chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
83df48291ab3e5ac9453eb44e85e4c857ee37653
resolutionflow/backend/scripts/seed_trees.py
Michael Chihlas 83df48291a feat: Complete backend and docs rebrand from Patherly to ResolutionFlow 
Update APP_NAME, OpenAPI metadata, log messages, root endpoint response,
model docstrings, seed script comments, README heading, and CLAUDE.md
branding references. Frontend rebrand was completed in PR #26; this
covers everything else.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-04 00:41:22 -05:00

3467 lines
324 KiB
Python
Raw Blame History

#!/usr/bin/env python3
"""
Comprehensive MSP/SMB Troubleshooting Decision Trees Seed Script.
This script populates ResolutionFlow with realistic troubleshooting decision trees
covering common Tier 1, Tier 2, and Tier 3 support scenarios.
Run from the backend directory with: python -m scripts.seed_trees
Requirements:
- Backend server must be running (uvicorn app.main:app)
"""
import asyncio
import argparse
import httpx
from typing import Any
# API Configuration
API_BASE_URL = "http://localhost:8000/api/v1"
# Admin credentials (set via command line or environment)
ADMIN_EMAIL = None
ADMIN_PASSWORD = None
# =============================================================================
# TIER 1 - HELP DESK TREES
# =============================================================================
def get_password_reset_tree() -> dict[str, Any]:
"""
Password Reset / Account Lockout - Comprehensive Tier 1 tree.
Covers AD, M365, MFA issues with detailed troubleshooting paths.
"""
return {
"name": "Password Reset / Account Lockout",
"description": "Complete guide for handling password resets and account lockouts across AD, Microsoft 365, and MFA scenarios. Includes identity verification, common gotchas, and escalation paths.",
"category": "Tier 1 - Help Desk",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "What type of password/account issue is the user experiencing?",
"help_text": "Identify the primary system affected to route to the correct troubleshooting path",
"options": [
{"id": "ad_issue", "label": "Active Directory / Windows Login", "next_node_id": "ad_verify_identity"},
{"id": "m365_issue", "label": "Microsoft 365 / Email", "next_node_id": "m365_verify_identity"},
{"id": "mfa_issue", "label": "MFA / Authenticator App", "next_node_id": "mfa_triage"},
{"id": "vpn_issue", "label": "VPN Account", "next_node_id": "vpn_redirect"},
{"id": "unknown", "label": "User unsure / Multiple systems", "next_node_id": "identify_system"}
],
"children": [
{
"id": "identify_system",
"type": "decision",
"question": "Where is the user trying to log in?",
"help_text": "Ask the user specifically what screen or prompt they see",
"options": [
{"id": "windows_login", "label": "Windows login screen (Ctrl+Alt+Del)", "next_node_id": "ad_verify_identity"},
{"id": "outlook_web", "label": "Outlook on the web or M365 portal", "next_node_id": "m365_verify_identity"},
{"id": "phone_prompt", "label": "Phone MFA prompt", "next_node_id": "mfa_triage"},
{"id": "still_unclear", "label": "Still unclear", "next_node_id": "gather_screenshots"}
],
"children": [
{
"id": "gather_screenshots",
"type": "action",
"title": "Request Screenshots",
"description": "Ask the user to take a screenshot or photo of the error they're seeing.\n\n**Request:**\n- Screenshot of the login screen\n- Any error messages displayed\n- The URL if it's a web page\n\n**Document:** Note the exact error message in the ticket.",
"next_node_id": "identify_system"
}
]
},
{
"id": "vpn_redirect",
"type": "solution",
"title": "Redirect to VPN Troubleshooting",
"description": "VPN account issues require a different troubleshooting path.\n\n**Action:**\nUse the 'VPN Connection Failures' decision tree for this issue.\n\n**Note:** VPN passwords are often synced from AD, so if AD password works but VPN doesn't, it may be a VPN-specific configuration issue."
},
{
"id": "ad_verify_identity",
"type": "decision",
"question": "Can you verify the user's identity per company policy?",
"help_text": "Standard verification: Employee ID, manager name, last 4 of SSN, or callback to registered phone",
"options": [
{"id": "verified", "label": "Yes, identity verified", "next_node_id": "ad_find_account"},
{"id": "not_verified", "label": "Cannot verify identity", "next_node_id": "deny_unverified"},
{"id": "vip_user", "label": "VIP/Executive (special handling)", "next_node_id": "vip_verification"}
],
"children": [
{
"id": "deny_unverified",
"type": "solution",
"title": "Cannot Process - Identity Not Verified",
"description": "**DO NOT reset the password.**\n\n**Actions:**\n1. Politely explain that identity verification is required for security\n2. Provide alternative verification methods:\n - Call back from registered phone number\n - Manager approval via email\n - In-person verification with ID\n3. Document the request and denial reason\n\n**Ticket Notes:**\n- Record date/time of request\n- Note which verification methods were attempted\n- Close as 'Denied - Unable to Verify Identity'"
},
{
"id": "vip_verification",
"type": "decision",
"question": "Is the VIP's executive assistant or manager available to verify?",
"help_text": "VIP accounts require additional verification due to elevated privileges",
"options": [
{"id": "ea_verified", "label": "EA/Manager verified identity", "next_node_id": "ad_find_account"},
{"id": "callback_verified", "label": "Called back to known number", "next_node_id": "ad_find_account"},
{"id": "cannot_verify_vip", "label": "Cannot verify VIP", "next_node_id": "escalate_vip"}
],
"children": [
{
"id": "escalate_vip",
"type": "solution",
"title": "Escalate VIP Request",
"description": "Cannot verify VIP identity through standard channels.\n\n**Actions:**\n1. Escalate to IT Manager or Security team\n2. Do NOT reset without explicit management approval\n3. Document all verification attempts\n\n**Ticket Priority:** High\n**Escalation Path:** IT Manager > CISO"
}
]
},
{
"id": "ad_find_account",
"type": "action",
"title": "Locate User Account in Active Directory",
"description": "Search for the user's account in AD.\n\n**PowerShell Commands:**\n```\n# Search by username\nGet-ADUser -Identity \"username\"\n\n# Search by name\nGet-ADUser -Filter \"Name -like '*John Smith*'\"\n\n# Search by email\nGet-ADUser -Filter \"EmailAddress -eq 'john.smith@company.com'\"\n```\n\n**ADUC:** Active Directory Users and Computers > Find",
"action_command": "Get-ADUser -Identity \"USERNAME\" -Properties LockedOut,Enabled,PasswordLastSet,PasswordExpired,LastLogonDate",
"next_node_id": "ad_account_found"
},
{
"id": "ad_account_found",
"type": "decision",
"question": "What is the account status in Active Directory?",
"help_text": "Check the account properties for status indicators",
"options": [
{"id": "locked_out", "label": "Account is locked out", "next_node_id": "ad_unlock_account"},
{"id": "disabled", "label": "Account is disabled", "next_node_id": "ad_check_disabled"},
{"id": "pwd_expired", "label": "Password is expired", "next_node_id": "ad_reset_password"},
{"id": "account_ok", "label": "Account looks normal", "next_node_id": "ad_check_pwd_age"},
{"id": "not_found", "label": "Account not found", "next_node_id": "ad_account_not_found"}
],
"children": [
{
"id": "ad_account_not_found",
"type": "decision",
"question": "Is this a new employee or existing employee?",
"help_text": "Check with HR or the employee's start date",
"options": [
{"id": "new_employee", "label": "New employee (started recently)", "next_node_id": "new_employee_process"},
{"id": "existing_employee", "label": "Existing employee", "next_node_id": "check_spelling_variations"},
{"id": "contractor", "label": "Contractor/Vendor", "next_node_id": "contractor_process"}
],
"children": [
{
"id": "new_employee_process",
"type": "solution",
"title": "New Employee - Account Not Yet Created",
"description": "Account may not have been provisioned yet.\n\n**Actions:**\n1. Verify start date with HR\n2. Check if onboarding ticket exists\n3. If no ticket, create one for IT provisioning\n4. Provide user with expected timeline (usually 24-48 hours before start)\n\n**Ticket Notes:**\n- Employee start date\n- Manager name\n- Department\n- Route to provisioning queue"
},
{
"id": "check_spelling_variations",
"type": "action",
"title": "Search for Account Variations",
"description": "The account may exist under a different name format.\n\n**Try searching for:**\n- First initial + last name (jsmith)\n- First name + last initial (johns)\n- Full first.last (john.smith)\n- Maiden name vs married name\n- Common misspellings\n\n**PowerShell:**\n```\nGet-ADUser -Filter \"Name -like '*smith*'\" | Select Name,SamAccountName,Enabled\n```",
"action_command": "Get-ADUser -Filter \"Name -like '*LASTNAME*'\" | Select Name,SamAccountName,Enabled",
"next_node_id": "ad_account_found"
},
{
"id": "contractor_process",
"type": "solution",
"title": "Contractor Account Process",
"description": "Contractor accounts are managed separately.\n\n**Actions:**\n1. Check contractor management system\n2. Verify contract is still active\n3. Contact contractor's company liaison\n4. If active, escalate to Identity Management team\n\n**Note:** Contractor accounts may be in a separate OU or domain."
}
]
},
{
"id": "ad_unlock_account",
"type": "action",
"title": "Unlock the Active Directory Account",
"description": "Account is locked due to failed login attempts.\n\n**PowerShell:**\n```\nUnlock-ADAccount -Identity \"username\"\n```\n\n**ADUC:** Right-click account > Properties > Account tab > Unlock account\n\n**IMPORTANT:** Before unlocking, check the lockout source to identify if this is a security concern.",
"action_command": "Unlock-ADAccount -Identity \"USERNAME\"",
"next_node_id": "ad_check_lockout_source"
},
{
"id": "ad_check_lockout_source",
"type": "decision",
"question": "Do you need to identify the lockout source?",
"help_text": "If user is repeatedly getting locked out, finding the source prevents future lockouts",
"options": [
{"id": "find_source", "label": "Yes, find lockout source (repeated lockouts)", "next_node_id": "ad_lockout_investigation"},
{"id": "skip_source", "label": "No, single lockout incident", "next_node_id": "ad_verify_unlock_success"},
{"id": "user_knows", "label": "User knows the cause (forgot password)", "next_node_id": "ad_reset_password"}
],
"children": [
{
"id": "ad_lockout_investigation",
"type": "action",
"title": "Investigate Lockout Source",
"description": "Find what is causing the repeated lockouts.\n\n**Common Causes:**\n- Old password cached on mobile device\n- Mapped drive with saved credentials\n- Scheduled task running as user\n- Service account using user credentials\n- Outlook/Teams on secondary device\n\n**PowerShell (run on PDC):**\n```\n# Find lockout events\nGet-WinEvent -FilterHashtable @{LogName='Security';Id=4740} | \n Where-Object {$_.Properties[0].Value -eq 'username'} |\n Select TimeCreated,@{N='LockedUser';E={$_.Properties[0].Value}},@{N='Source';E={$_.Properties[1].Value}}\n```\n\n**Tools:** Microsoft Account Lockout Status Tool (LockoutStatus.exe)",
"action_command": "Get-WinEvent -FilterHashtable @{LogName='Security';Id=4740} -MaxEvents 10 | Where-Object {$_.Properties[0].Value -eq 'USERNAME'}",
"next_node_id": "ad_lockout_source_found"
},
{
"id": "ad_lockout_source_found",
"type": "decision",
"question": "What is causing the lockouts?",
"help_text": "Based on the source computer/application identified",
"options": [
{"id": "mobile_device", "label": "Mobile device (phone/tablet)", "next_node_id": "fix_mobile_lockout"},
{"id": "secondary_pc", "label": "Secondary PC or laptop", "next_node_id": "fix_secondary_pc"},
{"id": "mapped_drive", "label": "Mapped drive or network resource", "next_node_id": "fix_mapped_drive"},
{"id": "service_app", "label": "Service or application", "next_node_id": "fix_service_lockout"},
{"id": "unknown_source", "label": "Unknown/Cannot determine", "next_node_id": "escalate_lockout"}
],
"children": [
{
"id": "fix_mobile_lockout",
"type": "solution",
"title": "Mobile Device Causing Lockouts",
"description": "Old password cached on mobile device.\n\n**User Instructions:**\n1. On the mobile device, go to Settings > Accounts\n2. Remove the work/corporate account\n3. Restart the device\n4. Re-add the account with the new password\n\n**For iOS:**\nSettings > Mail > Accounts > Exchange > Delete Account\n\n**For Android:**\nSettings > Accounts > Work Account > Remove Account\n\n**Ticket Notes:**\nDocument the device type and resolution steps provided."
},
{
"id": "fix_secondary_pc",
"type": "solution",
"title": "Secondary PC Causing Lockouts",
"description": "User has another computer with old credentials.\n\n**User Instructions:**\n1. Log into the secondary PC\n2. Press Ctrl+Alt+Del and change password, OR\n3. Lock the PC and log back in with new password\n4. Update any saved credentials in Credential Manager\n\n**Remote Fix:**\nIf user can't access the PC, IT can remotely restart it to clear cached credentials.\n\n**Ticket Notes:**\nNote the computer name causing lockouts for documentation."
},
{
"id": "fix_mapped_drive",
"type": "solution",
"title": "Mapped Drive Causing Lockouts",
"description": "Network drive has saved old credentials.\n\n**User Instructions:**\n1. Open Credential Manager (Control Panel > Credential Manager)\n2. Look for Windows Credentials related to the file server\n3. Remove the old credential\n4. Disconnect and reconnect the mapped drive\n5. Enter new password when prompted\n\n**PowerShell:**\n```\ncmdkey /delete:servername\nnet use Z: /delete\nnet use Z: \\\\servername\\share /persistent:yes\n```"
},
{
"id": "fix_service_lockout",
"type": "solution",
"title": "Service or Application Causing Lockouts",
"description": "A scheduled task or service is using old credentials.\n\n**Actions:**\n1. Identify the service or scheduled task\n2. Update the credentials in the service configuration\n3. Restart the service\n\n**If it's a shared service account:**\nEscalate to the application owner or Tier 2.\n\n**Ticket Notes:**\nDocument the service name and escalation if needed."
},
{
"id": "escalate_lockout",
"type": "solution",
"title": "Escalate Lockout Investigation",
"description": "Cannot determine lockout source.\n\n**Actions:**\n1. Document all investigation steps taken\n2. Note the times and frequency of lockouts\n3. Escalate to Tier 2 for deeper investigation\n\n**Security Concern:** If lockouts are from unknown sources, this could indicate a brute force attack. Alert Security team.\n\n**Ticket Priority:** Medium to High depending on frequency."
}
]
},
{
"id": "ad_verify_unlock_success",
"type": "decision",
"question": "Was the user able to log in after unlocking?",
"help_text": "Have the user try logging in now",
"options": [
{"id": "login_success", "label": "Yes, login successful", "next_node_id": "ad_resolution_success"},
{"id": "wrong_password", "label": "No, wrong password error", "next_node_id": "ad_reset_password"},
{"id": "locked_again", "label": "Account locked again immediately", "next_node_id": "ad_lockout_investigation"}
],
"children": []
}
]
},
{
"id": "ad_check_disabled",
"type": "decision",
"question": "Why is the account disabled?",
"help_text": "Check account description, notes, or ticket history",
"options": [
{"id": "terminated", "label": "User terminated/left company", "next_node_id": "ad_terminated_user"},
{"id": "security_disabled", "label": "Disabled for security reasons", "next_node_id": "ad_security_disabled"},
{"id": "leave_of_absence", "label": "Leave of absence", "next_node_id": "ad_leave_return"},
{"id": "unknown_reason", "label": "Unknown reason", "next_node_id": "ad_investigate_disabled"}
],
"children": [
{
"id": "ad_terminated_user",
"type": "solution",
"title": "Account Disabled - User Terminated",
"description": "**DO NOT ENABLE THIS ACCOUNT**\n\nThe user has been terminated and should not have access.\n\n**Actions:**\n1. Verify with HR that the user was terminated\n2. If user claims this is an error, direct them to HR\n3. Document the request and denial\n\n**If user was rehired:**\nRequire HR documentation of rehire, then escalate to Identity Management for proper re-onboarding.\n\n**Ticket Notes:**\nClose as 'Denied - Terminated User'"
},
{
"id": "ad_security_disabled",
"type": "solution",
"title": "Account Disabled for Security",
"description": "**DO NOT ENABLE WITHOUT SECURITY APPROVAL**\n\nThis account was disabled due to a security incident.\n\n**Actions:**\n1. Contact the Security team for approval\n2. Do not discuss details of the security incident with the user\n3. Escalate to Security for handling\n\n**Ticket Notes:**\nEscalate to Security team. Mark as High Priority."
},
{
"id": "ad_leave_return",
"type": "decision",
"question": "Has the user officially returned from leave?",
"help_text": "Verify with HR or manager that leave has ended",
"options": [
{"id": "leave_ended", "label": "Yes, HR confirms return", "next_node_id": "ad_enable_account"},
{"id": "still_on_leave", "label": "No, still on leave", "next_node_id": "ad_still_on_leave"},
{"id": "cannot_verify_leave", "label": "Cannot verify with HR", "next_node_id": "ad_escalate_leave"}
],
"children": [
{
"id": "ad_enable_account",
"type": "action",
"title": "Enable the Account",
"description": "HR has confirmed the user has returned from leave.\n\n**PowerShell:**\n```\nEnable-ADAccount -Identity \"username\"\n```\n\n**ADUC:** Right-click account > Enable Account",
"action_command": "Enable-ADAccount -Identity \"USERNAME\"",
"next_node_id": "ad_reset_password"
},
{
"id": "ad_still_on_leave",
"type": "solution",
"title": "User Still on Leave",
"description": "Account cannot be enabled until leave officially ends.\n\n**Actions:**\n1. Inform user their account is disabled during leave per policy\n2. Advise them to contact HR about their return date\n3. Account will be enabled when HR processes the return\n\n**Ticket Notes:**\nClose as 'No Action - User on Leave'"
},
{
"id": "ad_escalate_leave",
"type": "solution",
"title": "Escalate Leave Status Verification",
"description": "Cannot verify leave status with HR.\n\n**Actions:**\n1. Escalate to IT Manager for approval\n2. Document the verification attempts\n3. Do not enable account without approval\n\n**Ticket Priority:** Medium"
}
]
},
{
"id": "ad_investigate_disabled",
"type": "action",
"title": "Investigate Why Account is Disabled",
"description": "Reason for disablement is unknown.\n\n**Check:**\n1. Account description field for notes\n2. Previous tickets for this user\n3. When was the account disabled? (check AD attribute)\n4. Contact HR to verify employment status\n\n**PowerShell:**\n```\nGet-ADUser -Identity \"username\" -Properties Description,whenChanged,Enabled\n```",
"action_command": "Get-ADUser -Identity \"USERNAME\" -Properties Description,whenChanged,Enabled,DistinguishedName",
"next_node_id": "ad_check_disabled"
}
]
},
{
"id": "ad_check_pwd_age",
"type": "decision",
"question": "When was the password last changed?",
"help_text": "Check PasswordLastSet attribute - if recent, password might not be the issue",
"options": [
{"id": "pwd_recent", "label": "Changed recently (within 24 hours)", "next_node_id": "ad_recent_change_issue"},
{"id": "pwd_old", "label": "More than 24 hours ago", "next_node_id": "ad_reset_password"},
{"id": "pwd_never", "label": "Never changed / Never set", "next_node_id": "ad_reset_password"}
],
"children": [
{
"id": "ad_recent_change_issue",
"type": "decision",
"question": "User recently changed password - what's happening?",
"help_text": "Password was changed recently, so this may be a sync or memory issue",
"options": [
{"id": "forgot_new", "label": "User forgot new password already", "next_node_id": "ad_reset_password"},
{"id": "not_synced", "label": "New password not working everywhere", "next_node_id": "ad_sync_delay"},
{"id": "didnt_change", "label": "User says they didn't change it", "next_node_id": "ad_security_concern"}
],
"children": [
{
"id": "ad_sync_delay",
"type": "solution",
"title": "Password Sync Delay",
"description": "New password may not have replicated to all systems.\n\n**AD Replication:** Usually 5-15 minutes within site, up to 1 hour cross-site\n\n**Azure AD Connect:** Up to 30 minutes for cloud sync\n\n**Actions:**\n1. Wait 15-30 minutes and try again\n2. If urgent, user can log into a DC directly in their site\n3. Force replication if needed (Tier 2 task)\n\n**Ticket Notes:**\nAdvised user to wait for sync. Follow up if still failing after 1 hour."
},
{
"id": "ad_security_concern",
"type": "solution",
"title": "Security Concern - Unauthorized Password Change",
"description": "**POTENTIAL SECURITY INCIDENT**\n\nUser claims they did not change their password, but it was changed.\n\n**Immediate Actions:**\n1. Reset the password immediately\n2. Force logout all sessions (revoke tokens)\n3. Alert Security team\n4. Document timeline of events\n\n**Security Escalation:**\nThis could indicate a compromised account. Security team must investigate.\n\n**Ticket Priority:** High\n**Escalation:** Security Team"
}
]
}
]
},
{
"id": "ad_reset_password",
"type": "action",
"title": "Reset Active Directory Password",
"description": "Reset the user's AD password to a temporary value.\n\n**PowerShell:**\n```\nSet-ADAccountPassword -Identity \"username\" -Reset -NewPassword (ConvertTo-SecureString 'TempPass123!' -AsPlainText -Force)\nSet-ADUser -Identity \"username\" -ChangePasswordAtLogon $true\n```\n\n**ADUC:** Right-click > Reset Password > Check 'User must change password at next logon'\n\n**Password Requirements:**\n- Meet complexity requirements\n- Use a temporary format like: TempPass + Month + Year + !\n- Example: TempPassJan2024!",
"action_command": "Set-ADAccountPassword -Identity \"USERNAME\" -Reset -NewPassword (ConvertTo-SecureString 'TEMPPASSWORD' -AsPlainText -Force); Set-ADUser -Identity \"USERNAME\" -ChangePasswordAtLogon $true",
"next_node_id": "ad_communicate_password"
},
{
"id": "ad_communicate_password",
"type": "decision",
"question": "How will you communicate the temporary password?",
"help_text": "Choose a secure method - never send passwords via unencrypted email",
"options": [
{"id": "verbal_phone", "label": "Verbally over phone (verified call)", "next_node_id": "ad_verify_login"},
{"id": "secure_portal", "label": "Self-service portal / Secure message", "next_node_id": "ad_verify_login"},
{"id": "manager_deliver", "label": "Have manager deliver in person", "next_node_id": "ad_verify_login"},
{"id": "sms_temp", "label": "SMS to verified phone (temp only)", "next_node_id": "ad_verify_login"}
],
"children": [
{
"id": "ad_verify_login",
"type": "decision",
"question": "Was the user able to log in with the temporary password?",
"help_text": "Have user test login and change to their own password",
"options": [
{"id": "login_worked", "label": "Yes, login successful", "next_node_id": "ad_verify_pwd_change"},
{"id": "login_failed", "label": "No, still failing", "next_node_id": "ad_login_still_failing"},
{"id": "locked_again", "label": "Account locked again", "next_node_id": "ad_unlock_account"}
],
"children": [
{
"id": "ad_verify_pwd_change",
"type": "decision",
"question": "Did the user successfully set their own password?",
"help_text": "User should be prompted to change password after logging in",
"options": [
{"id": "pwd_changed", "label": "Yes, new password set", "next_node_id": "ad_resolution_success"},
{"id": "pwd_complexity", "label": "No, complexity requirements error", "next_node_id": "ad_complexity_help"},
{"id": "pwd_history", "label": "No, cannot reuse old password", "next_node_id": "ad_history_help"}
],
"children": [
{
"id": "ad_complexity_help",
"type": "solution",
"title": "Password Complexity Requirements",
"description": "Help user understand password requirements.\n\n**Standard Requirements:**\n- Minimum 12 characters (check your policy)\n- At least 3 of 4 categories:\n - Uppercase letters (A-Z)\n - Lowercase letters (a-z)\n - Numbers (0-9)\n - Special characters (!@#$%^&*)\n- Cannot contain username or parts of full name\n\n**Suggestion:** Use a passphrase like 'Coffee$Morning2024!'\n\n**Ticket Notes:**\nProvided complexity guidance. User should retry."
},
{
"id": "ad_history_help",
"type": "solution",
"title": "Password History Restriction",
"description": "User is trying to reuse a previous password.\n\n**Policy:** Usually last 12-24 passwords cannot be reused.\n\n**Advise User:**\n- Choose a completely new password\n- Cannot use variations of old passwords\n- Consider using a passphrase\n\n**Ticket Notes:**\nAdvised user on password history policy. User should choose new password."
}
]
},
{
"id": "ad_login_still_failing",
"type": "decision",
"question": "What error is the user seeing?",
"help_text": "Get the exact error message",
"options": [
{"id": "wrong_pwd_error", "label": "Wrong password / credentials error", "next_node_id": "ad_verify_temp_pwd"},
{"id": "account_disabled_error", "label": "Account is disabled", "next_node_id": "ad_check_disabled"},
{"id": "no_logon_workstations", "label": "Cannot log on to this workstation", "next_node_id": "ad_logon_restriction"},
{"id": "trust_relationship", "label": "Trust relationship failed", "next_node_id": "ad_trust_relationship"}
],
"children": [
{
"id": "ad_verify_temp_pwd",
"type": "solution",
"title": "Verify Temporary Password Entry",
"description": "User may be entering password incorrectly.\n\n**Common Issues:**\n- Caps Lock is on\n- NumLock affecting keypad\n- Wrong keyboard layout\n- Copy/paste adding extra spaces\n\n**Actions:**\n1. Have user type password slowly, character by character\n2. Try typing in username field first to verify keys\n3. Reset password again if needed with simpler temp password\n\n**Ticket Notes:**\nVerify user is entering password correctly."
},
{
"id": "ad_logon_restriction",
"type": "solution",
"title": "Logon Workstation Restriction",
"description": "User's account is restricted to specific computers.\n\n**Check:**\nAD account > Properties > Account tab > Log On To\n\n**Actions:**\n1. Verify user is on an allowed workstation\n2. If restriction is outdated, escalate to AD admin to update\n3. Document which computers user needs access to\n\n**Ticket Notes:**\nAccount has logon restrictions. Escalate for update if needed."
},
{
"id": "ad_trust_relationship",
"type": "solution",
"title": "Trust Relationship Failed",
"description": "Computer trust relationship with domain is broken.\n\n**This is a computer issue, not an account issue.**\n\n**Actions:**\n1. Have user try logging into a different computer\n2. If that works, the original computer needs to be rejoined to domain\n3. Escalate to Desktop Support for computer rejoin\n\n**PowerShell (on affected computer, as local admin):**\n```\nReset-ComputerMachinePassword -Credential (Get-Credential)\n```\n\n**Ticket Notes:**\nTrust relationship broken on [computer name]. Escalate to Desktop Support."
}
]
}
]
}
]
}
]
}
]
},
{
"id": "ad_resolution_success",
"type": "solution",
"title": "Password Reset Complete - Active Directory",
"description": "User has successfully logged in and set a new password.\n\n**Final Verification:**\n- User confirmed login works\n- User set their own password\n- No further errors reported\n\n**Ticket Documentation:**\n- Account action taken (unlock/reset/enable)\n- Verification method used\n- User confirmed resolution\n\n**Close ticket as:** Resolved - Password Reset\n\n**Remind User:**\n- Update password on mobile devices\n- Update any saved credentials/mapped drives"
},
{
"id": "m365_verify_identity",
"type": "decision",
"question": "Can you verify the user's identity?",
"help_text": "Use standard identity verification procedures",
"options": [
{"id": "m365_verified", "label": "Yes, identity verified", "next_node_id": "m365_check_account"},
{"id": "m365_not_verified", "label": "Cannot verify identity", "next_node_id": "deny_unverified"}
],
"children": [
{
"id": "m365_check_account",
"type": "action",
"title": "Check Account in Microsoft 365 Admin Center",
"description": "Review the user's account in M365 Admin Center.\n\n**Steps:**\n1. Go to admin.microsoft.com\n2. Users > Active Users\n3. Search for the user\n4. Check: Sign-in status, licenses, MFA status\n\n**PowerShell (MSOnline):**\n```\nGet-MsolUser -UserPrincipalName user@company.com | Select DisplayName,BlockCredential,LastPasswordChangeTimestamp,StrongAuthenticationMethods\n```",
"next_node_id": "m365_account_status"
},
{
"id": "m365_account_status",
"type": "decision",
"question": "What is the M365 account status?",
"help_text": "Check if sign-in is blocked or if there are other issues",
"options": [
{"id": "m365_blocked", "label": "Sign-in blocked", "next_node_id": "m365_unblock"},
{"id": "m365_active", "label": "Account active, sign-in allowed", "next_node_id": "m365_reset_password"},
{"id": "m365_no_license", "label": "No license assigned", "next_node_id": "m365_no_license_issue"},
{"id": "m365_synced", "label": "Account synced from on-prem AD", "next_node_id": "m365_synced_account"}
],
"children": [
{
"id": "m365_unblock",
"type": "action",
"title": "Unblock M365 Sign-in",
"description": "The user's sign-in is currently blocked.\n\n**M365 Admin Center:**\n1. Users > Active Users > Select user\n2. Click 'Unblock sign-in'\n\n**PowerShell:**\n```\nSet-MsolUser -UserPrincipalName user@company.com -BlockCredential $false\n```\n\n**Note:** Find out why it was blocked before unblocking (security incident, termination, etc.)",
"next_node_id": "m365_reset_password"
},
{
"id": "m365_reset_password",
"type": "action",
"title": "Reset M365 Password",
"description": "Reset the user's Microsoft 365 password.\n\n**M365 Admin Center:**\n1. Users > Active Users > Select user\n2. Click 'Reset password'\n3. Choose auto-generate or set manually\n4. Require password change at next sign-in\n\n**PowerShell:**\n```\nSet-MsolUserPassword -UserPrincipalName user@company.com -NewPassword 'TempPass123!' -ForceChangePassword $true\n```",
"next_node_id": "m365_verify_login"
},
{
"id": "m365_no_license_issue",
"type": "solution",
"title": "No M365 License Assigned",
"description": "User doesn't have an M365 license.\n\n**Actions:**\n1. Verify user should have M365 access\n2. Check with their manager if unsure\n3. If license needed, assign appropriate license\n4. If using shared mailbox, no license needed for that\n\n**Escalate if:**\n- No licenses available\n- Unsure which license to assign\n\n**Ticket Notes:**\nUser missing M365 license. [Assigned/Escalated for assignment]"
},
{
"id": "m365_synced_account",
"type": "solution",
"title": "Account Synced from On-Premises AD",
"description": "This account is synchronized from on-premises Active Directory.\n\n**Password must be changed in AD, not M365!**\n\n**Actions:**\n1. Reset password in Active Directory instead\n2. Wait for Azure AD Connect to sync (up to 30 minutes)\n3. Or force a sync: `Start-ADSyncSyncCycle -PolicyType Delta`\n\n**Redirect:** Use the AD password reset section of this tree.\n\n**Ticket Notes:**\nHybrid identity - password reset must be done in on-prem AD."
