OCS Inventory NG 2.3 Complete install guide on Debian 8.7 Jessie

New and updated version for Debian Stretch and OCS Inventory NG server 2.5 can be found here!

Hi !
Long time, no see, right?

Today I would like to introduce long awaited OCS Inventory NG server 2.3 on updated Jessie version of Debian. New version comparing to 2.1 introduces few new features as well as completely redesigned User Interface. As daily user of older version of OCS NG Server it was quite hard to switch to new UI but eventually I find it more clear and useful. Also, it is more up-to-date in technical aspects but I leave this for others to describe.

Right now I would like to show how we can install it, configure, tweak it a bit, connect computers and deploy software. YES! All in one guide!

Never done this before. Took me few good days to develop all the steps as well as test it. Finally (after around 10 builds)  I was able to setup and make it fully functional with deployment checked in less than an hour (with Debian net install). So… hope you will find it useful and it will help you, dear Reader.

Let’s begin

Table of Contents

  1. Assumptions for installing OCS Inventory NG on Debian
  2. Preparation to install OCS Inventory NG
  3. Debian Installation
  4. Apache, MySQL and packages installation
  5. OCS Inventory NG Installation
  6. OCS Inventory NG Configuration
  7. OCS Inventory NG Agent Installation
  8. OCS Inventory NG Software Deployment
  9. Summary

This seems to be long and complicated but I found this release of OCS Inventory NG server more user friendly and actually easier to setup. There are, however, few catches that you have to keep in mind, but they are all described or mentioned. So don’t be afraid. Just proceed and in and hour or two you should get fully working OCS Inventory NG server with first computer inventoried and deployment tested and working!

We will install everything from the scratch (well, without VM Host/VM Player/Workstation). Everything is in their newest versions at the time of writing this Guide. All commands are tested and can be directly copied to console. I advise using PuTTY as console host since it provides copy/paste and I find it more convenient than using VM console. Also, for performing file copy/paste to VM/Linux host I’m using WinSCP. As VM for this guide I will use VM Workstation Player which is pretty good and allows you do define all VM settings as well as configure advanced network settings like lan-segments and network type. It can be downloaded here.

Ok, making long story short. It’s easy and it’s FREE! 🙂

1. Assumptions for installing OCS NG on Debian

  • We are installing OCS Inventory NG on official Debian Linux Distro available at:
  1. http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.7.1-amd64-netinst.iso
  • We are installing official OCS NG Inventory Server and OCS NG reports available at: https://github.com/OCSInventory-NG
  • We are installing all in VMWare Workstation Player available at: http://www.vmware.com/pl/products/workstation.html but this not really matter. Just pointing this.
  • We will install both roles (yeah, I know it sounds kind a Windows Server naming) on one Virtual Machine. Unless your environment is very big or distributed it’s ok.
  • We will use self-signed certificates in order to secure communication and allow proper working of Deployment feature
  • We will set ocs-reports as main page for Apache since it runs on separate VM. No more fqdn/ip/ocsreports for accessing reports console.
  • VM will use 2 addresses: WAN (bridged to real network) and LAN (host only network)
  • We will use MySQL as DB and phpMyAdmin as admin console for MySQL

Ok now, if we know what exactly we will do, let’s actually do something! Let’s prepare all stuff that will be needed:

2. Preparation to install OCS Inventory NG

Download current Debian ISO from http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.7.1-amd64-netinst.iso

  1. Download or keep links for both OCS Inventory NG Reports:

https://github.com/OCSInventory-NG/OCSInventory-ocsreports/releases

  1. Download and install VMWare player or anything else capable of running this VM OR install on real host (I do not recommend this in terms of time, scalability, moving capabilities etc.)
  2. Download and install WinSCP if you do not have it already (we will use it to download SSL cert from the server)
  3. Download OCS Packager from: https://github.com/OCSInventory-NG/Packager-for-Windows/releases
  4. Download OCS Windows Agent from: https://github.com/OCSInventory-NG/WindowsAgent/releases
  5. Generate some passwords: for DB, for Root Users (DB and Debian), for Admin

If we have all the data, we can proceed to installing stuff. It will take some time but if you follow all the steps, it should be successful.

