azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
470a8e7eb1253eea8b9cd48ace21ebd33c48e2f2
claudetools/wiki/clients/grabb-durando.md
Mike Swanson c871ad8815 sync: auto-sync from GURU-5070 at 2026-06-10 15:18:03 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-10 15:18:03
2026-06-10 15:18:16 -07:00

14 KiB
Raw Blame History

type, name, display_name, last_compiled, compiled_by, sources, backlinks
type name display_name last_compiled compiled_by sources backlinks
client grabb-durando Grabb & Durando, P.C. 2026-05-24 DESKTOP-0O8A1RL/claude-main
clients/grabb-durando/session-logs/2026-05-04-leap-m365-calendar-fix.md
clients/grabb-durando/reports/2026-05-04-leap-calendar-permission-investigation.md
clients/grabb-durando/ai-demand-review/CONTEXT.md
clients/grabb-durando/PROJECT_STATE.md
clients/grabb-durando/website-migration/README.md
clients/grabb-durando/gururmm-diag-GND-SERVER-20260512-155234.txt
projects/gururmm

Grabb & Durando, P.C.

Profile

  • Company type: Plaintiff personal injury law firm (Arizona)
  • Contract type: Managed (MSP) — includes M365 tenant management
  • Key contacts:
  • Billing: PREPAID block customer — 21.25 prepay hours remaining as of 2026-06-10 (after ticket #32405). Syncro prepay_hours only shows on the per-customer detail endpoint, NOT the customer-list endpoint (list returns null — misleading). Remote labor rate $150/hr (drawn from block).
  • Syncro customer ID: 14232794 (business: "Grabb & Durando Law Office"; primary contact on file: jwilliams@grabblaw.com)
  • Recent ticket: #32405 (2026-06-10) — calendar-app login fix, 1.0 hr remote applied to prepaid block

Infrastructure

Servers & Services

Host IP Role OS Notes
GND-SERVER [unverified] On-premise server Windows Server 2019 Standard, AMD64 GuruRMM agent installed 2026-05-12 via site-specific MSI
GoDaddy VPS 208.109.235.224 ORIGINAL host of data.grabbanddurando.com (long retired) CloudLinux 9.6, cPanel v126 App moved off years ago. Hosting path over ~2 years: GoDaddy -> WebSvr -> IX. Nothing points here now; verify the VPS is cancelled (may still bill).
ix.azcomputerguru.com (IX) 72.194.62.5 (internal 172.16.3.10) LIVE host of data.grabbanddurando.com (calendar/case app) CloudLinux 9.7, cPanel Current home of the app — on IX for ~1yr+ (path: GoDaddy -> WebSvr -> IX over ~2 yrs, per Mike). Confirmed live 2026-06-10. DNS data.grabbanddurando.com -> 72.194.62.5. cPanel acct grabblaw, docroot /home/grabblaw/public_html/data_grabbanddurando, live DB grabblaw_gdapp_data. App actively used. SSH via internal 172.16.3.10 only — public port 22 firewalled (times out).
WebSvr (ACG) 162.248.93.81 Main domain (grabbanddurando.com) DNS/hosting ACG managed Nameserver authority for grabbanddurando.com zone

Email & Identity

  • M365 tenant: grabblaw.com (tenant ID 032b383e-96e4-491b-880d-3fd3295672c3)
  • Licenses: O365 Business Premium (confirmed on multiple users)
  • MFA status: [unverified]
  • User-consent policy: microsoft-user-default-recommended + microsoft-user-default-allow-consent-apps — high-risk delegated scopes (Mail.ReadWrite, Files.ReadWrite.All) require admin approval
  • Leap (legal case management): Two service principals registered in tenant:
    • LEAP daemon/service app — 5602fc50-4c30-4faa-a595-e5a0f15d2cce (app-only, tenant-wide consent already granted)
    • LEAP user-facing/delegated app — a7d19842-33e2-457b-a399-d4e6ec010f0a (per-user or tenant-wide consent; tenant-wide granted 2026-05-04)
  • Inky/GuruProtect: Installed (confirmed in email headers)
  • GuruRMM Security Investigator app: Consented in tenant (used for read-only Graph investigation 2026-05-04)

Network

  • ISP / WAN: [unverified]
  • Firewall: [unverified]
  • VPN: [unverified]

