azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8d975c1b44648c88f397a8b67ed63049ac8c2b61
claudetools/clients/kittle/docs/issues/log.md
Howard Enos 8d975c1b44 import: ingested 160 files from C:\Users\howar\Clients 
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:

Clients (structured MSP docs under clients/<name>/docs/):
- anaise       (NEW)  - 13 files
- cascades-tucson     - 47 files merged (existing had only reports/)
- dataforth           - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa       (NEW)  - 22 files, multi-site (camden, river)
- kittle       (NEW)  - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template    - 13-file scaffold for new clients

MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/         - clean_printer_ports, win11_upgrade,
                       screenconnect-toolbox-commands

Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
  to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
  no other credentials found

Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
  (identical duplicates of msp-audit-scripts versions)

Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)

Session log: session-logs/2026-04-16-howard-client-docs-import.md

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-16 19:43:58 -07:00

9.2 KiB
Raw Blame History

Issue Log

Record past issues and their resolutions here. This helps the AI learn from historical troubleshooting and avoid repeating failed approaches.

2026-03-12 - Windows Server 2025 EVALUATION License — Time Bomb

  • Reported By: Server audit
  • Severity: Critical
  • Symptoms: SERVER (10.0.0.5) is running Windows Server 2025 Standard as an EVALUATION install (Build 26100). Evaluation licenses expire after 180 days, after which the server shuts down every hour. This is the only domain controller for kittle.lan.
  • Root Cause: Full license never purchased or applied during server setup.
  • Resolution: OPEN — Purchase and apply a full Windows Server 2025 Standard license immediately. Check remaining evaluation time with slmgr /dlv.
  • Time to Resolve: Pending
  • Lessons Learned: N/A

2026-03-12 - No Dedicated Firewall — ISP Router Only

  • Reported By: Server audit (ARP/network analysis)
  • Severity: High
  • Symptoms: The network gateway at 10.0.0.1 (MAC: 42:0f:c1:f0:e6:43) is an ISP-provided router. No dedicated firewall appliance (pfSense, SonicWall, FortiGate, etc.) exists. The ISP router provides basic NAT but likely has no stateful packet inspection, IDS/IPS, content filtering, or granular firewall rules.
  • Root Cause: No firewall was ever deployed — the ISP router was used as-is.
  • Resolution: OPEN — Deploy a dedicated firewall appliance. Recommended: pfSense (free), or a commercial UTM (FortiGate, SonicWall). Place it between the ISP router and the LAN switch.
  • Time to Resolve: Pending
  • Lessons Learned: N/A

2026-03-12 - No Backup Solution

  • Reported By: Server audit
  • Severity: Critical
  • Symptoms: No backup solution is visible on SERVER. No Windows Server Backup, no third-party backup agent, no cloud backup. If the server fails, Active Directory, DNS, file shares (C:\Shares\Home), and QuickBooks data are permanently lost.
  • Root Cause: Backup was never configured.
  • Resolution: OPEN — Implement backup immediately. Options:
    1. Windows Server Backup to external USB drive or NAS
    2. Veeam Backup Free Edition
    3. Cloud backup (Backblaze B2, Wasabi, etc.)
  • Time to Resolve: Pending
  • Lessons Learned: N/A

2026-03-12 - QuickBooks Pro 2024 Installed on Domain Controller

  • Reported By: Server audit (installed software)
  • Severity: High
  • Symptoms: QuickBooks Pro 2024 (v34) is installed directly on SERVER, the primary domain controller. Business applications on a DC increase attack surface, consume resources needed for AD services, and complicate server migration.
  • Root Cause: QuickBooks was installed on the only available server rather than a dedicated workstation.
  • Resolution: OPEN — Migrate QuickBooks to a workstation. QuickBooks can run in multi-user mode with the database on \SERVER\QBooks. The application itself should run on ACCOUNTING or another workstation.
  • Time to Resolve: Pending
  • Lessons Learned: N/A

2026-03-12 - DHCP Running on ISP Router Instead of Server

  • Reported By: Server audit
  • Severity: Medium
  • Symptoms: DHCP is served by the ISP router at 10.0.0.1. The Windows Server DHCP role is installed but has zero scopes configured. DHCP clients may be receiving the ISP's DNS servers instead of the domain controller (10.0.0.5), which would break AD name resolution.
  • Root Cause: DHCP was never configured on the server; ISP router default was left in place.
  • Resolution: OPEN — Migrate DHCP to Windows Server for centralized management and correct DNS distribution. Disable DHCP on the ISP router after migration.
  • Time to Resolve: Pending
  • Lessons Learned: N/A

2026-03-12 - Role-Based AD Account Names

  • Reported By: Server audit (AD users)
  • Severity: Medium
  • Symptoms: Two AD accounts use role-based names instead of individual names: "accountant" and "frontdesk". Role-based accounts cannot be audited to a specific person — if something is deleted or accessed inappropriately, there's no way to trace who did it.
  • Root Cause: Accounts created for convenience instead of using individual names.
  • Resolution: OPEN — Identify the actual users of these accounts. Create individual accounts (e.g., darline.cabrera for accountant). Migrate data and disable role-based accounts.
  • Time to Resolve: Pending
  • Lessons Learned: N/A

