azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bc0ceea26ccb70dbc22b090fffd5b2bfe44b7920
claudetools/session-logs/2026-06-12-mike-jparkinson-mail-migration.md
Mike Swanson e34d4268bc sync: auto-sync from GURU-5070 at 2026-06-12 15:53:59 
Author: Mike Swanson
Machine: GURU-5070
Timestamp: 2026-06-12 15:53:59
2026-06-12 15:54:17 -07:00

10 KiB
Raw Blame History

2026-06-12 — Jim Parkinson mail migration (Neptune -> lamaddux M365) + RMM log triage + IX API token

User

  • User: Mike Swanson (mike)
  • Machine: GURU-5070
  • Role: admin

Summary

Multi-thread session. Headline: migrated Jim Parkinson (jparkinsonaz.com, mail on on-prem Neptune Exchange) into LeeAnn Maddux's existing lamaddux.com M365 tenant to fix shared-calendar sync issues (Syncro #32411). Also: triaged a stale GuruRMM AI log-analysis report (filed 2 root-caused bugs + a signal-design refinement), recovered the lost IX WHM API access method (now a vaulted full-access token), restored the "vault every credential" CORE rule, and handled a Bardach M365 sign-in error.

Threads

1. Bardach (barbara@bardach.net) — AADSTS165000 on iPhone

Client-side session-cookie failure (Missing session context cookie). NOT password/MFA/Smart-Lockout, and NOT caused by our 2026-06-05 Security Defaults change (she passed password + Authenticator). Gave iPhone fix steps (full Safari not in-app webview, allow cookies, clear site data, fresh single-pass sign-in, auto date/time). Offered Entra sign-in-log lookup for Correlation Id 71fa2d99-2607-4cfc-a032-da30b925d04d. Tenant: bardach.net dd4a82e8-85a3-44ac-8800-07945ab4d95f.

2. GuruRMM log-analysis triage (stale report reconciliation)

Report came from GuruRMM's own /api/logs/analyze (cut over to Claude Haiku today). Reconciled vs live logs:

  • Ollama unreachable = HEALED (cutover; last stray 13:27 pre-deploy).
  • "1,100+ WS errors" = real (~1504/24h) but benign reconnect churn + deploy restart-storms; fleet reconnecting.
  • Auth timeouts 7/24h = benign.
  • 2 real bugs filed in projects/msp-tools/guru-rmm/docs/RMM_THOUGHTS.md (submodule, pushed 8d5bb9d):
    1. Hardware inventory NUL -> Postgres jsonb reject (7 Windows agents: IMC1, Seth-PC, QWM-JOHN, QWM-SHEILA, goldstar19, SIF-SERVER, Christine-Win10). Fix: strip NUL before jsonb insert in upsert_agent_hardware.
    2. Update scanner execs non-.exe binaries for --version; macOS Mach-O can't run on the Linux server -> continue-skipped -> macOS/Linux agents never offered updates. Fix: trust filename version for non-Windows.
    3. Feature 4a refinement: alert on STATE (offline-past-budget / flapping / mass-drop) not the disconnect event; reclassify "connection reset without closing handshake" ERROR->INFO (ships standalone).

3. IX WHM API access recovered (the ~1h time-sink)

Password+legacy json-api basic-auth to ix.azcomputerguru.com:2087 now returns 403 pre-auth (not cpHulk/Imunify IP block — WHM login page 200s; bad creds also 403). Mike created a full-access root WHM API token "ClaudeTools". Correct method: header Authorization: whm root:<token>, force curl -4. Stored at vault infrastructure/ix-server credentials.whm-api-token + documented in entry notes. Restored CORE rule in .claude/CLAUDE.md ("vault + document EVERY in-session credential, via the vault skill"); added memories ix-whm-dns-api-access + feedback-vault-every-credential.

4. Leeann Maddux RMM onboarding

New RMM client Leeann Maddux + site Home (DARK-OCEAN-9950, site_id 7357db16-114c-4404-92be-4a587056d9e5, client_id bd8c4027-7cbe-41c0-bc2c-c8e6c4846b62). Enrollment key vaulted clients/lamaddux/gururmm-site-home.sops.yaml. Jim's 2 machines enrolled: DESKTOP-EDN9UDO (2b24e8de-a774-4277-bad3-689c00f9eacc) + DESKTOP-M0GBKF3 (4fdecea6-19d9-4dd0-bf6c-f2b1ab6c6c28). (jpark = logged-in user on M0G, SID ...-1014.)

