azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claudetools/CLIENT_DIRECTORY.md
Mike Swanson b79c47acb9 sync: Auto-sync from ACG-M-L5090 at 2026-01-26 16:45:54 
Synced files:
- Complete claude-projects import (5 catalog files)
- Client directory with 12 clients
- Project directory with 12 projects
- Credentials updated (100+ sets)
- Session logs consolidated
- Agent coordination rules updated
- Task management integration

Major work completed:
- Exhaustive cataloging of claude-projects
- All session logs analyzed (38 files)
- All credentials extracted and organized
- Client infrastructure documented
- Problem solutions cataloged (70+)

Machine: ACG-M-L5090
Timestamp: 2026-01-26 16:45:54

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-01 16:23:47 -07:00

837 lines
28 KiB
Markdown
Raw Permalink Blame History

# Client Directory
**Generated:** 2026-01-26
**Purpose:** Comprehensive directory of all MSP clients with infrastructure, work history, and credentials
**Source:** CATALOG_CLIENTS.md, CATALOG_SESSION_LOGS.md
---
## Table of Contents
1. [AZ Computer Guru (Internal)](#az-computer-guru-internal)
2. [BG Builders LLC](#bg-builders-llc)
3. [CW Concrete LLC](#cw-concrete-llc)
4. [Dataforth Corporation](#dataforth-corporation)
5. [Glaztech Industries](#glaztech-industries)
6. [Grabb & Durando](#grabb--durando)
7. [Khalsa](#khalsa)
8. [MVAN Inc](#mvan-inc)
9. [RRS Law Firm](#rrs-law-firm)
10. [Scileppi Law Firm](#scileppi-law-firm)
11. [Sonoran Green LLC](#sonoran-green-llc)
12. [Valley Wide Plastering](#valley-wide-plastering)
---
## AZ Computer Guru (Internal)
### Company Information
- **Type:** Internal Operations
- **Status:** Active
- **Domain:** azcomputerguru.com
- **Service Area:** Statewide (Arizona - Tucson, Phoenix, Prescott, Flagstaff)
- **Phone:** 520.304.8300
### Infrastructure
#### Physical Servers
| Server | IP | OS | Role | Access |
|--------|-----|-----|------|--------|
| Jupiter | 172.16.3.20 | Unraid | Primary container host | root / Th1nk3r^99## |
| Saturn | 172.16.3.21 | Unraid | Secondary storage | root / r3tr0gradE99 |
| Build Server (gururmm) | 172.16.3.30 | Ubuntu 22.04 | GuruRMM, PostgreSQL | guru / Gptf*77ttb123!@#-rmm |
| pfSense | 172.16.0.1 | FreeBSD/pfSense 2.8.1 | Firewall, VPN | admin / r3tr0gradE99!! |
| WebSvr | websvr.acghosting.com | cPanel | WHM/cPanel hosting | root / r3tr0gradE99# |
| IX | 172.16.3.10 | cPanel | WHM/cPanel hosting | root / Gptf*77ttb!@#!@# |
#### Network Configuration
- **LAN Subnet:** 172.16.0.0/22
- **Tailscale Network:** 100.x.x.x/32 (mesh VPN)
- pfSense: 100.119.153.74 (hostname: pfsense-2)
- ACG-M-L5090: 100.125.36.6
- **WAN (Fiber):** 98.181.90.163/31
- **Public IPs:** 72.194.62.2-10, 70.175.28.51-57
#### Services
| Service | External URL | Internal | Purpose |
|---------|--------------|----------|---------|
| Gitea | git.azcomputerguru.com | 172.16.3.20:3000 | Git server |
| GuruRMM | rmm-api.azcomputerguru.com | 172.16.3.30:3001 | RMM platform |
| NPM | - | 172.16.3.20:7818 | Nginx Proxy Manager |
| Seafile | sync.azcomputerguru.com | 172.16.3.21 | File sync |
### Work History
#### 2025-12-12
- Tailscale fix on pfSense after upgrade
