# Instrumental Music Center (IMC)

Music retail + repair shop running AIMsi point-of-sale on-prem.

## Infrastructure

### Primary server: IMC1 (192.168.0.2)
- **OS:** Windows Server 2016 Standard (build 14393.7426)
- **Role:** Domain Controller (IMC.local), file server, AIMsi SQL host, RDS host
- **Hardware:** Dell R720, 4 physical cores
- **Disks:**
  - `C:` — OS + IIS + a few apps (419 GB, ~77% full as of 2026-04-13)
  - `E:` — SQL backups, app installers, Server 2016 install media (`E:\W2016`)
  - `F:` — Windows Image Backups
  - `S:` — Dedicated SSD (Samsung 850 PRO 256 GB), now holding AIMsi SQL DBs

### Access
- **SSH:** `ssh IMC\guru@192.168.0.2` (ed25519 key auth; PowerShell default shell)
- **VPN:** OpenVPN `.ovpn` profile (subnet issues with Tailscale 192.168.0.0/24 overlap — disconnect Tailscale first)
- **Domain admin:** `IMC\guru`
- **AIMSQL sysadmin:** `IMC\guru` (added 2026-04-12 via single-user recovery)

### AIMsi / SQL
- **Instance:** `IMC1\AIMSQL` (MSSQL15 = SQL Server 2019 Express, despite folder name)
- **Databases on `S:\SQL\Data\`:**
  - `AIM.mdf` (~8 GB) — production AIMsi database
  - `IMC.mdf` (~9 GB) — legacy, usage unclear (kept out of caution)
  - `TestConv61223.mdf` (~8 GB) — leftover from 2023-06-12 migration test; safe to drop
  - `tempdb.mdf`
- **System DBs remain on** `C:\Program Files\Microsoft SQL Server\MSSQL15.AIMSQL\MSSQL\DATA\` (master, model, msdb)

### Backups
- **Local SQL backups:** `E:\SQL\MSSQL14.SQLEXPRESS\MSSQL\Backup\IMCAIM_*.bak` (nightly at 22:00)
- **Retention:** Automated via `C:\Scripts\Clean-AimsiBackups.ps1` scheduled task `IMC AIMsi Backup Retention` (daily 23:30, runs as SYSTEM)
- **Policy:** Last 14 dailies + 1st-of-month; safety override keeps 3 newest regardless
- **Off-site:** Cloudberry/MSP360 "Online Backup" at `C:\ProgramData\Online Backup\`

### AIM client share
- `\\IMC1\AIM` → `S:\AIM` (4 connected users typical)
- AIM.exe is a 128 KB launcher; real work happens against `IMC1\AIMSQL`
- `RequireSecuritySignature = True` in SMB server config — adds auth overhead

### Known issues
- **Component store corrupted** (0x80073701 during RDS role removal). KB5075999 re-apply succeeds but rolls back on reboot due to ETW manifest error (HRESULT 15010, provider GUID `{9c2a37f3-e5fd-5cae-bcd1-43dafeee1ff0}`)
- `RDS removal is blocked` → pending 2019 migration strategy (in-place vs. clean)
- Oversized `COMPONENTS` hive (~168 MB, normal is 30-50 MB)
- `SMB1 enabled` on server — should disable as security hygiene

### Other servers in AD
- `IMC2` — 2016 Essentials, last logon 2023, likely decommissioned
- `IMC-VM` — 2016 Standard, last logon 2021, dead
- `SERVERIMC` (192.168.0.63) — SSH-only, 2016 Essentials per AD, state unclear

## Open work

- Decide Server 2019 migration path (in-place vs. clean build + migrate)
- Consider dropping `TestConv61223` DB after verifying nothing references it
- Disable SMB1
- Add IMC vault entry for SSH/SQL/domain credentials