claudetools/CLIENT_DIRECTORY.md

Client Directory

Generated: 2026-01-26 Purpose: Comprehensive directory of all MSP clients with infrastructure, work history, and credentials Source: CATALOG_CLIENTS.md, CATALOG_SESSION_LOGS.md

---

Table of Contents

1. AZ Computer Guru (Internal)
2. BG Builders LLC
3. CW Concrete LLC
4. Dataforth Corporation
5. Glaztech Industries
6. Grabb & Durando
7. Khalsa
8. MVAN Inc
9. RRS Law Firm
10. Scileppi Law Firm
11. Sonoran Green LLC
12. Valley Wide Plastering

---

AZ Computer Guru (Internal)

Company Information

• Type: Internal Operations
• Status: Active
• Domain: azcomputerguru.com
• Service Area: Statewide (Arizona - Tucson, Phoenix, Prescott, Flagstaff)
• Phone: 520.304.8300

Infrastructure

Physical Servers

Server	IP	OS	Role	Access
Jupiter	172.16.3.20	Unraid	Primary container host	root / Th1nk3r^99##
Saturn	172.16.3.21	Unraid	Secondary storage	root / r3tr0gradE99
Build Server (gururmm)	172.16.3.30	Ubuntu 22.04	GuruRMM, PostgreSQL	guru / Gptf*77ttb123!@#-rmm
pfSense	172.16.0.1	FreeBSD/pfSense 2.8.1	Firewall, VPN	admin / r3tr0gradE99!!
WebSvr	websvr.acghosting.com	cPanel	WHM/cPanel hosting	root / r3tr0gradE99#
IX	172.16.3.10	cPanel	WHM/cPanel hosting	root / Gptf*77ttb!@#!@#

Network Configuration

• LAN Subnet: 172.16.0.0/22
• Tailscale Network: 100.x.x.x/32 (mesh VPN)
  • pfSense: 100.119.153.74 (hostname: pfsense-2)
  • ACG-M-L5090: 100.125.36.6
• WAN (Fiber): 98.181.90.163/31
• Public IPs: 72.194.62.2-10, 70.175.28.51-57

Services

Service	External URL	Internal	Purpose
Gitea	git.azcomputerguru.com	172.16.3.20:3000	Git server
GuruRMM	rmm-api.azcomputerguru.com	172.16.3.30:3001	RMM platform
NPM	-	172.16.3.20:7818	Nginx Proxy Manager
Seafile	sync.azcomputerguru.com	172.16.3.21	File sync

Work History

2025-12-12

• Tailscale fix on pfSense after upgrade
• WebSvr security: Blocked 10 IPs via Imunify360
• Disk cleanup: Freed 58GB (86% to 80%)
• DNS fix: Added A record for data.grabbanddurando.com

2025-12-14

• SSL certificate: Added rmm-api.azcomputerguru.com to NPM
• Session logging improvements
• Rust installation on WSL
• SSH key generation and distribution

2025-12-16 (Multiple Sessions)

• GuruRMM dashboard deployed to build server
• Auto-update system implemented for agent
• Binary replacement bug fix (rename-then-copy pattern)
• MailProtector deployed on WebSvr and IX

2025-12-21

• Temperature metrics added to agent v0.5.1
• CI/CD pipeline created with webhook handler
• Policy system designed (Client → Site → Agent)
• Authorization system implemented (Phases 1-2)

2025-12-25

• pfSense hardware migration to Intel N100
• Tailscale firewall rules made permanent
• SeaFile and Scileppi data migration monitoring

Credentials

See: credentials.md sections:

• Infrastructure - SSH Access (Jupiter, Saturn, pfSense, Build Server, WebSvr, IX)
• Services - Web Applications (Gitea, NPM, Cloudflare)
• Projects - GuruRMM (Database, API, SSO, CI/CD)
• MSP Tools (Syncro, Autotask, CIPP)