},
{
"id": "m365_verify_login",
"type": "decision",
"question": "Can the user log into M365 now?",
"help_text": "Have user try logging into portal.office.com",
"options": [
{"id": "m365_login_works", "label": "Yes, login successful", "next_node_id": "m365_resolution_success"},
{"id": "m365_mfa_prompt", "label": "Stuck on MFA prompt", "next_node_id": "mfa_triage"},
{"id": "m365_still_failing", "label": "Still failing", "next_node_id": "m365_troubleshoot_further"}
],
"children": [
{
"id": "m365_troubleshoot_further",
"type": "solution",
"title": "Escalate M365 Login Issues",
"description": "Further troubleshooting required.\n\n**Before Escalating, Check:**\n- Browser cache cleared?\n- Tried InPrivate/Incognito mode?\n- Tried different browser?\n- Any conditional access policies blocking?\n\n**Escalate to:** Cloud/M365 Administration team\n\n**Include in Escalation:**\n- Error message screenshot\n- Steps already taken\n- User's UPN and location"
}
]
}
]
}
]
},
{
"id": "m365_resolution_success",
"type": "solution",
"title": "M365 Password Reset Complete",
"description": "User successfully logged into Microsoft 365.\n\n**Final Steps:**\n1. Confirm user can access email\n2. Have user set permanent password\n3. Verify MFA is configured if required\n\n**Ticket Documentation:**\n- Password reset completed in M365\n- User confirmed access to email/apps\n\n**Close ticket as:** Resolved - M365 Password Reset\n\n**Remind User:**\n- Re-authenticate Outlook desktop app\n- Re-authenticate mobile apps\n- Re-authenticate Teams"
},
{
"id": "mfa_triage",
"type": "decision",
"question": "What MFA issue is the user experiencing?",
"help_text": "Identify the specific MFA problem",
"options": [
{"id": "mfa_no_device", "label": "Lost/New phone, can't receive codes", "next_node_id": "mfa_reset_methods"},
{"id": "mfa_codes_wrong", "label": "Codes not working/rejected", "next_node_id": "mfa_code_issues"},
{"id": "mfa_not_setup", "label": "MFA not set up, being prompted", "next_node_id": "mfa_setup_help"},
{"id": "mfa_push_not_received", "label": "Push notifications not received", "next_node_id": "mfa_push_issues"}
],
"children": [
{
"id": "mfa_reset_methods",
"type": "action",
"title": "Reset MFA Methods",
"description": "User needs MFA methods reset due to lost/new device.\n\n**Azure AD Admin Center:**\n1. Azure Portal > Azure AD > Users\n2. Select user > Authentication methods\n3. Click 'Require re-register MFA'\n\n**M365 Admin Center:**\n1. Users > Active Users > Select user\n2. Manage multifactor authentication\n3. Require user to re-register\n\n**PowerShell (MSOnline):**\n```\nSet-MsolUser -UserPrincipalName user@company.com -StrongAuthenticationMethods @()\n```",
"next_node_id": "mfa_reset_verify"
},
{
"id": "mfa_reset_verify",
"type": "decision",
"question": "Was the MFA reset successful?",
"help_text": "User should now be prompted to set up MFA again",
"options": [
{"id": "mfa_setup_success", "label": "User set up MFA successfully", "next_node_id": "mfa_resolution_success"},
{"id": "mfa_needs_help", "label": "User needs help setting up", "next_node_id": "mfa_setup_help"},
{"id": "mfa_still_prompted", "label": "Still being prompted for old MFA", "next_node_id": "mfa_cache_issue"}
],
"children": [
{
"id": "mfa_cache_issue",
"type": "solution",
"title": "MFA Cache Issue",
"description": "Old MFA settings may be cached.\n\n**Try:**\n1. Clear browser cache and cookies\n2. Try InPrivate/Incognito mode\n3. Try a different browser\n4. Wait 15-30 minutes for cache to expire\n\n**If Still Failing:**\nEscalate to Cloud Admin team - may need to revoke all refresh tokens.\n\n**PowerShell:**\n```\nRevoke-AzureADUserAllRefreshToken -ObjectId user@company.com\n```"
}
]
},
{
"id": "mfa_code_issues",
"type": "decision",
"question": "What type of codes is the user trying to use?",
"help_text": "Different code types have different troubleshooting steps",
"options": [
{"id": "mfa_authenticator_totp", "label": "Authenticator app codes (6 digits)", "next_node_id": "mfa_totp_troubleshoot"},
{"id": "mfa_sms_codes", "label": "SMS text message codes", "next_node_id": "mfa_sms_troubleshoot"},
{"id": "mfa_hardware_token", "label": "Hardware token (RSA, YubiKey)", "next_node_id": "mfa_hardware_troubleshoot"}
],
"children": [
{
"id": "mfa_totp_troubleshoot",
"type": "solution",
"title": "Authenticator App Code Issues",
"description": "TOTP codes from authenticator app not working.\n\n**Common Causes:**\n1. **Time sync:** Phone time must be accurate\n - iOS: Settings > General > Date & Time > Set Automatically\n - Android: Settings > System > Date & Time > Use network time\n\n2. **Wrong account:** User may have multiple accounts in app\n - Verify they're using the correct account\n\n3. **Code expired:** Codes only valid for 30 seconds\n - Wait for next code cycle\n\n4. **App corrupted:** May need to re-add account\n - Admin resets MFA, user re-adds account to app\n\n**Ticket Notes:**\nTroubleshooting TOTP codes. [Resolution action taken]"
},
{
"id": "mfa_sms_troubleshoot",
"type": "solution",
"title": "SMS Code Issues",
"description": "SMS text message codes not working.\n\n**Check:**\n1. **Correct phone number:** Verify last 4 digits shown match user's phone\n2. **Phone signal:** User needs cellular service\n3. **Carrier issues:** Some carriers block or delay short codes\n4. **Phone changed:** Number may be out of date\n\n**If number is wrong:**\nReset MFA methods so user can register correct number.\n\n**If codes not arriving:**\n- Try voice call option instead\n- May need to switch to authenticator app\n\n**Ticket Notes:**\nSMS MFA troubleshooting. [Resolution]"
},
{
"id": "mfa_hardware_troubleshoot",
"type": "solution",
"title": "Hardware Token Issues",
"description": "Hardware token (RSA SecurID, YubiKey) not working.\n\n**RSA Token:**\n- Check token is not expired (battery life)\n- Time may be out of sync - contact RSA admin\n- Token may need re-sync (enter 2 consecutive codes)\n\n**YubiKey:**\n- Ensure proper insertion/contact\n- Try different USB port\n- May need to re-register key\n\n**Escalate to:** Security/Identity Management team for hardware token issues.\n\n**Ticket Notes:**\nHardware MFA token issue. Escalate to Security team."
}
]
},
{
"id": "mfa_setup_help",
"type": "solution",
"title": "Help User Set Up MFA",
"description": "Guide user through MFA setup.\n\n**Microsoft Authenticator Setup:**\n1. Download Microsoft Authenticator from app store\n2. Open app, tap + to add account\n3. Select 'Work or school account'\n4. Choose 'Scan QR code'\n5. Log into aka.ms/mysecurityinfo\n6. Add method > Authenticator app\n7. Scan the QR code with phone\n8. Approve test notification\n\n**SMS Setup:**\n1. Log into aka.ms/mysecurityinfo\n2. Add method > Phone\n3. Enter phone number\n4. Choose Text or Call\n5. Verify with code sent\n\n**Ticket Notes:**\nAssisted user with MFA setup. Method configured: [Authenticator/SMS/Phone]"
},
{
"id": "mfa_push_issues",
"type": "solution",
"title": "MFA Push Notifications Not Received",
"description": "Microsoft Authenticator push notifications not working.\n\n**Troubleshooting Steps:**\n1. **Check notifications enabled:**\n - iOS: Settings > Notifications > Authenticator\n - Android: Settings > Apps > Authenticator > Notifications\n\n2. **Check internet connection:**\n - Push requires data/WiFi connection\n\n3. **Force close and reopen app:**\n - Swipe away app and relaunch\n\n4. **Check battery optimization:**\n - Android may block background apps\n - Settings > Apps > Authenticator > Battery > Unrestricted\n\n5. **Re-register device:**\n - In Authenticator > Account > Device registration\n\n**Alternative:** Use 'Use code instead' option while troubleshooting.\n\n**Ticket Notes:**\nPush notification troubleshooting. [Resolution]"
}
]
},
{
"id": "mfa_resolution_success",
"type": "solution",
"title": "MFA Issue Resolved",
"description": "User's MFA is now working correctly.\n\n**Final Verification:**\n- User can complete MFA successfully\n- User can access M365/applications\n\n**Ticket Documentation:**\n- MFA issue type\n- Resolution action taken\n- User confirmed working\n\n**Close ticket as:** Resolved - MFA Configuration\n\n**Remind User:**\n- Set up backup MFA methods\n- Keep authenticator app updated\n- Note recovery options available"
}
]
}
}
def get_outlook_email_tree() -> dict[str, Any]:
"""
Outlook/Email Problems - Comprehensive Tier 1 tree.
Covers sync issues, missing emails, calendar problems, and common Outlook errors.
"""
return {
"name": "Outlook / Email Problems",
"description": "Troubleshooting guide for Outlook and email issues including sync problems, missing emails, calendar issues, and common errors. Covers both Outlook desktop and Outlook on the web.",
"category": "Tier 1 - Help Desk",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "What email/Outlook problem is the user experiencing?",
"help_text": "Identify the primary symptom to route to correct troubleshooting path",
"options": [
{"id": "not_opening", "label": "Outlook won't open / crashing", "next_node_id": "outlook_wont_open"},
{"id": "not_syncing", "label": "Email not syncing / receiving", "next_node_id": "email_sync_issues"},
{"id": "cant_send", "label": "Can't send email", "next_node_id": "cant_send_email"},
{"id": "missing_email", "label": "Missing emails / folders", "next_node_id": "missing_email_triage"},
{"id": "calendar_issue", "label": "Calendar problems", "next_node_id": "calendar_issues"},
{"id": "search_broken", "label": "Search not working", "next_node_id": "search_issues"}
],
"children": [
{
"id": "outlook_wont_open",
"type": "decision",
"question": "What happens when user tries to open Outlook?",
"help_text": "Get specific error message or behavior",
"options": [
{"id": "stuck_loading", "label": "Stuck on 'Loading Profile' or splash screen", "next_node_id": "outlook_stuck_loading"},
{"id": "error_message", "label": "Shows error message then closes", "next_node_id": "outlook_error_message"},
{"id": "freezes", "label": "Opens but freezes/not responding", "next_node_id": "outlook_freezing"},
{"id": "nothing_happens", "label": "Nothing happens when clicking", "next_node_id": "outlook_nothing_happens"}
],
"children": [
{
"id": "outlook_stuck_loading",
"type": "action",
"title": "Start Outlook in Safe Mode",
"description": "Outlook stuck on loading usually indicates an add-in or profile issue.\n\n**Steps:**\n1. Close Outlook completely (check Task Manager)\n2. Hold CTRL and click Outlook icon\n3. Click 'Yes' when prompted for Safe Mode\n\n**Or from Run dialog:**\n```\noutlook.exe /safe\n```\n\n**If Safe Mode works:** Add-in is likely the cause.\n**If Safe Mode fails:** Profile may be corrupted.",
"action_command": "outlook.exe /safe",
"next_node_id": "safe_mode_result"
},
{
"id": "safe_mode_result",
"type": "decision",
"question": "Did Outlook open in Safe Mode?",
"help_text": "Safe Mode disables add-ins and customizations",
"options": [
{"id": "safe_mode_works", "label": "Yes, Safe Mode works", "next_node_id": "disable_addins"},
{"id": "safe_mode_fails", "label": "No, still fails", "next_node_id": "repair_office"}
],
"children": [
{
"id": "disable_addins",
"type": "action",
"title": "Disable Problematic Add-ins",
"description": "An add-in is preventing Outlook from starting.\n\n**In Safe Mode:**\n1. Go to File > Options > Add-ins\n2. At bottom, select 'COM Add-ins' > Go\n3. Uncheck all add-ins\n4. Click OK\n5. Close and restart Outlook normally\n6. If it works, re-enable add-ins one at a time to find the culprit\n\n**Common problematic add-ins:**\n- Adobe Acrobat add-in\n- Antivirus email scanning\n- Third-party signature tools",
"next_node_id": "outlook_resolution_success"
},
{
"id": "repair_office",
"type": "action",
"title": "Repair Microsoft Office Installation",
"description": "Office installation may be corrupted.\n\n**Steps:**\n1. Open Settings > Apps > Installed apps\n2. Find 'Microsoft 365' or 'Microsoft Office'\n3. Click three dots > Modify\n4. Choose 'Quick Repair' first (faster)\n5. If Quick Repair fails, try 'Online Repair'\n\n**Via Control Panel:**\nControl Panel > Programs > Programs and Features > Microsoft 365 > Change > Repair\n\n**Note:** Online Repair requires internet and may take 30-60 minutes.",
"next_node_id": "repair_result"
},
{
"id": "repair_result",
"type": "decision",
"question": "Did Office repair fix the issue?",
"help_text": "Try opening Outlook after repair completes",
"options": [
{"id": "repair_worked", "label": "Yes, Outlook opens now", "next_node_id": "outlook_resolution_success"},
{"id": "repair_failed", "label": "No, still not working", "next_node_id": "create_new_profile"}
],
"children": [
{
"id": "create_new_profile",
"type": "action",
"title": "Create New Outlook Profile",
"description": "Current Outlook profile may be corrupted. Create a new one.\n\n**Steps:**\n1. Open Control Panel\n2. Search for 'Mail' or 'Mail (32-bit)'\n3. Click 'Show Profiles'\n4. Click 'Add' and name it (e.g., 'New Profile')\n5. Set up email account in the new profile\n6. Set new profile as default\n7. Delete old corrupted profile (optional, can keep as backup)\n\n**Warning:** Local data in old profile (non-synced items) may be lost. Check for local PST files first.",
"next_node_id": "new_profile_result"
},
{
"id": "new_profile_result",
"type": "decision",
"question": "Does Outlook work with the new profile?",
"options": [
{"id": "new_profile_works", "label": "Yes, working with new profile", "next_node_id": "outlook_resolution_success"},
{"id": "new_profile_fails", "label": "No, still failing", "next_node_id": "escalate_outlook"}
],
"children": [
{
"id": "escalate_outlook",
"type": "solution",
"title": "Escalate Outlook Issues",
"description": "Issue requires deeper investigation.\n\n**Before Escalating:**\n- Document all troubleshooting steps taken\n- Note error messages with screenshots\n- Check Windows Event Viewer for Office errors\n\n**Possible Causes:**\n- Windows user profile corruption\n- Antivirus interference\n- System file corruption\n- Hardware issues\n\n**Escalate to:** Tier 2 Desktop Support\n\n**Ticket Notes:**\nInclude: Safe Mode result, Repair result, New Profile result, Event log errors."
}
]
}
]
}
]
},
{
"id": "outlook_error_message",
"type": "decision",
"question": "What error message is displayed?",
"help_text": "Get the exact error text if possible",
"options": [
{"id": "cannot_start", "label": "Cannot start Microsoft Outlook", "next_node_id": "outlook_stuck_loading"},
{"id": "ost_in_use", "label": "OST file is in use / cannot be accessed", "next_node_id": "ost_file_issue"},
{"id": "pst_error", "label": "PST file errors", "next_node_id": "pst_file_issue"},
{"id": "license_error", "label": "Activation or license error", "next_node_id": "license_issue"},
{"id": "other_error", "label": "Other error", "next_node_id": "outlook_stuck_loading"}
],
"children": [
{
"id": "ost_file_issue",
"type": "action",
"title": "Fix OST File Issue",
"description": "The OST (Offline Storage) file has a problem.\n\n**Common Causes:**\n- File is locked by another process\n- File is corrupted\n- File reached size limit\n\n**Steps:**\n1. Make sure Outlook is closed (check Task Manager)\n2. Navigate to: `%localappdata%\\Microsoft\\Outlook`\n3. Find the .ost file for the account\n4. Rename it (e.g., add .old to the name)\n5. Restart Outlook - it will create a new OST and re-sync\n\n**Note:** This forces a full re-sync from the server. No data loss for Exchange/M365 mailboxes.",
"action_command": "explorer %localappdata%\\Microsoft\\Outlook",
"next_node_id": "outlook_resolution_success"
},
{
"id": "pst_file_issue",
"type": "action",
"title": "Repair PST File",
"description": "PST (Personal Storage) file needs repair.\n\n**Run Inbox Repair Tool (ScanPST):**\n1. Close Outlook\n2. Navigate to:\n - Microsoft 365: `C:\\Program Files\\Microsoft Office\\root\\Office16`\n - Office 2019: `C:\\Program Files\\Microsoft Office\\Office16`\n3. Run SCANPST.EXE\n4. Browse to the PST file location\n5. Click 'Start' to scan\n6. If errors found, click 'Repair'\n\n**PST Locations:**\n- Default: `%userprofile%\\Documents\\Outlook Files`\n- Old: `%localappdata%\\Microsoft\\Outlook`\n\n**Warning:** Back up the PST file before repair.",
"action_command": "explorer \"C:\\Program Files\\Microsoft Office\\root\\Office16\"",
"next_node_id": "outlook_resolution_success"
},
{
"id": "license_issue",
"type": "solution",
"title": "Office License/Activation Issue",
"description": "Office license needs attention.\n\n**Steps:**\n1. Open any Office app (Word, Excel)\n2. Go to File > Account\n3. Check activation status\n4. Click 'Update License' or 'Sign In'\n5. Sign in with work account\n\n**If activation fails:**\n- Check M365 admin for license assignment\n- May need to sign out and back in\n- Try: File > Account > Sign out, then sign back in\n\n**Escalate if:** No license available or persistent activation errors.\n\n**Ticket Notes:**\nLicense issue. [Resolution or escalation details]"
}
]
},
{
"id": "outlook_freezing",
"type": "action",
"title": "Troubleshoot Outlook Freezing",
"description": "Outlook opens but becomes unresponsive.\n\n**Immediate Steps:**\n1. Wait 2-3 minutes - may be processing large mailbox\n2. Check status bar at bottom for 'Updating folder...'\n\n**If Still Frozen:**\n1. End Outlook in Task Manager\n2. Start in Safe Mode (outlook.exe /safe)\n3. If Safe Mode works, check add-ins\n\n**Common Causes:**\n- Large mailbox syncing\n- Too many items in Inbox\n- Corrupt add-in\n- Antivirus scanning\n\n**Try:**\n- Disable Cached Exchange Mode temporarily\n- Reduce items to sync: File > Account Settings > Change > Mail to keep offline: 1 month",
"next_node_id": "safe_mode_result"
},
{
"id": "outlook_nothing_happens",
"type": "action",
"title": "Outlook Not Launching",
"description": "Clicking Outlook does nothing visible.\n\n**Check if Already Running:**\n1. Open Task Manager (Ctrl+Shift+Esc)\n2. Look for OUTLOOK.EXE in processes\n3. If found, End Task\n4. Try launching again\n\n**Check for Stuck Process:**\n```\ntaskkill /IM OUTLOOK.EXE /F\n```\n\n**If still not launching:**\n- Try Safe Mode: outlook.exe /safe\n- Check Event Viewer for errors\n- Verify Office installation isn't corrupted",
"action_command": "tasklist | findstr OUTLOOK",
"next_node_id": "outlook_stuck_loading"
}
]
},
{
"id": "email_sync_issues",
"type": "decision",
"question": "Is the user using Outlook desktop or Outlook on the web?",
"help_text": "This helps determine if it's a client or server issue",
"options": [
{"id": "desktop_sync", "label": "Outlook desktop app", "next_node_id": "desktop_sync_check"},
{"id": "web_sync", "label": "Outlook on the web (browser)", "next_node_id": "web_sync_check"},
{"id": "mobile_sync", "label": "Mobile Outlook app", "next_node_id": "mobile_sync_check"}
],
"children": [
{
"id": "desktop_sync_check",
"type": "decision",
"question": "Can the user receive email in Outlook on the web?",
"help_text": "Test at outlook.office.com to isolate the issue",
"options": [
{"id": "web_works", "label": "Yes, web works fine", "next_node_id": "desktop_sync_fix"},
{"id": "web_also_broken", "label": "No, web also not receiving", "next_node_id": "server_side_issue"},
{"id": "cant_test_web", "label": "Can't test web version", "next_node_id": "desktop_sync_fix"}
],
"children": [
{
"id": "desktop_sync_fix",
"type": "action",
"title": "Fix Outlook Desktop Sync",
"description": "Email arriving in web but not desktop - client sync issue.\n\n**Quick Fixes:**\n1. Check Send/Receive status (bottom of window)\n2. Click Send/Receive > Send/Receive All Folders (F9)\n3. Check for 'Working Offline' - click to go online\n\n**Check Connection:**\n- Status bar should show 'Connected to: Microsoft Exchange'\n- If 'Disconnected', check network\n\n**Force Sync:**\n1. File > Account Settings > Account Settings\n2. Select account > Repair\n3. Follow prompts\n\n**Rebuild Sync:**\n- Delete OST file (see OST file issue steps)\n- Outlook will re-sync from server",
"next_node_id": "desktop_sync_result"
},
{
"id": "desktop_sync_result",
"type": "decision",
"question": "Is email syncing now?",
"options": [
{"id": "sync_fixed", "label": "Yes, email is syncing", "next_node_id": "outlook_resolution_success"},
{"id": "sync_still_broken", "label": "No, still not syncing", "next_node_id": "check_autodiscover"}
],
"children": [
{
"id": "check_autodiscover",
"type": "action",
"title": "Check Autodiscover Configuration",
"description": "Outlook may not be connecting to Exchange correctly.\n\n**Test Autodiscover:**\n1. Hold Ctrl and right-click Outlook icon in system tray\n2. Click 'Test Email AutoConfiguration'\n3. Enter email address and password\n4. Uncheck 'Use Guessmart' and 'Secure Guessmart Authentication'\n5. Click 'Test'\n6. Check Results tab for server settings\n\n**Expected Result:**\n- Protocol: Exchange HTTP\n- Server: outlook.office365.com (for M365)\n\n**If Autodiscover Fails:**\n- DNS issue\n- Firewall blocking\n- Credentials issue",
"next_node_id": "escalate_outlook"
}
]
},
{
"id": "server_side_issue",
"type": "decision",
"question": "Are other users also affected?",
"help_text": "Check if this is a widespread issue",
"options": [
{"id": "others_affected", "label": "Yes, multiple users affected", "next_node_id": "service_outage"},
{"id": "just_this_user", "label": "No, only this user", "next_node_id": "check_mailbox_rules"},
{"id": "unknown_others", "label": "Unknown / Can't check", "next_node_id": "check_m365_status"}
],
"children": [
{
"id": "service_outage",
"type": "solution",
"title": "Potential Service Outage",
"description": "Multiple users affected - possible service issue.\n\n**Check M365 Service Health:**\n1. Go to admin.microsoft.com\n2. Health > Service health\n3. Look for Exchange Online issues\n\n**Check status.office.com** for public status.\n\n**If Outage Confirmed:**\n- Document the outage\n- Inform affected users\n- Monitor for resolution\n- No user action needed\n\n**Ticket Notes:**\nService outage affecting multiple users. Monitoring for resolution."
},
{
"id": "check_m365_status",
"type": "action",
"title": "Check M365 Service Status",
"description": "Verify Microsoft 365 services are operational.\n\n**Check:**\n1. admin.microsoft.com > Health > Service health\n2. status.office.com (public status page)\n3. Twitter: @MSABORNAL for real-time updates\n\n**If No Outage:**\n- Issue is likely user-specific\n- Continue troubleshooting individual mailbox",
"next_node_id": "check_mailbox_rules"
},
{
"id": "check_mailbox_rules",
"type": "action",
"title": "Check Mailbox Rules and Settings",
"description": "Email may be arriving but being processed by rules.\n\n**Check in Outlook on the web:**\n1. Go to outlook.office.com\n2. Settings (gear) > View all Outlook settings\n3. Mail > Rules\n4. Check for rules moving/deleting mail\n\n**Also Check:**\n- Junk Email folder (emails may be filtered)\n- Focused Inbox (check 'Other' tab)\n- Blocked Senders list\n\n**In M365 Admin:**\n- Check mailbox is active\n- Check mailbox size isn't full\n- Check forwarding isn't enabled",
"next_node_id": "rules_result"
},
{
"id": "rules_result",
"type": "decision",
"question": "Did you find rules or settings causing the issue?",
"options": [
{"id": "rules_found", "label": "Yes, found problematic rule", "next_node_id": "outlook_resolution_success"},
{"id": "no_rules", "label": "No, rules look fine", "next_node_id": "check_mailflow"}
],
"children": [
{
"id": "check_mailflow",
"type": "solution",
"title": "Check Mail Flow / Escalate",
"description": "May need to trace mail flow at server level.\n\n**For M365 Admin:**\n1. Exchange Admin Center > Mail flow > Message trace\n2. Search for messages to/from user\n3. Check status: Delivered, Failed, Pending\n\n**Common Findings:**\n- Email quarantined by spam filter\n- Email rejected by transport rule\n- Sender blocked at organization level\n\n**Escalate to:** M365/Exchange Admin if mail trace needed.\n\n**Ticket Notes:**\nMailbox rules checked - no issues found. Needs mail flow trace."