By |2018-11-02T14:47:08+00:00March 6th, 2017|How-To's, OCS Inventory NG|65 Comments

About the Author:

I am passionate about Systems Administration. I like to face new challenges and test new environments.Windows and Linux Debian boxes (both physical and virtual) are my favourites. I like solving problems related to Windows Server roles and services as well as Linux but some distributions in particular. I'm not considering myself as Linux master but surely, I always do my best to fit the needs. On the other hand I consider myself as a Windows Server Professional and in terms of WS and Windows Desktops I always follow best practices, good advices and opinions from other admins.

65 Comments

  1. oli March 8, 2017 at 17:58 - Reply

    Thanks a lot, i was struggling (a lot) to understand why i had the “WARNING: Can’t find information file at https…” error… you confirmed that i am not that crazy…

    one comment : there’s sometinhg missing in the default-ssl.conf :

    DirectoryIndex disabled
    Options Indexes
    Require all granted

    • Miłosz Engel March 8, 2017 at 21:50 - Reply

      Thanks for the comment! I was surprised as well with that warning but I found that deployment just works. Don’t know , however, what you mean by there’s something missing in default-SSL.conf. Lines you posted seems good: Users are not allowed to index/browse folder, and all users are allowed to access. Do you see any errors? Can you post them?

  2. Xdav March 11, 2017 at 18:49 - Reply

    Great job and good stuff !

    • Miłosz Engel March 12, 2017 at 19:31 - Reply

      Thanks for the feedback. Good to know that it worked for you!

  3. Johny March 15, 2017 at 17:22 - Reply

    I’M so sorry man, i made every step jus like you said….but for the 3º time, my oassword don’t go. I use the same user and password on website that a put on phpmyadmin and apache2.conf……what should I do?

    • Miłosz Engel March 17, 2017 at 00:08 - Reply

      If you are talking about first time login to Ocs-ng just input admin/admin 🙂 that’s the problem?

      • Johny March 25, 2017 at 13:50 - Reply

        Man, thanks a lot…. worked……I know that my questions are newbie questions,,,,,but is just because I’m learning right now on the university…..and I have another question…..on my VM I only installed because I installed the build-essential before to run the ‘./setup.sh’ why can’t I install like your tutorial if I’m doing what u tell to do? can u tell me something…..and I’m trying to do this to make a link to glpi in the same server….thanks a lot…….

  4. Guillaume March 17, 2017 at 17:20 - Reply

    Hello i made every step but my w10 is no’t importing in my ocs server :/

    • Miłosz Engel March 18, 2017 at 00:52 - Reply

      Any errors? Logs please? Server url added correctly with ocsinventory at the end? If you have valid SSL cert, you MUST include it in ocs agent or add later in order to use https. Paste agent log files for start, cheers!