- WebSvr security: Blocked 10 IPs via Imunify360
- Disk cleanup: Freed 58GB (86% to 80%)
- DNS fix: Added A record for data.grabbanddurando.com
#### 2025-12-14
- SSL certificate: Added rmm-api.azcomputerguru.com to NPM
- Session logging improvements
- Rust installation on WSL
- SSH key generation and distribution
#### 2025-12-16 (Multiple Sessions)
- GuruRMM dashboard deployed to build server
- Auto-update system implemented for agent
- Binary replacement bug fix (rename-then-copy pattern)
- MailProtector deployed on WebSvr and IX
#### 2025-12-21
- Temperature metrics added to agent v0.5.1
- CI/CD pipeline created with webhook handler
- Policy system designed (Client → Site → Agent)
- Authorization system implemented (Phases 1-2)
#### 2025-12-25
- pfSense hardware migration to Intel N100
- Tailscale firewall rules made permanent
- SeaFile and Scileppi data migration monitoring
### Credentials
**See:** credentials.md sections:
- Infrastructure - SSH Access (Jupiter, Saturn, pfSense, Build Server, WebSvr, IX)
- Services - Web Applications (Gitea, NPM, Cloudflare)
- Projects - GuruRMM (Database, API, SSO, CI/CD)
- MSP Tools (Syncro, Autotask, CIPP)
### Status
- **Active:** Production infrastructure operational
- **Development:** GuruRMM Phase 1 MVP in progress
- **Pending Tasks:**
- GuruRMM agent architecture support (ARM, different OS versions)
- Repository optimization (ensure all remotes point to Gitea)
- Clean up old Tailscale entries
- Windows SSH keys for Jupiter and RS2212+ direct access
- NPM proxy for rmm.azcomputerguru.com SSO dashboard
---
## BG Builders LLC
### Company Information
- **Type:** Client - Construction
- **Status:** Active
- **Domain:** bgbuildersllc.com
- **Related Entity:** Sonoran Green LLC (same M365 tenant)
### Infrastructure
#### Microsoft 365
- **Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27
- **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com
- **Admin User:** sysadmin@bgbuildersllc.com
- **Password:** Window123!@#-bgb
- **Licenses:**
- 8x Microsoft 365 Business Standard
- 4x Exchange Online Plan 1
- 1x Microsoft 365 Basic
- **Security Gap:** No advanced security features (no conditional access, Intune, or Defender)
- **Recommendation:** Upgrade to Business Premium
#### DNS Configuration (Cloudflare)
- **Zone ID:** 156b997e3f7113ddbd9145f04aadb2df
- **Nameservers:** amir.ns.cloudflare.com, mckinley.ns.cloudflare.com
- **A Records:** 3.33.130.190, 15.197.148.33 (proxied) - GoDaddy Website Builder
#### Email Security Records (Configured 2025-12-19)
- **SPF:** `v=spf1 include:spf.protection.outlook.com -all`
- **DMARC:** `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com`
- **DKIM selector1:** CNAME to selector1-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com
- **DKIM selector2:** CNAME to selector2-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com
- **MX:** bgbuildersllc-com.mail.protection.outlook.com
### Work History
#### 2025-12-19 (Email Security Incident)
- **Incident:** Phishing email spoofing shelly@bgbuildersllc.com
- **Subject:** "Sonorangreenllc.com New Notice: All Employee Stipend..."