Status

• Active: Production infrastructure operational
• Development: GuruRMM Phase 1 MVP in progress
• Pending Tasks:
  • GuruRMM agent architecture support (ARM, different OS versions)
  • Repository optimization (ensure all remotes point to Gitea)
  • Clean up old Tailscale entries
  • Windows SSH keys for Jupiter and RS2212+ direct access
  • NPM proxy for rmm.azcomputerguru.com SSO dashboard

---

BG Builders LLC

Company Information

• Type: Client - Construction
• Status: Active
• Domain: bgbuildersllc.com
• Related Entity: Sonoran Green LLC (same M365 tenant)

Infrastructure

Microsoft 365

• Tenant ID: ededa4fb-f6eb-4398-851d-5eb3e11fab27
• onmicrosoft.com: sonorangreenllc.onmicrosoft.com
• Admin User: sysadmin@bgbuildersllc.com
• Password: Window123!@#-bgb
• Licenses:
  • 8x Microsoft 365 Business Standard
  • 4x Exchange Online Plan 1
  • 1x Microsoft 365 Basic
• Security Gap: No advanced security features (no conditional access, Intune, or Defender)
• Recommendation: Upgrade to Business Premium

DNS Configuration (Cloudflare)

• Zone ID: 156b997e3f7113ddbd9145f04aadb2df
• Nameservers: amir.ns.cloudflare.com, mckinley.ns.cloudflare.com
• A Records: 3.33.130.190, 15.197.148.33 (proxied) - GoDaddy Website Builder

Email Security Records (Configured 2025-12-19)

• SPF: v=spf1 include:spf.protection.outlook.com -all
• DMARC: v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com
• DKIM selector1: CNAME to selector1-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com
• DKIM selector2: CNAME to selector2-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com
• MX: bgbuildersllc-com.mail.protection.outlook.com

Work History

2025-12-19 (Email Security Incident)

• Incident: Phishing email spoofing shelly@bgbuildersllc.com
• Subject: "Sonorangreenllc.com New Notice: All Employee Stipend..."
• Investigation: Account NOT compromised - external spoofing attack
• Root Cause: Missing DMARC and DKIM records
• Response:
  • Verified no mailbox forwarding, inbox rules, or send-as permissions
  • Added DMARC record with p=reject policy
  • Configured DKIM selectors (selector1 and selector2)
  • Email correctly routed to Junk folder by M365

2025-12-19 (Cloudflare Migration)

• Migrated bgbuildersllc.com from GoDaddy to Cloudflare DNS
• Recovered original A records from GoDaddy nameservers
• Created 14 DNS records including M365 email records
• Preserved GoDaddy zone file for reference

2025-12-22 (Security Investigation - Resolved)

• Compromised User: Shelly@bgbuildersllc.com (Shelly Dooley)
• Findings:
  • Gmail OAuth app with EAS.AccessAsUser.All (REMOVED)
  • "P2P Server" app registration backdoor (DELETED by admin)
  • No malicious mailbox rules or forwarding
  • Sign-in logs unavailable (no Entra P1 license)
• Remediation:
  • Password reset: 5ecwyHv6&dP7 (must change on login)
  • All sessions revoked
  • Gmail OAuth consent removed
  • P2P Server backdoor deleted
• Status: RESOLVED

Credentials

• M365 Tenant ID: ededa4fb-f6eb-4398-851d-5eb3e11fab27
• Admin User: sysadmin@bgbuildersllc.com
• Password: Window123!@#-bgb
• Cloudflare Zone ID: 156b997e3f7113ddbd9145f04aadb2df

Status

• Active: Email security hardening complete
• Pending Tasks:
  • Create cPanel account for bgbuildersllc.com on IX server
  • Update Cloudflare A records to IX server IP (72.194.62.5) after account creation
  • Enable DKIM signing in M365 Defender
  • Consider migrating sonorangreenllc.com to Cloudflare