  5. Guillaume March 18, 2017 at 11:15 - Reply

    I can’t access to myip/ocsinventory.
    This is my log :
    ********************************************************
    Starting OCS Inventory NG Agent 2.3.0.0 setup on 17/03/2017 at 11:20:55
    Checking if setup not already running…OK.
    Checking Operating System…OK, Windows 2000 or higher.
    Command line is: “B:\ocs\OCSNG-Windows-Agent-2.3.0.0\OCSNG-Windows-Agent-2.3.0.0\OCS-NG-Windows-Agent-Setup.exe”
    Parsing command line arguments…OK.
    Checking for silent mode…Disabled.
    Checking for splash screen…Enabled.
    Checking if logged in user has Administrator privileges…OK.
    Creating directory …
    SetACL allowing Users / Power users read/write permissions on …Result: error
    SetACL propagating inherited permissions on …Result: error
    Trying to determine if service was previously installed…Yes.
    Trying to stop service and kill processes…
    Is Service running…Yes.
    Trying to stop Service …Ok
    Is Service running…No – Waiting 1 second(s) for Service to stop…
    Trying to kill process OcsSystray.exe…Result: 0
    Trying to kill process OcsSystray.exe…Result: 603
    Trying to kill process OcsService.exe…Result: 603
    Trying to kill process OCSInventory.exe…Result: 603
    Trying to kill process download.exe…Result: 603
    Trying to kill process inst32.exe…Result: 603
    Waiting 10 seconds for processes to terminate…
    Copying new files to directory …
    Windows XP or higher detected, installing default cURL library and MS CRT/MFC 9.0…
    Copying new files status is 😉
    Writing agent configuration file by launching ocsinventory.exe /SAVE_CONF…Result: 0
    Windows Advanced Firewall is not available (Vista or higher). Skip adding custom rules.
    [/NOW] used, so launching “C:\Program Files (x86)\OCS Inventory Agent\ocsinventory.exe”…Result: 4
    Creating startup menu shortCut to start Systray applet…
    Checking if service OCS Inventory Service is registered into Windows Service Manager…Yes
    Nothing to do to register OCS Inventory Service into Windows Service Manager.
    Starting OCS Inventory Service…Ok.
    SUCCESS: OCS Inventory NG Agent 2.3.0.0 successfully installed on 17/03/2017 at 11:22:06
    😉

    • Miłosz Engel March 20, 2017 at 23:29 - Reply

      Can you post OCSInventory.log located in C:\ProgramData\OCS Inventory NG\Agent
      Then if you can post apache access.log and error.log from server? Any other errors?
      Also I don’t see any server information in posted log file.

  6. Fredy March 21, 2017 at 11:42 - Reply

    Hi !

    I encountered a problem at the end of ssl encryption. I followed every steps like you but when I try to connect to my ocs with my desktop at https://my_ip/ocsreports the ssl don’t work and it told my that the website is not safe.

    Thanks in advance for your help 🙂

    • Miłosz Engel March 23, 2017 at 11:23 - Reply

      This is normal! If you generate SSL cert that is self signed and the signing Party(aka certification authority) is not in your trusted root CA store on Windows box(or ssl store in Firefox) it will give you that kind of warning. That’s normal. You can safely ignore that warning and proceed with using OCS.

  7. Fredy March 22, 2017 at 16:13 - Reply

    Hi !

    Thanks for your awesome job here, this site is a gold mine !

    I encountered a problem a the end of ssl part. The SSL works when I’m on my linux VM but when I go to https://my_ip_server/ocsreports the SSL don’t work and it told me that the website is not safe.

    I don’t understand why… Can you help me pls ?

  8. mauricio March 30, 2017 at 18:46 - Reply

    this article is wonderful, congratulations.
    i have a problem….
    when I export to XML received ACCESS DENIED
    can you help me?
    thansk you

    • Miłosz Engel March 31, 2017 at 09:54 - Reply

      Could you share a bit more information what do you want to export to xml? Computer data? You can examine access.log and error.log in apache. Maybe some permissions are missing somewhere?

  9. mauricio March 31, 2017 at 18:22 - Reply

    thanks for your answer.
    this access denied is when select any computer for view all componets such as network, memory, hard disk, ertc y go to Export XML.
    I don’t any errors in the logs of Apache.
    I suppose that is an error in permission but i don’t see.
    please a need your help.
    thanks you

    • Miłosz Engel April 2, 2017 at 21:06 - Reply

      I tried what you did on a fresh install and I was able to download the xml file without any problems. is www-data owner of /usr/share/ocsinventory-reports and /var/lib/ocsinventory-reports. What OS you are running?

  10. vixen April 1, 2017 at 21:21 - Reply

    thank you, nice job.