- **Investigation:** Account NOT compromised - external spoofing attack
- **Root Cause:** Missing DMARC and DKIM records
- **Response:**
- Verified no mailbox forwarding, inbox rules, or send-as permissions
- Added DMARC record with `p=reject` policy
- Configured DKIM selectors (selector1 and selector2)
- Email correctly routed to Junk folder by M365
#### 2025-12-19 (Cloudflare Migration)
- Migrated bgbuildersllc.com from GoDaddy to Cloudflare DNS
- Recovered original A records from GoDaddy nameservers
- Created 14 DNS records including M365 email records
- Preserved GoDaddy zone file for reference
#### 2025-12-22 (Security Investigation - Resolved)
- **Compromised User:** Shelly@bgbuildersllc.com (Shelly Dooley)
- **Findings:**
- Gmail OAuth app with EAS.AccessAsUser.All (REMOVED)
- "P2P Server" app registration backdoor (DELETED by admin)
- No malicious mailbox rules or forwarding
- Sign-in logs unavailable (no Entra P1 license)
- **Remediation:**
- Password reset: `5ecwyHv6&dP7` (must change on login)
- All sessions revoked
- Gmail OAuth consent removed
- P2P Server backdoor deleted
- **Status:** RESOLVED
### Credentials
- **M365 Tenant ID:** ededa4fb-f6eb-4398-851d-5eb3e11fab27
- **Admin User:** sysadmin@bgbuildersllc.com
- **Password:** Window123!@#-bgb
- **Cloudflare Zone ID:** 156b997e3f7113ddbd9145f04aadb2df
### Status
- **Active:** Email security hardening complete
- **Pending Tasks:**
- Create cPanel account for bgbuildersllc.com on IX server
- Update Cloudflare A records to IX server IP (72.194.62.5) after account creation
- Enable DKIM signing in M365 Defender
- Consider migrating sonorangreenllc.com to Cloudflare
### Important Dates
- **2025-12-19:** Email security hardening completed
- **2025-12-22:** Security incident resolved
- **2025-04-15:** Last password change for user accounts
---
## CW Concrete LLC
### Company Information
- **Type:** Client - Construction
- **Status:** Active
- **Domain:** cwconcretellc.com
### Infrastructure
#### Microsoft 365
- **Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711
- **Default Domain:** NETORGFT11452752.onmicrosoft.com
- **Licenses:**
- 2x Microsoft 365 Business Standard
- 2x Exchange Online Essentials
- **Security Gap:** No advanced security features
- **Recommendation:** Upgrade to Business Premium for Intune, conditional access, Defender
- **Notes:** De-federated from GoDaddy 2025-12, domain needs re-verification
### Work History
#### 2025-12-22 (Security Investigation - Resolved)
- **Findings:**
- Graph Command Line Tools OAuth consent with high privileges (REMOVED)
- "test" backdoor app registration with multi-tenant access (DELETED)
- Apple Internet Accounts OAuth (left - likely iOS device)
- No malicious mailbox rules or forwarding
- **Remediation:**
- All sessions revoked for all 4 users
- Backdoor apps removed
- **Status:** RESOLVED
#### 2025-12-23
- License analysis via CIPP API
- Security assessment completed
- Recommendation provided for Business Premium upgrade
### Credentials
- **M365 Tenant ID:** dfee2224-93cd-4291-9b09-6c6ce9bb8711
- **CIPP Name:** cwconcretellc.com
### Status
- **Active:** Security assessment complete
- **Pending Tasks:**
- Business Premium upgrade recommendation
- Domain re-verification in M365
---
## Dataforth Corporation
### Company Information
- **Type:** Client - Industrial Equipment Manufacturing
- **Status:** Active
- **Domain:** dataforth.com, intranet.dataforth.com
- **Business:** Industrial test equipment manufacturer
### Infrastructure
#### Network
- **LAN Subnet:** 192.168.0.0/24
- **Domain:** INTRANET (intranet.dataforth.com)
- **VPN Subnet:** 192.168.6.0/24
- **VPN Endpoint:** 67.206.163.122:1194/TCP
#### Servers
| Server | IP | Role | Credentials |
|--------|-----|------|-------------|
| UDM | 192.168.0.254 | Gateway/OpenVPN | root / Paper123!@#-unifi |
| AD1 | 192.168.0.27 | Primary DC, NPS/RADIUS | INTRANET\sysadmin / Paper123!@# |
| AD2 | 192.168.0.6 | Secondary DC, file server | INTRANET\sysadmin / Paper123!@# |
| D2TESTNAS | 192.168.0.9 | DOS machine SMB1 proxy | admin / Paper123!@#-nas |
#### Active Directory
- **Domain:** INTRANET
- **DNS:** intranet.dataforth.com