Important Dates

• 2025-12-19: Email security hardening completed
• 2025-12-22: Security incident resolved
• 2025-04-15: Last password change for user accounts

---

CW Concrete LLC

Company Information

• Type: Client - Construction
• Status: Active
• Domain: cwconcretellc.com

Infrastructure

Microsoft 365

• Tenant ID: dfee2224-93cd-4291-9b09-6c6ce9bb8711
• Default Domain: NETORGFT11452752.onmicrosoft.com
• Licenses:
  • 2x Microsoft 365 Business Standard
  • 2x Exchange Online Essentials
• Security Gap: No advanced security features
• Recommendation: Upgrade to Business Premium for Intune, conditional access, Defender
• Notes: De-federated from GoDaddy 2025-12, domain needs re-verification

Work History

2025-12-22 (Security Investigation - Resolved)

• Findings:
  • Graph Command Line Tools OAuth consent with high privileges (REMOVED)
  • "test" backdoor app registration with multi-tenant access (DELETED)
  • Apple Internet Accounts OAuth (left - likely iOS device)
  • No malicious mailbox rules or forwarding
• Remediation:
  • All sessions revoked for all 4 users
  • Backdoor apps removed
• Status: RESOLVED

2025-12-23

• License analysis via CIPP API
• Security assessment completed
• Recommendation provided for Business Premium upgrade

Credentials

• M365 Tenant ID: dfee2224-93cd-4291-9b09-6c6ce9bb8711
• CIPP Name: cwconcretellc.com

Status

• Active: Security assessment complete
• Pending Tasks:
  • Business Premium upgrade recommendation
  • Domain re-verification in M365

---

Dataforth Corporation

Company Information

• Type: Client - Industrial Equipment Manufacturing
• Status: Active
• Domain: dataforth.com, intranet.dataforth.com
• Business: Industrial test equipment manufacturer

Infrastructure

Network

• LAN Subnet: 192.168.0.0/24
• Domain: INTRANET (intranet.dataforth.com)
• VPN Subnet: 192.168.6.0/24
• VPN Endpoint: 67.206.163.122:1194/TCP

Servers

Server	IP	Role	Credentials
UDM	192.168.0.254	Gateway/OpenVPN	root / Paper123!@#-unifi
AD1	192.168.0.27	Primary DC, NPS/RADIUS	INTRANET\sysadmin / Paper123!@#
AD2	192.168.0.6	Secondary DC, file server	INTRANET\sysadmin / Paper123!@#
D2TESTNAS	192.168.0.9	DOS machine SMB1 proxy	admin / Paper123!@#-nas

Active Directory

• Domain: INTRANET
• DNS: intranet.dataforth.com
• Admin: INTRANET\sysadmin / Paper123!@#

RADIUS/NPS Configuration (AD1)

• Server: 192.168.0.27
• Ports: 1812/UDP (auth), 1813/UDP (accounting)
• Shared Secret: Gptf*77ttb!@#!@#
• RADIUS Client: unifi (192.168.0.254)
• Network Policy: "Unifi" - allows Domain Users 24/7
• Auth Methods: All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
• AuthAttributeRequired: False (required for UniFi OpenVPN)

Microsoft 365

• Tenant ID: 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
• Admin: sysadmin@dataforth.com / Paper123!@# (synced with AD)

Entra App Registration (Claude-Code-M365)

• Purpose: Silent Graph API access for automation
• App ID: 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29
• Client Secret: tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3
• Created: 2025-12-22
• Expires: 2027-12-22
• Permissions: Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All, Sites.ReadWrite.All, Files.ReadWrite.All

Work History

2025-12-14 (DOS Test Machines Implementation)

• Problem: Crypto attack disabled SMB1 on production servers
• Solution: Deployed NetGear ReadyNAS as SMB1 proxy
• Architecture:
  • DOS machines → NAS (SMB1) → AD2 (SMB2/3)
  • Bidirectional sync every 15 minutes
  • PULL: Test results → Database
  • PUSH: Software updates → DOS machines
• Features:
  • Remote task deployment (TODO.BAT)
  • Centralized software management (UPDATE.BAT)
• Machines Working: TS-27, TS-8L, TS-8R
• Machines Pending: ~27 DOS machines need network config updates
• Project Time: ~11 hours implementation