Web Applications

  • Primary site: grabbanddurando.com — hosted on WebSvr (ACG)
  • Data app ("the calendar site"): data.grabbanddurando.com — custom PHP app (mysqli, PHP session law_admin). Calendar + case management (agenda views, gd_calendar_events, gd_cases, "Jeff's Notes", phone log, contacts). NOW LIVE ON IX (migrated off GoDaddy): cPanel acct grabblaw, docroot /home/grabblaw/public_html/data_grabbanddurando, live DB grabblaw_gdapp_data (app user grabblaw_gddata; creds hardcoded in connection.php — [WARNING] not vaulted). Pre-migration copies grabblaw_gdapp (48 users) and grabblaw_gdapp2 still present on IX as historical snapshots.
    • Auth model: login is index.phpSELECT * FROM vt_users WHERE username='<login>' AND password=MD5('<pw>') AND is_enabled=1. Login is by username (the form field is labeled "Username" but POSTs as email); password is unsalted MD5; the account row must have is_enabled=1 (a disabled row returns "you have not activated your account"). Roles live in acl_user_role (1=Super Admin, 3=Assistant, 4=Lawyer, 5=Call Center), linked via acl_junction_user_role. "I forgot my password" emails a reset link (writes a code to vt_users). [WARNING] weak auth: unsalted MD5 + a plaintext password cookie set on login.
  • Case management: Leap — integrated with M365 calendar/mail via delegated OAuth

GuruRMM

  • Site name: Main Office
  • Client code: [unverified — not documented in available files; MSI was site-specific]
  • Site ID: d526d700-7210-48b1-94a9-40c87a29dc25 (from agent registry, this is the SiteId value baked into the MSI)

Enrolled Agents

Agent Host OS Version at install Agent key (partial) Notes
GND-SERVER GND-SERVER Windows Server 2019 0.6.2 (2026-05-12) agk_NEzx7sRA9Jd... Installed via MSI gururmm-agent-grabb-main-office.msi; running as LocalSystem; [WARNING] binary path issue noted at install time — path in registry did not match actual binary location
  • GuruRMM agent ID: [unverified — agent ID not captured in available files; use dashboard to confirm]
  • Agent log: C:\ProgramData\GuruRMM\agent.log.2026-05-12 (0 bytes at install time)
  • Network connectivity check (2026-05-12): External HTTPS to rmm.azcomputerguru.com [OK]; internal API (172.16.3.30:3001) [FAIL — timeout, expected for external client]

Access

  • M365 admin: Entra portal via sysadmin@grabblaw.com or guru@grabblaw.com
  • GoDaddy VPS (source): ssh -i ~/.ssh/id_ed25519 root@208.109.235.224
  • IX server (hosting target): ssh root@ix.azcomputerguru.com
  • WebSvr (DNS): ssh root@websvr.acghosting.com
  • Vault path: clients/grabb-durando/ [unverified — no confirmed SOPS entries found in session logs; check vault before assuming paths]
  • Database credentials (GoDaddy): [WARNING] Database password e8o8glFDZD appears in plaintext in clients/grabb-durando/website-migration/README.md — migrate to vault before any future work on this project

Patterns & Known Issues

  • Leap OAuth consent pattern: New hires at Grabb & Durando will NOT automatically have Leap M365 calendar sync enabled. As of 2026-05-04 tenant-wide consent was granted on the LEAP delegated app — new users should now get through the consent flow without admin intervention. Verify this holds for next new hire.
  • Leap identity binding trap: If an admin signs in to Leap on a user's machine to grant consent, Leap stores the admin's identity token instead of the user's. Symptom: Leap syncs the wrong mailbox and throws "unable to subscribe to notifications." Fix: revoke admin OAuth grant, clear %LOCALAPPDATA%\Microsoft Corporation\ Leap cache, re-sign in as the correct user.
  • SYSTEM context in GuruRMM commands: Agent runs as LocalSystem. HKCU probes from GuruRMM commands read the SYSTEM hive, not a logged-in user's. Use HKU:\<SID> path for per-user registry work.
  • Website migration (data.grabbanddurando.com): COMPLETE — app is live on IX (/home/grabblaw/public_html/data_grabbanddurando, DB grabblaw_gdapp_data), confirmed 2026-06-10. DNS points to 72.194.62.5. App actively used post-migration.
  • [WARNING] Live user table holds only active logins — traced to the Dec 2025 rebuild (root cause of "login broken for one user"): The live vt_users has only 6 of 48 rows (and 77 of 82 acl_junction_user_role links) vs. the older copy grabblaw_gdapp. Origin confirmed by 2026-06-10 forensics: a Dec 1516 2025 server migration / MariaDB strict-mode rebuild, documented on-server at backups_mariadb_fix/MIGRATION_REPORT.md ("Prepared by: IT Support" — GoDaddy/legacy → IX cPanel, PHP 7.4→8.1, MariaDB 10.11 strict mode, 61 app files modified). Live DB dir built 2025-12-16, alongside 5 clone/scratch DBs (grabblaw_gdapp, gdapp2, _clone, _new, sandbox) created 2025-12-11; connection.php repointed 2025-12-15; rocky aftermath (app error_log shows DB-connect failures Jan 2026). The rebuild imported every DATA table fully — all are ≥ the old copy (activity 18.6k>17.9k, gd_calendar_events 13.2k>12.6k, gd_assign_users 25.0k>23.1k; gd_cases/gd_cases_notes/gd_contacts/gd_phone_log identical) — but vt_users came out short. Binary logging is OFF, so no statement-level proof of deliberate prune vs. failed import. The live DB is authoritative and current — do NOT full-restore from grabblaw_gdapp (would lose newer live data). Correct remediation = targeted backfill of the specific missing vt_users row(s) (+ acl_junction_user_role links) from grabblaw_gdappgrabblaw_gdapp_data, preserving each user's id + MD5 password. Symptom presented as "one user can't log in, everyone else fine" because the only 3 active users (rgrabb, rpesqueira, jsosa) happened to be among the 6 surviving rows.
  • Diagnostic pattern — per-user login failure on the calendar app: first check the live DB: SELECT id,username,is_enabled FROM grabblaw_gdapp_data.vt_users WHERE username='<u>'. No row → user was dropped in migration; restore from grabblaw_gdapp. Row with is_enabled=0 → re-enable. Row present + enabled → password/MD5 issue (use forgot-password flow or reset the hash).

