claudetools/CATALOG_CLIENTS.md

CLIENT CATALOG - MSP Infrastructure & Work Index

Generated: 2026-01-26 Source Files: 30 session logs from C:\Users\MikeSwanson\claude-projects\session-logs\ and D:\ClaudeTools
Coverage: December 2025 - January 2026

STATUS: IN PROGRESS - 15/30 files processed initially. Additional details will be added as remaining files are reviewed.

---

Table of Contents

1. AZ Computer Guru (Internal)
2. BG Builders LLC
3. CW Concrete LLC
4. Dataforth
5. Glaztech Industries
6. Grabb & Durando
7. Khalsa
8. RRS Law Firm
9. Scileppi Law Firm
10. Sonoran Green LLC
11. Valley Wide Plastering (VWP)
12. Infrastructure Summary

---

AZ Computer Guru (Internal)

Status

Active - Internal operations and infrastructure

Infrastructure

Servers

Server	IP	Role	OS	Credentials
Jupiter	172.16.3.20	Unraid Primary, Containers	Unraid	root / Th1nk3r^99##
Saturn	172.16.3.21	Unraid Secondary	Unraid	root / r3tr0gradE99
Build Server (gururmm)	172.16.3.30	GuruRMM, PostgreSQL	Ubuntu 22.04	guru / Gptf*77ttb123!@#-rmm
pfSense	172.16.0.1	Firewall, Tailscale Gateway	FreeBSD/pfSense 2.8.1	admin / r3tr0gradE99!!
WebSvr	websvr.acghosting.com	WHM/cPanel Hosting	-	root / r3tr0gradE99#
IX	172.16.3.10	WHM/cPanel Hosting	-	Key auth

Network Configuration

• LAN Subnet: 172.16.0.0/22
• Tailscale Network: 100.x.x.x/32 (mesh VPN)
  • pfSense: 100.119.153.74 (hostname: pfsense-2)
  • ACG-M-L5090: 100.125.36.6
• WAN (Fiber): 98.181.90.163/31
• Public IPs: 72.194.62.2-10, 70.175.28.51-57

Docker Containers (Jupiter)

Container	Port	Purpose
gururmm-server	3001	GuruRMM API
gururmm-db	5432	PostgreSQL 16
gitea	3000, SSH 2222	Git server
gitea-db	3306	MySQL 8
npm	1880 (HTTP), 18443 (HTTPS), 7818 (admin)	Nginx Proxy Manager
seafile	-	File sync
seafile-mysql	-	MySQL for Seafile

Services & URLs

Gitea (Git Server)

• URL: https://git.azcomputerguru.com/
• Internal: 172.16.3.20:3000
• SSH: 172.16.3.20:2222 (external: git.azcomputerguru.com:2222)
• Credentials: mike@azcomputerguru.com / Window123!@#-git
• API Token: 9b1da4b79a38ef782268341d25a4b6880572063f

GuruRMM (RMM Platform)

• Dashboard: https://rmm-api.azcomputerguru.com
• API Internal: http://172.16.3.30:3001
• Database: PostgreSQL on 172.16.3.30
  • DB: gururmm / 43617ebf7eb242e814ca9988cc4df5ad
• JWT Secret: ZNzGxghru2XUdBVlaf2G2L1YUBVcl5xH0lr/Gpf/QmE=
• Dashboard Login: admin@azcomputerguru.com / GuruRMM2025
• Site Codes:
  • AZ Computer Guru: SWIFT-CLOUD-6910
  • Glaztech: DARK-GROVE-7839

NPM (Nginx Proxy Manager)

• Admin URL: http://172.16.3.20:7818
• Credentials: mike@azcomputerguru.com / r3tr0gradE99!
• Cloudflare API Token: U1UTbBOWA4a69eWEBiqIbYh0etCGzrpTU4XaKp7w

Seafile (File Sync)

• URL: https://sync.azcomputerguru.com
• Internal: Saturn 172.16.3.21
• MySQL: seafile / 64f2db5e-6831-48ed-a243-d4066fe428f9

Syncro PSA/RMM

• API Base: https://computerguru.syncromsp.com/api/v1
• API Key: T259810e5c9917386b-52c2aeea7cdb5ff41c6685a73cebbeb3
• Subdomain: computerguru
• Customers: 5,064 (29 duplicates found)

Autotask PSA

• API Zone: webservices5.autotask.net
• API User: dguyqap2nucge6r@azcomputerguru.com
• Password: z*6G4fT#oM~8@9Hxy$2Y7K$ma
• Integration Code: HYTYYZ6LA5HB5XK7IGNA7OAHQLH
• Companies: 5,499 (19 exact duplicates, 30+ near-duplicates)

CIPP (CyberDrain Partner Portal)

• URL: https://cippcanvb.azurewebsites.net
• Tenant ID: ce61461e-81a0-4c84-bb4a-7b354a9a356d
• App ID: 420cb849-542d-4374-9cb2-3d8ae0e1835b
• Client Secret: MOn8QotmxJPLvmL_aCVTV8Va4t4~SrYrukGbJT