5. Jim Parkinson mail migration (the main work)

  • Tenant lamaddux.com 2f0c4c92-c608-4ee0-bdc2-87d5fd8fe929 (LeeAnn Maddux) onboarded via single-consent (onboard365); all apps + roles provisioned (recorded YES in remediation-tool tenants.md).
  • Added + verified custom domain jparkinsonaz.com (TXT MS=ms74863246); Mike added the domain in portal (our Tenant Admin app lacks Domain.ReadWrite.All — flagged as future automation item).
  • Created jim@jparkinsonaz.com (obj 387dc966-fd91-4512-9b0f-d80b125769f4) + Exchange Online Plan 1 (skuId 4b9405b0-7788-4568-add1-99614e613b69; Mike bought the 2nd license). Mailbox provisioned, primary SMTP matches source.
  • DNS cutover on IX (token) to O365 + zone cleanup: MX jparkinsonaz-com.mail.protection.outlook.com, SPF v=spf1 include:spf.protection.outlook.com -all, autodiscover CNAME -> autodiscover.outlook.com, DKIM selector1/selector2 CNAMEs -> selector{1,2}-jparkinsonaz-com._domainkey.lamaddux.a-v1.dkim.mail.microsoft (new MS format, resolves to live keys). Removed: root A (was -> Neptune 67.206.163.124), mail CNAME, 4x CalDAV/CardDAV SRV + path TXTs, cPanel _cpanel-dcv-test-record + _acme-challenge.
  • PST export off Neptune: New-MailboxExportRequest -> \\NEPTUNE\PSTExport$\jim-jparkinsonaz.pst, Completed 100%, 1.776 GB, 8316 items. Mike to copy + Outlook-import himself.
  • Outlook autodiscover fix (Exclude365): ran undo of C:\Users\guru\ownCloud\Toolbox\!-Utils\RegistryFixes\Exclude365-Final.reg on both machines (removed exclusions + acghosting RedirectServers pins, HKLM policy + user hives incl offline). Fresh profile still hit mail.acghosting.com because root A pointed to Neptune -> root-domain autodiscover probe answered on-prem. Set ExcludeHttpsRootDomain=1 on both machines (interim), then removed the root A record (permanent global fix -> root probe NXDOMAIN -> falls through to autodiscover CNAME -> O365).
  • Set password + MFA: see Credentials.

6. Syncro #32411 (id 112542872, LeeAnn Parkinson, customer 139908)

PUT status -> In Progress, problem_type -> Server Migration; posted customer-visible (no-email) note scoping it to a mail migration to resolve calendar sync. Comment id 418758100.

Credentials (unredacted — private repo)

  • jim@jparkinsonaz.com / jP48504850$ (permanent, no force-change). MFA mobile +1 520-349-2222. Vaulted clients/lamaddux/jim-parkinson-m365.sops.yaml.
  • IX WHM API token "ClaudeTools" (FULL-ACCESS ROOT): HAUGCPQGJGDK3YDAMVA0B4ELR9CVNAQ6. Vaulted infrastructure/ix-server credentials.whm-api-token. Use: header Authorization: whm root:<token>, curl -4. Password basic-auth on json-api now 403s.
  • Leeann Maddux RMM site key: vaulted clients/lamaddux/gururmm-site-home.sops.yaml.

Infrastructure

  • IX: ix.azcomputerguru.com = 72.194.62.5 (WHM:2087). Public NS ns1/ns2.acghosting.com = 52.52.94.202 (cluster; edits auto-sync). Neptune external 67.206.163.124 / 172.16.3.11 (mail.acghosting.com, Exchange 2016).
  • RMM API http://172.16.3.30:3001. (Brief .30 outage mid-session — networking, Mike fixed.)
  • Imunify360 (cpHulk disabled) gated WHM; whitelisted our IPv4 98.97.118.217 + IPv6 2605:59c0:43a6:9710::/64.

7. Continued (post-/scc): autodiscover, DNS cleanup, DKIM, sharing, calendar, contacts

  • IX WHM API token recovered the lost access (see thread 3): full-access root token "ClaudeTools" HAUGCPQGJGDK3YDAMVA0B4ELR9CVNAQ6 vaulted infrastructure/ix-server credentials.whm-api-token; header auth Authorization: whm root:<token>, curl -4. Used the ACG ComputerGuru-Management app (0df4e185..., tenant ce61461e, Application.ReadWrite.All, vault msp-tools/computerguru-management) to patch app registrations. Claude-MSP-Access secret is INVALID (AADSTS7000215) — rotate.
  • Outlook autodiscover fix on Jim's 2 machines (DESKTOP-EDN9UDO 2b24e8de, DESKTOP-M0GBKF3 4fdecea6): undid C:\Users\guru\ownCloud\Toolbox\!-Utils\RegistryFixes\Exclude365-Final.reg (HKLM policy + user hives); set ExcludeHttpsRootDomain=1; ROOT CAUSE = jparkinsonaz.com root A pointed to Neptune so the root-domain autodiscover probe answered on-prem. Removed root A + all cPanel junk (mail CNAME, CalDAV/CardDAV SRV, DCV/ACME) -> zone is O365-only -> permanent global fix. DKIM selector1/selector2 CNAMEs published (...lamaddux.a-v1.dkim.mail.microsoft, new MS format, resolves to live keys) — Mike to flip "Enable" in Defender.
  • Mailbox sharing: jim@ granted FullAccess (AutoMapping on) + Send-on-Behalf on leeann@lamaddux.com (EXO adminapi).
  • Calendar reconciliation: found Jim's events inviting LeeAnn that weren't on her calendar; only 8 genuine (Jim-organized one-off appts, mostly medical) — created them on her calendar (48 others were her own recurring/ birthday noise, left alone). Enabler: added Calendars.ReadWrite+Contacts.ReadWrite (Graph) to the Exchange Operator app (objId bae27250...), consented in lamaddux, scoped via ApplicationAccessPolicy RestrictAccess to mail-enabled group app-calscope@lamaddux.onmicrosoft.com (jim@+leeann@ only). Used a Graph-scoped token for the Exchange Operator app (its client_secret). Forward route failed (needs Mail.Send) -> direct-create instead.
  • Contacts: Jim's 355 contacts clean of X500/on-prem; created LeeAnn Maddux <leeann@lamaddux.com>, removed junk "Audible Leeann@lamaddux.com". Autocomplete cache may still hold legacy X500 for LeeAnn (clear in Outlook).

8. Wolkin — Julie Guda MFA/profile (tenant rswolkin.com ceb6dbe7-82c8-4d8f-9c6b-49aa26208e9b)

Removed Julie Guda (julie@rswolkin.com, id acaeb49c...) cell 702-624-3765 from directory mobilePhone (was GAL-visible); retained ONLY as MFA phone method +1 7026243765. Sign-in unaffected (password + Windows Hello too).

9. Syncro #32411 billed

2.0h remote (1190473 @ $150) = $300, invoice 1650664905, ticket -> Invoiced. Customer LeeAnn Parkinson (139908, not prepaid). Resolution comment on-ticket, no customer email.

Wiki updated this session

  • CREATED wiki/clients/lamaddux.md (household client + full migration).
  • UPDATED wiki/clients/wolkin.md (Julie MFA/profile note).
  • UPDATED wiki/systems/ix-server.md (WHM API token access + Imunify + jparkinsonaz O365 zone).

Pending / next

  1. Mike: copy PST + Outlook-import on M0G/EDN9; confirm Outlook connects to Microsoft; clear Jim's autocomplete (legacy X500 for LeeAnn).
  2. Mike: Enable DKIM signing for jparkinsonaz.com in Defender (CNAMEs live).
  3. After import confirmed: final delta export + decommission jparkinsonaz.com on Neptune; then close #32411. Optional: remove stale s1/default DKIM TXT; remove now-redundant ExcludeHttpsRootDomain reg value.
  4. Rotate the invalid Claude-MSP-Access app secret (vault msp-tools/claude-msp-access-graph-api).
  5. GuruRMM: 2 bugs + Feature 4a filed (ROOT-CAUSED) — await build decision.
  6. Future: add Domain.ReadWrite.All to Tenant Admin app to automate domain-adds.
  7. Bardach: Barbara to retry per iPhone steps; sign-in-log lookup on standby.
Reference in New Issue View Git Blame Copy Permalink