}
]
}
]
}
]
},
{
"id": "web_sync_check",
"type": "decision",
"question": "Can the user log into Outlook on the web?",
"help_text": "Try outlook.office.com",
"options": [
{"id": "can_login", "label": "Yes, can log in", "next_node_id": "web_email_check"},
{"id": "cant_login", "label": "No, login fails", "next_node_id": "m365_verify_identity"},
{"id": "mfa_blocks", "label": "Stuck on MFA", "next_node_id": "mfa_triage"}
],
"children": [
{
"id": "web_email_check",
"type": "decision",
"question": "Are emails visible in the Inbox?",
"options": [
{"id": "inbox_empty", "label": "Inbox is empty", "next_node_id": "check_mailbox_rules"},
{"id": "old_emails_only", "label": "Only old emails, no new ones", "next_node_id": "check_mailbox_rules"},
{"id": "emails_present", "label": "Emails are there", "next_node_id": "web_actually_working"}
],
"children": [
{
"id": "web_actually_working",
"type": "solution",
"title": "Email is Working in Web",
"description": "Email is present in Outlook on the web.\n\n**If User Thought Email Wasn't Working:**\n- Check Focused vs Other inbox\n- Check Junk Email folder\n- May have been looking in wrong folder\n\n**If Desktop Isn't Syncing:**\n- Issue is with Outlook desktop, not mailbox\n- Follow desktop sync troubleshooting\n\n**Ticket Notes:**\nEmail confirmed working in OWA. [Identify actual issue]"
}
]
}
]
},
{
"id": "mobile_sync_check",
"type": "solution",
"title": "Mobile Outlook Sync Issues",
"description": "Troubleshoot Outlook mobile app sync.\n\n**Basic Steps:**\n1. Force close the app and reopen\n2. Pull down to refresh\n3. Check internet connection\n\n**Re-add Account:**\n1. Open Outlook app\n2. Go to Settings (gear icon)\n3. Tap the account\n4. Tap 'Delete Account'\n5. Re-add the account\n\n**Clear App Data (Android):**\nSettings > Apps > Outlook > Storage > Clear Cache\n\n**Reinstall App:**\nAs last resort, uninstall and reinstall Outlook app.\n\n**Ticket Notes:**\nMobile Outlook sync issue. [Resolution steps taken]"
}
]
},
{
"id": "cant_send_email",
"type": "decision",
"question": "What happens when user tries to send email?",
"help_text": "Get the specific error or behavior",
"options": [
{"id": "stuck_outbox", "label": "Email stuck in Outbox", "next_node_id": "email_stuck_outbox"},
{"id": "send_error", "label": "Error message when sending", "next_node_id": "send_error_message"},
{"id": "bounces_back", "label": "Email bounces back / NDR", "next_node_id": "email_bounce"},
{"id": "send_button_grayed", "label": "Send button is grayed out", "next_node_id": "send_button_disabled"}
],
"children": [
{
"id": "email_stuck_outbox",
"type": "action",
"title": "Fix Email Stuck in Outbox",
"description": "Email is sitting in Outbox and not sending.\n\n**Quick Fixes:**\n1. Check if Outlook is 'Working Offline' (toggle off)\n2. Press F9 or Send/Receive > Send/Receive All Folders\n3. Check internet connection\n\n**If Still Stuck:**\n1. Open Outbox folder\n2. Double-click the stuck email to open it\n3. Close it (this removes the 'sending' lock)\n4. Try sending again\n\n**If Email Won't Open:**\n1. Start Outlook in Offline mode\n2. Move email from Outbox to Drafts\n3. Go back Online\n4. Try sending from Drafts\n\n**Common Cause:** Large attachment exceeding size limit.",
"next_node_id": "send_result"
},
{
"id": "send_error_message",
"type": "decision",
"question": "What error message is shown?",
"help_text": "Common send errors",
"options": [
{"id": "relay_denied", "label": "Relay access denied / Not authenticated", "next_node_id": "smtp_auth_issue"},
{"id": "attachment_too_large", "label": "Attachment too large", "next_node_id": "attachment_size_issue"},
{"id": "address_rejected", "label": "Recipient address rejected", "next_node_id": "recipient_issue"},
{"id": "generic_send_error", "label": "Generic / Other error", "next_node_id": "generic_send_fix"}
],
"children": [
{
"id": "smtp_auth_issue",
"type": "solution",
"title": "SMTP Authentication Issue",
"description": "Account not properly authenticated for sending.\n\n**For M365:**\n- Modern auth should be used\n- Check if 'SMTP AUTH' is enabled for user\n\n**M365 Admin:**\n1. Exchange Admin Center\n2. Recipients > Mailboxes > Select user\n3. Email apps > Enable 'Authenticated SMTP'\n\n**PowerShell:**\n```\nSet-CASMailbox -Identity user@company.com -SmtpClientAuthenticationDisabled $false\n```\n\n**For Outlook:**\n- Remove and re-add account\n- Ensure using Modern Authentication\n\n**Ticket Notes:**\nSMTP AUTH issue. [Resolution]"
},
{
"id": "attachment_size_issue",
"type": "solution",
"title": "Attachment Size Limit",
"description": "Attachment exceeds the maximum allowed size.\n\n**Standard Limits:**\n- M365/Exchange Online: 25 MB (with encoding ~20 MB actual)\n- Many external recipients: 10-20 MB\n\n**Solutions:**\n1. **Compress files:** Zip before attaching\n2. **Use OneDrive:** Upload to OneDrive and share link instead\n3. **Split files:** Send in multiple emails\n\n**To Share via OneDrive in Outlook:**\n1. Attach file > Outlook will prompt for large files\n2. Choose 'Upload and share as OneDrive link'\n\n**Ticket Notes:**\nAttachment too large. Advised to use OneDrive sharing."
},
{
"id": "recipient_issue",
"type": "solution",
"title": "Recipient Address Issue",
"description": "There's a problem with the recipient email address.\n\n**Common Causes:**\n- Typo in email address\n- Recipient's mailbox is full\n- Recipient's domain doesn't exist\n- Recipient blocked your domain\n\n**Actions:**\n1. Verify email address is correct\n2. Try sending to different address at same domain\n3. Contact recipient via alternate means to verify\n\n**If Internal Recipient:**\n- Check recipient's mailbox in M365 Admin\n- Verify account is active\n\n**Ticket Notes:**\nRecipient address rejected. [Verification and resolution]"
},
{
"id": "generic_send_fix",
"type": "action",
"title": "General Send Troubleshooting",
"description": "Try these general fixes for send errors.\n\n**Steps:**\n1. Close and reopen Outlook\n2. Check internet connection\n3. Try sending a simple test email (no attachments)\n4. Test sending from Outlook on the web\n\n**If Web Works But Desktop Doesn't:**\n- Repair Outlook profile\n- Check outbound firewall rules\n- Verify account settings\n\n**Collect for Escalation:**\n- Exact error message\n- Screenshot of error\n- Does it affect all recipients or specific ones?",
"next_node_id": "send_result"
}
]
},
{
"id": "email_bounce",
"type": "decision",
"question": "What does the bounce message (NDR) say?",
"help_text": "Non-Delivery Report contains the reason",
"options": [
{"id": "user_not_found", "label": "User not found / doesn't exist", "next_node_id": "recipient_issue"},
{"id": "mailbox_full", "label": "Mailbox full / over quota", "next_node_id": "recipient_mailbox_full"},
{"id": "blocked_spam", "label": "Blocked as spam / policy violation", "next_node_id": "blocked_as_spam"},
{"id": "other_ndr", "label": "Other / Unable to read NDR", "next_node_id": "analyze_ndr"}
],
"children": [
{
"id": "recipient_mailbox_full",
"type": "solution",
"title": "Recipient Mailbox Full",
"description": "Recipient's mailbox has exceeded its storage quota.\n\n**If Internal Recipient:**\n- Check their mailbox size in M365 Admin\n- Notify them to clean up mailbox\n- Admin can temporarily increase quota\n\n**If External Recipient:**\n- Nothing you can do on your end\n- Contact recipient via alternate means\n- Ask them to clear space and resend\n\n**Ticket Notes:**\nRecipient mailbox full. [Internal: notified user / External: informed sender]"
},
{
"id": "blocked_as_spam",
"type": "solution",
"title": "Email Blocked as Spam",
"description": "Recipient's system rejected email as spam.\n\n**Possible Causes:**\n- Your domain reputation issues\n- Content triggered spam filter\n- IP address blacklisted\n- Missing SPF/DKIM/DMARC records\n\n**Immediate Workaround:**\n- Ask recipient to whitelist your domain\n- Send from alternate address\n- Remove potentially spammy content\n\n**For Investigation (Admin):**\n- Check domain reputation\n- Verify SPF/DKIM/DMARC\n- Check if IP is blacklisted\n\n**Escalate to:** M365 Admin / Security for reputation issues.\n\n**Ticket Notes:**\nEmail rejected as spam by recipient. [Escalate for investigation]"
},
{
"id": "analyze_ndr",
"type": "solution",
"title": "Analyze NDR for Details",
"description": "NDR contains technical details about the failure.\n\n**Look for:**\n- Error codes (5.x.x = permanent, 4.x.x = temporary)\n- Diagnostic information\n- Remote server response\n\n**Common Codes:**\n- 5.1.1: Recipient doesn't exist\n- 5.2.2: Mailbox full\n- 5.7.1: Permission denied / relay denied\n- 5.7.606: Blocked due to spam\n\n**If Unable to Interpret:**\n- Copy full NDR text\n- Escalate to M365 Admin with NDR details\n\n**Ticket Notes:**\nInclude NDR error code and diagnostic text."
}
]
},
{
"id": "send_button_disabled",
"type": "solution",
"title": "Send Button Grayed Out",
"description": "Cannot click Send button - it's disabled.\n\n**Common Causes:**\n1. **No recipient entered:**\n - Must have email in To, Cc, or Bcc field\n\n2. **Invalid email format:**\n - Check for spaces or invalid characters\n\n3. **Outlook in Offline mode:**\n - Check status bar, toggle Work Offline\n\n4. **Account issue:**\n - Account may need re-authentication\n - File > Account Settings > Repair\n\n5. **Add-in blocking:**\n - Try Safe Mode\n\n**Ticket Notes:**\nSend button disabled. [Resolution found]"
},
{
"id": "send_result",
"type": "decision",
"question": "Is the user able to send email now?",
"options": [
{"id": "can_send_now", "label": "Yes, sending works", "next_node_id": "outlook_resolution_success"},
{"id": "still_cant_send", "label": "No, still can't send", "next_node_id": "escalate_outlook"}
],
"children": []
}
]
},
{
"id": "missing_email_triage",
"type": "decision",
"question": "What type of missing email issue?",
"help_text": "Determine scope of the missing items",
"options": [
{"id": "specific_email", "label": "Specific email(s) missing", "next_node_id": "find_specific_email"},
{"id": "folder_missing", "label": "Entire folder missing", "next_node_id": "find_missing_folder"},
{"id": "all_email_gone", "label": "All/most email is gone", "next_node_id": "major_data_loss"},
{"id": "old_email_gone", "label": "Old emails disappeared", "next_node_id": "old_email_missing"}
],
"children": [
{
"id": "find_specific_email",
"type": "action",
"title": "Search for Missing Email",
"description": "Help user find the specific missing email.\n\n**Check These Locations:**\n1. **Deleted Items:** May have been accidentally deleted\n2. **Junk Email:** May have been filtered\n3. **Archive:** May have been archived\n4. **Other Inbox (Focused):** Check 'Other' tab\n5. **Search All Mailboxes:** Use Outlook search\n\n**Search Tips:**\n- Search by sender: from:sendername\n- Search by date: received:last week\n- Search by subject: subject:keyword\n\n**In Outlook on the Web:**\nAlso check Recoverable Items if deleted.",
"next_node_id": "email_found_result"
},
{
"id": "email_found_result",
"type": "decision",
"question": "Was the missing email found?",
"options": [
{"id": "email_found", "label": "Yes, found it", "next_node_id": "outlook_resolution_success"},
{"id": "email_not_found", "label": "No, not in any folder", "next_node_id": "check_recoverable_items"},
{"id": "email_never_arrived", "label": "Email never arrived", "next_node_id": "check_mailbox_rules"}
],
"children": [
{
"id": "check_recoverable_items",
"type": "action",
"title": "Check Recoverable Items",
"description": "Email may be in Recoverable Items (soft-deleted).\n\n**Outlook Desktop:**\n1. Go to Deleted Items folder\n2. Click 'Recover Deleted Items' in ribbon\n3. Search for the email\n4. Select and click 'Restore'\n\n**Outlook on the Web:**\n1. Go to Deleted Items\n2. Click 'Recover items deleted from this folder'\n3. Search and restore\n\n**Retention Period:**\nItems recoverable for 14-30 days typically.\n\n**If Not Found:**\nMay need admin to search compliance/eDiscovery.",
"next_node_id": "recoverable_result"
},
{
"id": "recoverable_result",
"type": "decision",
"question": "Was email found in Recoverable Items?",
"options": [
{"id": "recovered", "label": "Yes, recovered successfully", "next_node_id": "outlook_resolution_success"},
{"id": "not_recoverable", "label": "No, not there either", "next_node_id": "escalate_data_recovery"}
],
"children": [
{
"id": "escalate_data_recovery",
"type": "solution",
"title": "Escalate for Data Recovery",
"description": "Email may require admin-level recovery.\n\n**Admin Options:**\n- eDiscovery search\n- Compliance Center content search\n- Backup restoration (if available)\n\n**Information Needed:**\n- Date range of missing email\n- Sender/recipient if known\n- Subject keywords\n- When email was last seen\n\n**Escalate to:** M365 Admin / Compliance team\n\n**Ticket Notes:**\nUser missing email not found in standard locations. Escalate for eDiscovery/recovery.\n\n**Set Expectations:** Recovery may take time and isn't always possible."
}
]
}
]
},
{
"id": "find_missing_folder",
"type": "action",
"title": "Find Missing Folder",
"description": "An entire folder has disappeared.\n\n**Check:**\n1. **Collapsed folders:** Click arrows to expand folder tree\n2. **Deleted Items:** Folder may have been deleted (look for subfolders)\n3. **Moved accidentally:** May be nested under another folder\n\n**Search Trick:**\n- Search for an email you know was in that folder\n- Right-click result > 'Find in Folder'\n\n**In Outlook on the Web:**\n- Folders list may need expanding\n- Check Deleted Items > Recover deleted items\n\n**If Folder Was Deleted:**\nCan restore from Deleted Items if recent.",
"next_node_id": "folder_found_result"
},
{
"id": "folder_found_result",
"type": "decision",
"question": "Was the folder found?",
"options": [
{"id": "folder_found", "label": "Yes, folder located", "next_node_id": "outlook_resolution_success"},
{"id": "folder_not_found", "label": "No, folder not found", "next_node_id": "escalate_data_recovery"}
],
"children": []
},
{
"id": "major_data_loss",
"type": "decision",
"question": "Is this affecting Outlook desktop only or also web?",
"help_text": "Critical to determine if data is actually lost",
"options": [
{"id": "desktop_only_empty", "label": "Desktop empty but web has email", "next_node_id": "desktop_cache_issue"},
{"id": "both_empty", "label": "Both desktop and web are empty", "next_node_id": "serious_data_loss"},
{"id": "profile_issue", "label": "Wrong account/profile loaded", "next_node_id": "wrong_profile"}
],
"children": [
{
"id": "desktop_cache_issue",
"type": "solution",
"title": "Desktop Cache Issue - Data is Safe",
"description": "Email exists on server - desktop just needs to re-sync.\n\n**Good News:** Your email is safe on the server!\n\n**Fix:**\n1. Delete the OST file to force re-sync\n2. Navigate to: %localappdata%\\Microsoft\\Outlook\n3. Rename the .ost file\n4. Restart Outlook\n5. Outlook will re-download all email\n\n**Note:** This may take a while for large mailboxes.\n\n**Ticket Notes:**\nDesktop cache corrupted. OST rebuilt, email re-syncing."
},
{
"id": "serious_data_loss",
"type": "solution",
"title": "URGENT - Potential Data Loss",
"description": "**ESCALATE IMMEDIATELY**\n\nEmail missing from both desktop and web indicates:\n- Accidental mass deletion\n- Mailbox corruption\n- Security incident (compromise)\n- Admin action\n\n**Immediate Actions:**\n1. Do NOT have user delete anything else\n2. Check Recoverable Items immediately\n3. Escalate to M365 Admin urgently\n4. Consider security incident if unexpected\n\n**Admin Needed For:**\n- Mailbox restore from backup\n- eDiscovery recovery\n- Audit logs to see what happened\n\n**Ticket Priority:** High/Urgent\n\n**Ticket Notes:**\nMajor data loss reported. Escalating for immediate admin review."
},
{
"id": "wrong_profile",
"type": "solution",
"title": "Wrong Profile or Account",
"description": "User may be looking at wrong mailbox.\n\n**Check:**\n1. Is the correct email address shown in Outlook?\n2. Does user have multiple accounts configured?\n3. Was a new profile recently created?\n\n**Verify Correct Account:**\n- File > Account Settings\n- Confirm the email address\n- If wrong account, add the correct one\n\n**If Shared Mailbox:**\n- User may be looking at shared mailbox instead of their own\n- Check folder pane for correct mailbox\n\n**Ticket Notes:**\nVerified user viewing correct mailbox. [Resolution]"
}
]
},
{
"id": "old_email_missing",
"type": "solution",
"title": "Old Emails Missing - Sync Settings",
"description": "Old emails disappeared but recent emails are there.\n\n**Most Likely Cause:** Cached Exchange Mode sync settings\n\n**Check Sync Settings:**\n1. File > Account Settings > Account Settings\n2. Double-click Exchange account\n3. 'Mail to keep offline' slider\n4. Default is often '1 year' or less\n\n**To See Older Email:**\n- Increase slider (up to 'All')\n- Or use Outlook on the web for older items\n- Or search - will pull from server\n\n**Note:** Increasing offline cache increases disk usage.\n\n**Ticket Notes:**\nOlder email limited by cache settings. Adjusted to [X months/All]."
}
]
},
{
"id": "calendar_issues",
"type": "decision",
"question": "What calendar problem is the user experiencing?",
"help_text": "Identify the specific calendar issue",
"options": [
{"id": "meeting_not_showing", "label": "Meeting not showing up", "next_node_id": "meeting_visibility"},
{"id": "cant_book_room", "label": "Can't book room/resource", "next_node_id": "room_booking_issue"},
{"id": "calendar_not_syncing", "label": "Calendar not syncing", "next_node_id": "calendar_sync_issue"},
{"id": "sharing_issue", "label": "Can't share or view shared calendar", "next_node_id": "calendar_sharing"}
],
"children": [
{
"id": "meeting_visibility",
"type": "decision",
"question": "Did the user receive a meeting invite?",
"help_text": "Check inbox for the meeting request",
"options": [
{"id": "got_invite", "label": "Yes, received invite", "next_node_id": "check_response"},
{"id": "no_invite", "label": "No invite received", "next_node_id": "check_with_organizer"},
{"id": "invite_deleted", "label": "May have deleted invite", "next_node_id": "recover_meeting"}
],
"children": [
{
"id": "check_response",
"type": "solution",
"title": "Check Meeting Response",
"description": "Meeting may not show if not accepted.\n\n**User Must:**\n1. Find the meeting invite in inbox\n2. Click Accept (or Tentative)\n3. Meeting should now appear on calendar\n\n**If Already Accepted:**\n- Check correct calendar is selected\n- Check date/time/time zone\n- Search calendar for the meeting\n\n**Outlook on the Web:**\nAlso check - meeting should sync between desktop and web.\n\n**Ticket Notes:**\nMeeting not accepted. User accepted, now showing on calendar."
},
{
"id": "check_with_organizer",
"type": "solution",
"title": "Verify with Meeting Organizer",
"description": "No invite received - check with organizer.\n\n**Possible Causes:**\n- User not invited\n- Invite went to spam/junk\n- Organizer used wrong email address\n- Distribution list issue\n\n**Actions:**\n1. Check Junk Email folder\n2. Search inbox for organizer's name\n3. Ask organizer to verify invitee list\n4. Ask organizer to resend invite\n\n**Ticket Notes:**\nNo invite found. Advised user to check with organizer."
},
{
"id": "recover_meeting",
"type": "solution",
"title": "Recover Deleted Meeting",
"description": "Meeting invite may have been accidentally deleted.\n\n**Recovery Steps:**\n1. Check Deleted Items folder\n2. Use 'Recover Deleted Items' for older deletions\n3. If found, drag invite back to inbox\n4. Accept the meeting\n\n**Ask Organizer:**\nIf cannot recover, ask organizer to resend the invite.\n\n**Prevention:**\nAvoid deleting meeting invites - just accept/decline.\n\n**Ticket Notes:**\n[Meeting recovered / Asked organizer to resend]"
}
]
},
{
"id": "room_booking_issue",
"type": "solution",
"title": "Room/Resource Booking Issue",
"description": "Cannot book a conference room or resource.\n\n**Common Issues:**\n\n1. **Room Declined:**\n - Room may be already booked\n - Booking outside allowed hours\n - Meeting too long for room policy\n\n2. **Room Not Found:**\n - Search room list in scheduling assistant\n - May need room list address from admin\n\n3. **No Permission:**\n - Some rooms restricted to certain users\n - Contact room owner or admin\n\n**Scheduling Assistant:**\n- When creating meeting, click Scheduling Assistant\n- Click 'Add Rooms' to see available rooms\n- Shows free/busy for rooms\n\n**Escalate if:** User should have access but doesn't.\n\n**Ticket Notes:**\nRoom booking issue. [Resolution or escalation]"
},
{
"id": "calendar_sync_issue",
"type": "solution",
"title": "Calendar Not Syncing",
"description": "Calendar events not syncing between devices.\n\n**Check:**\n1. **Verify same account:** Both devices using same email\n2. **Check on web:** outlook.office.com - authoritative source\n3. **Force sync:** Press F9 in Outlook desktop\n\n**Mobile Calendar Sync:**\n- Open Outlook app > Settings\n- Tap account > Check calendar is enabled\n- Force close and reopen app\n\n**Desktop to Web Sync:**\n- Check status bar for 'Connected'\n- If 'Working Offline', toggle off\n- Repair account if needed\n\n**Different Calendar Apps:**\nIf using iPhone/Google calendar - may need to reconfigure account.\n\n**Ticket Notes:**\nCalendar sync issue between [devices]. [Resolution]"
},
{
"id": "calendar_sharing",
"type": "solution",
"title": "Calendar Sharing Issues",
"description": "Cannot share calendar or view shared calendar.\n\n**To Share Your Calendar:**\n1. Right-click your calendar\n2. Sharing permissions > Add\n3. Enter person's email\n4. Choose permission level\n\n**To View Shared Calendar:**\n1. Ask the person to share with you\n2. Accept the sharing invitation email\n3. Calendar appears in 'Shared Calendars'\n\n**If Not Working:**\n- Check spelling of email address\n- External sharing may be disabled by policy\n- Try from Outlook on the web\n\n**Common Permission Levels:**\n- Free/Busy: See availability only\n- Reviewer: See all details\n- Editor: Can create/modify meetings\n\n**Ticket Notes:**\nCalendar sharing issue. [Resolution or policy restriction noted]"
}
]
},
{
"id": "search_issues",
"type": "action",
"title": "Fix Outlook Search",
"description": "Outlook search not finding emails.\n\n**Quick Fixes:**\n1. **Restart Outlook**\n2. **Wait for indexing:** Check status bar - may say 'Indexing'\n3. **Search all mailboxes:** Change scope dropdown to 'All Mailboxes'\n\n**Rebuild Search Index:**\n1. File > Options > Search\n2. Click 'Indexing Options'\n3. Click 'Advanced'\n4. Click 'Rebuild'\n5. This may take several hours\n\n**Windows Search Service:**\n1. Press Win+R, type services.msc\n2. Find 'Windows Search'\n3. Restart the service\n\n**Check Index Status:**\n```\nOutlook > File > Options > Search > Indexing Options\n```\nShould show 'Indexing complete'\n\n**Ticket Notes:**\nSearch not working. [Rebuilt index / Other resolution]",
"next_node_id": "outlook_resolution_success"
},
{
"id": "outlook_resolution_success",
"type": "solution",
"title": "Outlook Issue Resolved",
"description": "The Outlook/email issue has been resolved.\n\n**Final Verification:**\n- Confirm specific issue is fixed\n- Have user test the functionality\n- Ensure email is flowing normally\n\n**Ticket Documentation:**\n- Symptom reported\n- Troubleshooting steps taken\n- Root cause if identified\n- Resolution applied\n\n**Close ticket as:** Resolved - [Specific Issue Type]\n\n**User Guidance:**\n- Contact Help Desk if issue recurs\n- Keep Outlook and Office updated"
},
{
"id": "m365_verify_identity",
"type": "solution",
"title": "M365 Login Issue - Verify Identity",
"description": "User cannot log into Outlook on the web.\n\n**This may be a password/account issue.**\n\nUse the 'Password Reset / Account Lockout' decision tree to troubleshoot M365 login issues.\n\n**Quick Checks:**\n- Correct email address?\n- Caps Lock off?\n- Try password reset self-service\n- Try incognito/private browser\n\n**Ticket Notes:**\nCannot access OWA. Routing to password/account troubleshooting."
},
{
"id": "mfa_triage",
"type": "solution",
"title": "MFA Issue - Separate Troubleshooting",
"description": "User has an MFA/authentication issue.\n\n**This requires separate troubleshooting.**\n\nUse the 'Password Reset / Account Lockout' decision tree - MFA section.\n\n**Common MFA Issues:**\n- New phone, codes not working\n- Authenticator app issues\n- SMS not received\n\n**Ticket Notes:**\nMFA issue blocking Outlook access. Route to MFA troubleshooting."
}
]
}
}
def get_vpn_tree() -> dict[str, Any]:
"""
VPN Connection Failures - Comprehensive Tier 1 tree.
Covers client issues, MFA, connectivity, and common VPN errors.
"""
return {
"name": "VPN Connection Failures",
"description": "Troubleshooting guide for VPN connection issues including client configuration, authentication, MFA, split tunneling, and connectivity problems. Covers common enterprise VPN solutions.",
"category": "Tier 1 - Help Desk",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "What is the user's VPN connection status?",
"help_text": "Have user attempt to connect and describe what happens",
"options": [
{"id": "wont_connect", "label": "VPN won't connect at all", "next_node_id": "connection_failure"},
{"id": "connects_drops", "label": "Connects but drops frequently", "next_node_id": "connection_drops"},
{"id": "connected_no_access", "label": "Connected but can't access resources", "next_node_id": "connected_no_resources"},
{"id": "slow_connection", "label": "VPN is very slow", "next_node_id": "slow_vpn"},
{"id": "client_missing", "label": "VPN client not installed/missing", "next_node_id": "install_client"}
],
"children": [
{
"id": "connection_failure",
"type": "decision",
"question": "What error or behavior does the user see when trying to connect?",
"help_text": "Get the specific error message if possible",
"options": [
{"id": "auth_failed", "label": "Authentication failed / wrong credentials", "next_node_id": "auth_failure"},
{"id": "server_unreachable", "label": "Server unreachable / timeout", "next_node_id": "server_unreachable"},
{"id": "mfa_stuck", "label": "Stuck on MFA prompt", "next_node_id": "vpn_mfa_issues"},
{"id": "certificate_error", "label": "Certificate error", "next_node_id": "cert_error"},
{"id": "generic_error", "label": "Other/generic error", "next_node_id": "generic_vpn_error"}
],
"children": [
{
"id": "auth_failure",
"type": "decision",
"question": "Is the user's AD password correct?",
"help_text": "VPN typically uses AD credentials - verify password works elsewhere",
"options": [
{"id": "pwd_confirmed", "label": "Yes, password works on other systems", "next_node_id": "vpn_specific_password"},
{"id": "pwd_expired", "label": "Password is expired", "next_node_id": "pwd_expired_vpn"},
{"id": "pwd_unknown", "label": "User unsure / may have changed", "next_node_id": "verify_ad_password"},
{"id": "account_locked", "label": "Account is locked out", "next_node_id": "unlock_for_vpn"}
],
"children": [
{
"id": "vpn_specific_password",
"type": "decision",
"question": "Does the VPN use a separate password from AD?",
"help_text": "Some VPN solutions have separate credentials or pins",
"options": [
{"id": "same_as_ad", "label": "Same as AD (typical)", "next_node_id": "check_vpn_group"},
{"id": "separate_pin", "label": "Separate PIN/password", "next_node_id": "reset_vpn_pin"},
{"id": "unsure_vpn_pwd", "label": "Unsure", "next_node_id": "check_vpn_documentation"}
],
"children": [
{
"id": "check_vpn_group",
"type": "action",
"title": "Verify VPN Group Membership",
"description": "User may not be authorized for VPN access.\n\n**Check in AD:**\n1. Open Active Directory Users and Computers\n2. Find the user account\n3. Go to 'Member Of' tab\n4. Look for VPN access group (e.g., 'VPN Users', 'Remote Access')\n\n**PowerShell:**\n```\nGet-ADUser -Identity username -Properties MemberOf | Select -ExpandProperty MemberOf | Where {$_ -like '*VPN*'}\n```\n\n**If Not in Group:**\nSubmit access request or get manager approval.",
"action_command": "Get-ADUser -Identity USERNAME -Properties MemberOf | Select -ExpandProperty MemberOf",
"next_node_id": "vpn_group_result"
},
{
"id": "vpn_group_result",
"type": "decision",
"question": "Is the user in the VPN access group?",
"options": [
{"id": "in_group", "label": "Yes, user is in VPN group", "next_node_id": "check_vpn_profile"},
{"id": "not_in_group", "label": "No, not in any VPN group", "next_node_id": "request_vpn_access"},
{"id": "group_unknown", "label": "Don't know which group is required", "next_node_id": "escalate_vpn_access"}
],
"children": [
{
"id": "request_vpn_access",
"type": "solution",
"title": "Request VPN Access",
"description": "User does not have VPN access authorization.\n\n**Actions:**\n1. Verify user should have VPN access (check with manager)\n2. Submit access request through proper channel:\n - IT Service Portal access request\n - Manager approval required\n3. Once approved, add to appropriate VPN group\n4. User may need to wait 15-30 min for sync\n\n**Ticket Notes:**\nUser not in VPN group. Access request submitted/pending approval.\n\n**Escalate if:** User claims they had access before."
},
{
"id": "escalate_vpn_access",
"type": "solution",
"title": "Escalate VPN Group Verification",
"description": "Cannot determine correct VPN group.\n\n**Escalate to:** Network/VPN Administrator\n\n**Include:**\n- Username\n- VPN solution in use\n- Error message received\n- What resources user needs to access\n\n**Ticket Notes:**\nUnable to verify VPN group membership. Escalating to network team."
},
{
"id": "check_vpn_profile",
"type": "action",
"title": "Verify VPN Client Configuration",
"description": "Check that VPN client is configured correctly.\n\n**Check:**\n1. VPN profile/connection exists in client\n2. Server address is correct\n3. Authentication method is correct\n4. No typos in username\n\n**Common Issues:**\n- Old server address after migration\n- Wrong profile selected\n- Username format (DOMAIN\\user vs user@domain.com)\n\n**If Needed:**\nDelete and recreate VPN connection profile.",
"next_node_id": "vpn_profile_result"
},
{
"id": "vpn_profile_result",
"type": "decision",
"question": "Is the VPN profile configured correctly?",
"options": [
{"id": "profile_ok", "label": "Yes, profile looks correct", "next_node_id": "vpn_client_reinstall"},
{"id": "profile_wrong", "label": "No, had wrong settings", "next_node_id": "vpn_resolution_success"},
{"id": "no_profile", "label": "No profile exists", "next_node_id": "create_vpn_profile"}
],
"children": [
{
"id": "vpn_client_reinstall",
"type": "action",
"title": "Reinstall VPN Client",
"description": "VPN client may be corrupted.\n\n**Steps:**\n1. Uninstall current VPN client\n2. Restart computer\n3. Download fresh installer from company portal\n4. Install as administrator\n5. Reconfigure connection profile\n6. Test connection\n\n**Common VPN Clients:**\n- Cisco AnyConnect: Use web portal or MSI\n- GlobalProtect: Download from firewall portal\n- FortiClient: Download from Fortinet or portal\n- Windows Built-in: Reset and reconfigure\n\n**Note:** May require admin rights for installation.",
"next_node_id": "reinstall_result"
},
{
"id": "reinstall_result",
"type": "decision",
"question": "Did reinstalling the VPN client fix the issue?",
"options": [
{"id": "reinstall_worked", "label": "Yes, VPN works now", "next_node_id": "vpn_resolution_success"},
{"id": "still_broken", "label": "No, still not connecting", "next_node_id": "escalate_vpn"}
],
"children": []
},
{
"id": "create_vpn_profile",
"type": "solution",
"title": "Create VPN Profile",
"description": "Need to set up VPN connection profile.\n\n**Get Configuration From:**\n- Company IT documentation/wiki\n- VPN admin portal\n- Pre-configured installer from company\n\n**Common Settings Needed:**\n- VPN server address\n- Connection type (SSL, IPSec, etc.)\n- Authentication method\n- Group name (if required)\n\n**Escalate if:** No documentation available for VPN setup.\n\n**Ticket Notes:**\nCreated VPN profile with [settings]. Test connection."