  11. Peter April 24, 2017 at 15:22 - Reply

    Hi Milosz,

    thanks for your tutorial. I’m having a problem:

    -Starting OCSLogon from cmd: C:\Users\asdf\Desktop>OcsLogon.exe /SERVER=https://ocsng/ocsinventory /PACKAGER /DEBUG

    Logfile:
    Downloading the ocs package from Server fails with Downloading file without server authentication…SendRequest Error: Failed downloading file !

    -If i open URL with Firefox->Download start.

    Where could be the problem?

  12. Peter April 24, 2017 at 15:24 - Reply

    Ps. With /GPO everything is fine…

    • Miłosz Engel April 24, 2017 at 21:22 - Reply

      hi Peter, never actually used ocslogon. I used packager to all types of install as it has all in one (certs, config, etc.). But back to your problem. From official github you must specify all parameters required by agent to communicate. I would start with /SSL=1 and provide login and pass if server requires that. Here is the info on github: https://github.com/OCSInventory-NG/WindowsAgent/tree/master/logon

  13. […] logue como admin admin Usei como base o tutorial: https://miloszengel.com/ocs-inventory-ng-2-3-complete-install-guide-on-debian-8-7-jessie/4/ Porém fiz o teste com esse script no ambiente Ubuntu e com a versão 2.3.1 do OCS, ou seja, este […]

    • Miłosz Engel April 27, 2017 at 20:26 - Reply

      Thank you for the comment and linking to my blog! Didn’t get the full comment but i believe this guide worked for you as well 🙂
      Muito obrigado!

  14. Maciej May 5, 2017 at 14:07 - Reply

    I did everything according to the instructions but i have error this is log from agent:
    Starting OCS Inventory NG Agent on Friday, May 05, 2017 14:02:56.
    AGENT => Running OCS Inventory NG Agent Version 2.3.0.0
    AGENT => Using OCS Inventory NG FrameWork Version 2.3.0.0
    AGENT => Loading plug-in(s)
    AGENT => Using network connection with Communication Server
    AGENT => Using Communication Provider Version
    AGENT => Sending Prolog
    ERROR *** AGENT => Failed to send Prolog
    AGENT => Unloading communication provider
    AGENT => Unloading plug-in(s)

    And this is log from apache:
    [Fri May 05 13:53:03.377784 2017] [ssl:warn] [pid 1760] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
    [Fri May 05 13:53:03.381924 2017] [mpm_prefork:notice] [pid 1760] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t mod_perl/2.0.9dev Perl/v5.20.2 configured — resuming normal operations
    [Fri May 05 13:53:03.381944 2017] [core:notice] [pid 1760] AH00094: Command line: ‘/usr/sbin/apache2’

    • Maciej May 5, 2017 at 14:08 - Reply

      this is error from agent

      • Maciej May 5, 2017 at 14:09 - Reply

        SSL peer certificate or SSH remote key was not OK

        • Miłosz Engel May 7, 2017 at 22:11 - Reply

          Hello Maciej, yes according to logs you posted there is a problem with SSL certificate. Most common problem is CN/subject name not matching hostname/ip configured on the client side. You should always enter the same subject name/ip address that will be used for connecting. I added note about that. Thanks for your comment

  15. ajavor May 11, 2017 at 12:59 - Reply

    Excellent blog.You’re doing a great job.

    I had a little problem creating and seeing an SSL certificate..
    A little note if we want to use Software Deployment:

    If we used the server name instead of the server IP, when we created the SSL certificate, then we have to remember when activating the package and write the appropriate: https://name_ocs_server/download

    The above can be set on the OCS server (to automatically supplement the server name instead of IP):
    Menu config> deployment> DOWNLOAD_URI_FRAG> customize (name_ocs_server/download).
    Same for DOWNLOAD_URI_INFO.

    • Miłosz Engel May 16, 2017 at 23:20 - Reply

      Thanks for your comment. Yes, server by default provides ip instead of hostname/fqdn so setting that in SSL must be followed by change in the config. Thanks for pointing this out!