2025-12-20 (RADIUS/OpenVPN Setup)

• Problem: VPN connections failing with RADIUS authentication
• Root Cause: NPS required Message-Authenticator attribute, but UDM's pam_radius_auth doesn't send it
• Solution:
  • Set NPS RADIUS client AuthAttributeRequired to False
  • Created comprehensive OpenVPN client profiles (.ovpn)
  • Configured split tunnel (no redirect-gateway)
  • Added proper DNS configuration
• Testing: Successfully authenticated INTRANET\sysadmin via VPN

2025-12-22 (John Lehman Mailbox Cleanup)

• User: jlehman@dataforth.com
• Problem: Duplicate calendar events and contacts causing Outlook sync issues
• Investigation: Created Entra app for persistent Graph API access
• Results:
  • Deleted 175 duplicate recurring calendar series (kept newest)
  • Deleted 476 duplicate contacts
  • Deleted 1 blank contact
  • 11 series couldn't be deleted (John is attendee, not organizer)
• Cleanup Stats:
  • Contacts: 937 → 460 (477 removed)
  • Recurring series: 279 → 104 (175 removed)
• Post-Cleanup Issues:
  • Calendar categories lost (colors) - awaiting John's preferences
  • Focused Inbox ML model reset - created 12 "Other" overrides
• Follow-up: Block New Outlook toggle via registry (HideNewOutlookToggle)

Credentials

See: credentials.md sections:

• Client - Dataforth (UDM, AD1, AD2, D2TESTNAS, NPS RADIUS, Entra app)
• Projects - Dataforth DOS (Complete workflow documentation)

Status

• Active: Ongoing support including RADIUS/VPN, AD, M365 management
• DOS System: 90% complete, operational
• Pending Tasks:
  • John Lehman needs to reset Outlook profile for fresh sync
  • Apply "Block New Outlook" registry fix on John's laptop
  • Re-apply calendar categories based on John's preferences
  • Datasheets share creation on AD2 (BLOCKED - waiting for Engineering)
  • Update network config on remaining ~27 DOS machines

Important Dates

• 2025-12-14: DOS test machine system implemented
• 2025-12-20: RADIUS/VPN authentication configured
• 2025-12-22: Major mailbox cleanup for John Lehman

---

Glaztech Industries

Company Information

• Type: Client
• Status: Active
• Domain: glaztech.com
• Subdomain (standalone): slc.glaztech.com

Infrastructure

Active Directory Migration Plan

• Current: slc.glaztech.com standalone domain (~12 users/computers)
• Recommendation: Manual migration to glaztech.com using OUs for site segmentation
• Reason: Small environment, manual migration more reliable than ADMT

Firewall GPO Scripts (Created 2025-12-18)

• Purpose: Ransomware protection via firewall segmentation
• Files:
  • Configure-WorkstationFirewall.ps1 - Blocks workstation-to-workstation traffic
  • Configure-ServerFirewall.ps1 - Restricts workstation access to servers
  • Configure-DCFirewall.ps1 - Secures Domain Controller access
  • Deploy-FirewallGPOs.ps1 - Creates and links GPOs

Work History

2025-12-18

• AD migration planning: Recommended manual migration approach
• Firewall GPO scripts created for ransomware protection
• GuruRMM testing: Attempted legacy agent deployment on 2008 R2

2025-12-21

• GuruRMM Site Code: DARK-GROVE-7839 configured
• Compatibility Issue: Agent fails silently on Server 2008 R2 (missing VC++ Runtime or incompatible APIs)
• Likely Culprits: sysinfo, local-ip-address crates using newer Windows APIs