- **Admin:** INTRANET\sysadmin / Paper123!@#
#### RADIUS/NPS Configuration (AD1)
- **Server:** 192.168.0.27
- **Ports:** 1812/UDP (auth), 1813/UDP (accounting)
- **Shared Secret:** Gptf*77ttb!@#!@#
- **RADIUS Client:** unifi (192.168.0.254)
- **Network Policy:** "Unifi" - allows Domain Users 24/7
- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
- **AuthAttributeRequired:** False (required for UniFi OpenVPN)
#### Microsoft 365
- **Tenant ID:** 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
- **Admin:** sysadmin@dataforth.com / Paper123!@# (synced with AD)
#### Entra App Registration (Claude-Code-M365)
- **Purpose:** Silent Graph API access for automation
- **App ID:** 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29
- **Client Secret:** tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3
- **Created:** 2025-12-22
- **Expires:** 2027-12-22
- **Permissions:** Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All, Sites.ReadWrite.All, Files.ReadWrite.All
### Work History
#### 2025-12-14 (DOS Test Machines Implementation)
- **Problem:** Crypto attack disabled SMB1 on production servers
- **Solution:** Deployed NetGear ReadyNAS as SMB1 proxy
- **Architecture:**
- DOS machines → NAS (SMB1) → AD2 (SMB2/3)
- Bidirectional sync every 15 minutes
- PULL: Test results → Database
- PUSH: Software updates → DOS machines
- **Features:**
- Remote task deployment (TODO.BAT)
- Centralized software management (UPDATE.BAT)
- **Machines Working:** TS-27, TS-8L, TS-8R
- **Machines Pending:** ~27 DOS machines need network config updates
- **Project Time:** ~11 hours implementation
#### 2025-12-20 (RADIUS/OpenVPN Setup)
- **Problem:** VPN connections failing with RADIUS authentication
- **Root Cause:** NPS required Message-Authenticator attribute, but UDM's pam_radius_auth doesn't send it
- **Solution:**
- Set NPS RADIUS client AuthAttributeRequired to False
- Created comprehensive OpenVPN client profiles (.ovpn)
- Configured split tunnel (no redirect-gateway)
- Added proper DNS configuration
- **Testing:** Successfully authenticated INTRANET\sysadmin via VPN
#### 2025-12-22 (John Lehman Mailbox Cleanup)
- **User:** jlehman@dataforth.com
- **Problem:** Duplicate calendar events and contacts causing Outlook sync issues
- **Investigation:** Created Entra app for persistent Graph API access
- **Results:**
- Deleted 175 duplicate recurring calendar series (kept newest)
- Deleted 476 duplicate contacts
- Deleted 1 blank contact
- 11 series couldn't be deleted (John is attendee, not organizer)
- **Cleanup Stats:**
- Contacts: 937 → 460 (477 removed)
- Recurring series: 279 → 104 (175 removed)
- **Post-Cleanup Issues:**
- Calendar categories lost (colors) - awaiting John's preferences
- Focused Inbox ML model reset - created 12 "Other" overrides
- **Follow-up:** Block New Outlook toggle via registry (HideNewOutlookToggle)
### Credentials
**See:** credentials.md sections:
- Client - Dataforth (UDM, AD1, AD2, D2TESTNAS, NPS RADIUS, Entra app)
- Projects - Dataforth DOS (Complete workflow documentation)
### Status
- **Active:** Ongoing support including RADIUS/VPN, AD, M365 management
- **DOS System:** 90% complete, operational
- **Pending Tasks:**
- John Lehman needs to reset Outlook profile for fresh sync
- Apply "Block New Outlook" registry fix on John's laptop
- Re-apply calendar categories based on John's preferences
- Datasheets share creation on AD2 (BLOCKED - waiting for Engineering)
- Update network config on remaining ~27 DOS machines
### Important Dates
- **2025-12-14:** DOS test machine system implemented
- **2025-12-20:** RADIUS/VPN authentication configured
- **2025-12-22:** Major mailbox cleanup for John Lehman
---
## Glaztech Industries
### Company Information
- **Type:** Client
- **Status:** Active
- **Domain:** glaztech.com
- **Subdomain (standalone):** slc.glaztech.com
### Infrastructure
#### Active Directory Migration Plan
- **Current:** slc.glaztech.com standalone domain (~12 users/computers)
- **Recommendation:** Manual migration to glaztech.com using OUs for site segmentation
- **Reason:** Small environment, manual migration more reliable than ADMT
#### Firewall GPO Scripts (Created 2025-12-18)
- **Purpose:** Ransomware protection via firewall segmentation