2026-03-12 - Email Issue: Moved Emails Reappearing in Inbox

  • Reported By: Users
  • Severity: Medium
  • Symptoms: Users report moving emails from Inbox to subfolders, then finding them back in the Inbox days later. Affects multiple users.
  • Root Cause: Suspected Outlook cached mode issue. When Outlook is in Cached Exchange Mode, moves may not sync properly to the server if the OST file is corrupted or if multiple devices are accessing the same mailbox with conflicting cached states.
  • Resolution: OPEN — Need M365 admin access to investigate further. Check:
    1. Check if Outlook is in Cached or Online mode (File > Account Settings > Account Settings > Change)
    2. Check if users access email on multiple devices (phone + PC) — moves on one device may not sync
    3. Try switching to Online mode temporarily to see if issue persists
    4. If cached mode is the culprit, delete and rebuild the OST file
    5. Check if any Outlook rules are moving mail back to Inbox
  • Time to Resolve: Pending M365 access + investigation
  • Lessons Learned: N/A

2026-03-12 - Unknown Service on Port 8019

  • Reported By: Server audit (listening ports)
  • Severity: Low
  • Symptoms: An unidentified service is listening on TCP port 8019 on SERVER. Not a standard Windows or AD port.
  • Root Cause: Unknown — could be QuickBooks-related, ScreenConnect, or another application.
  • Resolution: OPEN — Run netstat -ano | findstr 8019 to identify the PID, then tasklist /fi "PID eq <pid>" to identify the process.
  • Time to Resolve: Quick — 2 minutes to identify
  • Lessons Learned: N/A

2026-03-12 - No Reverse DNS Zone for 10.0.0.x

  • Reported By: Server audit (DNS analysis)
  • Severity: Low
  • Symptoms: No reverse lookup zone exists for 10.0.0.0/24. PTR lookups fail for all internal hosts. Some applications and troubleshooting tools rely on reverse DNS.
  • Root Cause: Reverse zone was never created during AD/DNS setup.
  • Resolution: OPEN — Create AD-integrated reverse lookup zone: 0.0.10.in-addr.arpa. Enable secure dynamic updates.
  • Time to Resolve: Quick fix — 5 minutes
  • Lessons Learned: N/A

2026-03-12 - 4 Workstations with Generic DESKTOP-xxx Names

  • Reported By: Server audit (AD computers)
  • Severity: Low
  • Symptoms: Four domain-joined computers have generic Windows-assigned names: WINDOWS-QV1B0EL, DESKTOP-R0KA2UG, DESKTOP-9B2SMD9, DESKTOP-2560Q7R. Generic names make it impossible to identify which user or role a computer belongs to without logging in.
  • Root Cause: Computers were domain-joined without being renamed first.
  • Resolution: OPEN — Identify the user at each workstation and rename to match (e.g., ALEXIS-PC, MARCO-PC, etc.). Rename via System Properties and reboot.
  • Time to Resolve: Pending — need onsite visit to correlate names to users
  • Lessons Learned: N/A

2026-03-12 - File Explorer Closing When Browsing Network Shares

  • Reported By: Users (FRONTDESK, ACCOUNTING, DESKTOP-2560Q7R/Wrex)
  • Severity: Medium
  • Symptoms: File Explorer windows close unexpectedly when users browse \SERVER\Home or \SERVER\QBooks. No crash logged in Event Viewer. Happens intermittently on 3 of 7 workstations.
  • Root Cause: HomeFolder GPO drive maps (H: → \server\home, Q: → \server\qbooks) were using Replace action. Replace disconnects and reconnects the drive every GP refresh (~90 min), killing any open Explorer window on that path.
  • Resolution: Changed both drive map actions from Replace to Update in the HomeFolder GPO on 2026-03-12. Update preserves existing connections. Monitoring for confirmation.
  • Time to Resolve: Same day — awaiting user confirmation 2026-03-13
  • Lessons Learned: Always use Update (not Replace) for GPO drive maps unless there's a specific reason to tear down and recreate the mapping.

2026-03-25 - FRONTDESK Folder View Keeps Changing Sort Order

  • Reported By: User
  • Severity: Low
  • Symptoms: File Explorer on FRONTDESK would switch from ascending alphabetical to descending or another view when browsing mapped drives to the server. View settings would not persist.
  • Root Cause: Windows automatic folder type discovery keeps reassigning view templates to network folders, overriding user preferences.
  • Resolution: RESOLVED — Ran PowerShell script to clear cached folder views (Bags/BagMRU registry keys), disabled folder type auto-detection, and forced all folders to Details view sorted by Name ascending via AllFolders Shell registry key. Explorer restarted to apply.
  • Time to Resolve: Same day
  • Lessons Learned: "Apply to Folders" doesn't stick for mapped/network drives. Must clear Bags registry and set AllFolders default via {5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} shell key.
Reference in New Issue View Git Blame Copy Permalink