Credentials

• GuruRMM:
  • Client ID: d857708c-5713-4ee5-a314-679f86d2f9f9
  • Site: SLC - Salt Lake City
  • Site ID: 290bd2ea-4af5-49c6-8863-c6d58c5a55de
  • Site Code: DARK-GROVE-7839
  • API Key: grmm_Qw64eawPBjnMdwN5UmDGWoPlqwvjM7lI

Status

• Active: AD planning, firewall hardening, GuruRMM deployment
• Pending Tasks:
  • Plan slc.glaztech.com to glaztech.com AD migration
  • Deploy firewall GPO scripts after testing
  • Resolve GuruRMM agent 2008 R2 compatibility issues

---

Grabb & Durando

Company Information

• Type: Client - Law Firm
• Status: Active
• Domain: grabbanddurando.com
• Related: grabblaw.com

Infrastructure

IX Server (WHM/cPanel)

• Internal IP: 172.16.3.10
• Public IP: 72.194.62.5
• cPanel Account: grabblaw
• Database: grabblaw_gdapp_data
• Database User: grabblaw_gddata
• Password: GrabbData2025

data.grabbanddurando.com

• Record Type: A
• Value: 72.194.62.5
• TTL: 600 seconds
• SSL: Let's Encrypt via AutoSSL
• Site Admin: admin / GND-Paper123!@#-datasite

Work History

2025-12-12 (DNS & SSL Fix)

• Problem: data.grabbanddurando.com not resolving
• Solution: Added A record via WHM API
• SSL Issue: Wrong certificate being served (serveralias conflict)
• Resolution:
  • Removed conflicting serveralias from data.grabbanddurando.grabblaw.com vhost
  • Added as proper subdomain to grabblaw cPanel account
  • Ran AutoSSL to get Let's Encrypt cert
  • Rebuilt Apache config and restarted

2025-12-12 (Database Sync from GoDaddy VPS)

• Problem: DNS was pointing to old GoDaddy VPS, users updated data there Dec 10-11
• Old Server: 208.109.235.224
• Missing Records Found:
  • activity table: 4 records (18539 → 18543)
  • gd_calendar_events: 1 record (14762 → 14763)
  • gd_assign_users: 2 records (24299 → 24301)
• Solution: Synced all missing records using mysqldump with --replace option
• Verification: All tables now match between servers

2025-12-16 (Calendar Event Creation Fix)

• Problem: Calendar event creation failing due to MySQL strict mode
• Root Cause: Empty strings for auto-increment columns
• Solution: Replaced empty strings with NULL for MySQL strict mode compliance

Credentials

See: credentials.md section:

• Client Sites - WHM/cPanel (IX Server, data.grabbanddurando.com)

Status

• Active: Database and calendar maintenance complete
• Important Dates:
  • 2025-12-10 to 2025-12-11: Data divergence period (users on old GoDaddy VPS)
  • 2025-12-12: Data sync and DNS fix completed
  • 2025-12-16: Calendar fix applied

---

Khalsa

Company Information

• Type: Client
• Status: Active

Infrastructure

Network

• Primary LAN: 192.168.0.0/24
• Alternate Subnet: 172.16.50.0/24
• VPN: 192.168.1.0/24
• External IP: 98.175.181.20
• OpenVPN Port: 1194/TCP

UCG (UniFi Cloud Gateway)

• Management IP: 192.168.0.1
• Alternate IP: 172.16.50.1 (br2 interface)
• SSH: root / Paper123!@#-camden
• SSH Key: ~/.ssh/khalsa_ucg (guru@wsl-khalsa)

Switch

• User: 8WfY8
• Password: tI3evTNBZMlnngtBc

Accountant Machine (KMS-QB)

• IP: 172.16.50.168 (dual-homed on both subnets)
• Hostname: KMS-QB
• User: accountant / Paper123!@#-accountant
• Local Admin: localadmin / r3tr0gradE99!
• RDP: Enabled (accountant added to Remote Desktop Users)
• WinRM: Enabled

