Mike Swanson
5169936cfc
- IMC: document 716 GB SQL backup cleanup, retention scheduled task, DB move C:->S:, sysadmin grant via single-user recovery, parked RDS removal after KB5075999 apply rolled back on ETW manifest error - Valleywide: document RDWeb brute-force incident on VWP-QBS, UDM port forward closure, 30-day audit showing no breach, lockout policy restoration - Dataforth: capture Swagger API review and Hoffman Zoom call prep
60 lines
2.9 KiB
Markdown
60 lines
2.9 KiB
Markdown
# Instrumental Music Center (IMC)
|
|
|
|
Music retail + repair shop running AIMsi point-of-sale on-prem.
|
|
|
|
## Infrastructure
|
|
|
|
### Primary server: IMC1 (192.168.0.2)
|
|
- **OS:** Windows Server 2016 Standard (build 14393.7426)
|
|
- **Role:** Domain Controller (IMC.local), file server, AIMsi SQL host, RDS host
|
|
- **Hardware:** Dell R720, 4 physical cores
|
|
- **Disks:**
|
|
- `C:` — OS + IIS + a few apps (419 GB, ~77% full as of 2026-04-13)
|
|
- `E:` — SQL backups, app installers, Server 2016 install media (`E:\W2016`)
|
|
- `F:` — Windows Image Backups
|
|
- `S:` — Dedicated SSD (Samsung 850 PRO 256 GB), now holding AIMsi SQL DBs
|
|
|
|
### Access
|
|
- **SSH:** `ssh IMC\guru@192.168.0.2` (ed25519 key auth; PowerShell default shell)
|
|
- **VPN:** OpenVPN `.ovpn` profile (subnet issues with Tailscale 192.168.0.0/24 overlap — disconnect Tailscale first)
|
|
- **Domain admin:** `IMC\guru`
|
|
- **AIMSQL sysadmin:** `IMC\guru` (added 2026-04-12 via single-user recovery)
|
|
|
|
### AIMsi / SQL
|
|
- **Instance:** `IMC1\AIMSQL` (MSSQL15 = SQL Server 2019 Express, despite folder name)
|
|
- **Databases on `S:\SQL\Data\`:**
|
|
- `AIM.mdf` (~8 GB) — production AIMsi database
|
|
- `IMC.mdf` (~9 GB) — legacy, usage unclear (kept out of caution)
|
|
- `TestConv61223.mdf` (~8 GB) — leftover from 2023-06-12 migration test; safe to drop
|
|
- `tempdb.mdf`
|
|
- **System DBs remain on** `C:\Program Files\Microsoft SQL Server\MSSQL15.AIMSQL\MSSQL\DATA\` (master, model, msdb)
|
|
|
|
### Backups
|
|
- **Local SQL backups:** `E:\SQL\MSSQL14.SQLEXPRESS\MSSQL\Backup\IMCAIM_*.bak` (nightly at 22:00)
|
|
- **Retention:** Automated via `C:\Scripts\Clean-AimsiBackups.ps1` scheduled task `IMC AIMsi Backup Retention` (daily 23:30, runs as SYSTEM)
|
|
- **Policy:** Last 14 dailies + 1st-of-month; safety override keeps 3 newest regardless
|
|
- **Off-site:** Cloudberry/MSP360 "Online Backup" at `C:\ProgramData\Online Backup\`
|
|
|
|
### AIM client share
|
|
- `\\IMC1\AIM` → `S:\AIM` (4 connected users typical)
|
|
- AIM.exe is a 128 KB launcher; real work happens against `IMC1\AIMSQL`
|
|
- `RequireSecuritySignature = True` in SMB server config — adds auth overhead
|
|
|
|
### Known issues
|
|
- **Component store corrupted** (0x80073701 during RDS role removal). KB5075999 re-apply succeeds but rolls back on reboot due to ETW manifest error (HRESULT 15010, provider GUID `{9c2a37f3-e5fd-5cae-bcd1-43dafeee1ff0}`)
|
|
- `RDS removal is blocked` → pending 2019 migration strategy (in-place vs. clean)
|
|
- Oversized `COMPONENTS` hive (~168 MB, normal is 30-50 MB)
|
|
- `SMB1 enabled` on server — should disable as security hygiene
|
|
|
|
### Other servers in AD
|
|
- `IMC2` — 2016 Essentials, last logon 2023, likely decommissioned
|
|
- `IMC-VM` — 2016 Standard, last logon 2021, dead
|
|
- `SERVERIMC` (192.168.0.63) — SSH-only, 2016 Essentials per AD, state unclear
|
|
|
|
## Open work
|
|
|
|
- Decide Server 2019 migration path (in-place vs. clean build + migrate)
|
|
- Consider dropping `TestConv61223` DB after verifying nothing references it
|
|
- Disable SMB1
|
|
- Add IMC vault entry for SSH/SQL/domain credentials
|