- **Files:**
- Configure-WorkstationFirewall.ps1 - Blocks workstation-to-workstation traffic
- Configure-ServerFirewall.ps1 - Restricts workstation access to servers
- Configure-DCFirewall.ps1 - Secures Domain Controller access
- Deploy-FirewallGPOs.ps1 - Creates and links GPOs
### Work History
#### 2025-12-18
- AD migration planning: Recommended manual migration approach
- Firewall GPO scripts created for ransomware protection
- GuruRMM testing: Attempted legacy agent deployment on 2008 R2
#### 2025-12-21
- **GuruRMM Site Code:** DARK-GROVE-7839 configured
- **Compatibility Issue:** Agent fails silently on Server 2008 R2 (missing VC++ Runtime or incompatible APIs)
- **Likely Culprits:** sysinfo, local-ip-address crates using newer Windows APIs
### Credentials
- **GuruRMM:**
- Client ID: d857708c-5713-4ee5-a314-679f86d2f9f9
- Site: SLC - Salt Lake City
- Site ID: 290bd2ea-4af5-49c6-8863-c6d58c5a55de
- Site Code: DARK-GROVE-7839
- API Key: grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI
### Status
- **Active:** AD planning, firewall hardening, GuruRMM deployment
- **Pending Tasks:**
- Plan slc.glaztech.com to glaztech.com AD migration
- Deploy firewall GPO scripts after testing
- Resolve GuruRMM agent 2008 R2 compatibility issues
---
## Grabb & Durando
### Company Information
- **Type:** Client - Law Firm
- **Status:** Active
- **Domain:** grabbanddurando.com
- **Related:** grabblaw.com
### Infrastructure
#### IX Server (WHM/cPanel)
- **Internal IP:** 172.16.3.10
- **Public IP:** 72.194.62.5
- **cPanel Account:** grabblaw
- **Database:** grabblaw_gdapp_data
- **Database User:** grabblaw_gddata
- **Password:** GrabbData2025
#### data.grabbanddurando.com
- **Record Type:** A
- **Value:** 72.194.62.5
- **TTL:** 600 seconds
- **SSL:** Let's Encrypt via AutoSSL
- **Site Admin:** admin / GND-Paper123!@#-datasite
### Work History
#### 2025-12-12 (DNS & SSL Fix)
- **Problem:** data.grabbanddurando.com not resolving
- **Solution:** Added A record via WHM API
- **SSL Issue:** Wrong certificate being served (serveralias conflict)
- **Resolution:**
- Removed conflicting serveralias from data.grabbanddurando.grabblaw.com vhost
- Added as proper subdomain to grabblaw cPanel account
- Ran AutoSSL to get Let's Encrypt cert
- Rebuilt Apache config and restarted
#### 2025-12-12 (Database Sync from GoDaddy VPS)
- **Problem:** DNS was pointing to old GoDaddy VPS, users updated data there Dec 10-11
- **Old Server:** 208.109.235.224
- **Missing Records Found:**
- activity table: 4 records (18539 → 18543)
- gd_calendar_events: 1 record (14762 → 14763)
- gd_assign_users: 2 records (24299 → 24301)
- **Solution:** Synced all missing records using mysqldump with --replace option
- **Verification:** All tables now match between servers
#### 2025-12-16 (Calendar Event Creation Fix)
- **Problem:** Calendar event creation failing due to MySQL strict mode
- **Root Cause:** Empty strings for auto-increment columns
- **Solution:** Replaced empty strings with NULL for MySQL strict mode compliance
### Credentials
**See:** credentials.md section:
- Client Sites - WHM/cPanel (IX Server, data.grabbanddurando.com)
### Status
- **Active:** Database and calendar maintenance complete
- **Important Dates:**
- 2025-12-10 to 2025-12-11: Data divergence period (users on old GoDaddy VPS)
- 2025-12-12: Data sync and DNS fix completed
- 2025-12-16: Calendar fix applied
---
## Khalsa
### Company Information
- **Type:** Client
- **Status:** Active
### Infrastructure
#### Network
- **Primary LAN:** 192.168.0.0/24
- **Alternate Subnet:** 172.16.50.0/24
- **VPN:** 192.168.1.0/24
- **External IP:** 98.175.181.20
- **OpenVPN Port:** 1194/TCP
#### UCG (UniFi Cloud Gateway)
- **Management IP:** 192.168.0.1
- **Alternate IP:** 172.16.50.1 (br2 interface)
- **SSH:** root / Paper123!@#-camden
- **SSH Key:** ~/.ssh/khalsa_ucg (guru@wsl-khalsa)
#### Switch
- **User:** 8WfY8
- **Password:** tI3evTNBZMlnngtBc
#### Accountant Machine (KMS-QB)
- **IP:** 172.16.50.168 (dual-homed on both subnets)
- **Hostname:** KMS-QB
- **User:** accountant / Paper123!@#-accountant
- **Local Admin:** localadmin / r3tr0gradE99!