Work History

2025-12-22 (VPN RDP Access Fix)

• Problem: VPN clients couldn't RDP to 172.16.50.168
• Root Causes:
  1. RDP not enabled (TermService not listening)
  2. Windows Firewall blocking RDP from VPN subnet (192.168.1.0/24)
  3. Required services not running (UmRdpService, SessionEnv)
• Solution:
  1. Added SSH key to UCG for remote management
  2. Verified OpenVPN pushing correct routes
  3. Enabled WinRM on target machine
  4. Added firewall rule for RDP from VPN subnet
  5. Started required services (UmRdpService, SessionEnv)
  6. Rebooted machine to fully enable RDP listener
  7. Added 'accountant' user to Remote Desktop Users group
• Testing: RDP access confirmed working from VPN

Credentials

See: credentials.md section:

• Client - Khalsa (UCG, Switch, Accountant Machine)

Status

• Active: VPN and RDP troubleshooting complete
• Important Dates:
  • 2025-12-22: VPN RDP access fully configured and tested

---

MVAN Inc

Company Information

• Type: Client
• Status: Active

Infrastructure

Microsoft 365 Tenant 1

• Tenant: mvan.onmicrosoft.com
• Admin User: sysadmin@mvaninc.com
• Password: r3tr0gradE99#
• Notes: Global admin, project to merge/trust with T2

Status

• Active: M365 tenant management
• Project: Tenant merge/trust with T2 (status unknown)

---

RRS Law Firm

Company Information

• Type: Client - Law Firm
• Status: Active
• Domain: rrs-law.com

Infrastructure

Hosting

• Server: IX (172.16.3.10)
• Public IP: 72.194.62.5

Microsoft 365 Email DNS (Added 2025-12-19)

Record	Type	Value
_dmarc.rrs-law.com	TXT	v=DMARC1; p=quarantine; rua=mailto:admin@rrs-law.com
selector1._domainkey	CNAME	selector1-rrslaw-com0i._domainkey.rrslaw.d-v1.dkim.mail.microsoft
selector2._domainkey	CNAME	selector2-rrslaw-com0i._domainkey.rrslaw.d-v1.dkim.mail.microsoft

Work History

2025-12-19

• Problem: Email DNS records incomplete for Microsoft 365
• Solution: Added DMARC and both DKIM selectors via WHM API
• Verification: Both selectors verified by M365
• Result: DKIM signing enabled in M365 Admin Center

Final Email DNS Status

• MX → M365: Yes
• SPF (includes M365): Yes
• DMARC: Yes
• Autodiscover: Yes
• DKIM selector1: Yes
• DKIM selector2: Yes
• MS Verification: Yes
• Enterprise Registration: Yes
• Enterprise Enrollment: Yes

Status

• Active: Email DNS configuration complete
• Important Dates:
  • 2025-12-19: Complete M365 email DNS configuration

---

Scileppi Law Firm

Company Information

• Type: Client - Law Firm
• Status: Active

Infrastructure

Network

• Subnet: 172.16.1.0/24
• Gateway: 172.16.0.1 (pfSense via Tailscale)

Storage Systems

System	IP	Role	Credentials	Status
DS214se	172.16.1.54	Source NAS (old)	admin / Th1nk3r^99	Migration source
Unraid	172.16.1.21	Source server	root / Th1nk3r^99	Migration source
RS2212+	172.16.1.59	Destination NAS (new)	sysadmin / Gptf*77ttb123!@#-sl-server	Production

RS2212+ (SL-SERVER)

• Storage: 25TB total, 6.9TB used (28%)
• Data Share: /volume1/Data (7.9TB)
• Hostname: SL-SERVER
• SSH Key: claude-code@localadmin added

User Accounts (Created 2025-12-29)