}
]
}
]
},
{
"id": "reset_vpn_pin",
"type": "solution",
"title": "Reset VPN PIN/Password",
"description": "VPN uses separate credentials from AD.\n\n**Actions:**\n1. Identify which system manages VPN passwords\n2. Reset PIN/password in that system:\n - RSA SecurID: RSA Console\n - Duo: Duo Admin Panel\n - VPN-specific: VPN management console\n3. Communicate new PIN to user securely\n4. Have user test connection\n\n**If Unsure Which System:**\nEscalate to VPN/Security administrator.\n\n**Ticket Notes:**\nVPN PIN reset. User testing connection."
},
{
"id": "check_vpn_documentation",
"type": "solution",
"title": "Check VPN Documentation",
"description": "Need to verify VPN configuration for this organization.\n\n**Check:**\n- Company IT wiki/knowledge base\n- VPN setup guides\n- Previous tickets for this user/similar issues\n\n**Common Scenarios:**\n- AD password only\n- AD password + MFA\n- AD password + PIN + MFA\n- Certificate + password\n\n**Ticket Notes:**\nVerifying VPN authentication requirements. [Update with findings]"
}
]
},
{
"id": "pwd_expired_vpn",
"type": "solution",
"title": "Password Expired - Cannot VPN",
"description": "User's password is expired and they need VPN to change it.\n\n**Options:**\n1. **Self-service portal:** If available, user can reset via web\n2. **Phone reset:** Help desk resets password\n3. **Come to office:** Change password on domain-connected machine\n4. **Temporary VPN:** Some VPNs allow password change during connection\n\n**After Password Reset:**\n1. Reset password to temporary value\n2. User connects to VPN\n3. User changes password after connecting\n4. Or use web portal for self-service\n\n**Ticket Notes:**\nPassword expired blocking VPN. [Resolution method used]"
},
{
"id": "verify_ad_password",
"type": "action",
"title": "Verify AD Password",
"description": "Confirm user's password is correct before VPN troubleshooting.\n\n**Test Password By:**\n1. Have user try Outlook on the web (if available)\n2. Check if they can log into any other company resource\n3. Test authentication in AD:\n\n**PowerShell:**\n```\n$cred = Get-Credential\n# Enter user's credentials when prompted\n```\n\n**If Password Unknown:**\nUser may need password reset first - use Password Reset tree.\n\n**Then:** Return to VPN troubleshooting.",
"next_node_id": "auth_failure"
},
{
"id": "unlock_for_vpn",
"type": "action",
"title": "Unlock Account for VPN",
"description": "Account locked out - need to unlock before VPN will work.\n\n**PowerShell:**\n```\nUnlock-ADAccount -Identity username\n```\n\n**Check Lockout Source:**\nRepeated VPN auth failures may have caused lockout.\n- Check VPN connection profile for saved wrong password\n- Check mobile device trying to connect with old password\n\n**After Unlocking:**\n1. Have user verify correct password\n2. Clear any saved VPN credentials\n3. Try VPN connection again\n4. Monitor for re-lockout",
"action_command": "Unlock-ADAccount -Identity USERNAME; Get-ADUser -Identity USERNAME -Properties LockedOut",
"next_node_id": "vpn_resolution_success"
}
]
},
{
"id": "server_unreachable",
"type": "decision",
"question": "Does the user have internet connectivity?",
"help_text": "VPN requires working internet connection first",
"options": [
{"id": "internet_works", "label": "Yes, can browse websites", "next_node_id": "check_vpn_server"},
{"id": "no_internet", "label": "No internet at all", "next_node_id": "fix_internet_first"},
{"id": "limited_internet", "label": "Some sites work, others don't", "next_node_id": "check_network_restrictions"}
],
"children": [
{
"id": "check_vpn_server",
"type": "action",
"title": "Verify VPN Server Availability",
"description": "Check if VPN server is accessible.\n\n**User Can Test:**\n1. Try connecting to VPN web portal (if available)\n2. Check company status page for outages\n\n**IT Can Check:**\n1. Ping VPN server address\n2. Test port connectivity (443, 500, 4500 common)\n3. Check with other users if VPN is working\n\n**If Server Down:**\n- Check for planned maintenance\n- Check firewall status\n- Escalate to network team\n\n**Ticket Notes:**\n[Server status and findings]",
"next_node_id": "server_status_result"
},
{
"id": "server_status_result",
"type": "decision",
"question": "Is the VPN server accessible?",
"options": [
{"id": "server_up", "label": "Yes, server responds", "next_node_id": "check_firewall_blocking"},
{"id": "server_down", "label": "No, server appears down", "next_node_id": "vpn_outage"},
{"id": "partial_response", "label": "Partial/inconsistent response", "next_node_id": "escalate_vpn"}
],
"children": [
{
"id": "check_firewall_blocking",
"type": "decision",
"question": "Where is the user trying to connect from?",
"help_text": "Location may have firewall restrictions",
"options": [
{"id": "home_network", "label": "Home network", "next_node_id": "home_network_check"},
{"id": "public_wifi", "label": "Hotel/Coffee shop/Public WiFi", "next_node_id": "public_wifi_restrictions"},
{"id": "other_office", "label": "Another company office", "next_node_id": "office_network_check"},
{"id": "mobile_hotspot", "label": "Mobile hotspot", "next_node_id": "hotspot_vpn"}
],
"children": [
{
"id": "home_network_check",
"type": "solution",
"title": "Home Network VPN Troubleshooting",
"description": "VPN blocked on home network.\n\n**Common Causes:**\n- Router firewall blocking VPN ports\n- ISP blocking VPN traffic\n- Double NAT (router behind router)\n\n**Try:**\n1. Restart router/modem\n2. Connect directly to modem (bypass router)\n3. Try mobile hotspot to isolate issue\n4. Check router settings for VPN passthrough\n\n**Router Settings to Check:**\n- Enable VPN Passthrough\n- Disable SIP ALG (can interfere)\n- Check firewall settings\n\n**If ISP Issue:**\nMay need to contact ISP or use different connection.\n\n**Ticket Notes:**\nHome network may be blocking VPN. [Troubleshooting steps and results]"
},
{
"id": "public_wifi_restrictions",
"type": "solution",
"title": "Public WiFi VPN Restrictions",
"description": "Public networks often block VPN traffic.\n\n**Common Restrictions:**\n- Ports 500/4500 blocked (IPSec)\n- Port 1723 blocked (PPTP)\n- Deep packet inspection blocking VPN protocols\n\n**Workarounds:**\n1. **SSL VPN:** Often works on port 443 (same as HTTPS)\n2. **Mobile Hotspot:** Use phone's cellular data\n3. **Different Protocol:** Some VPN clients support multiple protocols\n\n**For Cisco AnyConnect:**\n- Usually uses SSL/TLS on port 443\n- Should work through most firewalls\n\n**Ticket Notes:**\nPublic WiFi blocking VPN. Advised to use mobile hotspot or SSL VPN."
},
{
"id": "office_network_check",
"type": "solution",
"title": "VPN from Another Office",
"description": "User trying to VPN while at another company location.\n\n**Consider:**\n1. **May Not Need VPN:** If on corporate network, resources may be directly accessible\n2. **Split Tunnel:** VPN may not be needed for internal resources\n3. **Network Policy:** Some offices block outbound VPN\n\n**Check:**\n- Can user access needed resources without VPN?\n- Is VPN necessary from this location?\n\n**If VPN Required:**\n- Check if that office's firewall allows outbound VPN\n- May need exception requested\n\n**Ticket Notes:**\nUser at [office location]. [VPN needed/not needed for access]"
},
{
"id": "hotspot_vpn",
"type": "solution",
"title": "Mobile Hotspot VPN",
"description": "Using mobile hotspot for VPN.\n\n**Benefits:**\n- Usually unrestricted\n- Good for testing if home network is the issue\n\n**Potential Issues:**\n- Cellular data caps\n- Slower speeds\n- Carrier may throttle VPN\n\n**If VPN Works on Hotspot:**\n- Issue is with primary network, not VPN\n- Troubleshoot home/other network separately\n\n**If VPN Fails on Hotspot:**\n- Issue is not network-related\n- Continue VPN client troubleshooting\n\n**Ticket Notes:**\nTested on mobile hotspot. VPN [works/doesn't work]."
}
]
},
{
"id": "vpn_outage",
"type": "solution",
"title": "VPN Service Outage",
"description": "VPN server appears to be down.\n\n**Immediate Actions:**\n1. Check for known maintenance\n2. Verify with multiple users\n3. Check network team alerts\n4. Escalate to network/infrastructure team\n\n**User Communication:**\n- Inform user of outage\n- Provide ETA if known\n- Suggest alternatives if available\n\n**Ticket Notes:**\nVPN outage confirmed. Escalated to network team. Monitoring for resolution.\n\n**Ticket Priority:** High (affects multiple users)"
}
]
},
{
"id": "fix_internet_first",
"type": "solution",
"title": "Fix Internet Connection First",
"description": "User has no internet - VPN cannot work without it.\n\n**Use the 'Network Connectivity Issues' decision tree** to resolve internet connectivity.\n\n**Quick Checks:**\n1. WiFi connected? Check icon in system tray\n2. Ethernet cable plugged in?\n3. Router/modem lights normal?\n4. Can other devices connect?\n\n**Ticket Notes:**\nNo internet connectivity. Troubleshooting network first before VPN."
},
{
"id": "check_network_restrictions",
"type": "solution",
"title": "Partial Network Access",
"description": "Some sites work but others don't - may be a network restriction or DNS issue.\n\n**Check:**\n1. Can user access vpn.company.com (or VPN portal)?\n2. Are only specific sites blocked?\n3. Is user on a restricted network (guest WiFi, filtered network)?\n\n**DNS Test:**\n- Try using 8.8.8.8 or 1.1.1.1 as DNS\n- If that fixes it, local DNS has issues\n\n**If Restricted Network:**\n- May need to connect to unrestricted network\n- Try mobile hotspot\n\n**Ticket Notes:**\nPartial network access. [Findings and resolution]"
}
]
},
{
"id": "vpn_mfa_issues",
"type": "decision",
"question": "What happens with the MFA prompt?",
"help_text": "Describe the MFA behavior",
"options": [
{"id": "no_push", "label": "Push notification never arrives", "next_node_id": "mfa_push_not_received"},
{"id": "push_denied", "label": "Push is denied / doesn't complete", "next_node_id": "mfa_push_denied"},
{"id": "code_rejected", "label": "Manual code is rejected", "next_node_id": "mfa_code_rejected"},
{"id": "no_mfa_registered", "label": "MFA not set up for this user", "next_node_id": "setup_vpn_mfa"}
],
"children": [
{
"id": "mfa_push_not_received",
"type": "solution",
"title": "MFA Push Not Received",
"description": "User not receiving MFA push for VPN.\n\n**Check:**\n1. Phone has internet/cellular connection\n2. Notifications enabled for authenticator app\n3. App is open/active (not battery-optimized)\n\n**Troubleshooting:**\n1. Force close and reopen authenticator\n2. Check app is registered correctly\n3. Try manual code instead of push\n\n**For Duo:**\n- Check Duo Mobile app settings\n- Verify device is activated\n- Try 'Send another push'\n\n**For Microsoft:**\n- Check Authenticator app notifications\n- Verify account is in app\n\n**If Persistent:**\nMay need to re-register MFA device.\n\n**Ticket Notes:**\nMFA push not received. [Resolution steps]"
},
{
"id": "mfa_push_denied",
"type": "solution",
"title": "MFA Push Denied/Timeout",
"description": "MFA push arrives but fails or times out.\n\n**Common Causes:**\n1. **User denied accidentally:** Ask if they tapped Deny\n2. **Timeout:** User didn't respond in time\n3. **Location mismatch:** Some MFA checks location\n4. **Device compliance:** Device may not meet requirements\n\n**Retry:**\n1. Have user watch for push\n2. Approve within timeout (usually 60 seconds)\n3. Make sure tapping 'Approve', not 'Deny'\n\n**If Timeout Issues:**\n- Phone may have poor connectivity\n- Try WiFi instead of cellular or vice versa\n\n**Ticket Notes:**\nMFA push failing. [Cause and resolution]"
},
{
"id": "mfa_code_rejected",
"type": "solution",
"title": "MFA Code Rejected",
"description": "Manual MFA codes not working.\n\n**Common Causes:**\n1. **Time sync:** Phone time must be accurate\n - Enable automatic time\n - iOS: Settings > General > Date & Time\n - Android: Settings > System > Date & Time\n\n2. **Wrong code:** User entering wrong code\n - Verify looking at correct account in app\n\n3. **Expired code:** Codes change every 30 seconds\n - Wait for fresh code\n\n4. **Wrong MFA type:** VPN may expect different code source\n - Duo vs Authenticator vs RSA\n\n**If Codes Consistently Rejected:**\nMay need to re-enroll MFA for VPN.\n\n**Ticket Notes:**\nMFA codes rejected. [Cause: time sync / re-enrollment needed / other]"
},
{
"id": "setup_vpn_mfa",
"type": "solution",
"title": "Set Up MFA for VPN",
"description": "User needs to enroll in MFA for VPN access.\n\n**Enrollment Process (varies by system):**\n\n**Duo Security:**\n1. User goes to enrollment portal\n2. Follows prompts to add device\n3. Installs Duo Mobile app\n4. Activates device\n\n**Microsoft MFA:**\n1. Go to aka.ms/mysecurityinfo\n2. Add authentication method\n3. Configure authenticator app\n\n**RSA SecurID:**\n- Requires token provisioning by admin\n- May be hardware or software token\n\n**Guide User Through:**\nProvide appropriate enrollment URL and steps.\n\n**Ticket Notes:**\nMFA enrollment required. [Guided user through enrollment / Provided instructions]"
}
]
},
{
"id": "cert_error",
"type": "decision",
"question": "What certificate error is shown?",
"help_text": "Common certificate-related VPN errors",
"options": [
{"id": "cert_expired", "label": "Certificate expired", "next_node_id": "expired_cert_fix"},
{"id": "cert_untrusted", "label": "Certificate not trusted / invalid", "next_node_id": "untrusted_cert_fix"},
{"id": "cert_missing", "label": "No certificate / certificate required", "next_node_id": "missing_cert_fix"},
{"id": "cert_other", "label": "Other certificate error", "next_node_id": "escalate_cert"}
],
"children": [
{
"id": "expired_cert_fix",
"type": "solution",
"title": "Expired Certificate",
"description": "VPN certificate has expired.\n\n**If User Certificate Expired:**\n1. Request new certificate through company process\n2. May need to access certificate enrollment portal\n3. Import new certificate to computer\n\n**If Server Certificate Expired:**\n- This is an IT infrastructure issue\n- Escalate to network/PKI team\n- Other users will also be affected\n\n**Temporary Workaround:**\nSome clients allow accepting expired cert (not recommended).\n\n**Ticket Notes:**\n[User/Server] certificate expired. [Action taken]"
},
{
"id": "untrusted_cert_fix",
"type": "solution",
"title": "Untrusted Certificate",
"description": "Computer doesn't trust the VPN server certificate.\n\n**Causes:**\n- Missing root CA certificate\n- Server using self-signed certificate\n- Certificate chain incomplete\n\n**Fix:**\n1. Install company's root CA certificate\n2. Certificate should be in Trusted Root store\n3. May be deployed via group policy\n\n**For Home/Personal Computer:**\n- Download CA cert from company portal\n- Install in Trusted Root Certification Authorities\n\n**Escalate if:** CA certificate distribution issue.\n\n**Ticket Notes:**\nCertificate trust issue. [Installed CA cert / Escalated]"
},
{
"id": "missing_cert_fix",
"type": "solution",
"title": "Missing Client Certificate",
"description": "VPN requires a client certificate that isn't installed.\n\n**For Domain-Joined Computers:**\n- Certificate usually auto-enrolled\n- Check certificate store: certmgr.msc > Personal > Certificates\n- Try: gpupdate /force to trigger enrollment\n\n**For Non-Domain Computers:**\n- Request certificate through company process\n- May need to use web enrollment\n- Import provided certificate file\n\n**Escalate if:** User should have certificate but doesn't.\n\n**Ticket Notes:**\nClient certificate missing. [Enrollment status / escalation]"
},
{
"id": "escalate_cert",
"type": "solution",
"title": "Escalate Certificate Issue",
"description": "Certificate issue requires specialist attention.\n\n**Escalate to:** PKI/Security team or Network team\n\n**Include:**\n- Exact error message\n- Screenshot of error\n- What certificate is being rejected\n- Computer domain join status\n\n**Ticket Notes:**\nCertificate error requiring escalation. [Error details]"
}
]
},
{
"id": "generic_vpn_error",
"type": "action",
"title": "General VPN Troubleshooting",
"description": "Try these general steps for VPN connection errors.\n\n**Basic Steps:**\n1. Restart VPN client application\n2. Restart computer\n3. Check for VPN client updates\n4. Disable firewall/antivirus temporarily (test only)\n5. Try alternate connection method if available\n\n**Collect for Escalation:**\n- Exact error message\n- Screenshot of error\n- VPN client version\n- Windows version\n- When it last worked\n\n**Client Logs:**\n- Most VPN clients have a 'Diagnostics' or 'Log' option\n- Collect logs before escalating",
"next_node_id": "generic_vpn_result"
},
{
"id": "generic_vpn_result",
"type": "decision",
"question": "Did any of these steps resolve the issue?",
"options": [
{"id": "generic_fixed", "label": "Yes, VPN connects now", "next_node_id": "vpn_resolution_success"},
{"id": "still_failing", "label": "No, still failing", "next_node_id": "escalate_vpn"}
],
"children": []
}
]
},
{
"id": "connection_drops",
"type": "decision",
"question": "How often does the VPN disconnect?",
"help_text": "Frequency helps identify the cause",
"options": [
{"id": "drops_minutes", "label": "Every few minutes", "next_node_id": "frequent_drops"},
{"id": "drops_hours", "label": "After several hours", "next_node_id": "timeout_drops"},
{"id": "drops_random", "label": "Randomly/unpredictably", "next_node_id": "random_drops"},
{"id": "drops_activity", "label": "When doing specific activity", "next_node_id": "activity_drops"}
],
"children": [
{
"id": "frequent_drops",
"type": "solution",
"title": "Frequent VPN Disconnections",
"description": "VPN dropping every few minutes indicates network instability.\n\n**Check:**\n1. **WiFi signal strength:** Move closer to router\n2. **Network congestion:** Try off-peak hours\n3. **ISP issues:** Test with speed test\n4. **MTU issues:** VPN may need MTU adjustment\n\n**WiFi-Specific:**\n- Switch from 5GHz to 2.4GHz (more stable, longer range)\n- Try wired Ethernet connection\n\n**VPN Settings:**\n- Enable 'reconnect automatically' if available\n- Try different VPN protocol if available\n\n**Ticket Notes:**\nFrequent disconnects. [Network stability checks and findings]"
},
{
"id": "timeout_drops",
"type": "solution",
"title": "VPN Session Timeout",
"description": "VPN disconnecting after extended period is often a timeout.\n\n**Normal Behavior:**\nMany VPNs disconnect after idle period or maximum session time.\n\n**Check VPN Policy:**\n- Session timeout (8-24 hours typical)\n- Idle timeout (30-60 minutes typical)\n- Maximum session length\n\n**User Guidance:**\n- This may be normal policy\n- Simply reconnect when it disconnects\n- Keep session active with periodic activity\n\n**If Timeout Too Short:**\nEscalate to VPN admin to review timeout policy.\n\n**Ticket Notes:**\nSession timeout disconnect. [Normal policy / Escalated for review]"
},
{
"id": "random_drops",
"type": "solution",
"title": "Random VPN Disconnections",
"description": "Unpredictable disconnections require investigation.\n\n**Check:**\n1. **Local network stability:** Test without VPN\n2. **Computer sleep:** Ensure computer doesn't sleep\n3. **Power settings:** Disable USB/network power saving\n4. **VPN client health:** Check for corrupted install\n\n**Windows Power Settings:**\n1. Control Panel > Power Options\n2. Change plan settings > Change advanced\n3. Disable 'USB selective suspend'\n4. Set 'Wireless Adapter Settings' to Maximum Performance\n\n**Collect Logs:**\n- Note times of disconnections\n- Check Windows Event Viewer for network events\n- Collect VPN client logs\n\n**Ticket Notes:**\nRandom disconnections. [Troubleshooting steps and findings]"
},
{
"id": "activity_drops",
"type": "solution",
"title": "Activity-Triggered Disconnections",
"description": "VPN drops during specific activities.\n\n**Common Triggers:**\n\n**Video Calls:**\n- May exceed bandwidth or hit MTU issues\n- Try lowering video quality\n\n**Large File Transfers:**\n- Bandwidth saturation\n- Try during off-peak hours\n\n**Specific Applications:**\n- Application may conflict with VPN\n- Check if app works without VPN\n\n**Gaming/Streaming:**\n- May be throttled by ISP\n- Check split tunnel settings\n\n**Investigate:**\n- What specific activity triggers disconnect?\n- Does it happen every time?\n- Check VPN logs during the activity\n\n**Ticket Notes:**\nDisconnects during [activity]. [Findings and resolution]"
}
]
},
{
"id": "connected_no_resources",
"type": "decision",
"question": "VPN shows connected - what can't the user access?",
"help_text": "Identify scope of access problem",
"options": [
{"id": "nothing_works", "label": "Can't access anything on corporate network", "next_node_id": "no_corp_access"},
{"id": "specific_resource", "label": "Can't access specific resource/server", "next_node_id": "specific_resource_issue"},
{"id": "internet_broken", "label": "Internet stops working when connected", "next_node_id": "split_tunnel_issue"},
{"id": "dns_issues", "label": "Can ping IP but not hostname", "next_node_id": "vpn_dns_issue"}
],
"children": [
{
"id": "no_corp_access",
"type": "action",
"title": "No Corporate Network Access",
"description": "VPN connected but no access to any corporate resources.\n\n**Check VPN Client:**\n1. Verify connection status shows 'Connected'\n2. Check assigned IP address (should be internal range)\n3. Look for any errors in client status\n\n**Test Connectivity:**\n```\nping [internal server IP]\nping [domain controller IP]\n```\n\n**If Pings Fail:**\n- VPN tunnel may not be routing traffic\n- Check VPN profile for correct settings\n- May need VPN client reconnect/reinstall\n\n**If Pings Work but Apps Don't:**\n- DNS issue likely - check DNS resolution\n- Firewall may be blocking specific ports",
"next_node_id": "no_access_result"
},
{
"id": "no_access_result",
"type": "decision",
"question": "Can you ping internal resources by IP?",
"options": [
{"id": "ping_works", "label": "Yes, ping works", "next_node_id": "vpn_dns_issue"},
{"id": "ping_fails", "label": "No, ping fails", "next_node_id": "vpn_routing_issue"},
{"id": "cant_test_ping", "label": "Can't test / user doesn't know how", "next_node_id": "escalate_vpn"}
],
"children": [
{
"id": "vpn_routing_issue",
"type": "solution",
"title": "VPN Routing Issue",
"description": "Traffic not routing through VPN tunnel.\n\n**Check:**\n1. VPN client shows connected with IP address\n2. Route table includes corporate networks\n\n**Windows Route Check:**\n```\nroute print\n```\nLook for routes to corporate IP ranges via VPN adapter.\n\n**Possible Causes:**\n- VPN profile misconfigured\n- Split tunneling excluding needed networks\n- VPN client not installing routes\n\n**Try:**\n1. Disconnect and reconnect VPN\n2. Reinstall VPN client\n3. Restart computer\n\n**Escalate to:** Network/VPN admin if persists.\n\n**Ticket Notes:**\nRouting issue. Traffic not flowing through VPN tunnel. Escalated."
}
]
},
{
"id": "specific_resource_issue",
"type": "solution",
"title": "Specific Resource Not Accessible",
"description": "VPN works but one specific resource doesn't.\n\n**Check:**\n1. Can other VPN users access this resource?\n2. Is the resource/server online?\n3. Does user have permission to access it?\n\n**If Only This User:**\n- Permission issue likely\n- Check AD group membership\n- Check resource-specific permissions\n\n**If Multiple Users:**\n- Resource may be down\n- Firewall may be blocking\n- Check with resource owner\n\n**Split Tunnel Check:**\nIf split tunnel VPN, resource may not be in the tunnel.\n\n**Ticket Notes:**\nCannot access [resource] via VPN. [Findings and resolution]"
},
{
"id": "split_tunnel_issue",
"type": "solution",
"title": "Internet Broken When VPN Connected",
"description": "Internet access stops when VPN connects.\n\n**This is Normal for Full Tunnel VPN:**\n- All traffic goes through corporate network\n- Corporate firewall may block some sites\n- This is a security feature\n\n**If User Needs Internet:**\n1. **Split Tunnel:** Check if split tunnel profile available\n2. **Disconnect VPN:** Use VPN only when needed\n3. **Request Exception:** Some sites may need whitelisting\n\n**If Internet Should Work:**\n- Check VPN profile settings\n- Verify DNS is resolving properly\n- May be a proxy configuration issue\n\n**Ticket Notes:**\nInternet not working with VPN. [Normal behavior / Configuration issue]"
},
{
"id": "vpn_dns_issue",
"type": "action",
"title": "VPN DNS Resolution Issue",
"description": "Can ping by IP but not by hostname - DNS problem.\n\n**Test:**\n```\nnslookup server.company.local\nnslookup server.company.local [internal DNS IP]\n```\n\n**Fix DNS Settings:**\n1. VPN should push DNS servers\n2. Check: ipconfig /all for DNS servers\n3. Should see internal DNS servers when connected\n\n**Flush DNS:**\n```\nipconfig /flushdns\n```\n\n**If DNS Not Being Set:**\n- VPN profile may be misconfigured\n- Try setting DNS manually on VPN adapter\n- Escalate to VPN admin\n\n**Ticket Notes:**\nDNS resolution failing over VPN. [Resolution steps]",
"next_node_id": "vpn_resolution_success"
}
]
},
{
"id": "slow_vpn",
"type": "decision",
"question": "How slow is the VPN connection?",
"help_text": "Compare to expected performance",
"options": [
{"id": "unusably_slow", "label": "Unusably slow / timing out", "next_node_id": "severely_slow"},
{"id": "somewhat_slow", "label": "Noticeably slower than usual", "next_node_id": "moderate_slow"},
{"id": "slow_specific", "label": "Slow for specific applications", "next_node_id": "app_specific_slow"}
],
"children": [
{
"id": "severely_slow",
"type": "solution",
"title": "Severely Slow VPN",
"description": "VPN is unusably slow.\n\n**Check Base Connection:**\n1. Disconnect VPN\n2. Run speed test (speedtest.net)\n3. If base internet is slow, fix that first\n\n**VPN-Specific Causes:**\n- Server overloaded - try different VPN gateway\n- Geographic distance to VPN server\n- Encryption overhead on slow devices\n- MTU issues causing fragmentation\n\n**Try:**\n1. Connect to different VPN server/gateway if available\n2. Restart computer and VPN client\n3. Try wired connection instead of WiFi\n\n**If Affecting Multiple Users:**\nVPN infrastructure may be overloaded - escalate.\n\n**Ticket Notes:**\nSeverely slow VPN. Base speed: [X]. [Troubleshooting and escalation]"
},
{
"id": "moderate_slow",
"type": "solution",
"title": "Moderately Slow VPN",
"description": "VPN is slower than usual but usable.\n\n**Expectations:**\n- VPN adds overhead - some slowdown is normal\n- 10-30% slower is typical\n- Geographic distance affects speed\n\n**Optimization:**\n1. Use wired connection when possible\n2. Close unnecessary applications\n3. Avoid large downloads during peak hours\n4. Use split tunnel if available (only corporate traffic via VPN)\n\n**If Recently Slower:**\n- Check for VPN client updates\n- Server may have changed\n- ISP may be throttling VPN\n\n**Ticket Notes:**\nSlower than expected VPN performance. [Optimization advice provided]"
},
{
"id": "app_specific_slow",
"type": "solution",
"title": "Application-Specific Slowness",
"description": "Specific application slow over VPN.\n\n**Common Causes:**\n1. **RDP/Remote Desktop:** Try lower quality settings\n2. **File Transfers:** Large files inherently slower over VPN\n3. **Video Conferencing:** May need split tunnel to exclude\n\n**For Remote Desktop:**\n- Reduce color depth\n- Disable visual effects\n- Use smaller window size\n\n**For File Transfers:**\n- Compress files before transfer\n- Use cloud storage sync instead\n- Transfer during off-peak hours\n\n**For Video Calls:**\n- Teams/Zoom may work better without VPN\n- Check if split tunnel routes these externally\n\n**Ticket Notes:**\n[Application] slow over VPN. [Optimization steps provided]"
}
]
},
{
"id": "install_client",
"type": "solution",
"title": "Install VPN Client",
"description": "User needs VPN client software installed.\n\n**Identify VPN Solution:**\n1. Check company IT documentation\n2. Ask what VPN others use\n3. Check previous tickets for this user/department\n\n**Common VPN Clients:**\n- **Cisco AnyConnect:** Download from company web portal\n- **GlobalProtect:** Download from company firewall portal\n- **FortiClient:** Download from portal or Fortinet site\n- **Windows Built-in:** No additional software needed\n\n**Installation:**\n1. Download from approved company source\n2. Run installer (may need admin rights)\n3. Configure with company VPN server address\n4. Test connection\n\n**If No Admin Rights:**\nMay need desktop support to install.\n\n**Ticket Notes:**\nVPN client installation required. [Client type and installation status]"
},
{
"id": "escalate_vpn",
"type": "solution",
"title": "Escalate VPN Issue",
"description": "Issue requires network/VPN administrator attention.\n\n**Before Escalating:**\nDocument all troubleshooting completed:\n- Error messages (screenshots)\n- VPN client version\n- OS version\n- When it last worked\n- What changed\n- Logs collected\n\n**Escalate to:** Network Team / VPN Administrator\n\n**Include:**\n- Username and computer name\n- VPN solution in use\n- Detailed symptom description\n- Troubleshooting steps already taken\n- VPN client logs if available\n\n**Ticket Priority:** Based on impact\n\n**Ticket Notes:**\nEscalated to network team. [Summary of issue and troubleshooting performed]"
},
{
"id": "vpn_resolution_success",
"type": "solution",
"title": "VPN Issue Resolved",
"description": "VPN connection is now working.\n\n**Final Verification:**\n- VPN connects successfully\n- User can access needed resources\n- Connection is stable\n\n**Ticket Documentation:**\n- Original symptom\n- Root cause if identified\n- Resolution steps\n- User confirmed working\n\n**Close ticket as:** Resolved - VPN Connectivity\n\n**User Guidance:**\n- Keep VPN client updated\n- Reconnect if disconnected\n- Contact Help Desk if issue recurs"
}
]
}
}
def get_printer_tree() -> dict[str, Any]:
"""
Printer Problems - Comprehensive Tier 1 tree.
