for VWP + +- **OVPN file:** `~/Downloads/OpenVPN-Server.ovpn` +- **Auth file:** `/etc/openvpn/vwp-auth.txt` (sysadmin / r3tr0gradE99#) +- **Connect command:** `sudo openvpn --config ~/Downloads/OpenVPN-Server.ovpn --auth-user-pass /etc/openvpn/vwp-auth.txt --group nobody --daemon vwp-vpn --log /tmp/vwp-vpn.log` +- **VPN IP:** 192.168.4.3 +- **Routes:** 172.16.9.0/24, 192.168.0.0/24, 192.168.3.0/24 +- **Remote:** 4.18.160.106:1194 TCP + +**IMPORTANT: Tailscale and VWP VPN conflict** — Tailscale's policy routing (table 52) for `192.168.0.0/24` (Dataforth subnet via D2TESTNAS) overrides VPN routes to VWP's `192.168.0.0/24`. Must `sudo tailscale down` before using VWP VPN for `192.168.0.x` access. + +### 11. XenServer SSH Access + +**Problem:** SSH to `192.168.0.104` returned "Connection refused" even though sshd was running. + +**Root causes (two):** +1. Tailscale routing `192.168.0.0/24` to Dataforth instead of VWP VPN +2. XenServer iptables `RH-Firewall-1-INPUT` chain blocking non-local SSH + +**Fixes:** +1. `sudo tailscale down` (or `sudo ip rule add to 192.168.0.104/32 lookup main priority 100`) +2. On XenServer console: `iptables -I RH-Firewall-1-INPUT -p tcp --dport 22 -j ACCEPT` + +**SSH command for XenServer:** +``` +sshpass -p $'r3tr0gradE99!' ssh -o StrictHostKeyChecking=no -o PubkeyAuthentication=no root@192.168.0.104 +``` +Note: Must use `$'...'` quoting for the `!` in the password. + +### 12. XenServer VM Inventory + +| VM | OS | IP | State | vCPUs | RAM | Disk | Notes | +|----|----|----|-------|-------|-----|------|-------| +| BACKUP-SRV | Server 2019 Datacenter | 192.168.0.22 | running | 2 | 15GB | 240GB (140+100) | Installed 2024-01-17 | +| server 2012 R2 | Server 2012 R2 Standard | 192.168.0.19 | running | 4 | 16GB | 200GB | Installed 2019-04-14 | +| server 2003 | Server 2003 Enterprise SP2 | 192.168.0.20 | running | 4 | 3GB | 130GB (30+100) | **G: drive - document storage - PRIORITY** | +| XP | Windows XP | (no IP reported) | running | 2 | 3GB | 40GB | No PV tools? | +| Windows 7 (32-bit) | Windows 7 | 192.168.0.40 | halted | 2 | 4GB | 80GB | Intentionally off | + +**Storage:** Local LVM — 1.47TB used of 2.24TB (~820GB free) + +**Server 2003 disk detail:** +- xvda: 30GB (OS/C: drive) — VDI `4c99e07d-72ad-46f2-bb54-8c1154dc6eb1` +- xvdb: 100GB (**G: drive documents**) — VDI `828ea0ff-04c7-4f7c-9e4d-baa9e15d72bd` + +### 13. Server 2003 Snapshot (Document Protection) + +**Snapshot created:** `server2003-backup-20260320` +- **UUID:** `866638f5-9c9c-bf24-8c05-393d904fcead` +- **Type:** Live snapshot (no downtime) +- **Covers:** Both disks (30GB OS + 100GB G: drive) +- **Purpose:** Protect document storage before weekend migration + +### 14. Dataforth PBX Triage + +**Issue:** Phones reported down again. + +**Diagnosis:** +- Asterisk running, 30+ extensions registered +- FirstDigital SIP trunk showing "Unavailable" — but this is **normal** for their setup +- SIP is inbound-only, forwarded via UDM port forward to PBX on VLAN100 +- PBX doesn't register outbound with FirstDigital +- The `ens224` interface (10.208.107.118/30) has no working gateway — `10.208.107.117` unreachable +- Test call to 