Username	Full Name	Password	Notes
chris	Chris Scileppi	Scileppi2025!	Owner
andrew	Andrew Ross	Scileppi2025!	Staff
sylvia	Sylvia	Scileppi2025!	Staff
rose	Rose	Scileppi2025!	Staff

Work History

2025-12-23 (Migration Start)

• Setup: Enabled User Home Service on DS214se
• Setup: Enabled rsync service on DS214se
• SSH Keys: Generated on RS2212+, added to DS214se authorized_keys
• Permissions: Fixed home directory permissions (chmod 700)
• Migration: Started parallel rsync from DS214se and Unraid
• Speed Issue: Initially 1.5 MB/s, improved to 5.4 MB/s after switch port move
• Network Issue: VLAN 5 misconfiguration caused temporary outage

2025-12-23 (Network Recovery)

• Tailscale: Re-authenticated after invalid key error
• pfSense SSH: Added SSH key for management
• VLAN 5: Diagnosed misconfiguration (wrong parent interface igb0 instead of igb2, wrong netmask /32 instead of /24)
• Migration: Automatically resumed after network restored

2025-12-26

• Migration Progress: 6.4TB transferred (~94% complete)
• Estimated Completion: ~0.4TB remaining

2025-12-29 (Migration Complete & Consolidation)

• Status: Migration and consolidation COMPLETE
• Final Structure:
  • Active: 2.5TB (merged Unraid + DS214se Open Cases)
  • Closed: 4.9TB (merged Unraid + DS214se Closed Cases)
  • Archived: 451GB
  • MOTIONS BANK: 21MB
  • Billing: 17MB
• Recycle Bin: Emptied (recovered 413GB)
• Permissions: Group "users" with 775 on /volume1/Data
• User Accounts: Created 4 user accounts (chris, andrew, sylvia, rose)

Credentials

See: credentials.md section:

• Client - Scileppi Law Firm (DS214se, Unraid, RS2212+, User accounts)

Status

• Active: Migration and consolidation complete
• Pending Tasks:
  • Monitor user access and permissions
  • Verify data integrity
  • Decommission DS214se after final verification
  • Backup RS2212+ configuration

Important Dates

• 2025-12-23: Migration started (both sources)
• 2025-12-23: Network outage (VLAN 5 misconfiguration)
• 2025-12-26: ~94% complete (6.4TB of 6.8TB)
• 2025-12-29: Migration and consolidation COMPLETE

---

Sonoran Green LLC

Company Information

• Type: Client - Construction
• Status: Active
• Domain: sonorangreenllc.com
• Primary Entity: BG Builders LLC

Infrastructure

Microsoft 365

• Tenant: Shared with BG Builders LLC (ededa4fb-f6eb-4398-851d-5eb3e11fab27)
• onmicrosoft.com: sonorangreenllc.onmicrosoft.com

DNS Configuration

• Current Status:
  • Nameservers: Still on GoDaddy (not migrated to Cloudflare)
  • A Record: 172.16.10.200 (private IP - problematic)
  • Email Records: Properly configured for M365

Needed Records (Not Yet Applied)

• DMARC: v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com
• DKIM selector1: CNAME to selector1-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com
• DKIM selector2: CNAME to selector2-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com

Work History

2025-12-19

• Investigation: Shared tenant with BG Builders identified
• Assessment: DMARC and DKIM records missing
• Status: DNS records prepared but not yet applied

Status

• Active: Related entity to BG Builders LLC
• Pending Tasks:
  • Migrate domain to Cloudflare DNS
  • Fix A record (pointing to private IP)
  • Apply DMARC and DKIM records
  • Enable DKIM signing in M365 Defender

---

Valley Wide Plastering

Company Information

• Type: Client - Construction
• Status: Active
• Domain: VWP.US

Infrastructure

Network

• Subnet: 172.16.9.0/24

Servers

Server	IP	Role	Credentials
UDM	172.16.9.1	Gateway/firewall	root / Gptf*77ttb123!@#-vwp
VWP-DC1	172.16.9.2	Primary DC, NPS/RADIUS	sysadmin / r3tr0gradE99#