  16. miss May 17, 2017 at 15:20 - Reply

    Hello,

    Thank you for this job. Very helpfull.
    But I have a question, how can I inventoried printers please? Thanks

    • Miłosz Engel May 20, 2017 at 10:10 - Reply

      Hi, you can inventory every device that implement SNMP. Basically it works without agents and you need to configure snmp both on client(community user and pass for read/write data). Then on server you need to provide that info to process the data. Also very useful is ip discoverer feature that will periodically scan all net to get new devices. Link to official wiki: http://wiki.ocsinventory-ng.org/index.php?title=Documentation:SNMP

  17. Denis May 31, 2017 at 19:24 - Reply

    Great job! Works fine!!!

  18. Satish June 14, 2017 at 12:27 - Reply

    Thanks Milosz,
    I wasted 3 days to configure OCS on Ubuntu 14.4, finally installed on Debian.

    Thank you once again…

    • Miłosz Engel June 19, 2017 at 07:55 - Reply

      Thanks for your feedback. I just prefer Debian over Ubuntu. Without arguing which distribution is better I just find it easier to play with. That’s why all my guides are on Debian:)

  19. ajavor July 21, 2017 at 10:17 - Reply

    Can I create a distribution pack executing a command with a saved path?
    Eg – copy “c:\program files (x86)\file.txt” c:\
    The problem is that each OCS parameter is starting and ending with the symbol “.
    How to properly write the syntax of such an EXECUTE command in this case?

  20. ajavor July 21, 2017 at 10:57 - Reply

    up

    batchfile only?

    • Miłosz Engel July 21, 2017 at 12:00 - Reply

      To be honest with you apart from some rare cases i always use batch file. You can include logic, variables etc in it.
      I haven’t tested double quotations’ but I think it should look like this: “command ‘text with space'”

  21. ajavor July 25, 2017 at 08:33 - Reply

    Unfortunately OCS replaces inside .bat file, character ” to similar character ” but not the same (if you know what i mean) and the command does not execute correctly.

    Double quotation ‘ “path” ‘ doesn’t work.

    • Miłosz Engel July 25, 2017 at 19:05 - Reply

      Can you attach that bat file? Seems strange to me as commands are inside the batch file and OCS has nothing to do with it. I would recommend checking file encoding? Maybe that is the case here?

  22. ajavor July 26, 2017 at 13:27 - Reply

    i’ll try something like this (line from a batchfile):

    cscript “C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs” /dstatus > c:\file.txt

    • Miłosz Engel July 30, 2017 at 22:52 - Reply

      Try to embed full path to cscript OR include all in cmd /k cscript […] this will startup new command host and automatically close it after execution. Since it starts(should) as System account end user will not see it anyway.

      • ajavor August 3, 2017 at 14:17 - Reply

        “cmd /k cscript […]”
        Thanks, This method works fine.

  23. ajavor July 26, 2017 at 14:35 - Reply

    Another question
    Do you know of any easy way to re-install a package that was previously installed using the deployment package? Every time I get SUCCESS_ALREADY_IN_HISTORY status and nothing happens.

    • Miłosz Engel July 30, 2017 at 22:46 - Reply

      yes, it’s quite easy. Client checks the contents of history file in ocs agent directory in c:\programdata. In order to delete it stop the ocs service.

  24. ajavor August 2, 2017 at 15:22 - Reply

    Hmm, but deleting the history file will remove all information about previously installed packages on that station.
    On the other hand it’s a bit annoying to delete one history file from each station.
    Is it possible to disable OCS overwriting a history file?

  25. Stephane December 9, 2017 at 00:53 - Reply

    Hi Milosz,

    the new stable version of OCS Inventory (v. 2.4) is now available…

    Thank you for your great work around OCS Inventory NG !

    Kinds regards,
    Stephane

  26. James December 14, 2017 at 17:22 - Reply

    Could you make another great install guide for OCS Inventory NG 2.4?