Covers network printers, print queue issues, driver problems, and common errors.
"""
return {
"name": "Printer Problems",
"description": "Troubleshooting guide for printer issues including network printers, local printers, print queue problems, driver issues, and common printing errors.",
"category": "Tier 1 - Help Desk",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "What printer issue is the user experiencing?",
"help_text": "Identify the primary symptom",
"options": [
{"id": "wont_print", "label": "Printer won't print at all", "next_node_id": "print_failure"},
{"id": "print_quality", "label": "Print quality issues (faded, streaky, etc.)", "next_node_id": "quality_issues"},
{"id": "printer_offline", "label": "Printer shows offline", "next_node_id": "printer_offline_triage"},
{"id": "add_printer", "label": "Need to add/install printer", "next_node_id": "add_printer_triage"},
{"id": "paper_jam", "label": "Paper jam or feeding issues", "next_node_id": "paper_issues"}
],
"children": [
{
"id": "print_failure",
"type": "decision",
"question": "What happens when the user tries to print?",
"help_text": "Get specific behavior or error message",
"options": [
{"id": "nothing_happens", "label": "Nothing happens / No response", "next_node_id": "no_response"},
{"id": "error_message", "label": "Error message appears", "next_node_id": "print_error_message"},
{"id": "stuck_queue", "label": "Job stuck in print queue", "next_node_id": "stuck_in_queue"},
{"id": "wrong_printer", "label": "Goes to wrong printer", "next_node_id": "wrong_printer"}
],
"children": [
{
"id": "no_response",
"type": "decision",
"question": "Is the printer showing in user's printer list?",
"help_text": "Check Settings > Devices > Printers",
"options": [
{"id": "printer_listed", "label": "Yes, printer is listed", "next_node_id": "check_default_printer"},
{"id": "printer_not_listed", "label": "No, printer not showing", "next_node_id": "add_printer_triage"},
{"id": "multiple_same_printer", "label": "Multiple copies of same printer", "next_node_id": "duplicate_printers"}
],
"children": [
{
"id": "check_default_printer",
"type": "action",
"title": "Check Printer Status and Default",
"description": "Verify printer status and selection.\n\n**Steps:**\n1. Open Settings > Devices > Printers & scanners\n2. Click on the printer\n3. Check status (should say 'Ready')\n4. Click 'Open print queue' - check for stuck jobs\n5. Verify it's set as default (if needed)\n\n**Common Issues:**\n- Printer paused\n- Print queue backed up\n- Wrong printer selected in application\n\n**Quick Test:**\nRight-click printer > Print a test page",
"next_node_id": "printer_status_result"
},
{
"id": "printer_status_result",
"type": "decision",
"question": "What is the printer status?",
"options": [
{"id": "status_ready", "label": "Status shows Ready", "next_node_id": "test_print_result"},
{"id": "status_offline", "label": "Status shows Offline", "next_node_id": "printer_offline_triage"},
{"id": "status_error", "label": "Status shows Error", "next_node_id": "printer_error_status"},
{"id": "status_paused", "label": "Status shows Paused", "next_node_id": "resume_printer"}
],
"children": [
{
"id": "test_print_result",
"type": "decision",
"question": "Did the test page print?",
"options": [
{"id": "test_printed", "label": "Yes, test page printed", "next_node_id": "app_specific_issue"},
{"id": "test_failed", "label": "No, test page didn't print", "next_node_id": "check_print_spooler"},
{"id": "test_queue", "label": "Test page stuck in queue", "next_node_id": "stuck_in_queue"}
],
"children": [
{
"id": "app_specific_issue",
"type": "solution",
"title": "Application-Specific Print Issue",
"description": "Printer works but not from specific application.\n\n**Try:**\n1. In the application, go to File > Print\n2. Verify correct printer is selected\n3. Check print preview looks correct\n4. Try Print to PDF first to verify document\n\n**Common App Issues:**\n- Wrong printer selected in app\n- App-specific print settings\n- Document corruption\n- Adobe Reader needs update\n\n**For PDF Issues:**\n- Try 'Print as Image' option\n- Update Adobe Reader\n- Try different PDF viewer\n\n**For Office Issues:**\n- Try 'Print to File' then print file\n- Repair Office installation\n\n**Ticket Notes:**\nTest page works. Application-specific issue with [app name]. [Resolution]"
},
{
"id": "check_print_spooler",
"type": "action",
"title": "Check Print Spooler Service",
"description": "Print Spooler service may be stuck or stopped.\n\n**Steps:**\n1. Press Win+R, type services.msc\n2. Find 'Print Spooler'\n3. Check status (should be 'Running')\n4. If stopped, right-click > Start\n5. If running, right-click > Restart\n\n**PowerShell (Admin):**\n```\nRestart-Service Spooler\n```\n\n**If Spooler Won't Start:**\nMay need to clear spooler folder:\n1. Stop Print Spooler service\n2. Delete files in C:\\Windows\\System32\\spool\\PRINTERS\n3. Start Print Spooler service",
"action_command": "Get-Service Spooler | Select Status,Name",
"next_node_id": "spooler_result"
},
{
"id": "spooler_result",
"type": "decision",
"question": "Did restarting Print Spooler help?",
"options": [
{"id": "spooler_fixed", "label": "Yes, printing works now", "next_node_id": "printer_resolution_success"},
{"id": "spooler_not_fixed", "label": "No, still not printing", "next_node_id": "reinstall_printer"}
],
"children": []
}
]
},
{
"id": "printer_error_status",
"type": "decision",
"question": "What error is shown on printer status?",
"options": [
{"id": "paper_out", "label": "Out of paper", "next_node_id": "paper_out_fix"},
{"id": "toner_out", "label": "Toner/Ink low or out", "next_node_id": "toner_fix"},
{"id": "door_open", "label": "Door open / Cover open", "next_node_id": "door_open_fix"},
{"id": "generic_error", "label": "Generic error / Error code", "next_node_id": "generic_printer_error"}
],
"children": [
{
"id": "paper_out_fix",
"type": "solution",
"title": "Printer Out of Paper",
"description": "Printer needs paper.\n\n**Actions:**\n1. Add paper to the correct tray\n2. Verify paper is correct size (usually Letter/A4)\n3. Make sure paper guides are adjusted\n4. Check if using correct tray for the job\n\n**If Paper Is Present:**\n- Remove and re-seat paper\n- Fan the paper before loading\n- Check for paper jam sensors\n- Different tray may be selected\n\n**Ticket Notes:**\nPaper out. [Refilled / Directed user to refill]"
},
{
"id": "toner_fix",
"type": "solution",
"title": "Toner or Ink Low/Out",
"description": "Printer needs toner or ink replacement.\n\n**Options:**\n1. Replace toner/ink cartridge\n2. Some printers continue printing faintly\n3. Check supply room for replacement\n4. Order replacement if not available\n\n**Identify Correct Supply:**\n- Check printer model number\n- Check current cartridge part number\n- Consult supply catalog\n\n**If User Needs to Print Urgently:**\n- Suggest alternate printer\n- Some printers have override option (not recommended for quality)\n\n**Ticket Notes:**\nToner/ink replacement needed. [Replaced / Ordered / Alternative provided]"
},
{
"id": "door_open_fix",
"type": "solution",
"title": "Printer Door/Cover Open",
"description": "Printer detects open door or cover.\n\n**Actions:**\n1. Check all doors and covers\n2. Close firmly until they click\n3. Check for paper jam preventing closure\n4. Check for object blocking sensor\n\n**Common Locations:**\n- Front door (toner access)\n- Rear door (jam clearing)\n- Paper tray not fully inserted\n- Document feeder cover (MFPs)\n\n**If Door IS Closed:**\n- Sensor may be faulty\n- Try open and close firmly\n- Restart printer\n- May need service call\n\n**Ticket Notes:**\nDoor open error. [Resolved / Sensor issue - needs service]"
},
{
"id": "generic_printer_error",
"type": "action",
"title": "Generic Printer Error",
"description": "Printer showing error status.\n\n**Basic Recovery:**\n1. Power cycle the printer (off, wait 30 sec, on)\n2. Clear any paper jams\n3. Check display panel for specific error code\n4. Look up error code in printer manual\n\n**Check Printer Display:**\nMost network printers have a display showing the actual error.\n\n**Common Error Codes:**\nDocument specific error code and search manufacturer support site.\n\n**If Error Persists:**\n- May need service/repair\n- Try firmware update\n- Contact printer vendor support",
"next_node_id": "error_resolved"
},
{
"id": "error_resolved",
"type": "decision",
"question": "Was the printer error resolved?",
"options": [
{"id": "error_fixed", "label": "Yes, error cleared", "next_node_id": "printer_resolution_success"},
{"id": "error_persists", "label": "No, error persists", "next_node_id": "escalate_printer"}
],
"children": []
}
]
},
{
"id": "resume_printer",
"type": "action",
"title": "Resume Paused Printer",
"description": "Printer is paused - need to resume.\n\n**Steps:**\n1. Open print queue for the printer\n2. Click Printer menu > Uncheck 'Pause Printing'\n\n**Or:**\n1. Settings > Devices > Printers & scanners\n2. Click printer > Open queue\n3. Printer > Resume Printing\n\n**PowerShell:**\n```\nResume-PrintJob -PrinterName \"PrinterName\" -ID *\n```\n\n**Note:** Queue may have old jobs that start printing when resumed.",
"next_node_id": "printer_resolution_success"
}
]
},
{
"id": "duplicate_printers",
"type": "action",
"title": "Remove Duplicate Printers",
"description": "Multiple copies of same printer - clean up.\n\n**Steps:**\n1. Go to Settings > Devices > Printers & scanners\n2. Identify duplicate entries (usually numbered: Printer, Printer (Copy 1), etc.)\n3. Remove duplicates (keep one that works)\n4. Click Remove device for each duplicate\n\n**Causes:**\n- Printer IP changed\n- Driver reinstalled\n- Group Policy reapplied\n\n**After Cleanup:**\n- Set the working printer as default if needed\n- Test printing",
"next_node_id": "printer_resolution_success"
}
]
},
{
"id": "print_error_message",
"type": "decision",
"question": "What error message is shown?",
"help_text": "Common print error messages",
"options": [
{"id": "access_denied", "label": "Access denied / No permission", "next_node_id": "print_permission_error"},
{"id": "driver_error", "label": "Driver error / Driver unavailable", "next_node_id": "driver_issue"},
{"id": "spooler_error", "label": "Print Spooler error", "next_node_id": "check_print_spooler"},
{"id": "other_print_error", "label": "Other error", "next_node_id": "generic_printer_error"}
],
"children": [
{
"id": "print_permission_error",
"type": "decision",
"question": "Is this a shared/network printer or local printer?",
"options": [
{"id": "network_printer_perm", "label": "Network printer", "next_node_id": "network_printer_permission"},
{"id": "local_printer_perm", "label": "Local/USB printer", "next_node_id": "local_printer_permission"}
],
"children": [
{
"id": "network_printer_permission",
"type": "solution",
"title": "Network Printer Permission Issue",
"description": "User doesn't have permission to print.\n\n**Check:**\n1. Is user authenticated to print server?\n2. Does user have print permission on printer?\n3. Is there a print quota exceeded?\n\n**Print Server Permissions:**\n- Check print server security settings\n- User may need to be added to printer group\n- Check for follow-me printing requirements\n\n**If PaperCut/PrintTrack:**\n- Check user's print quota\n- Verify account is active\n- May need funds added\n\n**Ticket Notes:**\nPrint permission issue. [Permission granted / Escalated to print admin]"
},
{
"id": "local_printer_permission",
"type": "solution",
"title": "Local Printer Permission Issue",
"description": "Permission error for local/USB printer.\n\n**Causes:**\n- User account issue\n- Printer installed for different user\n- Security software blocking\n\n**Try:**\n1. Log out and back in\n2. Restart computer\n3. Remove and re-add printer\n4. Check antivirus isn't blocking\n\n**If Installed Under Different User:**\nRemove printer and reinstall under current user account.\n\n**Ticket Notes:**\nLocal printer permission issue. [Resolution steps]"
}
]
},
{
"id": "driver_issue",
"type": "action",
"title": "Printer Driver Issue",
"description": "Printer driver needs repair or reinstall.\n\n**Steps:**\n1. Remove the printer\n2. Remove the driver: Device Manager > Print queues > Uninstall\n3. Restart computer\n4. Re-add the printer (will install fresh driver)\n\n**If Network Printer:**\n- Printer may provide driver automatically\n- Or download from manufacturer website\n\n**Windows Driver Cleanup:**\n1. Open Print Management (printmanagement.msc)\n2. All Drivers > Remove old drivers\n3. Re-add printer\n\n**Note:** May need admin rights for driver installation.",
"next_node_id": "reinstall_printer"
}
]
},
{
"id": "stuck_in_queue",
"type": "action",
"title": "Clear Stuck Print Jobs",
"description": "Print jobs stuck in queue preventing printing.\n\n**Quick Method:**\n1. Open print queue for the printer\n2. Select all jobs (Ctrl+A)\n3. Right-click > Cancel\n4. Try printing again\n\n**If Jobs Won't Cancel:**\n1. Stop Print Spooler: `net stop spooler`\n2. Delete files in: C:\\Windows\\System32\\spool\\PRINTERS\n3. Start Print Spooler: `net start spooler`\n\n**PowerShell (Admin):**\n```\nStop-Service Spooler\nRemove-Item C:\\Windows\\System32\\spool\\PRINTERS\\* -Force\nStart-Service Spooler\n```\n\n**After Clearing:**\nUser needs to resend print jobs.",
"action_command": "Get-PrintJob -PrinterName * | Format-Table -AutoSize",
"next_node_id": "queue_cleared_result"
},
{
"id": "queue_cleared_result",
"type": "decision",
"question": "Is the queue cleared and printing working?",
"options": [
{"id": "queue_fixed", "label": "Yes, printing works now", "next_node_id": "printer_resolution_success"},
{"id": "queue_still_stuck", "label": "Jobs still stuck", "next_node_id": "check_print_spooler"},
{"id": "new_jobs_stick", "label": "Queue cleared but new jobs get stuck", "next_node_id": "printer_offline_triage"}
],
"children": []
},
{
"id": "wrong_printer",
"type": "solution",
"title": "Print Going to Wrong Printer",
"description": "Jobs going to unintended printer.\n\n**Check Default Printer:**\n1. Settings > Devices > Printers & scanners\n2. Uncheck 'Let Windows manage my default printer'\n3. Set correct printer as default\n\n**In Applications:**\n- Each app may remember its own printer selection\n- Check File > Print > Select correct printer\n- Some apps save printer per document\n\n**If User Has Multiple Printers:**\n- Set most-used as default\n- Use 'Let Windows manage' if moving between locations\n\n**PDF Printing:**\n- Microsoft Print to PDF may be set as default\n- Change to physical printer\n\n**Ticket Notes:**\nPrinting to wrong printer. Set [printer name] as default."
}
]
},
{
"id": "printer_offline_triage",
"type": "decision",
"question": "Is this a network printer or local (USB) printer?",
"help_text": "Determines troubleshooting path",
"options": [
{"id": "network_offline", "label": "Network printer", "next_node_id": "network_printer_offline"},
{"id": "usb_offline", "label": "USB/Local printer", "next_node_id": "usb_printer_offline"}
],
"children": [
{
"id": "network_printer_offline",
"type": "decision",
"question": "Can the user ping the printer by IP address?",
"help_text": "Open CMD and type: ping [printer IP]",
"options": [
{"id": "ping_success", "label": "Yes, ping succeeds", "next_node_id": "printer_reachable_offline"},
{"id": "ping_fails", "label": "No, ping fails / timeout", "next_node_id": "printer_network_issue"},
{"id": "dont_know_ip", "label": "Don't know printer IP", "next_node_id": "find_printer_ip"}
],
"children": [
{
"id": "printer_reachable_offline",
"type": "action",
"title": "Printer Reachable but Shows Offline",
"description": "Network connectivity works but Windows shows offline.\n\n**Try:**\n1. Right-click printer > 'See what's printing'\n2. Printer menu > Uncheck 'Use Printer Offline'\n3. If greyed out, restart Print Spooler\n\n**If Still Offline:**\n1. Remove the printer\n2. Re-add by IP: Add printer > The printer I want isn't listed\n3. Add using TCP/IP address\n4. Enter printer IP address\n\n**Check:**\n- Printer may have changed IP (DHCP)\n- SNMP issues can cause offline status\n- Try disabling SNMP in port settings",
"next_node_id": "offline_result"
},
{
"id": "printer_network_issue",
"type": "decision",
"question": "Is the printer powered on and connected to network?",
"help_text": "Physical check of the printer",
"options": [
{"id": "printer_on", "label": "Yes, printer is on with network", "next_node_id": "check_printer_network_settings"},
{"id": "printer_off", "label": "Printer appears off", "next_node_id": "turn_on_printer"},
{"id": "cannot_check", "label": "Can't physically check (remote user)", "next_node_id": "remote_printer_check"}
],
"children": [
{
"id": "check_printer_network_settings",
"type": "solution",
"title": "Check Printer Network Settings",
"description": "Printer is on but not responding to ping.\n\n**At the Printer:**\n1. Print network configuration page\n2. Verify IP address\n3. Check subnet mask and gateway\n4. Verify network cable connected (for wired)\n\n**Common Issues:**\n- IP changed (DHCP lease expired)\n- Wrong subnet/VLAN\n- Network cable unplugged\n- WiFi disconnected\n\n**If IP Changed:**\nUpdate printer in Windows with new IP or set static IP on printer.\n\n**Ticket Notes:**\nPrinter network issue. [IP changed / cable unplugged / etc.]"
},
{
"id": "turn_on_printer",
"type": "solution",
"title": "Turn On Printer",
"description": "Printer appears to be off.\n\n**Check:**\n1. Power button/switch\n2. Power cable connected\n3. Power outlet working\n4. No error lights indicating problem\n\n**After Powering On:**\n1. Wait for printer to initialize (1-2 minutes)\n2. Check network connectivity (ping)\n3. Try printing\n\n**If Won't Power On:**\n- Try different outlet\n- Check for blown fuse\n- May need service/replacement\n\n**Ticket Notes:**\nPrinter was off. [Powered on successfully / Hardware issue]"
},
{
"id": "remote_printer_check",
"type": "solution",
"title": "Remote User - Cannot Check Printer",
"description": "User is remote and cannot physically check printer.\n\n**Options:**\n1. **Contact someone on-site:** Ask if someone can check the printer\n2. **Check print server:** If managed print server, check status there\n3. **Printer web interface:** Try accessing http://[printer-ip]\n\n**If Printer Managed:**\n- Check print management console\n- Check printer monitoring software\n- Contact facilities/office manager\n\n**Alternative:**\nHave user print to different available printer.\n\n**Ticket Notes:**\nRemote user, cannot verify printer status. [Action taken]"
}
]
},
{
"id": "find_printer_ip",
"type": "action",
"title": "Find Printer IP Address",
"description": "Need to locate the printer's IP address.\n\n**Methods:**\n\n1. **At the Printer:**\n - Print configuration page from printer menu\n - Check display panel for IP\n\n2. **From Windows (if printer was working):**\n - Printer properties > Ports tab > Shows IP\n\n3. **From Print Server:**\n - Print management console shows all printer IPs\n\n4. **Network Scan:**\n - Use `arp -a` to list network devices\n - Use network scanner tool\n\n**Once Found:**\nTry: ping [IP address]\nIf responds, proceed with offline troubleshooting.",
"next_node_id": "network_printer_offline"
},
{
"id": "offline_result",
"type": "decision",
"question": "Is the printer showing online now?",
"options": [
{"id": "now_online", "label": "Yes, printer is online", "next_node_id": "printer_resolution_success"},
{"id": "still_offline", "label": "No, still showing offline", "next_node_id": "reinstall_printer"}
],
"children": []
}
]
},
{
"id": "usb_printer_offline",
"type": "action",
"title": "USB Printer Offline",
"description": "Local USB printer showing offline.\n\n**Check Physical Connection:**\n1. USB cable firmly connected at both ends\n2. Try different USB port\n3. Printer is powered on\n4. Try different USB cable if available\n\n**Check Windows:**\n1. Device Manager - any yellow warnings?\n2. Unknown devices that might be the printer?\n3. Print spooler running?\n\n**Reset USB Connection:**\n1. Unplug USB from computer\n2. Wait 10 seconds\n3. Plug back in\n4. Wait for Windows to detect\n\n**If Still Offline:**\nMay need to remove and re-add printer.",
"next_node_id": "usb_result"
},
{
"id": "usb_result",
"type": "decision",
"question": "Is the USB printer working now?",
"options": [
{"id": "usb_fixed", "label": "Yes, printer works", "next_node_id": "printer_resolution_success"},
{"id": "usb_still_offline", "label": "No, still not working", "next_node_id": "reinstall_printer"}
],
"children": []
}
]
},
{
"id": "reinstall_printer",
"type": "action",
"title": "Reinstall Printer",
"description": "Remove and re-add the printer.\n\n**Remove Printer:**\n1. Settings > Devices > Printers & scanners\n2. Click the printer > Remove device\n3. Restart computer (recommended)\n\n**Re-add Network Printer:**\n1. Settings > Devices > Printers & scanners\n2. Add a printer or scanner\n3. Wait for discovery, or click 'The printer I want isn't listed'\n4. Choose 'Add using TCP/IP' and enter IP\n\n**Re-add USB Printer:**\n1. Unplug USB cable\n2. Plug back in\n3. Windows should auto-detect\n4. Or manually add from Settings\n\n**If Needs Driver:**\nDownload from manufacturer website.",
"next_node_id": "reinstall_result"
},
{
"id": "reinstall_result",
"type": "decision",
"question": "Did reinstalling the printer fix the issue?",
"options": [
{"id": "reinstall_worked", "label": "Yes, printer works now", "next_node_id": "printer_resolution_success"},
{"id": "reinstall_failed", "label": "No, still not working", "next_node_id": "escalate_printer"}
],
"children": []
},
{
"id": "quality_issues",
"type": "decision",
"question": "What print quality issue is occurring?",
"help_text": "Identify the specific quality problem",
"options": [
{"id": "faded_light", "label": "Faded / Too light", "next_node_id": "faded_print"},
{"id": "streaks_lines", "label": "Streaks or lines", "next_node_id": "streaky_print"},
{"id": "smudging", "label": "Smudging or smearing", "next_node_id": "smudging_print"},
{"id": "wrong_colors", "label": "Wrong colors", "next_node_id": "color_issues"}
],
"children": [
{
"id": "faded_print",
"type": "solution",
"title": "Faded/Light Print",
"description": "Print is too light or faded.\n\n**Common Causes:**\n\n1. **Low Toner/Ink:**\n - Check supply levels\n - Replace if low\n - Try shaking toner cartridge (redistribute toner)\n\n2. **Print Density Setting:**\n - Printer properties > Advanced > Print density\n - Increase darkness setting\n\n3. **Draft Mode:**\n - Check if printing in 'Draft' or 'Eco' mode\n - Change to 'Normal' or 'High Quality'\n\n4. **Old Supplies:**\n - Old toner can print faded\n - Check expiration date\n\n**For Inkjet:**\n- Run print head cleaning utility\n- Ink may be dried/clogged\n\n**Ticket Notes:**\nFaded print. [Cause and resolution]"
},
{
"id": "streaky_print",
"type": "solution",
"title": "Streaks or Lines on Print",
"description": "Print has horizontal or vertical lines/streaks.\n\n**For Laser Printers:**\n1. **Horizontal lines:** Usually drum unit issue\n2. **Vertical lines:** Often toner cartridge\n3. **Try:** Replace toner/drum unit\n4. **Clean:** Open printer, clean corona wire if accessible\n\n**For Inkjet Printers:**\n1. **Run cleaning cycle:** Through printer menu or driver\n2. **Clean print heads:** Use printer's maintenance function\n3. **Replace cartridges:** May be clogged/damaged\n\n**If Problem Persists:**\n- May need internal cleaning\n- Fuser unit may need replacement (laser)\n- May need service\n\n**Ticket Notes:**\nStreaky print. [Cleaning performed / Supplies replaced / Needs service]"
},
{
"id": "smudging_print",
"type": "solution",
"title": "Smudging/Smearing Print",
"description": "Print smudges or smears when touched.\n\n**For Laser Printers:**\n1. **Fuser issue:** Toner not fusing to paper\n - Fuser may need replacement\n - Try 'thick paper' setting for heavy stock\n\n2. **Wrong paper type:** \n - Use correct paper for printer\n - Set correct paper type in driver\n\n3. **Toner issue:**\n - Replace toner cartridge\n - May be defective cartridge\n\n**For Inkjet:**\n1. **Paper not compatible:** Use inkjet paper\n2. **Ink not drying:** Slow down printing, wait for dry\n3. **Print head issue:** Run cleaning cycle\n\n**Ticket Notes:**\nSmudging print. [Resolution or needs service call]"
},
{
"id": "color_issues",
"type": "solution",
"title": "Color Print Issues",
"description": "Colors printing incorrectly.\n\n**Check Supplies:**\n- One color cartridge may be empty/low\n- Replace low color cartridges\n\n**Calibration:**\n- Run color calibration from printer menu\n- Printer properties > Color calibration\n\n**Driver Settings:**\n- Check color settings aren't modified\n- Reset to defaults\n- Try different color profile\n\n**Color Matching:**\n- Screen colors won't match print exactly\n- For accurate color, use ICC profiles\n\n**If One Color Missing:**\n- Specific color cartridge empty\n- Print head clogged (inkjet)\n- Run cleaning cycle\n\n**Ticket Notes:**\nColor print issue. [Resolution steps taken]"
}
]
},
{
"id": "add_printer_triage",
"type": "decision",
"question": "What type of printer needs to be added?",
"help_text": "Determines installation method",
"options": [
{"id": "add_network", "label": "Network printer (shared office printer)", "next_node_id": "add_network_printer"},
{"id": "add_usb", "label": "USB/Local printer", "next_node_id": "add_usb_printer"},
{"id": "add_shared", "label": "Printer shared from another PC", "next_node_id": "add_shared_printer"}
],
"children": [
{
"id": "add_network_printer",
"type": "action",
"title": "Add Network Printer",
"description": "Install a network printer by IP address.\n\n**Steps:**\n1. Settings > Devices > Printers & scanners\n2. Add a printer or scanner\n3. Wait for auto-discovery, or click 'The printer I want isn't listed'\n4. Select 'Add printer using TCP/IP address'\n5. Enter printer IP address\n6. Windows will detect printer type and install driver\n\n**If Auto-Discovery Found It:**\nJust click on the printer to add.\n\n**If Driver Not Found:**\n- Download from manufacturer website\n- Or use 'Have Disk' during setup\n\n**Get Printer IP From:**\n- IT documentation\n- Printer configuration page\n- Printer display panel",
"next_node_id": "add_printer_result"
},
{
"id": "add_usb_printer",
"type": "action",
"title": "Add USB Printer",
"description": "Install a local USB printer.\n\n**Basic Steps:**\n1. Connect printer via USB cable\n2. Turn on printer\n3. Windows should auto-detect and install\n4. Printer appears in Settings > Printers\n\n**If Not Auto-Detected:**\n1. Try different USB port\n2. Check Device Manager for unknown device\n3. Manually add: Settings > Printers > Add printer\n4. Install driver from manufacturer website\n\n**Driver Installation:**\n- Download from HP, Canon, Epson, Brother, etc.\n- Run installer before connecting printer (some require this)\n\n**Note:** May need admin rights for driver installation.",
"next_node_id": "add_printer_result"
},
{
"id": "add_shared_printer",
"type": "action",
"title": "Add Shared Printer",
"description": "Connect to printer shared from another computer.\n\n**Steps:**\n1. Open File Explorer\n2. In address bar, type: \\\\COMPUTERNAME\n3. Find the shared printer\n4. Double-click to add\n\n**Or:**\n1. Settings > Devices > Printers & scanners\n2. Add a printer > 'The printer I want isn't listed'\n3. 'Select a shared printer by name'\n4. Enter: \\\\COMPUTERNAME\\PrinterShareName\n\n**If Connection Fails:**\n- Verify sharing computer is on\n- Check network connectivity\n- Verify sharing permissions\n- Check firewall settings\n\n**Credentials May Be Required:**\nEnter username/password for sharing computer.",
"next_node_id": "add_printer_result"
},
{
"id": "add_printer_result",
"type": "decision",
"question": "Was the printer added successfully?",
"options": [
{"id": "add_success", "label": "Yes, printer added and working", "next_node_id": "printer_resolution_success"},
{"id": "add_failed", "label": "No, unable to add printer", "next_node_id": "escalate_printer"}
],
"children": []
}
]
},
{
"id": "paper_issues",
"type": "decision",
"question": "What type of paper issue?",
"help_text": "Identify the paper-related problem",
"options": [
{"id": "paper_jam", "label": "Paper jam", "next_node_id": "clear_paper_jam"},
{"id": "multiple_feed", "label": "Feeding multiple pages", "next_node_id": "multiple_page_feed"},
{"id": "wont_feed", "label": "Won't pick up paper", "next_node_id": "paper_not_feeding"},
{"id": "wrong_tray", "label": "Pulling from wrong tray", "next_node_id": "wrong_tray_issue"}
],
"children": [
{
"id": "clear_paper_jam",
"type": "solution",
"title": "Clear Paper Jam",
"description": "Remove jammed paper from printer.\n\n**General Steps:**\n1. Turn off printer\n2. Open all access doors/covers\n3. Gently remove visible paper (pull in direction of paper path)\n4. Check for torn pieces left behind\n5. Check all areas: input tray, output area, fuser area\n6. Close all doors\n7. Turn on printer\n\n**Important:**\n- Pull paper gently to avoid tearing\n- Remove ALL pieces including small bits\n- Check duplex unit if equipped\n- Some printers have rear access door for jam clearing\n\n**If Jams Keep Recurring:**\n- Check paper quality\n- Check for debris in paper path\n- Rollers may need cleaning/replacement\n- May need service\n\n**Ticket Notes:**\nPaper jam cleared. [Location of jam / Recurring issue noted]"
},
{
"id": "multiple_page_feed",
"type": "solution",
"title": "Printer Feeding Multiple Pages",
"description": "Printer grabs multiple sheets at once.\n\n**Causes and Fixes:**\n\n1. **Paper Stack Issues:**\n - Fan the paper before loading\n - Don't overfill tray\n - Make sure paper guides snug but not tight\n\n2. **Paper Quality:**\n - Use recommended paper type\n - Paper may be too thin\n - Don't use damaged or curled paper\n\n3. **Static Electricity:**\n - Fan paper to reduce static\n - Try different paper batch\n\n4. **Worn Rollers:**\n - Feed rollers may be worn\n - Can try cleaning with damp lint-free cloth\n - May need roller replacement\n\n**Ticket Notes:**\nMultiple page feeding. [Cause and resolution]"
},
{
"id": "paper_not_feeding",
"type": "solution",
"title": "Printer Not Picking Up Paper",
"description": "Printer won't grab paper from tray.\n\n**Check:**\n1. Paper loaded correctly and pushed in fully\n2. Paper guides adjusted to paper size\n3. Tray not overfilled (below max line)\n4. Paper not stuck together\n\n**Clean Feed Rollers:**\n1. Power off printer\n2. Access rollers (usually visible in tray area)\n3. Clean with damp lint-free cloth\n4. Let dry completely\n5. Try feeding again\n\n**If Rollers Look Worn:**\n- Smooth, shiny rollers won't grip\n- May need roller replacement\n- Service call may be needed\n\n**Try Different Paper:**\n- Paper may be too slick or thick\n- Use standard 20lb paper\n\n**Ticket Notes:**\nPaper feed issue. [Cleaned rollers / Needs service]"
},
{
"id": "wrong_tray_issue",
"type": "solution",
"title": "Printing from Wrong Tray",
"description": "Printer using wrong paper tray.\n\n**In Print Dialog:**\n1. File > Print > Printer Properties\n2. Look for Paper Source or Tray selection\n3. Select specific tray or 'Auto Select'\n\n**At the Printer:**\n1. Check default tray setting in printer menu\n2. May need to set paper size/type for each tray\n\n**For Specific Paper:**\n- Load special paper in manual/bypass tray\n- Select manual feed in print settings\n\n**Check Paper Type Settings:**\n- Tray 1 = Plain, Tray 2 = Letterhead, etc.\n- Match settings to actual paper loaded\n\n**Ticket Notes:**\nWrong tray selection. [Corrected tray settings]"
}
]
},
{
"id": "escalate_printer",
"type": "solution",
"title": "Escalate Printer Issue",
"description": "Issue requires additional support or service.\n\n**Escalate to Desktop Support or Vendor For:**\n- Hardware failures\n- Persistent errors after troubleshooting\n- Driver issues requiring admin rights\n- Physical repairs needed\n\n**Information to Include:**\n- Printer make/model\n- Serial number (if hardware issue)\n- Error messages/codes\n- Troubleshooting steps already taken\n- Frequency of issue\n\n**For Vendor Support:**\n- Check warranty status\n- Contact manufacturer support\n- Schedule service call if needed\n\n**Ticket Notes:**\nEscalated to [team/vendor]. Issue: [summary]. Steps taken: [list].\n\n**Workaround:**\nDirect user to alternative printer in the meantime."