- **RDP:** Enabled (accountant added to Remote Desktop Users)
- **WinRM:** Enabled
### Work History
#### 2025-12-22 (VPN RDP Access Fix)
- **Problem:** VPN clients couldn't RDP to 172.16.50.168
- **Root Causes:**
1. RDP not enabled (TermService not listening)
2. Windows Firewall blocking RDP from VPN subnet (192.168.1.0/24)
3. Required services not running (UmRdpService, SessionEnv)
- **Solution:**
1. Added SSH key to UCG for remote management
2. Verified OpenVPN pushing correct routes
3. Enabled WinRM on target machine
4. Added firewall rule for RDP from VPN subnet
5. Started required services (UmRdpService, SessionEnv)
6. Rebooted machine to fully enable RDP listener
7. Added 'accountant' user to Remote Desktop Users group
- **Testing:** RDP access confirmed working from VPN
### Credentials
**See:** credentials.md section:
- Client - Khalsa (UCG, Switch, Accountant Machine)
### Status
- **Active:** VPN and RDP troubleshooting complete
- **Important Dates:**
- 2025-12-22: VPN RDP access fully configured and tested
---
## MVAN Inc
### Company Information
- **Type:** Client
- **Status:** Active
### Infrastructure
#### Microsoft 365 Tenant 1
- **Tenant:** mvan.onmicrosoft.com
- **Admin User:** sysadmin@mvaninc.com
- **Password:** r3tr0gradE99#
- **Notes:** Global admin, project to merge/trust with T2
### Status
- **Active:** M365 tenant management
- **Project:** Tenant merge/trust with T2 (status unknown)
---
## RRS Law Firm
### Company Information
- **Type:** Client - Law Firm
- **Status:** Active
- **Domain:** rrs-law.com
### Infrastructure
#### Hosting
- **Server:** IX (172.16.3.10)
- **Public IP:** 72.194.62.5
#### Microsoft 365 Email DNS (Added 2025-12-19)
| Record | Type | Value |
|--------|------|-------|
| _dmarc.rrs-law.com | TXT | `v=DMARC1; p=quarantine; rua=mailto:admin@rrs-law.com` |
| selector1._domainkey | CNAME | selector1-rrslaw-com0i._domainkey.rrslaw.d-v1.dkim.mail.microsoft |
| selector2._domainkey | CNAME | selector2-rrslaw-com0i._domainkey.rrslaw.d-v1.dkim.mail.microsoft |
### Work History
#### 2025-12-19
- **Problem:** Email DNS records incomplete for Microsoft 365
- **Solution:** Added DMARC and both DKIM selectors via WHM API
- **Verification:** Both selectors verified by M365
- **Result:** DKIM signing enabled in M365 Admin Center
#### Final Email DNS Status
- MX → M365: Yes
- SPF (includes M365): Yes
- DMARC: Yes
- Autodiscover: Yes
- DKIM selector1: Yes
- DKIM selector2: Yes
- MS Verification: Yes
- Enterprise Registration: Yes
- Enterprise Enrollment: Yes
### Status
- **Active:** Email DNS configuration complete
- **Important Dates:**
- 2025-12-19: Complete M365 email DNS configuration
---
## Scileppi Law Firm
### Company Information
- **Type:** Client - Law Firm
- **Status:** Active
### Infrastructure
#### Network
- **Subnet:** 172.16.1.0/24
- **Gateway:** 172.16.0.1 (pfSense via Tailscale)
#### Storage Systems
| System | IP | Role | Credentials | Status |
|--------|-----|------|-------------|--------|
| DS214se | 172.16.1.54 | Source NAS (old) | admin / Th1nk3r^99 | Migration source |
| Unraid | 172.16.1.21 | Source server | root / Th1nk3r^99 | Migration source |
| RS2212+ | 172.16.1.59 | Destination NAS (new) | sysadmin / Gptf*77ttb123!@#-sl-server | Production |
#### RS2212+ (SL-SERVER)
- **Storage:** 25TB total, 6.9TB used (28%)
- **Data Share:** /volume1/Data (7.9TB)
- **Hostname:** SL-SERVER
- **SSH Key:** claude-code@localadmin added
#### User Accounts (Created 2025-12-29)
| Username | Full Name | Password | Notes |
|----------|-----------|----------|-------|