Work Performed

2025-12-12

• Tailscale Fix: Re-authenticated Tailscale on pfSense after upgrade
• WebSvr Security: Blocked 10 IPs attacking SSH via Imunify360
• Disk Cleanup: Freed 58GB (86% → 80%) by truncating logs
• DNS Fix: Added A record for data.grabbanddurando.com

2025-12-13

• Claude Code Setup: Created desktop shortcuts and multi-machine deployment script

2025-12-14

• SSL Certificate: Added rmm-api.azcomputerguru.com to NPM
• Session Logging: Improved system to capture complete context with credentials
• Rust Installation: Installed Rust toolchain on WSL
• SSH Keys: Generated and distributed keys for infrastructure access

2025-12-16 (Multiple Sessions)

• GuruRMM Dashboard: Deployed to build server, configured nginx
• Auto-Update System: Implemented agent self-update with version scanner
• Binary Replacement: Fixed Linux binary replacement bug (rename-then-copy)
• MailProtector: Deployed outbound mail filtering on WebSvr and IX

2025-12-17

• Git Sync: Fixed /s slash command, pulled 56 files from Gitea
• MailProtector Guide: Created comprehensive admin documentation

2025-12-18

• MSP Credentials: Added Syncro and Autotask API credentials
• Duplicate Analysis: Found 19 exact duplicates in Autotask, 29 in Syncro
• GuruRMM Windows Build: Attempted Windows agent build (VS issues)

2025-12-20 (Multiple Sessions)

• GuruRMM Tray Launcher: Implemented Windows session enumeration
• Service Name Fix: Corrected Windows service name in updater
• v0.5.0 Deployment: Built and deployed Linux/Windows agents
• API Endpoint: Added POST /api/agents/:id/update for pushing updates

2025-12-21 (Multiple Updates)

• Temperature Metrics: Added CPU/GPU temp collection to agent v0.5.1
• SQLx Migration Fix: Resolved checksum mismatch issues
• Windows Cross-Compile: Set up mingw-w64 on build server
• CI/CD Pipeline: Created webhook handler and automated build script
• Policy System: Designed and implemented hierarchical policy system (Client → Site → Agent)
• Authorization System: Implemented multi-tenant authorization (Phases 1-2)

2025-12-25

• Tailscale Firewall: Added permanent firewall rules for Tailscale on pfSense
• Migration Monitoring: Verified SeaFile and Scileppi data migrations
• pfSense Hardware Migration: Migrated to Intel N100 hardware with igc NICs

2025-12-26

• Port Forwards: Verified all working after pfSense migration
• Gitea SSH Fix: Updated NAT from Docker internal (172.19.0.3) to Jupiter LAN (172.16.3.20)

Pending Tasks

• GuruRMM agent architecture support (ARM, different OS versions)
• Repository optimization (ensure all remotes point to Gitea)
• Clean up old Tailscale entries from admin panel
• Windows SSH keys for Jupiter and RS2212+ direct access
• NPM proxy for rmm.azcomputerguru.com SSO dashboard

Important Dates

• 2025-12-12: Major security audit and cleanup
• 2025-12-16: GuruRMM auto-update system completed
• 2025-12-21: Policy and authorization systems implemented
• 2025-12-25: pfSense hardware migration to Intel N100

---

BG Builders LLC

Status

Active - Email security hardening completed December 2025

Company Information

• Domain: bgbuildersllc.com
• Related Entity: Sonoran Green LLC (same M365 tenant)

Microsoft 365

Tenant Information

• Tenant ID: ededa4fb-f6eb-4398-851d-5eb3e11fab27
• onmicrosoft.com: sonorangreenllc.onmicrosoft.com
• Admin User: sysadmin@bgbuildersllc.com
• Password: Window123!@#-bgb

Licenses

• 8x Microsoft 365 Business Standard
• 4x Exchange Online Plan 1
• 1x Microsoft 365 Basic
• Security Gap: No advanced security features (no conditional access, Intune, or Defender)
• Recommendation: Upgrade to Business Premium

Email Security (Configured 2025-12-19)

Record	Status	Details
SPF	✅	v=spf1 include:spf.protection.outlook.com -all
DMARC	✅	v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com
DKIM selector1	✅	CNAME to selector1-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com
DKIM selector2	✅	CNAME to selector2-bgbuildersllc-com._domainkey.sonorangreenllc.onmicrosoft.com
MX	✅	bgbuildersllc-com.mail.protection.outlook.com

Network & Hosting

Cloudflare

• Zone ID: 156b997e3f7113ddbd9145f04aadb2df
• Nameservers: amir.ns.cloudflare.com, mckinley.ns.cloudflare.com
• A Records: 3.33.130.190, 15.197.148.33 (proxied) - GoDaddy Website Builder