520-741-1404 **worked** — transient FirstDigital issue + +**PBX network:** +- Management: `192.168.100.196` (DHCP, was .2 before) +- SIP interface: `10.208.107.118/30` on ens224 (dead gateway) +- SIP transport: `0.0.0.0:5060` UDP + +### 15. Matomo Tracking Issue (Cloudflare) + +**Problem:** Matomo tracking code on community/radio sites returning 503 for `matomo.js`. + +**Root cause:** Cloudflare proxy on `analytics.azcomputerguru.com` was blocking/challenging cross-origin requests. The origin SSL cert is expired (Apr 2025) causing Cloudflare-to-origin connection failures. + +**Current state:** Analytics subdomain switched back to proxied. SSL/TLS mode needs to be set to "Full" (not "Full Strict") in Cloudflare dashboard — our API tokens lack permission. + +**Workaround needed:** Either fix SSL cert via AutoSSL or set Cloudflare SSL mode via dashboard. + +### Credentials (this session) + +#### VWP OpenVPN +- **User:** sysadmin +- **Password:** r3tr0gradE99# +- **Auth file:** /etc/openvpn/vwp-auth.txt + +#### VWP XenServer (192.168.0.104) +- **SSH:** root / r3tr0gradE99! +- **Note:** `$'...'` quoting required for `!` + +#### VWP iDRAC - Citrix R720 (192.168.3.30) +- **SSH/Web:** root / r3tr0gradE99# +- **racadm SSH:** requires `-o KexAlgorithms=+diffie-hellman-group14-sha1 -o HostKeyAlgorithms=+ssh-rsa -o Ciphers=+aes128-cbc,aes256-cbc` + +#### VWP iDRAC - QB R640 (192.168.3.189) +- **Web:** root / r3tr0gradE99# + +#### Dataforth PBX (192.168.100.2) +- **SSH:** sangoma / Gptf*77ttb!@#!@# +- **sudo:** same password via `echo 'Gptf*77ttb!@#!@#' | sudo -S` + +### Files Modified +- `/home/guru/ClaudeTools/credentials.md` — added VWP XenServer, QB server, Hyper-V details +- `/etc/openvpn/vwp-auth.txt` — VWP VPN credentials (created) +- `/usr/lib/jvm/java-8-openjdk/jre/lib/security/java.security` — relaxed TLS for iDRAC +- `/tmp/firefox-idrac/user.js` — Firefox profile with relaxed TLS + +### Packages Installed +- `jre8-openjdk` + `jre8-openjdk-headless` — Java 8 for iDRAC +- `icedtea-web` — Java Web Start (javaws) + +### Pending/Incomplete Tasks + +1. **XenServer → Hyper-V migration** — Planned for weekend. All 5 VMs need to migrate to VWP-HYPERV1 (172.16.9.184). Server 2003 (G: drive) is priority. Snapshot taken as protection. +2. **Xen Orchestra** — Install web-based XenServer management (alternative to XenCenter for Linux) +3. **iDRAC 7 virtual console** — HTML5 not working despite config changes. May need firmware update to 2.65.65.65. Java fallback works but cumbersome. +4. **Cloudflare SSL/TLS mode** — Set to "Full" in dashboard for analytics.azcomputerguru.com +5. **Cloudflare AI Crawl Control** — Configure in dashboard +6. **Google Analytics (GA4)** — Deferred +7. **Matomo analytics tracking** — Working on main site, community needs Flarum cache clear + Cloudflare fix, radio needs SSL fix +8. **XenServer iptables persistence** — The SSH firewall rule added is not persistent across reboots +9. **PBX management IP changed** — Was 192.168.100.2, now .196 via DHCP. Should set static. +10. **Java 8 is now default JRE** — May need to switch back to Java 25 for other tasks: `sudo archlinux-java set java-25-openjdk`