| chris | Chris Scileppi | Scileppi2025! | Owner |
| andrew | Andrew Ross | Scileppi2025! | Staff |
| sylvia | Sylvia | Scileppi2025! | Staff |
| rose | Rose | Scileppi2025! | Staff |
### Work History
#### 2025-12-23 (Migration Start)
- **Setup:** Enabled User Home Service on DS214se
- **Setup:** Enabled rsync service on DS214se
- **SSH Keys:** Generated on RS2212+, added to DS214se authorized_keys
- **Permissions:** Fixed home directory permissions (chmod 700)
- **Migration:** Started parallel rsync from DS214se and Unraid
- **Speed Issue:** Initially 1.5 MB/s, improved to 5.4 MB/s after switch port move
- **Network Issue:** VLAN 5 misconfiguration caused temporary outage
#### 2025-12-23 (Network Recovery)
- **Tailscale:** Re-authenticated after invalid key error
- **pfSense SSH:** Added SSH key for management
- **VLAN 5:** Diagnosed misconfiguration (wrong parent interface igb0 instead of igb2, wrong netmask /32 instead of /24)
- **Migration:** Automatically resumed after network restored
#### 2025-12-26
- **Migration Progress:** 6.4TB transferred (~94% complete)
- **Estimated Completion:** ~0.4TB remaining
#### 2025-12-29 (Migration Complete & Consolidation)
- **Status:** Migration and consolidation COMPLETE
- **Final Structure:**
- Active: 2.5TB (merged Unraid + DS214se Open Cases)
- Closed: 4.9TB (merged Unraid + DS214se Closed Cases)
- Archived: 451GB
- MOTIONS BANK: 21MB
- Billing: 17MB
- **Recycle Bin:** Emptied (recovered 413GB)
- **Permissions:** Group "users" with 775 on /volume1/Data
- **User Accounts:** Created 4 user accounts (chris, andrew, sylvia, rose)
### Credentials
**See:** credentials.md section:
- Client - Scileppi Law Firm (DS214se, Unraid, RS2212+, User accounts)
### Status
- **Active:** Migration and consolidation complete
- **Pending Tasks:**
- Monitor user access and permissions
- Verify data integrity
- Decommission DS214se after final verification
- Backup RS2212+ configuration
### Important Dates
- **2025-12-23:** Migration started (both sources)
- **2025-12-23:** Network outage (VLAN 5 misconfiguration)
- **2025-12-26:** ~94% complete (6.4TB of 6.8TB)
- **2025-12-29:** Migration and consolidation COMPLETE
---
## Sonoran Green LLC
### Company Information
- **Type:** Client - Construction
- **Status:** Active
- **Domain:** sonorangreenllc.com
- **Primary Entity:** BG Builders LLC
### Infrastructure
#### Microsoft 365
- **Tenant:** Shared with BG Builders LLC (ededa4fb-f6eb-4398-851d-5eb3e11fab27)
- **onmicrosoft.com:** sonorangreenllc.onmicrosoft.com
#### DNS Configuration
- **Current Status:**
- Nameservers: Still on GoDaddy (not migrated to Cloudflare)
- A Record: 172.16.10.200 (private IP - problematic)
- Email Records: Properly configured for M365
#### Needed Records (Not Yet Applied)
- DMARC: `v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com`
- DKIM selector1: CNAME to selector1-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com
- DKIM selector2: CNAME to selector2-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com
### Work History
#### 2025-12-19
- **Investigation:** Shared tenant with BG Builders identified
- **Assessment:** DMARC and DKIM records missing
- **Status:** DNS records prepared but not yet applied
### Status
- **Active:** Related entity to BG Builders LLC
- **Pending Tasks:**
- Migrate domain to Cloudflare DNS
- Fix A record (pointing to private IP)
- Apply DMARC and DKIM records
- Enable DKIM signing in M365 Defender
---
## Valley Wide Plastering
### Company Information
- **Type:** Client - Construction
- **Status:** Active
- **Domain:** VWP.US