Active Directory

• Domain: VWP.US (NetBIOS: VWP)
• Hostname: VWP-DC1.VWP.US
• Users OU: OU=VWP_Users,DC=VWP,DC=US

NPS RADIUS Configuration (VWP-DC1)

• Server: 172.16.9.2
• Ports: 1812 (auth), 1813 (accounting)
• Shared Secret: Gptf*77ttb123!@#-radius
• AuthAttributeRequired: Disabled (required for UniFi OpenVPN)
• RADIUS Clients:
  • UDM (172.16.9.1)
  • VWP-Subnet (172.16.9.0/24)
• Network Policy: "VPN-Access" - allows all authenticated users (24/7)
• Auth Methods: All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
• User Dial-in: All VWP_Users set to msNPAllowDialin=True

VPN Users with Access (27 total)

Darv, marreola, farias, smontigo, truiz, Tcapio, bgraffin, cguerrero, tsmith, tfetters, owner, cougar, Receptionist, Isacc, Traci, Payroll, Estimating, ARBilling, orders2, guru, sdooley, jguerrero, kshoemaker, rose, rguerrero, jrguerrero, Acctpay

Work History

2025-12-22 (RADIUS/VPN Setup)

• Objective: Configure RADIUS authentication for VPN (similar to Dataforth)
• Installation: Installed NPS role on VWP-DC1
• Configuration: Created RADIUS clients for UDM and VWP subnet
• Network Policy: Created "VPN-Access" policy allowing all authenticated users

2025-12-22 (Troubleshooting & Resolution)

• Issue 1: Message-Authenticator invalid (Event 18)
  • Fix: Set AuthAttributeRequired=No on RADIUS clients
• Issue 2: Dial-in permission denied (Reason Code 65)
  • Fix: Set all VWP_Users to msNPAllowDialin=True
• Issue 3: Auth method not enabled (Reason Code 66)
  • Fix: Added all auth types to policy, removed default deny policies
• Issue 4: Default policy catching requests
  • Fix: Deleted "Connections to other access servers" policy

Testing Results

• Success: VPN authentication working with AD credentials
• Test User: cguerrero (or INTRANET\sysadmin)
• NPS Event: 6272 (Access granted)

Credentials

See: credentials.md section:

• Client - Valley Wide Plastering (UDM, VWP-DC1, NPS RADIUS configuration)

Status

• Active: RADIUS/VPN setup complete
• Important Dates:
  • 2025-12-22: Complete RADIUS/VPN configuration and testing

---

Summary Statistics

Client Counts

• Total Clients: 12 (including internal)
• Active Clients: 12
• M365 Tenants: 6 (BG Builders, CW Concrete, Dataforth, MVAN, RRS, Scileppi)
• Active Directory Domains: 3 (Dataforth, Valley Wide, Glaztech)

Infrastructure Overview

• Domain Controllers: 3 (Dataforth AD1/AD2, VWP-DC1)
• NAS Devices: 4 (Scileppi RS2212+, DS214se, Unraid, Dataforth D2TESTNAS)
• Network Gateways: 4 (Dataforth UDM, VWP UDM, Khalsa UCG, pfSense)
• RADIUS Servers: 2 (Dataforth AD1, VWP-DC1)
• VPN Endpoints: 3 (Dataforth, VWP, Khalsa)

Work Categories

• Security Incidents: 3 (BG Builders - resolved, CW Concrete - resolved, Dataforth - mailbox cleanup)
• Email DNS Projects: 2 (BG Builders, RRS)
• Network Infrastructure: 3 (Dataforth DOS, VWP RADIUS, Khalsa VPN)
• Data Migrations: 1 (Scileppi - complete)

---

Last Updated: 2026-01-26 Source Files: CATALOG_CLIENTS.md, CATALOG_SESSION_LOGS.md Status: Complete import from claude-projects catalogs