},
{
"id": "printer_resolution_success",
"type": "solution",
"title": "Printer Issue Resolved",
"description": "Printer is now working correctly.\n\n**Final Verification:**\n- User can print successfully\n- Print quality is acceptable\n- No error messages\n\n**Ticket Documentation:**\n- Printer name/model\n- Original issue\n- Root cause\n- Resolution steps\n\n**Close ticket as:** Resolved - Printer Issue\n\n**User Guidance:**\n- Contact Help Desk if issue recurs\n- Report paper/toner needs to office admin"
}
]
}
}
# =============================================================================
# TIER 2 - DESKTOP SUPPORT TREES
# =============================================================================
def get_slow_computer_tree() -> dict[str, Any]:
"""
Slow Computer Troubleshooting - Comprehensive Tier 2 tree.
Covers startup issues, memory, disk, malware, and performance optimization.
"""
return {
"name": "Slow Computer Troubleshooting",
"description": "Systematic troubleshooting guide for slow computer performance including startup optimization, memory issues, disk problems, malware, and hardware diagnostics.",
"category": "Tier 2 - Desktop Support",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "When does the computer feel slow?",
"help_text": "Identifying when slowness occurs helps narrow down the cause",
"options": [
{"id": "always_slow", "label": "Always slow / Generally sluggish", "next_node_id": "general_slow"},
{"id": "slow_startup", "label": "Slow at startup/boot", "next_node_id": "startup_slow"},
{"id": "slow_over_time", "label": "Gets slower over time (after being on)", "next_node_id": "progressive_slow"},
{"id": "slow_specific", "label": "Slow with specific application", "next_node_id": "app_specific_slow_computer"},
{"id": "sudden_slow", "label": "Suddenly became slow", "next_node_id": "sudden_slowdown"}
],
"children": [
{
"id": "general_slow",
"type": "action",
"title": "Initial Performance Assessment",
"description": "Gather baseline performance data.\n\n**Open Task Manager:**\nCtrl+Shift+Esc\n\n**Check:**\n1. **CPU:** Is usage constantly high (>80%)?\n2. **Memory:** Is usage constantly high (>85%)?\n3. **Disk:** Is disk at 100% constantly?\n4. **Network:** Unusually high network activity?\n\n**Note the Top Processes:**\nSort by CPU, Memory, Disk to see what's consuming resources.\n\n**Quick Specs Check:**\n- Right-click Start > System\n- Note RAM amount and processor\n- Note if SSD or HDD (check disk type)",
"action_command": "systeminfo | findstr /C:\"Total Physical Memory\" /C:\"Processor\"",
"next_node_id": "performance_findings"
},
{
"id": "performance_findings",
"type": "decision",
"question": "What resource is being maxed out?",
"help_text": "Based on Task Manager findings",
"options": [
{"id": "high_cpu", "label": "High CPU usage (>80%)", "next_node_id": "cpu_issues"},
{"id": "high_memory", "label": "High Memory usage (>85%)", "next_node_id": "memory_issues"},
{"id": "high_disk", "label": "Disk at 100%", "next_node_id": "disk_issues"},
{"id": "all_normal", "label": "All resources look normal", "next_node_id": "other_causes"},
{"id": "multiple_high", "label": "Multiple resources maxed", "next_node_id": "system_overwhelmed"}
],
"children": [
{
"id": "cpu_issues",
"type": "decision",
"question": "What process is using the most CPU?",
"help_text": "Sort Task Manager by CPU column",
"options": [
{"id": "unknown_process", "label": "Unknown/suspicious process", "next_node_id": "investigate_process"},
{"id": "browser_cpu", "label": "Web browser (Chrome, Edge, etc.)", "next_node_id": "browser_cpu_fix"},
{"id": "antivirus_cpu", "label": "Antivirus/Security software", "next_node_id": "antivirus_cpu_fix"},
{"id": "system_cpu", "label": "System/Windows process", "next_node_id": "system_cpu_fix"},
{"id": "work_app_cpu", "label": "Work application (Office, Teams, etc.)", "next_node_id": "work_app_cpu_fix"}
],
"children": [
{
"id": "investigate_process",
"type": "action",
"title": "Investigate Unknown Process",
"description": "Unknown process using high CPU - may be malware.\n\n**Steps:**\n1. Note the process name\n2. Right-click process > Open file location\n3. Note the file path\n4. Right-click process > Search online\n\n**Red Flags:**\n- Located in temp or user folders\n- Misspelled system names (svch0st, csrs)\n- No description or publisher\n- Recently created file\n\n**If Suspicious:**\n- Don't end the process yet\n- Run malware scan\n- Proceed to malware investigation\n\n**If Legitimate:**\n- Google the process name\n- May be updater or background task",
"next_node_id": "process_verdict"
},
{
"id": "process_verdict",
"type": "decision",
"question": "Is the process legitimate or suspicious?",
"options": [
{"id": "is_malware", "label": "Appears to be malware/suspicious", "next_node_id": "malware_found"},
{"id": "is_legitimate", "label": "Legitimate but misbehaving", "next_node_id": "fix_misbehaving_app"},
{"id": "unsure_process", "label": "Unsure / Need more investigation", "next_node_id": "escalate_security"}
],
"children": [
{
"id": "fix_misbehaving_app",
"type": "solution",
"title": "Fix Misbehaving Application",
"description": "Legitimate application consuming too many resources.\n\n**Try:**\n1. End the process in Task Manager\n2. Restart the application\n3. If persists, check for updates\n4. Reinstall if necessary\n\n**If It's a Service:**\n1. services.msc > Find the service\n2. Restart the service\n3. Check for updates/patches\n\n**Document:**\n- Application name\n- Version\n- Circumstances that trigger high usage\n\n**May Need:**\n- Application support contact\n- Application-specific troubleshooting\n\n**Ticket Notes:**\n[Application] causing high CPU. [Resolution steps]"
},
{
"id": "escalate_security",
"type": "solution",
"title": "Escalate to Security Team",
"description": "Cannot determine if process is legitimate.\n\n**DO NOT:**\n- Delete files\n- End process (it may respawn)\n- Ignore it\n\n**DO:**\n1. Document process name and location\n2. Screenshot Task Manager\n3. Note when it started (if known)\n4. Escalate to Security team\n\n**If User Needs Computer:**\n- Can work on another machine if available\n- Or monitor while Security investigates\n\n**Ticket Priority:** High\n**Escalate to:** Security/SOC Team\n\n**Ticket Notes:**\nSuspicious process identified. Screenshots attached. Escalated for investigation."
}
]
},
{
"id": "browser_cpu_fix",
"type": "solution",
"title": "Browser High CPU Usage",
"description": "Web browser consuming excessive CPU.\n\n**Immediate Fix:**\n1. Check for runaway tabs: Shift+Esc in Chrome shows per-tab CPU\n2. Close unnecessary tabs\n3. Close and reopen browser\n\n**Longer-Term Fixes:**\n1. **Disable problematic extensions:**\n - Check extensions for CPU usage\n - Disable ad blockers temporarily to test\n - Remove unused extensions\n\n2. **Clear browser cache:**\n - Settings > Privacy > Clear browsing data\n\n3. **Update browser:**\n - Help > About [browser name]\n\n4. **Check for malware:**\n - Browser hijackers can cause this\n - Run malware scan\n\n**If Specific Sites:**\nCertain sites (social media, video) are CPU-intensive. Normal behavior.\n\n**Ticket Notes:**\nBrowser high CPU. [Resolution - tabs closed / extension disabled / etc.]"
},
{
"id": "antivirus_cpu_fix",
"type": "solution",
"title": "Antivirus High CPU Usage",
"description": "Security software consuming resources.\n\n**Common Causes:**\n- Active scan running\n- Real-time protection processing\n- Definition update\n\n**Check:**\n1. Open the antivirus program\n2. Is a scan running? Let it complete or reschedule\n3. Are updates being installed?\n\n**If Constant High Usage:**\n1. Check for AV conflicts (multiple products)\n2. Exclude high-activity folders from scanning\n3. Adjust scan schedule to off-hours\n4. Update AV to latest version\n\n**For Managed AV:**\nMay need to contact security team for policy adjustment.\n\n**Note:** Don't disable antivirus! Just optimize it.\n\n**Ticket Notes:**\nAntivirus high CPU. [Scan was running / Scheduled adjustment / etc.]"
},
{
"id": "system_cpu_fix",
"type": "decision",
"question": "Which system process is using high CPU?",
"help_text": "Common Windows processes that can spike",
"options": [
{"id": "svchost_cpu", "label": "svchost.exe", "next_node_id": "svchost_fix"},
{"id": "system_interrupts", "label": "System interrupts / System", "next_node_id": "system_interrupts_fix"},
{"id": "windows_update", "label": "Windows Update related", "next_node_id": "windows_update_cpu"},
{"id": "search_indexer", "label": "SearchIndexer / Windows Search", "next_node_id": "search_indexer_fix"},
{"id": "other_system", "label": "Other system process", "next_node_id": "generic_system_fix"}
],
"children": [
{
"id": "svchost_fix",
"type": "solution",
"title": "svchost.exe High CPU",
"description": "svchost hosts multiple Windows services.\n\n**Identify Which Service:**\n1. Task Manager > Details tab\n2. Right-click svchost.exe > Go to service(s)\n3. Note which services are under that svchost\n\n**Common Culprits:**\n- Windows Update (wuauserv) - Let it finish\n- BITS - Background downloads\n- Superfetch/SysMain - Disable if SSD\n- Windows Defender - Scan running\n\n**To Restart a Service:**\n```\nnet stop \"Service Name\" && net start \"Service Name\"\n```\n\n**If Windows Update:**\nLet updates complete, or troubleshoot Windows Update separately.\n\n**Ticket Notes:**\nsvchost high CPU caused by [service]. [Resolution]"
},
{
"id": "system_interrupts_fix",
"type": "solution",
"title": "System Interrupts High CPU",
"description": "Hardware or driver issue causing interrupts.\n\n**Causes:**\n- Faulty hardware\n- Bad/outdated drivers\n- Hardware conflict\n\n**Troubleshooting:**\n1. **Update drivers:**\n - Especially network, graphics, chipset\n - Device Manager > Right-click > Update driver\n\n2. **Disable devices one by one:**\n - Device Manager > Disable device\n - Test after each to find culprit\n - Start with: USB controllers, network adapters\n\n3. **Check hardware:**\n - External USB devices\n - Failing hard drive\n - Overheating components\n\n**If Problem Found:**\nUpdate driver or replace faulty hardware.\n\n**Ticket Notes:**\nSystem interrupts high. [Driver updated / Hardware issue identified]"
},
{
"id": "windows_update_cpu",
"type": "solution",
"title": "Windows Update High CPU",
"description": "Windows Update consuming resources.\n\n**Normal Behavior:**\n- Updates downloading/installing use CPU\n- Can take 30+ minutes for major updates\n- Best to let it complete\n\n**Check Update Status:**\n1. Settings > Update & Security > Windows Update\n2. See what's downloading/installing\n3. Check for pending restarts\n\n**If Stuck:**\n1. Restart computer\n2. Run Windows Update troubleshooter\n3. Clear update cache:\n - Stop Windows Update service\n - Delete C:\\Windows\\SoftwareDistribution contents\n - Start Windows Update service\n\n**Schedule Updates:**\nSet active hours to avoid updates during work.\n\n**Ticket Notes:**\nWindows Update consuming CPU. [Let complete / Troubleshot stuck update]"
},
{
"id": "search_indexer_fix",
"type": "solution",
"title": "Windows Search Indexer High CPU",
"description": "Search indexing consuming resources.\n\n**Normal After:**\n- First boot of new computer\n- Large amount of new files added\n- Index was rebuilt\n\n**If Persistent:**\n\n1. **Rebuild Index:**\n - Control Panel > Indexing Options\n - Advanced > Rebuild\n - Will be slow during rebuild, then better\n\n2. **Limit Indexed Locations:**\n - Indexing Options > Modify\n - Uncheck unnecessary locations\n - Don't index network drives\n\n3. **Disable if Not Needed:**\n - services.msc > Windows Search > Disable\n - Note: Search will be slower\n\n**Ticket Notes:**\nSearch indexer high CPU. [Rebuilt index / Limited locations / Disabled]"
},
{
"id": "generic_system_fix",
"type": "solution",
"title": "Generic System Process Fix",
"description": "Other system process using high CPU.\n\n**General Steps:**\n1. Note the process name\n2. Search online for known issues\n3. Check Event Viewer for related errors\n4. Restart the computer\n\n**If Persists After Restart:**\n- Run System File Checker: `sfc /scannow`\n- Run DISM: `DISM /Online /Cleanup-Image /RestoreHealth`\n- Check for Windows updates\n- May need system repair or reinstall\n\n**Ticket Notes:**\n[Process name] high CPU. [Resolution steps taken]"
}
]
},
{
"id": "work_app_cpu_fix",
"type": "solution",
"title": "Work Application High CPU",
"description": "Business application consuming CPU (Office, Teams, etc.).\n\n**For Microsoft Teams:**\n- Clear Teams cache: %appdata%\\Microsoft\\Teams\n- Disable GPU acceleration in settings\n- Update to latest version\n- Close and reopen\n\n**For Microsoft Office:**\n- Repair Office installation\n- Disable add-ins\n- Update Office\n- Check document for complexity\n\n**For Other Apps:**\n1. Close and reopen application\n2. Check for updates\n3. Clear application cache\n4. Repair/reinstall if needed\n\n**If Specific Document:**\nDocument may be corrupted or too complex.\n\n**Ticket Notes:**\n[Application] high CPU. [Resolution]"
}
]
},
{
"id": "memory_issues",
"type": "decision",
"question": "How much RAM does the computer have?",
"help_text": "Check System Properties or Task Manager",
"options": [
{"id": "low_ram", "label": "4GB or less", "next_node_id": "insufficient_ram"},
{"id": "medium_ram", "label": "8GB", "next_node_id": "optimize_memory"},
{"id": "high_ram", "label": "16GB or more", "next_node_id": "memory_leak_check"}
],
"children": [
{
"id": "insufficient_ram",
"type": "solution",
"title": "Insufficient RAM",
"description": "Computer has too little RAM for modern workloads.\n\n**4GB is Minimal:**\n- Windows 10/11 needs 4GB just to run\n- No room for applications\n- Will always be slow\n\n**Recommendations:**\n- Minimum 8GB for basic office work\n- 16GB for multitasking/development\n- 32GB for heavy workloads\n\n**Immediate Mitigation:**\n1. Close unused applications\n2. Reduce browser tabs\n3. Disable startup programs\n4. Adjust visual effects for performance\n\n**Long-Term:**\n- RAM upgrade (if possible)\n- Computer replacement may be needed\n\n**Ticket Notes:**\nInsufficient RAM (current: Xgb). Recommend upgrade/replacement."
},
{
"id": "optimize_memory",
"type": "action",
"title": "Optimize Memory Usage",
"description": "8GB is adequate but may need optimization.\n\n**Find Memory Hogs:**\n1. Task Manager > Processes > Sort by Memory\n2. Note top memory users\n\n**Common Fixes:**\n1. **Close unnecessary apps:** Especially browsers with many tabs\n2. **Restart computer:** Clears accumulated memory usage\n3. **Reduce startup programs:**\n - Task Manager > Startup tab\n - Disable unnecessary items\n\n**Browser Memory:**\n- Chrome is memory-heavy\n- Consider fewer tabs or use Edge (more efficient)\n- Install tab suspender extension\n\n**If Still Not Enough:**\nMay need RAM upgrade to 16GB.",
"next_node_id": "performance_resolution_success"
},
{
"id": "memory_leak_check",
"type": "action",
"title": "Check for Memory Leak",
"description": "With 16GB+, high memory indicates a leak.\n\n**Memory Leak Signs:**\n- Memory usage grows over time\n- One process using excessive RAM\n- Resolved by restart (temporarily)\n\n**Identify the Leak:**\n1. Task Manager > Sort by Memory\n2. Note top consumer\n3. Is it growing over time?\n\n**Common Leakers:**\n- Web browsers (close/reopen)\n- Adobe products\n- Custom applications\n- Drivers (rare)\n\n**Resolution:**\n1. Update the problematic application\n2. Report to application vendor\n3. Restart computer periodically\n4. Schedule automatic restarts\n\n**Ticket Notes:**\nMemory leak identified in [application]. [Resolution/workaround]",
"next_node_id": "performance_resolution_success"
}
]
},
{
"id": "disk_issues",
"type": "decision",
"question": "Is this an SSD or HDD?",
"help_text": "Task Manager > Performance > Disk shows type, or check Disk Management",
"options": [
{"id": "is_hdd", "label": "HDD (spinning disk)", "next_node_id": "hdd_optimization"},
{"id": "is_ssd", "label": "SSD (solid state)", "next_node_id": "ssd_disk_issue"},
{"id": "unknown_disk", "label": "Don't know", "next_node_id": "check_disk_type"}
],
"children": [
{
"id": "hdd_optimization",
"type": "solution",
"title": "HDD Performance Issue",
"description": "Traditional hard drives are inherently slow.\n\n**HDD at 100% is Common Because:**\n- Mechanical drives can't handle modern multitasking\n- Windows 10/11 designed for SSDs\n- Multiple programs accessing disk simultaneously\n\n**Best Solution: Upgrade to SSD**\n- Single biggest performance improvement\n- 500GB SSD is affordable\n- Clone existing drive or fresh install\n\n**If Upgrade Not Possible:**\n1. Defragment the drive:\n - Defragment and Optimize Drives\n - Run optimization\n\n2. Disable Superfetch/SysMain:\n - services.msc > SysMain > Disable\n\n3. Reduce startup programs\n\n4. Add more RAM (reduces disk swapping)\n\n**Ticket Notes:**\nHDD bottleneck. Recommend SSD upgrade. [Temporary mitigations applied]"
},
{
"id": "ssd_disk_issue",
"type": "decision",
"question": "What's causing the SSD to be at 100%?",
"help_text": "Check Resource Monitor for disk activity",
"options": [
{"id": "ssd_search", "label": "Windows Search indexing", "next_node_id": "search_indexer_fix"},
{"id": "ssd_defender", "label": "Windows Defender scanning", "next_node_id": "defender_scan_fix"},
{"id": "ssd_updates", "label": "Windows Updates", "next_node_id": "windows_update_cpu"},
{"id": "ssd_full", "label": "Drive is nearly full", "next_node_id": "disk_space_issue"},
{"id": "ssd_other", "label": "Other / Unknown", "next_node_id": "ssd_troubleshoot"}
],
"children": [
{
"id": "defender_scan_fix",
"type": "solution",
"title": "Windows Defender Scanning",
"description": "Windows Defender can cause disk saturation during scans.\n\n**Check:**\n1. Open Windows Security\n2. Virus & threat protection\n3. Is a scan running?\n\n**If Scan Running:**\n- Let it complete (can take 30+ minutes)\n- Or pause scan temporarily\n\n**Optimize Defender:**\n1. **Schedule scans for off-hours:**\n - Task Scheduler > Microsoft > Windows > Windows Defender\n - Modify scheduled scan time\n\n2. **Add exclusions (carefully):**\n - Don't exclude user folders\n - Can exclude known-safe large folders\n\n**Ticket Notes:**\nDefender scan causing disk usage. [Let complete / Rescheduled]"
},
{
"id": "disk_space_issue",
"type": "action",
"title": "Low Disk Space",
"description": "SSD performance degrades when nearly full.\n\n**Best Practice:**\nKeep at least 15-20% free space on SSD.\n\n**Free Up Space:**\n1. **Disk Cleanup:**\n - Right-click C: > Properties > Disk Cleanup\n - Clean up system files\n - Check Windows Update cleanup\n\n2. **Remove Unused Programs:**\n - Settings > Apps > Sort by size\n - Uninstall unneeded apps\n\n3. **Clear Temp Files:**\n - %temp% folder\n - Downloads folder\n\n4. **Move Large Files:**\n - Move videos, archives to secondary drive\n - Use cloud storage (OneDrive)\n\n**Check:**\n`WinDirStat` or `TreeSize` to visualize disk usage.",
"action_command": "wmic logicaldisk get size,freespace,caption",
"next_node_id": "performance_resolution_success"
},
{
"id": "ssd_troubleshoot",
"type": "action",
"title": "SSD Troubleshooting",
"description": "SSD at 100% with no obvious cause.\n\n**Check with Resource Monitor:**\n1. Win+R > resmon\n2. Disk tab\n3. See exactly what files/processes are being accessed\n\n**Common Hidden Causes:**\n- Background cloud sync (OneDrive, Dropbox)\n- Antivirus scanning\n- System restore point creation\n- Windows telemetry\n\n**Fixes:**\n1. Disable AHCI Link Power Management:\n - Power Options > Change plan > Advanced\n - AHCI Link Power Management > Active\n\n2. Update SSD firmware:\n - Check manufacturer website\n\n3. Check SMART status:\n - May indicate failing SSD\n\n**Ticket Notes:**\nSSD performance issue. [Cause identified / Needs further investigation]",
"next_node_id": "performance_resolution_success"
}
]
},
{
"id": "check_disk_type",
"type": "action",
"title": "Determine Disk Type",
"description": "Find out if computer has SSD or HDD.\n\n**Method 1 - Task Manager:**\n1. Ctrl+Shift+Esc\n2. Performance tab\n3. Click on Disk\n4. Shows disk type (SSD/HDD)\n\n**Method 2 - Defragment Tool:**\n1. Search 'Defragment'\n2. Opens Optimize Drives\n3. Shows Media type for each drive\n\n**Method 3 - PowerShell:**\n```\nGet-PhysicalDisk | Select MediaType,FriendlyName\n```\n\n**HDD characteristics:** Slower, louder (clicking), cheaper\n**SSD characteristics:** Fast, silent, more expensive",
"action_command": "powershell Get-PhysicalDisk | Select MediaType,FriendlyName",
"next_node_id": "disk_issues"
}
]
},
{
"id": "other_causes",
"type": "decision",
"question": "Resources look normal - check other factors",
"help_text": "Slowness not caused by CPU/RAM/Disk",
"options": [
{"id": "check_thermals", "label": "Computer feels hot / fans loud", "next_node_id": "thermal_issues"},
{"id": "check_network", "label": "Slowness is network-related", "next_node_id": "network_slow"},
{"id": "check_visual", "label": "Graphics/display seems slow", "next_node_id": "graphics_issue"},
{"id": "needs_restart", "label": "Computer hasn't been restarted recently", "next_node_id": "restart_needed"}
],
"children": [
{
"id": "thermal_issues",
"type": "solution",
"title": "Thermal/Overheating Issues",
"description": "Computer may be throttling due to heat.\n\n**Signs of Overheating:**\n- Fans constantly running high\n- Computer feels hot\n- Performance drops under load\n- Unexpected shutdowns\n\n**Immediate Actions:**\n1. Ensure vents are not blocked\n2. Clean dust from vents (compressed air)\n3. Ensure proper ventilation around computer\n4. Check if laptop is on soft surface\n\n**Desktop:**\n- Open case and clean dust\n- Check all fans are working\n- Reapply thermal paste if skilled\n\n**Laptop:**\n- Use on hard, flat surface\n- Consider cooling pad\n- May need internal cleaning (service)\n\n**If Overheating Persists:**\nMay need hardware service.\n\n**Ticket Notes:**\nOverheating causing throttling. [Cleaning done / Service needed]"
},
{
"id": "network_slow",
"type": "solution",
"title": "Network-Related Slowness",
"description": "Computer feels slow but issue is actually network.\n\n**Signs It's Network:**\n- Web pages slow to load\n- Cloud apps (Teams, OneDrive) slow\n- Downloads/uploads slow\n- Task Manager shows low CPU/RAM/Disk\n\n**Check:**\n1. Speed test (speedtest.net)\n2. Ping to gateway and internet\n3. Are other users affected?\n\n**Solutions:**\n- Use wired connection instead of WiFi\n- Move closer to WiFi access point\n- Restart router/modem\n- Use Network Connectivity troubleshooting tree\n\n**Ticket Notes:**\nSlowness is network-related, not computer. [Network troubleshooting steps]"
},
{
"id": "graphics_issue",
"type": "solution",
"title": "Graphics Performance Issue",
"description": "Display/graphics feels sluggish.\n\n**Symptoms:**\n- Jerky window movement\n- Slow scrolling\n- Video playback issues\n- UI feels choppy\n\n**Check:**\n1. Device Manager > Display adapters\n2. Update graphics driver\n3. Check resolution settings\n\n**Quick Fixes:**\n1. **Reduce visual effects:**\n - System Properties > Advanced > Performance Settings\n - Choose 'Adjust for best performance'\n\n2. **Update graphics driver:**\n - Intel/AMD/NVIDIA website\n - Or Windows Update\n\n3. **Check display scaling:**\n - Display settings\n - Try 100% scaling\n\n**For Docking Stations:**\n- Update dock firmware\n- Check display connection\n\n**Ticket Notes:**\nGraphics performance issue. [Driver updated / Visual effects reduced]"
},
{
"id": "restart_needed",
"type": "action",
"title": "Restart Computer",
"description": "Simple restart often resolves performance issues.\n\n**Check Uptime:**\n1. Task Manager > Performance > CPU\n2. Look at 'Up time' at bottom\n3. If more than a week, restart is needed\n\n**Why Restart Helps:**\n- Clears memory leaks\n- Resets all services\n- Applies pending updates\n- Clears temp files\n\n**Proper Restart:**\n1. Save all work\n2. Use Start > Restart (not Shutdown)\n3. Restart completes update installations\n\n**Note:** Shutdown with Fast Startup doesn't fully reset.\n\n**After Restart:**\nCheck if performance improved.",
"next_node_id": "restart_result"
},
{
"id": "restart_result",
"type": "decision",
"question": "Did restarting improve performance?",
"options": [
{"id": "restart_helped", "label": "Yes, computer is faster now", "next_node_id": "performance_resolution_success"},
{"id": "restart_no_help", "label": "No, still slow", "next_node_id": "general_slow"}
],
"children": []
}
]
},
{
"id": "system_overwhelmed",
"type": "decision",
"question": "Multiple resources maxed - assess hardware capability",
"help_text": "Computer may be underpowered for workload",
"options": [
{"id": "too_many_apps", "label": "User running many applications", "next_node_id": "reduce_workload"},
{"id": "hardware_old", "label": "Hardware is old (5+ years)", "next_node_id": "hardware_upgrade_needed"},
{"id": "possible_malware", "label": "Unexpected - could be malware", "next_node_id": "malware_check"}
],
"children": [
{
"id": "reduce_workload",
"type": "solution",
"title": "Reduce Workload",
"description": "User running more than hardware can handle.\n\n**Current Workload Check:**\n- How many applications open?\n- How many browser tabs?\n- Any resource-heavy apps (video editing, VMs)?\n\n**Recommendations:**\n1. Close unused applications\n2. Reduce browser tabs (use bookmarks)\n3. Use lighter alternatives where possible\n4. Schedule heavy tasks separately\n\n**If This Is Normal Workload:**\n- Hardware upgrade needed\n- Request more capable computer\n\n**User Education:**\n- Explain resource limitations\n- Suggest workflow adjustments\n\n**Ticket Notes:**\nHardware overwhelmed by workload. [Recommendations provided / Upgrade requested]"