Work Performed

2025-12-19 (Email Security Incident)

• Incident: Phishing email spoofing shelly@bgbuildersllc.com
• Subject: "Sonorangreenllc.com New Notice: All Employee Stipend..."
• Attachment: Shelly_Bonus.pdf (52 KB)
• Investigation: Account NOT compromised - external spoofing attack
• Root Cause: Missing DMARC and DKIM records
• Response:
  • Verified no mailbox forwarding, inbox rules, or send-as permissions
  • Added DMARC record with p=reject policy
  • Configured DKIM selectors (selector1 and selector2)
  • Email correctly routed to Junk folder by M365

2025-12-19 (Cloudflare Migration)

• Migrated bgbuildersllc.com from GoDaddy to Cloudflare DNS
• Recovered original A records from GoDaddy nameservers
• Created 14 DNS records including M365 email records
• Preserved GoDaddy zone file for reference

Pending Tasks

• Create cPanel account for bgbuildersllc.com on IX server
• Update Cloudflare A records to IX server IP (72.194.62.5) after account creation
• Enable DKIM signing in M365 Defender
• Consider migrating sonorangreenllc.com to Cloudflare

Important Dates

• 2025-12-19: Email security hardening completed
• 2025-04-15: Last password change for user accounts

---

CW Concrete LLC

Status

Active - Security assessment completed December 2025

Company Information

• Domain: cwconcretellc.com

Microsoft 365

Tenant Information

• Tenant ID: dfee2224-93cd-4291-9b09-6c6ce9bb8711

Licenses

• 2x Microsoft 365 Business Standard
• 2x Exchange Online Essentials
• Security Gap: No advanced security features
• Recommendation: Upgrade to Business Premium for Intune, conditional access, Defender

Work Performed

2025-12-23

• License Analysis: Queried via CIPP API
• Security Assessment: Identified lack of advanced security features
• Recommendation: Business Premium upgrade for security

---

Dataforth

Status

Active - Ongoing support including RADIUS/VPN, Active Directory, M365 management

Company Information

• Domain: dataforth.com, intranet.dataforth.com (AD domain: INTRANET)

Network Infrastructure

Unifi Dream Machine (UDM)

• IP: 192.168.0.254
• SSH: root / Paper123!@#-unifi
• Web UI: azcomputerguru / r3tr0gradE99! (2FA enabled)
• SSH Key: claude-code key added
• VPN Endpoint: 67.206.163.122:1194/TCP
• VPN Subnet: 192.168.6.0/24

Active Directory

Server	IP	Role
AD1	192.168.0.27	Primary DC, NPS/RADIUS
AD2	192.168.0.6	Secondary DC

• Domain: INTRANET (DNS: intranet.dataforth.com)
• Admin: INTRANET\sysadmin / Paper123!@#

RADIUS/NPS Configuration

• Server: 192.168.0.27 (AD1)
• Port: 1812/UDP (auth), 1813/UDP (accounting)
• Shared Secret: Gptf*77ttb!@#!@#
• RADIUS Client: unifi (192.168.0.254)
• Network Policy: Unifi - allows Domain Users 24/7
• Auth Methods: All (PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
• AuthAttributeRequired: False (required for UniFi OpenVPN)

OpenVPN Routes (Split Tunnel)

• 192.168.0.0/24
• 192.168.1.0/24
• 192.168.4.0/24
• 192.168.100.0/24
• 192.168.200.0/24
• 192.168.201.0/24

Microsoft 365

Tenant Information

• Tenant ID: 7dfa3ce8-c496-4b51-ab8d-bd3dcd78b584
• Admin: sysadmin@dataforth.com / Paper123!@# (synced with AD)

Entra App Registration (Claude-Code-M365)

• Purpose: Silent Graph API access for automation
• App ID: 7a8c0b2e-57fb-4d79-9b5a-4b88d21b1f29
• Client Secret: tXo8Q~ZNG9zoBpbK9HwJTkzx.YEigZ9AynoSrca3
• Created: 2025-12-22
• Expires: 2027-12-22
• Permissions: Calendars.ReadWrite, Contacts.ReadWrite, User.ReadWrite.All, Mail.ReadWrite, Directory.ReadWrite.All, Group.ReadWrite.All, Sites.ReadWrite.All, Files.ReadWrite.All, Reports.Read.All, AuditLog.Read.All, Application.ReadWrite.All, Device.ReadWrite.All, SecurityEvents.Read.All, IdentityRiskEvent.Read.All, Policy.Read.All, RoleManagement.ReadWrite.Directory

Work Performed

2025-12-20 (RADIUS/OpenVPN Setup)

• Problem: VPN connections failing with RADIUS authentication
• Root Cause: NPS required Message-Authenticator attribute, but UDM's pam_radius_auth doesn't send it
• Solution:
  • Set NPS RADIUS client AuthAttributeRequired to False
  • Created comprehensive OpenVPN client profiles (.ovpn) for Windows and Linux
  • Configured split tunnel (no redirect-gateway)
  • Added proper DNS configuration
• Testing: Successfully authenticated INTRANET\sysadmin via VPN
• Files Created: dataforth-vpn.ovpn, dataforth-vpn-linux.ovpn

2025-12-22 (John Lehman Mailbox Cleanup)

• User: jlehman@dataforth.com
• Problem: Duplicate calendar events and contacts causing Outlook sync issues
• Investigation: Created Entra app for persistent Graph API access
• Results:
  • Deleted 175 duplicate recurring calendar series (kept newest)
  • Deleted 476 duplicate contacts
  • Deleted 1 blank contact
  • 11 series couldn't be deleted (John is attendee, not organizer)
• Cleanup Stats:
  • Contacts: 937 → 460 (477 removed)
  • Recurring series: 279 → 104 (175 removed)
• Post-Cleanup Issues:
  • Calendar categories lost (colors) - awaiting John's preferences for re-application
  • Focused Inbox ML model reset - created 12 "Other" overrides for bulk senders
• Follow-up: Block New Outlook toggle via registry (HideNewOutlookToggle)

Pending Tasks

• John Lehman needs to reset Outlook profile for fresh sync
• Apply "Block New Outlook" registry fix on John's laptop
• Re-apply calendar categories based on John's preferences
• Test VPN client profiles on actual client machines

Important Dates

• 2025-12-20: RADIUS/VPN authentication successfully configured
• 2025-12-22: Major mailbox cleanup for John Lehman

---

Glaztech Industries

Status

Active - Active Directory planning, firewall hardening, GuruRMM deployment

Company Information

• Domain: glaztech.com
• Subdomain (standalone): slc.glaztech.com (planned migration to main domain)

Active Directory

Migration Plan

• Current: slc.glaztech.com standalone domain (~12 users/computers)
• Recommendation: Manual migration to glaztech.com using OUs for site segmentation
• Reason: Small environment, manual migration more reliable than ADMT for this size

Firewall GPO Scripts (Created 2025-12-18)

• Purpose: Ransomware protection via firewall segmentation
• Location: /home/guru/claude-projects/glaztech-firewall/
• Files Created:
  • Configure-WorkstationFirewall.ps1 - Blocks workstation-to-workstation traffic
  • Configure-ServerFirewall.ps1 - Restricts workstation access to servers
  • Configure-DCFirewall.ps1 - Secures Domain Controller access
  • Deploy-FirewallGPOs.ps1 - Creates and links GPOs
  • README.md - Documentation

GuruRMM

Agent Deployment

• Site Code: DARK-GROVE-7839
• Agent Testing: Deployed to Server 2008 R2 environment
• Compatibility Issue: Legacy binary fails silently on 2008 R2 (missing VC++ Runtime or incompatible APIs)
• Likely Culprits: sysinfo, local-ip-address crates using newer Windows APIs

Work Performed

2025-12-18

• AD Migration Planning: Recommended manual migration approach
• Firewall GPO Scripts: Created comprehensive ransomware protection scripts
• GuruRMM Testing: Attempted legacy agent deployment on 2008 R2

2025-12-21

• GuruRMM Agent: Site code DARK-GROVE-7839 configured

Pending Tasks

• Plan slc.glaztech.com to glaztech.com AD migration
• Deploy firewall GPO scripts after testing
• Resolve GuruRMM agent 2008 R2 compatibility issues

---

Grabb & Durando

Status

Active - Database and calendar maintenance

Company Information

• Domain: grabbanddurando.com
• Related: grabblaw.com (cPanel account: grabblaw)

Hosting Infrastructure

IX Server (WHM/cPanel)

• Internal IP: 172.16.3.10
• Public IP: 72.194.62.5
• cPanel Account: grabblaw
• Database: grabblaw_gdapp_data
• Database User: grabblaw_gddata
• Password: GrabbData2025

DNS Configuration

data.grabbanddurando.com

• Record Type: A
• Value: 72.194.62.5
• TTL: 600 seconds
• SSL: Let's Encrypt via AutoSSL
• Issue Fixed: Was missing from DNS zone, added 2025-12-12

Work Performed

2025-12-12 (DNS & SSL Fix)

• Problem: data.grabbanddurando.com not resolving
• Solution: Added A record via WHM API
• SSL Issue: Wrong certificate being served (serveralias conflict)
• Resolution:
  • Removed conflicting serveralias from data.grabbanddurando.grabblaw.com vhost
  • Added as proper subdomain to grabblaw cPanel account
  • Ran AutoSSL to get Let's Encrypt cert
  • Rebuilt Apache config and restarted

2025-12-12 (Database Sync from GoDaddy VPS)

• Problem: DNS was pointing to old GoDaddy VPS, users updated data there Dec 10-11
• Old Server: 208.109.235.224 (224.235.109.208.host.secureserver.net)
• Missing Records Found:
  • activity table: 4 records (18539 → 18543)
  • gd_calendar_events: 1 record (14762 → 14763)
  • gd_assign_users: 2 records (24299 → 24301)
• Solution: Synced all missing records using mysqldump with --replace option
• Verification: All tables now match between servers

2025-12-16 (Calendar Event Creation Fix)

• Problem: Calendar event creation failing due to MySQL strict mode
• Root Cause: Empty strings for auto-increment columns
• Solution: Replaced empty strings with NULL for MySQL strict mode compliance

Important Dates

• 2025-12-10 to 2025-12-11: Data divergence period (users on old GoDaddy VPS)
• 2025-12-12: Data sync and DNS fix completed
• 2025-12-16: Calendar fix applied

---

Khalsa

Status

Active - VPN and RDP troubleshooting completed December 2025

Network Infrastructure

UCG (UniFi Cloud Gateway)

• Management IP: 192.168.0.1
• Alternate IP: 172.16.50.1 (br2 interface)
• SSH: root / Paper123!@#-camden
• SSH Key: ~/.ssh/khalsa_ucg (guru@wsl-khalsa)
• Public Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUQgIFvwD2EBGXu95UVt543pNNNOW6EH9m4OTnwqeAi

Network Topology

Network	Subnet	Interface	Role
Primary LAN	192.168.0.0/24	br0	Main network
Alternate Subnet	172.16.50.0/24	br2	Secondary devices
VPN	192.168.1.0/24	tun1 (OpenVPN)	Remote access

• External IP: 98.175.181.20
• OpenVPN Port: 1194/TCP

OpenVPN Routes

--push "route 192.168.0.0 255.255.255.0"
--push "route 172.16.50.0 255.255.255.0"

Switch

• User: 8WfY8
• Password: tI3evTNBZMlnngtBc

Accountant Machine (KMS-QB)

• IP: 172.16.50.168 (dual-homed on both subnets)
• Hostname: KMS-QB
• User: accountant / Paper123!@#-accountant
• Local Admin: localadmin / r3tr0gradE99!
• RDP: Enabled (accountant added to Remote Desktop Users)
• WinRM: Enabled

Work Performed

2025-12-22 (VPN RDP Access Fix)

• Problem: VPN clients couldn't RDP to 172.16.50.168
• Root Causes Identified:
  1. RDP not enabled (TermService not listening)
  2. Windows Firewall blocking RDP from VPN subnet (192.168.1.0/24)
  3. Required services not running (UmRdpService, SessionEnv)
• Solution:
  1. Added SSH key to UCG for remote management
  2. Verified OpenVPN pushing correct routes
  3. Enabled WinRM on target machine
  4. Added firewall rule for RDP from VPN subnet
  5. Started required services (UmRdpService, SessionEnv)
  6. Rebooted machine to fully enable RDP listener
  7. Added 'accountant' user to Remote Desktop Users group
• Testing: RDP access confirmed working from VPN

Important Dates

• 2025-12-22: VPN RDP access fully configured and tested

---

RRS Law Firm

Status

Active - Email DNS configuration completed December 2025

Company Information

• Domain: rrs-law.com

Hosting

• Server: IX (172.16.3.10)
• Public IP: 72.194.62.5

Microsoft 365 Email DNS

Records Added (2025-12-19)

Record	Type	Value
_dmarc.rrs-law.com	TXT	v=DMARC1; p=quarantine; rua=mailto:admin@rrs-law.com
selector1._domainkey	CNAME	selector1-rrslaw-com0i._domainkey.rrslaw.d-v1.dkim.mail.microsoft
selector2._domainkey	CNAME	selector2-rrslaw-com0i._domainkey.rrslaw.d-v1.dkim.mail.microsoft

Final Email DNS Status

• MX → M365: ✅
• SPF (includes M365): ✅
• DMARC: ✅
• Autodiscover: ✅
• DKIM selector1: ✅
• DKIM selector2: ✅
• MS Verification: ✅
• Enterprise Registration: ✅
• Enterprise Enrollment: ✅

Work Performed

2025-12-19

• Problem: Email DNS records incomplete for Microsoft 365
• Solution: Added DMARC and both DKIM selectors via WHM API
• Verification: Both selectors verified by M365
• Result: DKIM signing enabled in M365 Admin Center

Important Dates

• 2025-12-19: Complete M365 email DNS configuration

---

Scileppi Law Firm

Status

Active - Major data migration December 2025

Network Infrastructure

• Subnet: 172.16.1.0/24
• Gateway: 172.16.0.1 (pfSense via Tailscale)

Storage Infrastructure

DS214se (Source NAS - Old)

• IP: 172.16.1.54
• SSH: admin / Th1nk3r^99
• Storage: 1.8TB total, 1.6TB used
• Data Location: /volume1/homes/
• User Folders:
  • admin: 1.6TB (legal case files)
  • Andrew Ross: 8.6GB
  • Chris Scileppi: 570MB
  • Samantha Nunez: 11MB
  • Tracy Bender Payroll: 7.6MB

RS2212+ (Destination NAS - New)

• IP: 172.16.1.59 (changed from .57 during migration)
• Hostname: SL-SERVER
• SSH: sysadmin / Gptf*77ttb123!@#-sl-server
• Storage: 25TB available
• SSH Key: Public key added for DS214se pull access

Unraid (Secondary Migration Source)

• IP: 172.16.1.21
• SSH: root / Th1nk3r^99
• Data: /mnt/user/Scileppi (5.2TB)
  • Active: 1.4TB
  • Archived: 451GB
  • Billing: 17MB
  • Closed: 3.0TB

Data Migration

Migration Timeline

• Started: 2025-12-23
• Sources: DS214se (1.6TB) + Unraid (5.2TB)
• Destination: RS2212+ /volume1/homes/
• Total Expected: ~6.8TB
• Method: Parallel rsync jobs (pull from RS2212+)
• Status (2025-12-26): 6.4TB transferred (~94% complete)

Migration Commands

# DS214se to RS2212+ (via SSH key)
rsync -avz --progress -e 'ssh -i ~/.ssh/id_ed25519' \
  admin@172.16.1.54:/volume1/homes/ /volume1/homes/

# Unraid to RS2212+ (via SSH key)
rsync -avz --progress -e 'ssh -i ~/.ssh/id_ed25519' \
  root@172.16.1.21:/mnt/user/Scileppi/ /volume1/homes/

Transfer Statistics

• Average Speed: ~5.4 MB/s (19.4 GB/hour)
• Duration: ~55 hours for 6.4TB (as of 2025-12-26)
• Progress Tracking: df -h /volume1 and du -sh /volume1/homes/

VLAN Configuration Attempt

Issue (2025-12-23)

• User attempted to add Unraid at 192.168.242.5 on VLAN 5
• VLAN misconfiguration on pfSense caused network outage
• All devices (pfSense, RS2212+, DS214se) became unreachable
• Resolution: User fixed network, removed VLAN 5, reset Unraid to 172.16.1.21

Work Performed

2025-12-23 (Migration Start)

• Setup: Enabled User Home Service on DS214se
• Setup: Enabled rsync service on DS214se
• SSH Keys: Generated on RS2212+, added to DS214se authorized_keys
• Permissions: Fixed home directory permissions (chmod 700)
• Migration: Started parallel rsync from DS214se and Unraid
• Speed Issue: Initially 1.5 MB/s, improved to 5.4 MB/s after switch port move
• Network Issue: VLAN 5 misconfiguration caused temporary outage

2025-12-23 (Network Recovery)

• Tailscale: Re-authenticated after invalid key error
• pfSense SSH: Added SSH key for management
• VLAN 5: Diagnosed misconfiguration (wrong parent interface igb0 instead of igb2, wrong netmask /32 instead of /24)
• Migration: Automatically resumed after network restored

2025-12-25

• Migration Check: 3.0TB used / 25TB total (12%), ~44% complete
• Folders: Active, Archived, Billing, Closed from Unraid + user homes from DS214se

2025-12-26

• Migration Progress: 6.4TB transferred (~94% complete)
• Estimated Completion: ~0.4TB remaining

Pending Tasks

• Monitor migration completion (~0.4TB remaining)
• Verify all data integrity after migration
• Decommission DS214se after verification
• Backup RS2212+ configuration

Important Dates

• 2025-12-23: Migration started (both sources)
• 2025-12-23: Network outage (VLAN 5 misconfiguration)
• 2025-12-26: ~94% complete (6.4TB of 6.8TB)

---

Sonoran Green LLC

Status

Active - Related entity to BG Builders LLC (same M365 tenant)

Company Information

• Domain: sonorangreenllc.com
• Primary Entity: BG Builders LLC

Microsoft 365

• Tenant: Shared with BG Builders LLC (ededa4fb-f6eb-4398-851d-5eb3e11fab27)
• onmicrosoft.com: sonorangreenllc.onmicrosoft.com

DNS Configuration

Current Status

• Nameservers: Still on GoDaddy (not migrated to Cloudflare)
• A Record: 172.16.10.200 (private IP - problematic)
• Email Records: Properly configured for M365

Needed Records (Not Yet Applied)

• DMARC: v=DMARC1; p=reject; rua=mailto:sysadmin@bgbuildersllc.com
• DKIM selector1: CNAME to selector1-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com
• DKIM selector2: CNAME to selector2-sonorangreenllc-com._domainkey.sonorangreenllc.onmicrosoft.com

Work Performed

2025-12-19

• Investigation: Shared tenant with BG Builders identified
• Assessment: DMARC and DKIM records missing
• Status: DNS records prepared but not yet applied

Pending Tasks

• Migrate domain to Cloudflare DNS
• Fix A record (pointing to private IP)
• Apply DMARC and DKIM records
• Enable DKIM signing in M365 Defender

---

Valley Wide Plastering (VWP)

Status

Active - RADIUS/VPN setup completed December 2025

Network Infrastructure

UDM (UniFi Dream Machine)

• IP: 172.16.9.1
• SSH: root / Gptf*77ttb123!@#-vwp
• Note: SSH password auth may not be enabled, use web UI

VWP-DC1 (Domain Controller)

• IP: 172.16.9.2
• Hostname: VWP-DC1.VWP.US
• Domain: VWP.US (NetBIOS: VWP)
• SSH: sysadmin / r3tr0gradE99#
• Role: Primary DC, NPS/RADIUS server

Network Details

• Subnet: 172.16.9.0/24
• Gateway: 172.16.9.1 (UDM)

NPS RADIUS Configuration

RADIUS Server (VWP-DC1)

• Server: 172.16.9.2
• Ports: 1812 (auth), 1813 (accounting)
• Shared Secret: Gptf*77ttb123!@#-radius
• AuthAttributeRequired: Disabled (required for UniFi OpenVPN)

RADIUS Clients

Name	Address	Auth Attribute
UDM	172.16.9.1	No
VWP-Subnet	172.16.9.0/24	No

Network Policy: "VPN-Access"

• Conditions: All times (24/7)
• Allow: All authenticated users
• Auth Methods: All (1-11: PAP, CHAP, MS-CHAP, MS-CHAPv2, EAP)
• User Dial-in: All users in VWP_Users OU set to msNPAllowDialin=True

AD Structure

• Users OU: OU=VWP_Users,DC=VWP,DC=US
• Users with VPN Access (27 total): Darv, marreola, farias, smontigo, truiz, Tcapio, bgraffin, cguerrero, tsmith, tfetters, owner, cougar, Receptionist, Isacc, Traci, Payroll, Estimating, ARBilling, orders2, guru, sdooley, jguerrero, kshoemaker, rose, rguerrero, jrguerrero, Acctpay

Work Performed

2025-12-22 (RADIUS/VPN Setup)

• Objective: Configure RADIUS authentication for VPN (similar to Dataforth)
• Installation: Installed NPS role on VWP-DC1
• Configuration: Created RADIUS clients for UDM and VWP subnet
• Network Policy: Created "VPN-Access" policy allowing all authenticated users

2025-12-22 (Troubleshooting & Resolution)

• Issue 1: Message-Authenticator invalid (Event 18)
  • Fix: Set AuthAttributeRequired=No on RADIUS clients
• Issue 2: Dial-in permission denied (Reason Code 65)
  • Fix: Set all VWP_Users to msNPAllowDialin=True
• Issue 3: Auth method not enabled (Reason Code 66)
  • Fix: Added all auth types to policy, removed default deny policies
• Issue 4: Default policy catching requests
  • Fix: Deleted "Connections to other access servers" policy

Testing Results

• Success: VPN authentication working with AD credentials
• Test User: INTRANET\sysadmin (or cguerrero)
• NPS Event: 6272 (Access granted)

Important Dates

• 2025-12-22: Complete RADIUS/VPN configuration and testing

---

Infrastructure Summary

Core Infrastructure (AZ Computer Guru)

Physical Servers

Server	IP	CPU	RAM	OS	Role
Jupiter	172.16.3.20	Dual Xeon E5-2695 v3 (56 cores)	128GB	Unraid	Primary container host
Saturn	172.16.3.21	-	-	Unraid	Secondary storage, being migrated
Build Server	172.16.3.30	-	-	Ubuntu 22.04	GuruRMM, PostgreSQL
pfSense	172.16.0.1	Intel N100	-	FreeBSD/pfSense 2.8.1	Firewall, VPN gateway

Network Equipment

• Firewall: pfSense (Intel N100, 4x igc NICs)
  • WAN: 98.181.90.163/31 (Fiber)
  • LAN: 172.16.0.1/22
  • Tailscale: 100.119.153.74
• Tailscale: Mesh VPN for remote access to 172.16.0.0/22

Services & Ports

Service	External URL	Internal	Port
Gitea	git.azcomputerguru.com	172.16.3.20	3000, SSH 2222
GuruRMM	rmm-api.azcomputerguru.com	172.16.3.30	3001
NPM	-	172.16.3.20	7818 (admin)
Seafile	sync.azcomputerguru.com	172.16.3.21	-
WebSvr	websvr.acghosting.com	-	-
IX	ix.azcomputerguru.com	172.16.3.10	-