    • Miłosz Engel January 4, 2018 at 21:25 - Reply

      hey, some time i will. currently a bit busy with setting up complete wordpress on newest debian – from the scratch 🙂

  27. Matias December 18, 2017 at 15:35 - Reply

    I followed your guide, and get the server and everything running, but cant get the agent to conect, this is the log: ==============================================================================
    Starting OCS Inventory NG Agent on Monday, December 18, 2017 11:34:00.
    AGENT => Running OCS Inventory NG Agent Version 2.3.1.1
    AGENT => Using OCS Inventory NG FrameWork Version 2.3.1.1
    AGENT => Loading plug-in(s)
    AGENT => Using network connection with Communication Server
    AGENT => Using Communication Provider Version
    AGENT => Sending Prolog
    ERROR *** AGENT => Failed to send Prolog
    AGENT => Unloading communication provider
    AGENT => Unloading plug-in(s)
    AGENT => Execution duration: 00:00:00.

  28. Matias December 19, 2017 at 13:18 - Reply

    I find the solution to my problem, it was that in the config file of the server I put the ip of the server instead of “localhost” and somehow that caused the error…

  29. Pierre Bowrin December 27, 2017 at 13:59 - Reply

    Installed OCS 2.3 via your instructions (helpdesk.gov.kn) . However, unable to get clients to inventory. Tried the steps in exact order. Can you assist?

    Thanks Much

  30. ajavor July 31, 2018 at 14:00 - Reply

    Hi Miłosz

    How do you do update ocsserver if you have any plugins installed?
    Every time I do update ocsserver, plugins do not work and I have to first clean them manually and reinstall them.
    Is there any faster way?

    • Miłosz Engel August 14, 2018 at 08:46 - Reply

      I’m afraid not as every plugin, or at least the one we use, makes changes to DB(new tables etc). I would suggest asking OCS team directly. Good point, anyway. I will dive into it

  31. Henry August 11, 2018 at 18:57 - Reply

    I have tried generating a cert on linux, 2048 bit and 4096 bit with CN=FQDN of server(ocsinventory-ng..com
    Have even generated a cert on windows with openssl, but I continue to get the error at bottom when trying to deploy.
    Is PS-EXEC required to be installed on all client pcs for this to work?
    If not, does anyone have a solution? I have tried asking in irc and haven’t gotten anything to work, have work on this for several days now.

    ERROR *** AGENT => Failed to send Prolog

    • Miłosz Engel August 14, 2018 at 08:45 - Reply

      more important is located in download.log in programdata/ocs inventory file. Please provide it. I’m in middle of preparing updated version for debian 9.x and ocs 2.4 with ssl, deploy and ad so stay tuned!

      Besides, PS-exec is not required to utilise download/deploy functionality. Never used it to be honest as we run in AD environment. Also keep it mind, that setup is run as SYSTEM account and if you want messages/interaction/warning with end user, systray must be running.

  32. Henry August 16, 2018 at 20:56 - Reply

    Just wanted to say that I banged my head against this error for weeks:
    ERROR *** DOWNLOAD => Failed to download Metadata file”
    Had https inventory working, could download the info file via https just fine.

    I rebuilt the package and put in the ‘CN’ that was used in the cert for the fragments and https url and then it worked. Just in case others are having the same problem, you may need to review your advice about not changing it.
    Having a cert with alt_names that included the ip, did not solve the issue for me.

    • Miłosz Engel August 17, 2018 at 09:19 - Reply

      Hello Henry! Thanks for your comment! Yes, the fragments URI must correspond to cert CN or DNS names. We can adjust default URI in OCS config section in management GUI so no need to adjust/change it every time new deployment is created.
      Unfortunately I do not know how your cert looks, therefore why alternative names weren’t trusted but I create them using Windows PKI with CN and DNS names as Alternative addresses like CN=OCS Inventory NG, DNS1=ocsng, DNS2=ocsng.domain.com, DNS3=192.168.1.1 etc and it works. Server cert needs to be attached to ocs package as well. I will be doing new guide for 2.5 and I will try include as many comments and observations as I can:)
      Thanks for your findings and comment!

Leave A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.