},
{
"id": "hardware_upgrade_needed",
"type": "solution",
"title": "Hardware Upgrade Needed",
"description": "Computer is too old/underpowered.\n\n**Assessment:**\n- Age of computer\n- Current specs vs requirements\n- User's typical workload\n\n**Upgrade Options:**\n1. **RAM upgrade** - Often possible, significant improvement\n2. **SSD upgrade** - Biggest single improvement for HDD systems\n3. **Full replacement** - May be more cost-effective for old systems\n\n**Recommendation Process:**\n1. Document current performance issues\n2. Note user requirements\n3. Submit for hardware refresh/upgrade request\n4. Provide workarounds while waiting\n\n**Ticket Notes:**\nHardware inadequate for workload. Requesting upgrade/replacement.\nCurrent specs: [specs]\nUser needs: [workload description]"
},
{
"id": "malware_check",
"type": "action",
"title": "Check for Malware",
"description": "Unexpected resource usage may indicate malware.\n\n**Quick Indicators:**\n- Unknown processes in Task Manager\n- Browser behaving strangely\n- Pop-ups or unwanted ads\n- Computer mining cryptocurrency\n\n**Run Scans:**\n1. Windows Security full scan\n2. If available, run Malwarebytes\n3. Check browser extensions\n\n**Check for:**\n- Programs that auto-start that shouldn't\n- Recent software installations\n- Suspicious browser extensions\n\n**If Malware Found:**\nProceed to malware remediation steps.",
"next_node_id": "malware_scan_result"
},
{
"id": "malware_scan_result",
"type": "decision",
"question": "Did the malware scan find anything?",
"options": [
{"id": "malware_detected", "label": "Yes, malware detected", "next_node_id": "malware_found"},
{"id": "no_malware", "label": "No malware found", "next_node_id": "hardware_upgrade_needed"}
],
"children": []
}
]
}
]
},
{
"id": "startup_slow",
"type": "action",
"title": "Diagnose Slow Startup",
"description": "Computer takes too long to boot.\n\n**Normal Startup Times:**\n- SSD: 15-30 seconds to desktop\n- HDD: 45-90 seconds to desktop\n\n**Check Startup Programs:**\n1. Task Manager > Startup tab\n2. Note 'Startup impact' column\n3. Disable unnecessary items:\n - Adobe updaters\n - iTunes helper\n - Manufacturer bloatware\n - Unused apps\n\n**Do NOT Disable:**\n- Antivirus\n- Audio/Graphics drivers\n- Security software\n\n**Other Startup Improvements:**\n- Upgrade to SSD (biggest impact)\n- Reduce desktop icons\n- Disable unused services",
"next_node_id": "startup_result"
},
{
"id": "startup_result",
"type": "decision",
"question": "Is startup faster after disabling unnecessary programs?",
"options": [
{"id": "startup_improved", "label": "Yes, starts faster now", "next_node_id": "performance_resolution_success"},
{"id": "startup_same", "label": "No, still slow", "next_node_id": "deep_startup_fix"}
],
"children": [
{
"id": "deep_startup_fix",
"type": "solution",
"title": "Deep Startup Optimization",
"description": "Startup still slow after disabling programs.\n\n**Check:**\n1. **Boot drive health:**\n - Run `wmic diskdrive get status`\n - Or check with manufacturer tool\n\n2. **Disk errors:**\n - `chkdsk C: /scan` (scan only)\n\n3. **Fast Startup:**\n - Control Panel > Power Options\n - Choose what power buttons do\n - Enable 'Turn on fast startup'\n\n4. **BIOS Settings:**\n - Disable unnecessary boot devices\n - Enable quick boot if available\n\n**If HDD:**\nStrongly recommend SSD upgrade.\n\n**Ticket Notes:**\nSlow startup investigated. [Findings and recommendations]"
}
]
},
{
"id": "progressive_slow",
"type": "decision",
"question": "Computer gets slower after being on - memory or thermal issue?",
"help_text": "Performance degrades over time",
"options": [
{"id": "progressive_hot", "label": "Computer gets hot", "next_node_id": "thermal_issues"},
{"id": "progressive_memory", "label": "Memory usage increases", "next_node_id": "memory_leak_check"},
{"id": "progressive_restart_helps", "label": "Restart temporarily fixes it", "next_node_id": "restart_needed"}
],
"children": []
},
{
"id": "app_specific_slow_computer",
"type": "decision",
"question": "Which application is slow?",
"help_text": "Specific application performance issue",
"options": [
{"id": "browser_slow", "label": "Web browser", "next_node_id": "browser_slow_fix"},
{"id": "office_slow", "label": "Microsoft Office apps", "next_node_id": "office_slow_fix"},
{"id": "teams_slow", "label": "Microsoft Teams", "next_node_id": "teams_slow_fix"},
{"id": "other_app_slow", "label": "Other application", "next_node_id": "generic_app_slow"}
],
"children": [
{
"id": "browser_slow_fix",
"type": "solution",
"title": "Slow Web Browser",
"description": "Web browser performance issues.\n\n**Quick Fixes:**\n1. Close unnecessary tabs\n2. Clear browsing data (cache, cookies)\n3. Disable or remove extensions\n4. Update browser to latest version\n\n**Chrome Specific:**\n- Shift+Esc for Task Manager\n- Find resource-heavy tabs/extensions\n- Disable 'Continue running background apps'\n\n**If Site-Specific:**\n- Site may be slow, not browser\n- Try different browser\n- Clear site data specifically\n\n**Reset Browser:**\nSettings > Reset and clean up > Restore settings to defaults\n\n**Consider:**\n- Switching to more efficient browser (Edge)\n- Using browser profiles\n\n**Ticket Notes:**\nBrowser slow. [Resolution steps taken]"
},
{
"id": "office_slow_fix",
"type": "solution",
"title": "Slow Microsoft Office",
"description": "Office applications running slowly.\n\n**General Fixes:**\n1. **Disable add-ins:**\n - File > Options > Add-ins > COM Add-ins > Go\n - Uncheck unnecessary add-ins\n\n2. **Disable hardware acceleration:**\n - File > Options > Advanced\n - Display > Disable hardware graphics acceleration\n\n3. **Repair Office:**\n - Settings > Apps > Microsoft 365 > Modify > Repair\n\n**Outlook Specific:**\n- Reduce mailbox size\n- Compact OST file\n- Reduce sync duration\n\n**Excel/Word Specific:**\n- Check file size (large files = slow)\n- Remove unnecessary formatting\n- Disable AutoSave temporarily\n\n**Ticket Notes:**\nOffice slow. [Resolution steps]"
},
{
"id": "teams_slow_fix",
"type": "solution",
"title": "Slow Microsoft Teams",
"description": "Teams performance issues.\n\n**Teams is Resource Heavy:**\n- Requires 4GB+ RAM\n- Electron-based app\n\n**Quick Fixes:**\n1. **Clear Teams cache:**\n - Close Teams completely\n - Delete: %appdata%\\Microsoft\\Teams\n - Restart Teams\n\n2. **Disable GPU acceleration:**\n - Settings > General\n - Disable 'Hardware acceleration'\n\n3. **Reduce features:**\n - Turn off read receipts\n - Disable chat backgrounds\n - Reduce notifications\n\n4. **Update Teams:**\n - Settings > About > Check for updates\n\n**For Video Calls:**\n- Turn off incoming video\n- Use gallery view instead of large gallery\n- Ensure good network connection\n\n**Consider:**\n- Web version (teams.microsoft.com) may be lighter\n- Teams 2.0 is more efficient when available\n\n**Ticket Notes:**\nTeams slow. [Resolution - cache cleared / settings adjusted]"
},
{
"id": "generic_app_slow",
"type": "solution",
"title": "Other Application Slow",
"description": "Non-standard application performance issue.\n\n**General Steps:**\n1. Check if app meets system requirements\n2. Update to latest version\n3. Reinstall application\n4. Check for known issues online\n\n**Collect Information:**\n- Application name and version\n- When did it start being slow?\n- What actions are slow specifically?\n- Does it use network resources?\n\n**If Business Application:**\n- Check with application vendor\n- Check application logs\n- May need application-specific support\n\n**If New Installation:**\n- System may not meet requirements\n- Check compatibility\n\n**Ticket Notes:**\n[Application] slow. [Investigation findings and resolution]"
}
]
},
{
"id": "sudden_slowdown",
"type": "decision",
"question": "What changed before the slowdown started?",
"help_text": "Sudden changes often have identifiable causes",
"options": [
{"id": "after_update", "label": "After Windows/software update", "next_node_id": "post_update_slow"},
{"id": "after_install", "label": "After installing new software", "next_node_id": "new_software_slow"},
{"id": "nothing_changed", "label": "Nothing changed / Unknown", "next_node_id": "malware_check"},
{"id": "after_browser", "label": "After visiting website / clicking link", "next_node_id": "possible_malware_infection"}
],
"children": [
{
"id": "post_update_slow",
"type": "solution",
"title": "Slow After Update",
"description": "Performance degraded after Windows or software update.\n\n**Normal Post-Update:**\n- First boot after update may be slow\n- Background indexing rebuilding\n- Settings being applied\n- Wait 30 minutes and reboot\n\n**If Persists:**\n1. **Check for additional updates:**\n - Sometimes multiple updates needed\n\n2. **Roll back driver update:**\n - Device Manager > Device > Properties > Driver > Roll Back\n\n3. **Uninstall problematic update:**\n - Settings > Update > View update history > Uninstall updates\n - Find recent update and uninstall\n\n4. **System Restore:**\n - Restore to point before update\n - Last resort\n\n**Ticket Notes:**\nSlow after update. [Wait and observe / Rolled back / Uninstalled update]"
},
{
"id": "new_software_slow",
"type": "solution",
"title": "Slow After New Software",
"description": "Performance issue after installing software.\n\n**Check:**\n1. What was installed?\n2. Is it running in background?\n3. Did it add startup items?\n\n**Resolution:**\n1. **Uninstall the software:**\n - Settings > Apps > Find and uninstall\n - Use Revo Uninstaller for complete removal\n\n2. **Check startup items:**\n - Task Manager > Startup\n - Disable any new items\n\n3. **Check services:**\n - services.msc\n - Look for new services related to software\n\n**If Software Is Needed:**\n- Check system requirements\n- Look for lighter alternative\n- Adjust software settings\n\n**Ticket Notes:**\nSlow after installing [software]. [Uninstalled / Adjusted settings]"
},
{
"id": "possible_malware_infection",
"type": "action",
"title": "Possible Malware Infection",
"description": "Slowdown after clicking link or visiting site - likely malware.\n\n**Signs of Infection:**\n- Browser redirects\n- Pop-up ads\n- New toolbars\n- Homepage changed\n- Unknown programs installed\n\n**Immediate Actions:**\n1. Disconnect from network (if spreading concern)\n2. Run full antivirus scan\n3. Run Malwarebytes scan\n4. Check browser extensions\n5. Check installed programs for new items\n\n**If Malware Found:**\nFollow malware remediation process.\n\n**Report:**\n- Note what site/link was clicked\n- Report to security team if phishing",
"next_node_id": "malware_scan_result"
}
]
},
{
"id": "malware_found",
"type": "solution",
"title": "Malware Remediation",
"description": "Malware detected on system.\n\n**Immediate Actions:**\n1. **Isolate if necessary:**\n - Disconnect from network if spreading\n\n2. **Let antivirus quarantine/remove:**\n - Don't just delete manually\n - Antivirus removal is safer\n\n3. **Run additional scans:**\n - Full Windows Defender scan\n - Malwarebytes if available\n - Second opinion scanner\n\n**After Cleanup:**\n1. Change passwords (may have been captured)\n2. Monitor for re-infection\n3. Check for data exfiltration\n\n**Severe Infection:**\n- May need full system wipe/rebuild\n- Restore from known-good backup\n- Escalate to security team\n\n**Documentation:**\n- Malware name/type\n- How it got in (if known)\n- Remediation steps\n\n**Escalate to:** Security team for investigation\n\n**Ticket Notes:**\nMalware found: [name]. [Remediation steps and status]"
},
{
"id": "performance_resolution_success",
"type": "solution",
"title": "Performance Issue Resolved",
"description": "Computer performance has been improved.\n\n**Verify:**\n- User confirms improvement\n- Task Manager shows normal resource usage\n- Specific issues resolved\n\n**Documentation:**\n- Original symptom\n- Root cause identified\n- Resolution applied\n- Any recommendations for user\n\n**User Guidance:**\n- Restart computer regularly (at least weekly)\n- Keep software updated\n- Don't install unnecessary software\n- Keep disk space available\n\n**Close ticket as:** Resolved - Performance Issue\n\n**If Upgrade Recommended:**\nDocument and create separate request for hardware upgrade."
}
]
}
}
def get_network_connectivity_tree() -> dict[str, Any]:
"""
Network Connectivity Issues - Comprehensive Tier 2 tree.
Covers WiFi, Ethernet, DNS, DHCP issues.
"""
return {
"name": "Network Connectivity Issues",
"description": "Troubleshooting guide for network connectivity problems including WiFi, Ethernet, DNS resolution, DHCP, and general connectivity diagnostics.",
"category": "Tier 2 - Desktop Support",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "What type of network connection issue?",
"help_text": "Identify the connection type and symptom",
"options": [
{"id": "no_connection", "label": "No network connection at all", "next_node_id": "no_network"},
{"id": "limited_connection", "label": "Connected but no internet", "next_node_id": "no_internet"},
{"id": "slow_network", "label": "Connection is very slow", "next_node_id": "slow_network_triage"},
{"id": "intermittent", "label": "Connection drops intermittently", "next_node_id": "intermittent_connection"},
{"id": "specific_sites", "label": "Can't access specific sites/services", "next_node_id": "partial_access"}
],
"children": [
{
"id": "no_network",
"type": "decision",
"question": "Is the user on WiFi or Ethernet?",
"help_text": "Check how computer is connected",
"options": [
{"id": "wifi_issue", "label": "WiFi (wireless)", "next_node_id": "wifi_no_connection"},
{"id": "ethernet_issue", "label": "Ethernet (wired)", "next_node_id": "ethernet_no_connection"},
{"id": "not_sure", "label": "Not sure", "next_node_id": "identify_connection_type"}
],
"children": [
{
"id": "wifi_no_connection",
"type": "decision",
"question": "Is the WiFi adapter enabled and seeing networks?",
"help_text": "Check network icon in system tray",
"options": [
{"id": "wifi_disabled", "label": "WiFi icon shows disabled/airplane", "next_node_id": "enable_wifi"},
{"id": "no_networks", "label": "WiFi on but no networks visible", "next_node_id": "wifi_adapter_issue"},
{"id": "networks_visible", "label": "Networks visible but won't connect", "next_node_id": "wifi_connect_issue"}
],
"children": [
{
"id": "enable_wifi",
"type": "action",
"title": "Enable WiFi Adapter",
"description": "WiFi is disabled - need to enable it.\n\n**Check:**\n1. **Physical switch:** Some laptops have a WiFi switch or Fn key combo\n2. **Airplane mode:** Ensure it's OFF\n3. **Network settings:** Settings > Network > WiFi > Turn On\n\n**If Still Disabled:**\n1. Device Manager > Network Adapters\n2. Find WiFi adapter\n3. Right-click > Enable device\n\n**If Adapter Missing:**\nMay need driver reinstall or hardware issue.",
"next_node_id": "wifi_enabled_result"
},
{
"id": "wifi_enabled_result",
"type": "decision",
"question": "Is WiFi now enabled and seeing networks?",
"options": [
{"id": "wifi_working", "label": "Yes, can see and connect", "next_node_id": "network_resolution_success"},
{"id": "still_no_wifi", "label": "No, still not working", "next_node_id": "wifi_adapter_issue"}
],
"children": []
},
{
"id": "wifi_adapter_issue",
"type": "action",
"title": "Troubleshoot WiFi Adapter",
"description": "WiFi adapter not working properly.\n\n**Steps:**\n1. **Device Manager check:**\n - Is there a warning icon on WiFi adapter?\n - Is adapter present at all?\n\n2. **Update/Reinstall Driver:**\n - Right-click adapter > Update driver\n - Or uninstall, restart to reinstall\n\n3. **Network Reset:**\n - Settings > Network > Advanced > Network reset\n - Will reinstall all network adapters\n\n4. **Hardware Check:**\n - Try external USB WiFi adapter\n - May be hardware failure\n\n**PowerShell:**\n```\nnetsh winsock reset\nnetsh int ip reset\nipconfig /flushdns\n```",
"action_command": "netsh wlan show drivers",
"next_node_id": "wifi_adapter_result"
},
{
"id": "wifi_adapter_result",
"type": "decision",
"question": "Is WiFi adapter now working?",
"options": [
{"id": "adapter_fixed", "label": "Yes, adapter working", "next_node_id": "wifi_connect_issue"},
{"id": "adapter_failed", "label": "No, hardware issue suspected", "next_node_id": "escalate_hardware"}
],
"children": []
},
{
"id": "wifi_connect_issue",
"type": "action",
"title": "WiFi Connection Issues",
"description": "Can see networks but can't connect.\n\n**Check Credentials:**\n1. Verify correct network selected\n2. Re-enter password carefully\n3. Check Caps Lock\n\n**Forget and Reconnect:**\n1. Click network > Forget\n2. Reconnect and enter password fresh\n\n**Common Issues:**\n- Wrong password\n- Network hidden (need exact name)\n- Too far from access point\n- MAC filtering on router\n\n**If Corporate Network:**\n- Certificate may be needed\n- May need domain credentials\n- Check if 802.1x authentication required",
"next_node_id": "connection_test"
}
]
},
{
"id": "ethernet_no_connection",
"type": "decision",
"question": "Is there a link light on the Ethernet port?",
"help_text": "Check for green/amber light on the network port",
"options": [
{"id": "no_link_light", "label": "No lights / no connection", "next_node_id": "check_ethernet_physical"},
{"id": "link_light_on", "label": "Link light is on", "next_node_id": "ethernet_driver_issue"}
],
"children": [
{
"id": "check_ethernet_physical",
"type": "action",
"title": "Check Physical Ethernet Connection",
"description": "No link established - check physical layer.\n\n**Check:**\n1. **Cable:** Firmly plugged in at both ends?\n2. **Try different cable:** Cables can fail\n3. **Try different port:** Switch port may be bad\n4. **Test with known-good device:** Does port work with other device?\n\n**For Docking Station:**\n- Try different dock port\n- Try direct connection to laptop\n- Update dock firmware\n\n**If All Ports Fail:**\n- Network switch may be down\n- Check with other users on same switch",
"next_node_id": "ethernet_physical_result"
},
{
"id": "ethernet_physical_result",
"type": "decision",
"question": "Is there now a link light?",
"options": [
{"id": "link_established", "label": "Yes, link light on now", "next_node_id": "ethernet_driver_issue"},
{"id": "still_no_link", "label": "No, still no link", "next_node_id": "escalate_network_infra"}
],
"children": []
},
{
"id": "ethernet_driver_issue",
"type": "action",
"title": "Check Ethernet Driver and Settings",
"description": "Link is up but no connection.\n\n**Device Manager:**\n1. Check for warnings on Ethernet adapter\n2. Update driver if needed\n3. Try uninstall and restart\n\n**Check Settings:**\n1. Settings > Network > Ethernet > Properties\n2. Ensure DHCP is enabled (or static IP correct)\n3. Check DNS settings\n\n**Reset Network Stack:**\n```\nnetsh winsock reset\nnetsh int ip reset\nipconfig /release\nipconfig /renew\n```\n\n**If Using Static IP:**\nVerify IP, subnet, gateway are correct for network.",
"action_command": "ipconfig /all",
"next_node_id": "connection_test"
}
]
},
{
"id": "identify_connection_type",
"type": "action",
"title": "Identify Connection Type",
"description": "Determine how the computer connects.\n\n**Check:**\n1. **Look for cable:** Is there an Ethernet cable plugged in?\n2. **Check network icon:** WiFi shows signal bars, Ethernet shows computer icon\n3. **Settings > Network:** Shows active adapter type\n\n**Common:**\n- Laptops often use WiFi\n- Desktops often use Ethernet\n- Docked laptops may use dock Ethernet",
"next_node_id": "no_network"
}
]
},
{
"id": "no_internet",
"type": "action",
"title": "Connected But No Internet",
"description": "Device is connected to network but can't reach internet.\n\n**Basic Diagnostics:**\n1. **Check IP address:**\n - ipconfig\n - If 169.254.x.x = DHCP issue\n - If correct IP = routing/DNS issue\n\n2. **Test connectivity:**\n - ping 8.8.8.8 (bypasses DNS)\n - If fails = routing issue\n - If works = DNS issue\n\n3. **Test DNS:**\n - ping google.com\n - If fails but IP ping works = DNS issue\n\n**Quick Fixes:**\n- ipconfig /release && ipconfig /renew\n- ipconfig /flushdns\n- Try manual DNS: 8.8.8.8 and 8.8.4.4",
"action_command": "ping 8.8.8.8 -n 4 && ping google.com -n 4",
"next_node_id": "no_internet_diagnosis"
},
{
"id": "no_internet_diagnosis",
"type": "decision",
"question": "What did the ping tests reveal?",
"options": [
{"id": "both_ping_fail", "label": "Both pings failed", "next_node_id": "routing_issue"},
{"id": "ip_works_dns_fails", "label": "IP ping works, name ping fails", "next_node_id": "dns_issue"},
{"id": "both_ping_work", "label": "Both pings work but still no internet", "next_node_id": "browser_proxy_issue"}
],
"children": [
{
"id": "routing_issue",
"type": "decision",
"question": "Does the computer have a valid IP address?",
"help_text": "Check ipconfig - look for 169.254.x.x (APIPA) or blank",
"options": [
{"id": "apipa_address", "label": "169.254.x.x address (APIPA)", "next_node_id": "dhcp_issue"},
{"id": "valid_ip", "label": "Has valid IP but can't reach gateway", "next_node_id": "gateway_issue"},
{"id": "no_ip", "label": "No IP address assigned", "next_node_id": "dhcp_issue"}
],
"children": [
{
"id": "dhcp_issue",
"type": "action",
"title": "DHCP Issue - No IP Address",
"description": "Computer not getting IP from DHCP.\n\n**Try:**\n1. ipconfig /release\n2. ipconfig /renew\n\n**If Still Failing:**\n- Check DHCP server is running (network team)\n- Try static IP temporarily to test\n- Check if other devices on network work\n\n**DHCP Troubleshooting:**\n- Is DHCP server reachable?\n- Is DHCP scope exhausted?\n- Is MAC address blocked?\n\n**Temporary Static IP:**\nAssign temporary static IP in correct subnet to test connectivity.",
"action_command": "ipconfig /release && ipconfig /renew",
"next_node_id": "dhcp_result"
},
{
"id": "dhcp_result",
"type": "decision",
"question": "Did DHCP assign an IP now?",
"options": [
{"id": "got_ip", "label": "Yes, got valid IP", "next_node_id": "connection_test"},
{"id": "still_no_ip", "label": "No, still no IP", "next_node_id": "escalate_network_infra"}
],
"children": []
},
{
"id": "gateway_issue",
"type": "action",
"title": "Gateway Unreachable",
"description": "Have IP but can't reach default gateway.\n\n**Check:**\n1. ping [gateway IP]\n2. Is gateway IP correct?\n3. Are you on correct VLAN/subnet?\n\n**Common Causes:**\n- Wrong subnet mask\n- VLAN mismatch\n- Gateway is down\n- Firewall blocking\n\n**Try:**\n- Check other devices on same network segment\n- Verify physical connectivity\n- Contact network team if gateway is down",
"next_node_id": "escalate_network_infra"
}
]
},
{
"id": "dns_issue",
"type": "action",
"title": "DNS Resolution Issue",
"description": "Can reach internet by IP but not by name.\n\n**Quick Fix:**\n```\nipconfig /flushdns\n```\n\n**Check DNS Settings:**\n1. ipconfig /all - note DNS servers\n2. Are DNS servers correct?\n3. Can you ping the DNS server?\n\n**Test DNS:**\n```\nnslookup google.com\nnslookup google.com 8.8.8.8\n```\n\n**If Internal DNS Fails:**\n- Internal DNS server may be down\n- Contact network team\n\n**Temporary Fix:**\n- Set DNS manually to 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare)",
"action_command": "nslookup google.com",
"next_node_id": "connection_test"
},
{
"id": "browser_proxy_issue",
"type": "solution",
"title": "Browser/Proxy Issue",
"description": "Network works but browser doesn't.\n\n**Check Proxy Settings:**\n1. Settings > Network > Proxy\n2. Ensure correct settings (may need auto-detect ON or OFF)\n\n**Browser Settings:**\n- Check browser proxy settings\n- Try different browser\n- Try incognito/private mode\n\n**Common Issues:**\n- Proxy misconfigured\n- PAC file not accessible\n- Browser cache issue\n\n**Try:**\n- Clear browser cache\n- Reset browser settings\n- Disable proxy temporarily\n\n**Ticket Notes:**\nNetwork works but browser failed. [Resolution]"
}
]
},
{
"id": "slow_network_triage",
"type": "decision",
"question": "Is the slowness affecting just this device or multiple?",
"help_text": "Determines if it's local or network-wide",
"options": [
{"id": "just_this_device", "label": "Just this computer", "next_node_id": "local_slow_network"},
{"id": "multiple_affected", "label": "Multiple users affected", "next_node_id": "network_wide_slow"},
{"id": "unknown_scope", "label": "Don't know", "next_node_id": "test_network_scope"}
],
"children": [
{
"id": "local_slow_network",
"type": "solution",
"title": "Local Network Slowness",
"description": "Network slow on this device only.\n\n**For WiFi:**\n- Move closer to access point\n- Check for interference\n- Try 5GHz instead of 2.4GHz\n- Update WiFi drivers\n\n**For Ethernet:**\n- Check cable quality\n- Try different port\n- Check for duplex mismatch\n- Update network drivers\n\n**General:**\n- Run speed test (speedtest.net)\n- Compare to expected speed\n- Check Task Manager for network usage\n\n**Ticket Notes:**\nNetwork slow on single device. [Cause and resolution]"
},
{
"id": "network_wide_slow",
"type": "solution",
"title": "Network-Wide Slowness",
"description": "Multiple users experiencing slow network.\n\n**This is a Network Infrastructure Issue**\n\n**Escalate to Network Team with:**\n- Number of users affected\n- Location/building/floor\n- When it started\n- Any pattern (specific times?)\n\n**Possible Causes:**\n- Internet circuit saturation\n- Switch/router issues\n- ISP problems\n- Network loop/broadcast storm\n\n**Ticket Priority:** High (multiple users affected)\n\n**Ticket Notes:**\nNetwork-wide slowness reported. Escalated to network team."