Client Infrastructure Summary

Client	Primary Device	IP	Type	Admin Credentials
Dataforth	UDM, AD1, AD2	192.168.0.254, .27, .6	UniFi, AD	root / Paper123!@#-unifi
VWP	UDM, VWP-DC1	172.16.9.1, 172.16.9.2	UniFi, AD	root / Gptf*77ttb123!@#-vwp
Khalsa	UCG, KMS-QB	192.168.0.1, 172.16.50.168	UniFi, Workstation	root / Paper123!@#-camden
Scileppi	RS2212+, DS214se, Unraid	172.16.1.59, .54, .21	NAS, NAS, Unraid	sysadmin / Gptf*77ttb123!@#-sl-server
Glaztech	AD Domain	-	Active Directory	-
BG Builders	M365 Tenant	-	Cloud	sysadmin@bgbuildersllc.com
Grabb & Durando	IX cPanel	172.16.3.10	WHM/cPanel	grabblaw account

SSH Key Distribution

Windows Machine (ACG-M-L5090)

• Public Key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABnQjolTxDtfqOwdDjamK1oyFPiQnaNT/tAgsIHH1Zo
• Authorized On: pfSense

WSL/Linux Machines

• guru@wsl: Added to Jupiter, Saturn, Build Server
• claude-code@localadmin: Added to pfSense, Khalsa UCG

Build Server

• For Gitea: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSqf2/phEXUK8vd5GhMIDTEGSk0LvYk92sRdNiRrjKi

---

Common Services & Credentials

Microsoft Graph API

Used for M365 automation across multiple clients:

• Scopes: Calendars, Contacts, Mail, Users, Groups, etc.
• Implementations:
  • Dataforth: Claude-Code-M365 app (full tenant access)
  • Generic: Microsoft Graph API app for mail automation

PSA/RMM Systems

• Syncro: 5,064 customers
• Autotask: 5,499 companies
• CIPP: Multi-tenant management portal
• GuruRMM: Custom RMM platform (in development)

WHM/cPanel Hosting

• WebSvr: websvr.acghosting.com
• IX: 172.16.3.10 (72.194.62.5)
• API Token (WebSvr): 8ZPYVM6R0RGOHII7EFF533MX6EQ17M7O

---

Data Migrations

Active Migrations (December 2025)

Scileppi Law Firm (RS2212+)

• Status: 94% complete as of 2025-12-26
• Sources: DS214se (1.6TB) + Unraid (5.2TB)
• Destination: RS2212+ (25TB)
• Total: 6.8TB
• Transferred: 6.4TB
• Method: Parallel rsync

Saturn → Jupiter (SeaFile)

• Status: Completed 2025-12-25
• Source: Saturn /mnt/user/SeaFile/
• Destination: Jupiter /mnt/user0/SeaFile/ (bypasses cache)
• Data: SeaFile application data, databases, backups
• Method: rsync over SSH

---

Security Incidents & Responses

BG Builders Email Spoofing (2025-12-19)

• Type: External email spoofing (not account compromise)
• Target: shelly@bgbuildersllc.com
• Response: Added DMARC with p=reject, configured DKIM
• Status: Resolved, future spoofing attempts will be rejected

Dataforth Mailbox Issues (2025-12-22)

• Type: Duplicate data causing sync issues
• Affected: jlehman@dataforth.com
• Response: Graph API cleanup (removed 476 contacts, 175 calendar series)
• Status: Resolved, user needs Outlook profile reset

---

Technology Stack

Platforms & Operating Systems

• Unraid: Jupiter, Saturn, Scileppi Unraid
• pfSense: Firewall/VPN gateway
• Ubuntu 22.04: Build Server
• Windows Server: Various DCs (AD1, VWP-DC1)
• Synology DSM: DS214se, RS2212+

Services & Applications

• Containerization: Docker on Unraid (Gitea, NPM, GuruRMM, Seafile)
• Web Servers: Nginx (NPM), Apache (WHM/cPanel)
• Databases: PostgreSQL 16, MySQL 8, MariaDB
• Directory Services: Active Directory (Dataforth, VWP, Glaztech)
• VPN: OpenVPN (UniFi UDM, UCG), Tailscale (mesh VPN)
• Monitoring: GuruRMM (custom platform)
• Version Control: Gitea
• PSA/RMM: Syncro, Autotask, CIPP

Development Tools

• Languages: Rust (GuruRMM), Python (Autocoder 2.0, scripts), PowerShell, Bash
• Build Systems: Cargo (Rust), npm (Node.js)
• CI/CD: Webhook-triggered builds on Build Server

---

Notes

Status Key

• Active: Current client with ongoing support
• Pending: Work scheduled or in progress
• Completed: One-time project or resolved issue

Credential Security

All credentials in this document are extracted from session logs for operational reference. In production:

• Credentials are stored in shared-data/credentials.md
• Session logs are preserved for context recovery
• SSH keys are distributed and managed per machine
• API tokens are rotated periodically

Future Additions

This catalog will be updated as additional session logs are processed and new client work is performed. Target: Process remaining 15 session log files to add:

• Additional client details
• More work history
• Network diagrams
• Additional credentials and access methods

---

END OF CATALOG - Version 1.0 (Partial) Next Update: After processing remaining 15 session log files