### Infrastructure
#### Network
- **Subnet:** 172.16.9.0/24
#### Servers
| Server | IP | Role | Credentials |
|--------|-----|------|-------------|
| UDM | 172.16.9.1 | Gateway/firewall | root / Gptf*77ttb123!@#-vwp |
| VWP-DC1 | 172.16.9.2 | Primary DC, NPS/RADIUS | sysadmin / r3tr0gradE99# |
#### Active Directory
- **Domain:** VWP.US (NetBIOS: VWP)
- **Hostname:** VWP-DC1.VWP.US
- **Users OU:** OU=VWP_Users,DC=VWP,DC=US
#### NPS RADIUS Configuration (VWP-DC1)
- **Server:** 172.16.9.2
- **Ports:** 1812 (auth), 1813 (accounting)
- **Shared Secret:** Gptf*77ttb123!@#-radius
- **AuthAttributeRequired:** Disabled (required for UniFi OpenVPN)
- **RADIUS Clients:**
- UDM (172.16.9.1)
- VWP-Subnet (172.16.9.0/24)
- **Network Policy:** "VPN-Access" - allows all authenticated users (24/7)
- **Auth Methods:** All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
- **User Dial-in:** All VWP_Users set to msNPAllowDialin=True
#### VPN Users with Access (27 total)
Darv, marreola, farias, smontigo, truiz, Tcapio, bgraffin, cguerrero, tsmith, tfetters, owner, cougar, Receptionist, Isacc, Traci, Payroll, Estimating, ARBilling, orders2, guru, sdooley, jguerrero, kshoemaker, rose, rguerrero, jrguerrero, Acctpay
### Work History
#### 2025-12-22 (RADIUS/VPN Setup)
- **Objective:** Configure RADIUS authentication for VPN (similar to Dataforth)
- **Installation:** Installed NPS role on VWP-DC1
- **Configuration:** Created RADIUS clients for UDM and VWP subnet
- **Network Policy:** Created "VPN-Access" policy allowing all authenticated users
#### 2025-12-22 (Troubleshooting & Resolution)
- **Issue 1:** Message-Authenticator invalid (Event 18)
- Fix: Set AuthAttributeRequired=No on RADIUS clients
- **Issue 2:** Dial-in permission denied (Reason Code 65)
- Fix: Set all VWP_Users to msNPAllowDialin=True
- **Issue 3:** Auth method not enabled (Reason Code 66)
- Fix: Added all auth types to policy, removed default deny policies
- **Issue 4:** Default policy catching requests
- Fix: Deleted "Connections to other access servers" policy
#### Testing Results
- **Success:** VPN authentication working with AD credentials
- **Test User:** cguerrero (or INTRANET\sysadmin)
- **NPS Event:** 6272 (Access granted)
### Credentials
**See:** credentials.md section:
- Client - Valley Wide Plastering (UDM, VWP-DC1, NPS RADIUS configuration)
### Status
- **Active:** RADIUS/VPN setup complete
- **Important Dates:**
- 2025-12-22: Complete RADIUS/VPN configuration and testing
---
## Summary Statistics
### Client Counts
- **Total Clients:** 12 (including internal)
- **Active Clients:** 12
- **M365 Tenants:** 6 (BG Builders, CW Concrete, Dataforth, MVAN, RRS, Scileppi)
- **Active Directory Domains:** 3 (Dataforth, Valley Wide, Glaztech)
### Infrastructure Overview
- **Domain Controllers:** 3 (Dataforth AD1/AD2, VWP-DC1)
- **NAS Devices:** 4 (Scileppi RS2212+, DS214se, Unraid, Dataforth D2TESTNAS)
- **Network Gateways:** 4 (Dataforth UDM, VWP UDM, Khalsa UCG, pfSense)
- **RADIUS Servers:** 2 (Dataforth AD1, VWP-DC1)
- **VPN Endpoints:** 3 (Dataforth, VWP, Khalsa)
### Work Categories
- **Security Incidents:** 3 (BG Builders - resolved, CW Concrete - resolved, Dataforth - mailbox cleanup)
- **Email DNS Projects:** 2 (BG Builders, RRS)
- **Network Infrastructure:** 3 (Dataforth DOS, VWP RADIUS, Khalsa VPN)
- **Data Migrations:** 1 (Scileppi - complete)
---
**Last Updated:** 2026-01-26
**Source Files:** CATALOG_CLIENTS.md, CATALOG_SESSION_LOGS.md
**Status:** Complete import from claude-projects catalogs
Reference in New Issue View Git Blame Copy Permalink