},
{
"id": "test_network_scope",
"type": "action",
"title": "Test Network Scope",
"description": "Determine if issue is local or widespread.\n\n**Test:**\n1. Ask nearby colleagues if they have issues\n2. Test from different device on same network\n3. Check company status page for known issues\n\n**Speed Test:**\n- Run speedtest.net\n- Note download/upload speeds\n- Compare to expected (ask IT for baseline)",
"next_node_id": "slow_network_triage"
}
]
},
{
"id": "intermittent_connection",
"type": "decision",
"question": "What type of connection?",
"options": [
{"id": "wifi_drops", "label": "WiFi dropping", "next_node_id": "wifi_stability"},
{"id": "ethernet_drops", "label": "Ethernet dropping", "next_node_id": "ethernet_stability"}
],
"children": [
{
"id": "wifi_stability",
"type": "solution",
"title": "WiFi Stability Issues",
"description": "WiFi connection dropping intermittently.\n\n**Common Causes:**\n- Weak signal / too far from AP\n- Interference (microwaves, cordless phones)\n- Too many devices on network\n- Driver issues\n- Power saving disconnecting\n\n**Fixes:**\n1. **Check signal strength:** Move closer to AP\n2. **Disable power saving:**\n - Device Manager > WiFi adapter > Properties\n - Power Management > Uncheck 'Allow to turn off'\n3. **Update drivers**\n4. **Change WiFi channel:** (requires router access)\n5. **Forget and reconnect to network**\n\n**Ticket Notes:**\nWiFi stability issues. [Resolution steps]"
},
{
"id": "ethernet_stability",
"type": "solution",
"title": "Ethernet Stability Issues",
"description": "Wired connection dropping intermittently.\n\n**Check:**\n1. **Cable quality:** Try different cable\n2. **Port issues:** Try different switch port\n3. **NIC issues:** Check for driver warnings\n4. **Duplex settings:** Should be auto or match switch\n\n**For Docking Stations:**\n- Update dock firmware\n- Try direct connection\n- Check dock power supply\n\n**Event Viewer:**\nCheck System log for network disconnect events.\n\n**Ticket Notes:**\nEthernet stability issues. [Cause and resolution]"
}
]
},
{
"id": "partial_access",
"type": "decision",
"question": "What can and can't be accessed?",
"options": [
{"id": "internal_only", "label": "Internal sites work, external don't", "next_node_id": "external_access_blocked"},
{"id": "external_only", "label": "External work, internal sites don't", "next_node_id": "internal_access_issue"},
{"id": "specific_site", "label": "Just one specific site/service", "next_node_id": "specific_site_issue"}
],
"children": [
{
"id": "external_access_blocked",
"type": "solution",
"title": "External Internet Blocked",
"description": "Can access internal but not external sites.\n\n**Possible Causes:**\n- Proxy not configured\n- Firewall blocking\n- Internet circuit down\n- DNS not resolving external\n\n**Check:**\n- Proxy settings correct?\n- Can ping 8.8.8.8?\n- Can nslookup google.com?\n- Are other users affected?\n\n**If Others Affected:**\nEscalate to network team - may be outage.\n\n**Ticket Notes:**\nExternal access issue. [Cause and resolution or escalation]"
},
{
"id": "internal_access_issue",
"type": "solution",
"title": "Internal Access Issue",
"description": "External works but internal sites don't.\n\n**Possible Causes:**\n- VPN not connected (if remote)\n- Split DNS issue\n- Internal DNS not working\n- Not on corporate network\n\n**Check:**\n- Is user on corporate network or VPN?\n- Can ping internal server by IP?\n- Is internal DNS responding?\n\n**For Remote Users:**\n- Verify VPN is connected\n- Check VPN routing\n\n**Ticket Notes:**\nInternal access issue. [Resolution steps]"
},
{
"id": "specific_site_issue",
"type": "solution",
"title": "Specific Site Access Issue",
"description": "One site/service not working.\n\n**Check:**\n1. Is the site actually up? (try from phone/different network)\n2. Is it blocked by web filter?\n3. DNS resolving correctly?\n4. Certificate error?\n\n**Try:**\n- Clear browser cache for that site\n- Try different browser\n- Try with VPN if available\n- Flush DNS: ipconfig /flushdns\n\n**If Site Blocked:**\n- May be blocked by policy\n- Request exception if business need\n\n**Ticket Notes:**\nCannot access [site]. [Cause and resolution]"
}
]
},
{
"id": "connection_test",
"type": "decision",
"question": "Test the network connection now",
"help_text": "Try accessing a website",
"options": [
{"id": "works_now", "label": "Network is working now", "next_node_id": "network_resolution_success"},
{"id": "still_broken", "label": "Still not working", "next_node_id": "no_internet"}
],
"children": []
},
{
"id": "escalate_network_infra",
"type": "solution",
"title": "Escalate to Network Team",
"description": "Issue requires network infrastructure support.\n\n**Include in Escalation:**\n- User location (building, floor, port)\n- Computer name\n- MAC address (getmac)\n- IP configuration (ipconfig /all)\n- Troubleshooting steps already taken\n- When issue started\n\n**Escalate to:** Network/Infrastructure Team\n\n**Ticket Priority:** Based on impact\n\n**Ticket Notes:**\nNetwork connectivity issue requiring infrastructure investigation."
},
{
"id": "escalate_hardware",
"type": "solution",
"title": "Hardware Issue Suspected",
"description": "Network adapter may have failed.\n\n**Options:**\n1. **Try USB network adapter** as workaround\n2. **Schedule hardware repair/replacement**\n3. **If under warranty** - manufacturer service\n\n**Document:**\n- Adapter behavior\n- Troubleshooting performed\n- Hardware diagnostics results if run\n\n**Ticket Notes:**\nNetwork adapter hardware failure suspected. [Next steps for repair/replacement]"
},
{
"id": "network_resolution_success",
"type": "solution",
"title": "Network Issue Resolved",
"description": "Network connectivity has been restored.\n\n**Verify:**\n- User can access internal resources\n- User can access internet\n- Connection is stable\n\n**Documentation:**\n- Original symptom\n- Root cause\n- Resolution steps\n\n**Close ticket as:** Resolved - Network Connectivity\n\n**User Guidance:**\n- Contact Help Desk if issue recurs\n- For WiFi issues, note connection quality tips"
}
]
}
}
# =============================================================================
# TIER 3 - SYSTEMS TREES
# =============================================================================
def get_file_share_access_tree() -> dict[str, Any]:
"""
File Share Access Problems - Comprehensive Tier 3 tree.
Covers permissions, DFS, mapped drives, SMB issues.
"""
return {
"name": "File Share Access Problems",
"description": "Troubleshooting guide for file share access issues including NTFS/share permissions, DFS, mapped drives, SMB connectivity, and authentication problems.",
"category": "Tier 3 - Systems",
"tree_structure": {
"id": "root",
"type": "decision",
"question": "What file share issue is the user experiencing?",
"help_text": "Identify the specific access problem",
"options": [
{"id": "cant_access_share", "label": "Cannot access share at all", "next_node_id": "no_share_access"},
{"id": "access_denied", "label": "Access denied error", "next_node_id": "permission_denied"},
{"id": "mapped_drive_issue", "label": "Mapped drive not connecting", "next_node_id": "mapped_drive_problem"},
{"id": "slow_access", "label": "Share access is very slow", "next_node_id": "slow_share_access"},
{"id": "file_locked", "label": "File locked by another user", "next_node_id": "file_lock_issue"}
],
"children": [
{
"id": "no_share_access",
"type": "decision",
"question": "Can the user ping the file server by name?",
"help_text": "Test basic connectivity to file server",
"options": [
{"id": "ping_works", "label": "Yes, ping succeeds", "next_node_id": "smb_connectivity"},
{"id": "ping_fails_name", "label": "No, name doesn't resolve", "next_node_id": "dns_share_issue"},
{"id": "ping_fails_ip", "label": "Can't ping even by IP", "next_node_id": "network_share_issue"}
],
"children": [
{
"id": "smb_connectivity",
"type": "action",
"title": "Test SMB Connectivity",
"description": "Server reachable - test SMB/file sharing.\n\n**Test Share Access:**\n1. Open Run (Win+R)\n2. Type: \\\\servername\n3. Should show available shares\n\n**If No Shares Shown:**\n- SMB ports may be blocked (445, 139)\n- Server may require authentication\n- Share permissions may deny listing\n\n**Check SMB Status:**\n```\nTest-NetConnection -ComputerName servername -Port 445\n```\n\n**If Port Blocked:**\nFirewall may be blocking SMB traffic.",
"action_command": "Test-NetConnection -ComputerName SERVERNAME -Port 445",
"next_node_id": "smb_test_result"
},
{
"id": "smb_test_result",
"type": "decision",
"question": "Can you browse to \\\\servername?",
"options": [
{"id": "browse_works", "label": "Yes, can see shares", "next_node_id": "permission_denied"},
{"id": "browse_fails", "label": "No, network error", "next_node_id": "smb_troubleshoot"},
{"id": "auth_prompt", "label": "Prompted for credentials", "next_node_id": "auth_issue"}
],
"children": [
{
"id": "smb_troubleshoot",
"type": "solution",
"title": "SMB Protocol Issue",
"description": "Cannot establish SMB connection.\n\n**Check SMB Version:**\nSMBv1 is disabled by default in modern Windows.\n\n**If Legacy Server:**\n- May require SMBv1 (security risk)\n- Better to upgrade server\n\n**Common Fixes:**\n1. **Clear cached credentials:**\n - net use * /delete\n - cmdkey /delete:servername\n\n2. **Reset network:**\n - ipconfig /flushdns\n - Restart Workstation service\n\n3. **Check SMB settings:**\n - Get-SmbServerConfiguration\n\n**Ticket Notes:**\nSMB connectivity issue. [Cause and resolution or escalation to server team]"
},
{
"id": "auth_issue",
"type": "decision",
"question": "What happens when credentials are entered?",
"options": [
{"id": "auth_accepted", "label": "Accepted, can access share", "next_node_id": "credential_not_cached"},
{"id": "auth_rejected", "label": "Credentials rejected", "next_node_id": "verify_credentials"},
{"id": "keeps_prompting", "label": "Keeps prompting repeatedly", "next_node_id": "credential_loop"}
],
"children": [
{
"id": "credential_not_cached",
"type": "solution",
"title": "Credentials Not Cached",
"description": "User needs to re-authenticate each time.\n\n**To Save Credentials:**\n1. When prompted, check 'Remember my credentials'\n2. Or: Control Panel > Credential Manager\n3. Add Windows Credential for the server\n\n**If On Domain:**\n- Should use SSO with domain credentials\n- Check user is logged in with domain account\n- Trust relationship may be broken\n\n**Ticket Notes:**\nCredential caching issue. [Resolution]"
},
{
"id": "verify_credentials",
"type": "solution",
"title": "Verify User Credentials",
"description": "Credentials being rejected.\n\n**Check:**\n1. Username format correct? (DOMAIN\\user or user@domain)\n2. Password correct?\n3. Account not locked?\n4. Account has permission to this share?\n\n**If Different Domain:**\n- May need cross-domain trust\n- May need local account on server\n\n**Clear Old Credentials:**\n```\ncmdkey /delete:servername\nnet use * /delete\n```\n\nThen try fresh.\n\n**Ticket Notes:**\nCredential rejection. [Cause and resolution]"
},
{
"id": "credential_loop",
"type": "solution",
"title": "Credential Loop Issue",
"description": "Keeps asking for credentials repeatedly.\n\n**Common Causes:**\n- Cached wrong credentials\n- Computer trust relationship broken\n- Kerberos ticket issues\n\n**Fixes:**\n1. **Clear all cached credentials:**\n - cmdkey /list (to see cached)\n - cmdkey /delete:target (remove each)\n - Or: net use * /delete\n\n2. **Restart computer:**\n - Clears ticket cache\n\n3. **Check computer domain membership:**\n - nltest /sc_query:DOMAINNAME\n - If trust broken, rejoin domain\n\n**Ticket Notes:**\nCredential loop issue. [Resolution steps]"
}
]
}
]
},
{
"id": "dns_share_issue",
"type": "action",
"title": "DNS Resolution for File Server",
"description": "Server name not resolving.\n\n**Test:**\n```\nnslookup servername\nnslookup servername.domain.com\n```\n\n**If Not Resolving:**\n1. Try FQDN (full name with domain)\n2. Try IP address directly: \\\\192.168.1.10\n3. Check DNS server settings\n4. DNS record may be missing\n\n**If DFS Namespace:**\n- Ensure DFS FQDN is used\n- Example: \\\\domain.com\\dfs\\share\n\n**Escalate to:** DNS/AD team if record missing.",
"action_command": "nslookup SERVERNAME",
"next_node_id": "file_share_resolution_success"
},
{
"id": "network_share_issue",
"type": "solution",
"title": "Network Issue to File Server",
"description": "Cannot reach file server by IP.\n\n**Check:**\n1. Is file server online? (check with server team)\n2. Firewall blocking traffic?\n3. User on correct network/VLAN?\n4. VPN connected if remote?\n\n**If Remote User:**\n- Must be on VPN\n- Check VPN routing includes file server network\n\n**If On-Premises:**\n- Check VLAN membership\n- Verify switch connectivity\n- May be firewall rule\n\n**Escalate to:** Network team for connectivity issue.\n\n**Ticket Notes:**\nCannot reach file server. Escalated to network/server team."
}
]
},
{
"id": "permission_denied",
"type": "decision",
"question": "What level of access is denied?",
"help_text": "Determine if share-level or file/folder level",
"options": [
{"id": "share_denied", "label": "Can't access the share at all", "next_node_id": "share_permission_issue"},
{"id": "folder_denied", "label": "Can access share but not specific folder", "next_node_id": "ntfs_permission_issue"},
{"id": "no_write", "label": "Can read but can't write/modify", "next_node_id": "write_permission_issue"}
],
"children": [
{
"id": "share_permission_issue",
"type": "action",
"title": "Check Share Permissions",
"description": "User cannot access the share.\n\n**Check Share Permissions:**\n1. On file server: Right-click share > Properties > Sharing > Advanced > Permissions\n2. User needs at least 'Read' on share permissions\n3. Check group membership: Is user in an allowed group?\n\n**PowerShell (on server):**\n```\nGet-SmbShareAccess -Name ShareName\n```\n\n**Common Issue:**\n- Share permissions allow, but NTFS denies\n- Both must allow access\n\n**Resolution:**\n- Add user/group to share permissions\n- Or add user to existing allowed group\n\n**Ticket Notes:**\nShare permission issue. [Resolution or escalation]",
"action_command": "Get-SmbShareAccess -Name SHARENAME",
"next_node_id": "permission_fix_result"
},
{
"id": "ntfs_permission_issue",
"type": "action",
"title": "Check NTFS Permissions",
"description": "User can access share but not specific folder.\n\n**NTFS Permission Check:**\n1. On server: Right-click folder > Properties > Security\n2. Check which groups have access\n3. Verify user is in one of those groups\n\n**PowerShell:**\n```\nGet-Acl \"D:\\Shares\\Folder\" | Format-List\n```\n\n**Check User's Groups:**\n```\nwhoami /groups\n```\n\n**Common Issues:**\n- User not in required group\n- Explicit deny on user/group\n- Permission inheritance broken\n\n**Resolution:**\n- Add user to appropriate group\n- Or modify NTFS permissions directly",
"action_command": "whoami /groups",
"next_node_id": "permission_fix_result"
},
{
"id": "write_permission_issue",
"type": "solution",
"title": "No Write Permission",
"description": "User can read but can't create/modify files.\n\n**Check Both:**\n1. **Share Permissions:** Needs 'Change' or 'Full Control'\n2. **NTFS Permissions:** Needs 'Modify' or 'Write'\n\n**Common Scenario:**\n- Share allows 'Change'\n- NTFS only allows 'Read'\n- Result: Read-only access\n\n**Most Restrictive Wins:**\nEffective permission is the MOST restrictive of Share AND NTFS.\n\n**Resolution:**\n- Verify business need for write access\n- Add appropriate NTFS permission\n- Or add user to group with write access\n\n**Ticket Notes:**\nWrite permission needed. [Verified business need / Granted by adding to group]"
},
{
"id": "permission_fix_result",
"type": "decision",
"question": "Were permissions adjusted?",
"options": [
{"id": "perms_fixed", "label": "Yes, user now has access", "next_node_id": "file_share_resolution_success"},
{"id": "need_approval", "label": "Need manager/data owner approval", "next_node_id": "request_permission_approval"},
{"id": "cannot_change", "label": "Don't have rights to change", "next_node_id": "escalate_permissions"}
],
"children": [
{
"id": "request_permission_approval",
"type": "solution",
"title": "Request Permission Approval",
"description": "Access change requires approval.\n\n**Process:**\n1. Identify data owner for the share/folder\n2. Submit access request with:\n - User name and department\n - What access is needed (Read/Write)\n - Business justification\n3. Once approved, implement change\n\n**Document:**\n- Approval obtained from: [name]\n- Date: [date]\n- Access granted: [details]\n\n**Ticket Notes:**\nAccess request submitted. Pending approval from data owner."
},
{
"id": "escalate_permissions",
"type": "solution",
"title": "Escalate Permission Change",
"description": "Need elevated access to modify permissions.\n\n**Escalate to:** File Server / Storage team\n\n**Include:**\n- Share path and folder path\n- Current permissions\n- Requested change\n- Approval (if already obtained)\n\n**Ticket Notes:**\nPermission change required. Escalated to file server team."
}
]
}
]
},
{
"id": "mapped_drive_problem",
"type": "decision",
"question": "What's the mapped drive symptom?",
"help_text": "Identify the mapping issue",
"options": [
{"id": "drive_missing", "label": "Drive letter missing from Explorer", "next_node_id": "missing_drive_letter"},
{"id": "drive_red_x", "label": "Drive shows with red X", "next_node_id": "disconnected_drive"},
{"id": "drive_wrong_content", "label": "Drive shows wrong content", "next_node_id": "wrong_mapping"}
],
"children": [
{
"id": "missing_drive_letter",
"type": "action",
"title": "Missing Mapped Drive",
"description": "Drive letter not appearing.\n\n**Check Current Mappings:**\n```\nnet use\n```\n\n**If Not Mapped:**\nRe-map the drive:\n```\nnet use Z: \\\\server\\share /persistent:yes\n```\n\n**If Using Group Policy:**\n- Run gpupdate /force\n- Check Group Policy processing\n- Drive may be targeted and user not in scope\n\n**If Using Login Script:**\n- Check script is running\n- Check for errors in script\n\n**Ticket Notes:**\nMapped drive missing. [Remapped / GPO issue / Script issue]",
"action_command": "net use",
"next_node_id": "file_share_resolution_success"
},
{
"id": "disconnected_drive",
"type": "action",
"title": "Disconnected Mapped Drive",
"description": "Drive shows red X - disconnected.\n\n**Common Causes:**\n- Server unreachable\n- Credentials expired\n- Network not connected\n- VPN not connected (remote user)\n\n**Quick Fix:**\n1. Double-click the drive to reconnect\n2. May prompt for credentials\n\n**If Doesn't Reconnect:**\n1. net use Z: /delete\n2. net use Z: \\\\server\\share /persistent:yes\n\n**For Remote Users:**\nEnsure VPN is connected before accessing.\n\n**Ticket Notes:**\nMapped drive disconnected. [Reconnected / Remapped]",
"next_node_id": "file_share_resolution_success"
},
{
"id": "wrong_mapping",
"type": "solution",
"title": "Incorrect Drive Mapping",
"description": "Drive points to wrong location.\n\n**Fix:**\n1. Remove incorrect mapping:\n - net use Z: /delete\n\n2. Add correct mapping:\n - net use Z: \\\\correctserver\\correctshare /persistent:yes\n\n**If GPO/Script Mapped:**\n- User may be getting wrong drive from policy\n- Check GPO targeting\n- Check login script logic\n\n**Ticket Notes:**\nDrive mapped incorrectly. [Corrected mapping]"
}
]
},
{
"id": "slow_share_access",
"type": "decision",
"question": "Is the slowness affecting just this user or multiple?",
"options": [
{"id": "just_this_user_slow", "label": "Just this user", "next_node_id": "local_share_slow"},
{"id": "multiple_slow", "label": "Multiple users report slowness", "next_node_id": "server_performance_issue"}
],
"children": [
{
"id": "local_share_slow",
"type": "solution",
"title": "Local File Share Slowness",
"description": "Slow access for single user.\n\n**Check:**\n1. Network connection quality\n2. VPN if remote (adds latency)\n3. Antivirus scanning files\n4. Large number of files in folder\n\n**For Remote/VPN Users:**\n- Latency is inherent\n- Consider offline files/OneDrive sync\n- Don't open large files over VPN\n\n**For Local Users:**\n- Check network speed\n- Try from different computer\n- Check for local firewall issues\n\n**Ticket Notes:**\nSlow file access. [Cause: network/VPN latency/AV scanning]"
},
{
"id": "server_performance_issue",
"type": "solution",
"title": "File Server Performance Issue",
"description": "Multiple users reporting slow access.\n\n**This is a Server Issue**\n\n**Escalate to:** File Server / Storage team\n\n**Include:**\n- Number of users affected\n- When slowness started\n- Specific share(s) affected\n- Any recent changes?\n\n**Possible Causes:**\n- Server overloaded\n- Storage array issues\n- Network congestion\n- Backup running\n\n**Ticket Priority:** High (multiple users)\n\n**Ticket Notes:**\nMultiple users experiencing slow file access. Escalated to storage team."
}
]
},
{
"id": "file_lock_issue",
"type": "decision",
"question": "Is the file lock message accurate?",
"help_text": "Is another user actually using the file?",
"options": [
{"id": "user_has_file", "label": "Yes, another user has the file open", "next_node_id": "coordinate_access"},
{"id": "stale_lock", "label": "No, user closed file but lock persists", "next_node_id": "stale_file_lock"},
{"id": "unknown_lock", "label": "Can't identify who has it locked", "next_node_id": "identify_lock_owner"}
],
"children": [
{
"id": "coordinate_access",
"type": "solution",
"title": "Coordinate File Access",
"description": "File legitimately in use by another user.\n\n**Options:**\n1. **Contact the user:** Ask them to close the file\n2. **Wait:** User may close shortly\n3. **Open read-only:** Can view but not edit\n4. **Use SharePoint/OneDrive:** Enables co-authoring\n\n**For Office Files:**\nMay be able to make a copy and merge changes later.\n\n**Ticket Notes:**\nFile in use by [user]. Coordinated access."
},
{
"id": "stale_file_lock",
"type": "action",
"title": "Clear Stale File Lock",
"description": "File lock persists after user closed it.\n\n**Options:**\n\n1. **Have 'owner' restart computer:**\n - Releases lock cleanly\n\n2. **Admin can close open files:**\n On file server: Computer Management > Shared Folders > Open Files\n Close the specific file.\n\n**PowerShell (on server):**\n```\nGet-SmbOpenFile | Where {$_.Path -like '*filename*'}\nClose-SmbOpenFile -FileId [ID] -Force\n```\n\n3. **Server team can restart file server service:**\n Last resort - briefly disrupts all users.\n\n**Ticket Notes:**\nStale file lock cleared. [Method used]",
"next_node_id": "file_share_resolution_success"
},
{
"id": "identify_lock_owner",
"type": "action",
"title": "Identify Who Has File Locked",
"description": "Find out who has the file open.\n\n**On File Server:**\n1. Computer Management > Shared Folders > Open Files\n2. Find the file in question\n3. Shows username who has it open\n\n**PowerShell:**\n```\nGet-SmbOpenFile | Where {$_.Path -like '*filename*'} | Select ClientUserName,Path\n```\n\n**Once Identified:**\n- Contact user to close file\n- Or close forcibly if stale\n\n**Ticket Notes:**\nIdentified [user] has file locked.",
"next_node_id": "coordinate_access"
}
]
},
{
"id": "file_share_resolution_success",
"type": "solution",
"title": "File Share Issue Resolved",
"description": "File share access has been restored.\n\n**Verify:**\n- User can access the share/folder\n- User can perform needed actions (read/write)\n- No error messages\n\n**Documentation:**\n- Share path\n- Original issue\n- Root cause\n- Resolution applied\n- Approvals obtained (for permission changes)\n\n**Close ticket as:** Resolved - File Share Access\n\n**Audit Note:**\nPermission changes should be documented for audit purposes."
}
]
}
}
# =============================================================================
# SEEDING FUNCTIONS
# =============================================================================
async def get_admin_token(client: httpx.AsyncClient) -> str:
"""Get authentication token using provided admin credentials."""
if not ADMIN_EMAIL or not ADMIN_PASSWORD:
raise Exception("Admin email and password are required. Use --email and --password arguments.")
# Login with provided credentials
login_response = await client.post(
f"{API_BASE_URL}/auth/login",
data={"username": ADMIN_EMAIL, "password": ADMIN_PASSWORD}
)
if login_response.status_code != 200:
raise Exception(f"Failed to login: {login_response.text}")
token_data = login_response.json()
return token_data["access_token"]
async def create_tree(client: httpx.AsyncClient, token: str, tree_data: dict) -> dict | None:
"""Create a tree via the API. Returns None if tree already exists."""
headers = {"Authorization": f"Bearer {token}"}
# Check if tree with same name exists
list_response = await client.get(f"{API_BASE_URL}/trees", headers=headers)
if list_response.status_code == 200:
existing_trees = list_response.json()
for tree in existing_trees:
if tree["name"] == tree_data["name"]:
print(f" [SKIP] Tree '{tree_data['name']}' already exists (ID: {tree['id']})")
return None
# Mark as default/system tree (public and visible to all)
tree_data["is_default"] = True
tree_data["is_public"] = True
# Create the tree
response = await client.post(
f"{API_BASE_URL}/trees",
json=tree_data,
headers=headers
)
if response.status_code not in (200, 201):
raise Exception(f"Failed to create tree '{tree_data['name']}': {response.text}")
tree = response.json()
print(f" [OK] Created tree '{tree_data['name']}' (ID: {tree['id']})")
return tree
async def seed_database():
"""Main seeding function."""
print("\n" + "=" * 60)
print(" PATHERLY - MSP/SMB Troubleshooting Trees Seeder")
print("=" * 60)
async with httpx.AsyncClient(timeout=60.0) as client:
# Check if API is running
try:
health_check = await client.get(f"{API_BASE_URL.replace('/api/v1', '')}/health")
if health_check.status_code != 200:
print(f"\n[ERROR] API health check failed: {health_check.status_code}")
return False
except httpx.ConnectError:
print("\n[ERROR] Cannot connect to API server")
print(f" Make sure the server is running at {API_BASE_URL}")
print(" Run: uvicorn app.main:app --reload")
return False
# Authenticate with admin credentials
print("\n[1/3] Authenticating...")
try:
token = await get_admin_token(client)
print(f" Logged in as {ADMIN_EMAIL}")
except Exception as e:
print(f" [ERROR] Failed to authenticate: {e}")
return False
# Get all tree definitions
print("\n[2/3] Preparing decision trees...")
trees_to_create = [
# Tier 1 - Help Desk
("Tier 1 - Help Desk", get_password_reset_tree()),
("Tier 1 - Help Desk", get_outlook_email_tree()),
("Tier 1 - Help Desk", get_vpn_tree()),
("Tier 1 - Help Desk", get_printer_tree()),
# Tier 2 - Desktop Support
("Tier 2 - Desktop Support", get_slow_computer_tree()),
("Tier 2 - Desktop Support", get_network_connectivity_tree()),
# Tier 3 - Systems
("Tier 3 - Systems", get_file_share_access_tree()),
]
print(f" Found {len(trees_to_create)} trees to seed\n")
# Create trees
print("[3/3] Creating decision trees...")
created_count = 0
skipped_count = 0
current_category = None
for category, tree_data in trees_to_create:
if category != current_category:
print(f"\n {category}:")
current_category = category
try:
result = await create_tree(client, token, tree_data)
if result:
created_count += 1
else:
skipped_count += 1
except Exception as e:
print(f" [FAIL] Failed to create '{tree_data['name']}': {e}")
# Summary
print("\n" + "=" * 60)
print(" SEEDING COMPLETE")
print("=" * 60)
print(f" Trees created: {created_count}")
print(f" Trees skipped (already exist): {skipped_count}")
print(f" Total trees in system: {created_count + skipped_count}")
print()
return True
def main():
parser = argparse.ArgumentParser(
description="Seed the ResolutionFlow database with MSP/SMB troubleshooting trees"
)
parser.add_argument(
"--api-url",
default="http://localhost:8000/api/v1",
help="API base URL (default: http://localhost:8000/api/v1)"
)
parser.add_argument(
"--email",
required=True,
help="Admin user email for authentication"
)
parser.add_argument(
"--password",
required=True,
help="Admin user password for authentication"
)
args = parser.parse_args()
global API_BASE_URL, ADMIN_EMAIL, ADMIN_PASSWORD
API_BASE_URL = args.api_url
ADMIN_EMAIL = args.email
ADMIN_PASSWORD = args.password
success = asyncio.run(seed_database())
exit(0 if success else 1)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink