azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
df6a2dd5d8d87515e7540891e89d3ba01bf49175
claudetools/wiki/clients/birth-biologic.md
Mike Swanson 324c3b94a4 feat(birth-biologic): KSTEEN SmartBadge daily watch + remediation scripts 
Corrected the 2026-05-28 SmartBadge fix on KSTEENBB2025: the older Datto
Workplace Desktop v8 had been left in place (diverged from the fleet, which
runs Datto Workplace v10.53.4 / Workplace2). Removed v8, installed v10,
aligned the SmartBadge _CC add-in + CLSID to the EVO-X1 reference, and cleared
Kristin's stuck per-user LoadBehavior=2.

- ksteen-smartbadge-verify.ps1: PASS/FAIL verdict vs fleet reference
- ksteen-smartbadge-fix.ps1: machine + per-user remediation
- check-ksteen-smartbadge.sh: daily runner (RMM -> verdict -> #bot-alerts,
  coord message to Mike on drift); driven by a 7-day scheduled task on GURU-5070
- wiki: agents table, dual-Workplace SmartBadge known issue + fleet standard,
  2026-05-28/29 history

Syncro #32339. Coord todo 4a5b09b3 (watch expires 2026-06-05).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 08:40:54 -07:00

138 lines
10 KiB
Markdown
Raw Blame History

---
type: client
name: birth-biologic
display_name: BirthBiologic
last_compiled: 2026-05-24
compiled_by: DESKTOP-0O8A1RL/claude-main
sources:
- clients/birth-biologic/session-logs/2026-04-21-session.md
backlinks:
- projects/gururmm
---
# BirthBiologic
## Profile
- **Company type:** Corporate (exact industry not documented — biological/healthcare services implied by name and SharePoint site structure: Donor Services, Quality Department, Birth Biologic Activity Reports)
- **Contract type:** [unverified — MSP-managed implied; no explicit contract type documented]
- **Key contacts:**
- Annise — primary client contact for SharePoint migration; no last name or email documented
- sysadmin@birthbiologic.com — M365 shared admin account; M365 Business Premium license assigned 2026-04-21
- **Billing rate:** [unverified]
- **Syncro ticket:** #109277420 (Datto Workplace to SharePoint Migration; assigned to Mike Swanson, user_id 1735; contact: Annise; due 2026-04-22)
- **Syncro customer ID:** [unverified — not documented in available session logs]
## Infrastructure
### Servers & Services
| Host | IP | Role | OS | Notes |
|---|---|---|---|---|
| BB-SERVER | [unverified] | On-premise Windows server | Windows Server 2016 | GuruRMM agent installed 2026-04-21; used as command channel for Datto→SharePoint migration script execution |
### Email & Identity
- **M365 tenant:** birthbiologic.com (tenant ID: [unverified — "not yet looked up" as of 2026-04-21 session])
- **License:** M365 Business Premium (SKU `cbdc14ab-d96c-4132-b7f4-1f3a3a819bb4`) assigned to sysadmin@birthbiologic.com; includes EMS (standalone EMS removed after upgrade)
- **MFA status:** [unverified]
- **ACG remediation tool consent status (as of 2026-04-21):**
- Security Investigator: consented
- Tenant Admin (`709e6eed-0711-4875-9c44-2d3518c47063`): consented
- Exchange Operator: NOT consented
- User Manager: NOT consented
- Defender Add-on: NOT consented
- **sysadmin SharePoint role:** sysadmin@birthbiologic.com confirmed as SharePoint admin (required for SPMT destination access)
- **Note:** sysadmin@birthbiologic.com did not have a SharePoint/M365 license prior to 2026-04-21. For SharePoint app-only access, use Tenant Admin app with `Sites.ReadWrite.All` (no user license required for app-only).
### File Storage
- **Pre-migration:** Datto Workplace (on-premise network file server, accessed from BB-SERVER)
- **Post-migration target:** Microsoft SharePoint (M365)
- **Migration tool:** Custom PowerShell script (`clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`) + SPMT for bulk folders
### SharePoint Site Map
| Datto Folder | SharePoint Site | Notes |
|---|---|---|
| Admin | birthbiologic.sharepoint.com/sites/Admin | Migrated via SPMT |
| Birth Biologic Activity Reports | birthbiologic.sharepoint.com/sites/Admin | Same site as Admin; SPMT preserves source folder name as subfolder |
| Donor Services | birthbiologic.sharepoint.com/sites/DonorServices | Migrated via SPMT |
| Quality Department | birthbiologic.sharepoint.com/sites/QualityDepartment | Migrated via SPMT |
| Supply Management | birthbiologic.sharepoint.com/sites/SupplyManagement | 160/160 files migrated via custom PS script (2026-04-21) |
| ITSvcs | EXCLUDED | ACG-owned folder; not client data |
Site IDs are hardcoded in `$SITE_MAP` hashtable in the migration script.
### Network
- **ISP / WAN:** [unverified]
- **Firewall:** [unverified]
- **VPN:** [unverified]
## GuruRMM
- **Client name:** BirthBiologic
- **Client ID:** `da526b38-e832-4159-ab13-a3d94e9897a2`
- **Site name:** Main Office
- **Site code:** `BRIGHT-PEAK-5980`
- **Site ID:** `3b20ef97-c764-4ef8-9154-79c3d5b486f8`
- **Agent enrollment key:** `clients/birthbiologic/gururmm-site-main.sops.yaml` (vault)
- **Install landing page:** `https://rmm.azcomputerguru.com/install/BRIGHT-PEAK-5980`
- **MSI download:** `https://rmm.azcomputerguru.com/sites/3b20ef97-c764-4ef8-9154-79c3d5b486f8/installer`
### Enrolled Agents
| Agent | Host | OS | Agent ID | Notes |
|---|---|---|---|---|
| BB-SERVER | BB-SERVER | Windows Server 2016 | `6c02baa7-0f1c-4990-b466-c9ab9eaefd3b` | Installed 2026-04-21; used as command channel throughout Datto→SP migration; runs Datto Workplace **Server** |
| KSTEENBB2025 | KSTEENBB2025 | Windows 11 | `ee3c6aea-e9cc-4d2f-9e79-a38dd0eb129e` | Kristin Steen's workstation |
| EVO-X1 | EVO-X1 | Windows 11 | `9595f002-5cfe-4db6-b7aa-1df4a20e9f9b` | Vicki Fountain's workstation; used as SmartBadge fleet reference |
| BB-Office2 | BB-Office2 | Windows 11 | `48763401-4859-49f9-b64a-7a50d0148b23` | Shared/office workstation |
## Access
- **GuruRMM:** Dashboard → BirthBiologic → Main Office
- **M365 admin:** sysadmin@birthbiologic.com
- **Vault paths:**
- `clients/birthbiologic/gururmm-site-main.sops.yaml` — GuruRMM site enrollment key
- `msp-tools/computerguru-tenant-admin.sops.yaml``credentials.credential` — Tenant Admin app secret
- **Tenant Admin app:** client_id `709e6eed-0711-4875-9c44-2d3518c47063`; consent redirect URI must be `https://azcomputerguru.com` (NOT `https://rmm.azcomputerguru.com`)
- **Migration script:** `clients/birth-biologic/scripts/migrate-datto-to-sharepoint.ps1`
## Patterns & Known Issues
- **Datto Workplace fleet standard = "Datto Workplace" v10.53.4 (installs to `C:\Program Files\Datto\Workplace2\`).** EVO-X1 and BB-Office2 run this version only. **Never** run the older "Datto Workplace **Desktop**" v8.50.13 (folder `…\Workplace Desktop\`) alongside it — having both installed breaks the Excel SmartBadge add-in (see below). Note the confusing naming: despite "Desktop" sounding newer, v8 Desktop is the *older* product; plain "Datto Workplace" v10 is current.
- **SmartBadge Excel add-in failure from dual Datto Workplace installs:** When both Workplace2 (v10) and Workplace Desktop (v8) are present, the `_CC` COM class `{3C639243-95A2-400D-B4B4-4384DA7F61D3}` gets a 64-bit InprocServer32 pointing at the wrong DLL (or only a 32-bit WOW64 entry), so 64-bit Excel can't load the shim and silently drops the SmartBadge ribbon tab. Excel then auto-disables the add-in (per-user `LoadBehavior=2`). **Fix = align to fleet:** remove Workplace Desktop v8 (Revo for a full leftover sweep), install Workplace v10.53.4, ensure only the `_CC` add-in (HKLM+WOW64, `LoadBehavior=3`) with the `_CC` CLSID → `…\Workplace2\SmartBadge\DattoSmartBadgeShim_x64/x86.dll`, and reset the user's `LoadBehavior` to 3 + clear Excel Resiliency. Reference machine: EVO-X1. Scripts: `.claude/scripts/ksteen-smartbadge-verify.ps1`, `.claude/scripts/ksteen-smartbadge-fix.ps1`.