Active Work

  • AI Demand Review System (scoping/pre-quote as of 2026-05-12): Robert Grabb wants a custom Claude API web application for AI-assisted pre-suit demand package preparation. 11-category document upload UI, structured Claude output (case snapshot, liability, medical chronology, demand letter, etc.), DOCX/PDF export, per-case audit log. Estimated 3248 hrs, $4,000$6,960 flat fee range. Discovery call questions outstanding (user count, Leap API, file server structure). See clients/grabb-durando/ai-demand-review/CONTEXT.md for full spec.
  • Website migration (data.grabbanddurando.com → IX): COMPLETE (confirmed 2026-06-10, live on IX). Remaining cleanup: confirm the old GoDaddy VPS (208.109.235.224) is decommissioned/cancelled — nothing points to it anymore but it may still bill.
  • Calendar-app user-table backfill (data.grabbanddurando.com) — DEFERRED to client: 2026-06-10 restored jwilliams (Jeff Williams, id 46, Super Admin) into the live vt_users to fix his login. 41 other accounts still missing from the live DB (20 enabled real users: ahayward, amarshall, apesqueira, cpavlik, ecorella, gcanto, Greg, jclark, kloya, lgonzalez, mbleaman, mcarias, mgonzales, mwaletitsch, pgrabb, rmaza, admin, etc. — plus disabled/test rows). Per Mike (2026-06-10): only a handful of active users; left for Jeff Williams to decide later — no bulk backfill planned by ACG. If a specific person needs access, restore just their row via targeted INSERT ... SELECT from grabblaw_gdapp (preserve id + MD5 pw); skip test/junk (testsuntec, ContactOne).

History Highlights

Date Event
Pre-2026 Established MSP client; M365 tenant (grabblaw.com) under ACG management; Leap deployed firm-wide
2025-12-15/16 data.grabbanddurando.com migrated to IX + MariaDB strict-mode rebuild (confirmed 2026-06-10 via on-server backups_mariadb_fix/MIGRATION_REPORT.md, "Prepared by: IT Support"). GoDaddy/legacy → IX cPanel; PHP 7.4→8.1; MariaDB 10.11 strict mode; 61 app files modified. Live DB grabblaw_gdapp_data built 12-16 alongside 5 clone/scratch DBs (12-11); connection.php repointed 12-15; rocky aftermath (DB-connect failures in app error_log Jan 2026). The rebuild left the live vt_users with only ~6 of 48 logins — origin of the 2026-06-10 Jeff login issue.
2026-04-20 PROJECT_STATE.md created noting website migration stalled, no session logs recorded at that time
2026-05-04 Howard: Leap M365 calendar sync for Svetlana Larionova — OAuth consent investigation + tenant-wide LEAP consent granted by Mike; Leap identity token cleanup; Teams external-share limitation explained; second monitor added
2026-05-12 GuruRMM agent installed on GND-SERVER via site-specific MSI (v0.6.2). Diagnostic run confirms agent service running. AI demand review project kicked off — Phase Two Package delivered by Robert Grabb, ACG scoping review begun.
2026-06-10 Calendar-app login fix + migration audit. Reported: Jeff Williams (jwilliams) couldn't log in to data.grabbanddurando.com while others could. Root cause traced to the Dec 2025 IX/MariaDB rebuild, which left the live vt_users with only 6 of 48 logins (Jeff not among the survivors). Confirmed the app is live on IX (grabblaw cPanel acct, DB grabblaw_gdapp_data) and that the live DB is authoritative (all data tables ≥ old copy). Restored jwilliams (id 46, Super Admin, original MD5 password) from grabblaw_gdapp → live; login verified. 41 other (mostly inactive) accounts left un-restored at Mike's direction — Jeff to decide later. Billed 1.0 hr remote on new Syncro ticket #32405 — applied against their PREPAID block (invoice #67812 = $0.00; 21.25 prepay hrs remaining). Documented the app auth model, the Dec-2025 origin, and a per-user login diagnostic.

Backlinks

Reference in New Issue View Git Blame Copy Permalink