- **Windows Server 2016 TLS:** BB-SERVER defaults to TLS 1.0. PowerShell scripts must include `[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12` at the top or Graph API calls will fail.
- **GuruRMM command timeout on long-running processes:** The RMM command channel times out on operations running longer than ~300 seconds. An 8 MB PDF upload at ~77 KB/s exceeded this limit during the migration. Workaround: base64-encode file on server, capture stdout, decode and upload locally.
- **SharePoint 409 Conflict on retry:** If a chunked upload session is interrupted, a partial item remains in SharePoint. Subsequent upload sessions against the same path return 409 Conflict. Fix: DELETE the item before creating a new upload session.
- **SPMT requires sysadmin to be SharePoint admin:** SPMT destination access requires the running account to have SharePoint admin rights. Confirm before scheduling future SPMT runs.
- **Syncro comment rendering:** Use `<br>` for line breaks in Syncro comments. `<ul>/<li>` collapses into a single line in the Syncro renderer.
- **Syncro duplicate comments on #109277420:** Two duplicate comments were noted in the session log. GUI deletion only (no API delete for comments). Verify status next time in ticket view.
- **ITSvcs folder exclusion:** The `ITSvcs` folder on the Datto share is ACG-owned, not client data. Always exclude from any migration or client-facing file audit.
- **GuruRMM command body requirements:** `command_type` field is required (use `"powershell"` for PS scripts). Missing field returns 422. JWT must include `sub`, `role`, `orgs`, `exp`, `iat` claims — any missing claim returns 401.
- **PS5.1 quirks on BB-SERVER:** No Unicode box-drawing characters (parse error in PS5.1); no `@{} + @{}` hashtable merge (use foreach loop); use `${encodedPath}` not `$encodedPath:` in URL strings (colon interpreted as drive reference).
## Active Work
- **Datto → SharePoint migration:** Supply Management folder complete (160/160 files). SPMT launched for Admin, Birth Biologic Activity Reports, Donor Services, Quality Department as of end of 2026-04-21 session (20% on Donor Services at session end). [WARNING] Migration completion unconfirmed — no follow-up session log found. Outstanding tasks from session log:
- Verify SPMT migration complete for all 4 folders
- Verify file counts in each SharePoint site match Datto source
- Notify Annise to test access
- Schedule delta sync (`-DeltaOnly` flag) after client confirms
- Delete two duplicate Syncro comments on #109277420 (GUI only)
- Verify ITSvcs state file on BB-SERVER is not causing issues
## History Highlights
| Date | Event |
|---|---|
| 2026-05-29 | Mike: Corrected the SmartBadge fix — Kristin's machine had been left on the *older* Workplace Desktop v8 (diverged from fleet). Revo-removed v8, installed Workplace v10.53.4 (Workplace2), aligned SmartBadge `_CC` add-in/CLSID to EVO-X1, cleared her stuck per-user `LoadBehavior=2`. Verified working. Public tech notes + 1hr warranty on Syncro #32339. Stood up a 7-day daily verification (scheduled task on GURU-5070 + coord todo `4a5b09b3`, expires 2026-06-05). |
| 2026-05-28 | Mike: Initial Kristin Steen SmartBadge remediation (Syncro #32339) — diagnosed dual Workplace2/Workplace Desktop install; **uninstalled the wrong one (Workplace2 v10)**, leaving v8 Desktop (corrected 2026-05-29). |
| 2026-04-21 | Mike: New client onboarded to GuruRMM (client + site created, vault entry saved). Tenant Admin app consented. sysadmin@birthbiologic.com assigned M365 Business Premium. GuruRMM agent installed on BB-SERVER. Custom Datto→SharePoint migration script built. Supply Management (160 files) migrated via script. SPMT launched for 4 remaining folders. Syncro ticket #109277420 opened. |
## Backlinks
- [[projects/gururmm]] — BB-SERVER enrolled (site: Main Office)
Reference in New Issue View Git Blame Copy Permalink