New and updated version for Debian Stretch and OCS Inventory NG server 2.5 can be found here!
Hi !
Long time, no see, right?
Today I would like to introduce long awaited OCS Inventory NG server 2.3 on updated Jessie version of Debian. New version comparing to 2.1 introduces few new features as well as completely redesigned User Interface. As daily user of older version of OCS NG Server it was quite hard to switch to new UI but eventually I find it more clear and useful. Also, it is more up-to-date in technical aspects but I leave this for others to describe.
Right now I would like to show how we can install it, configure, tweak it a bit, connect computers and deploy software. YES! All in one guide!
Never done this before. Took me few good days to develop all the steps as well as test it. Finally (after around 10 builds) I was able to setup and make it fully functional with deployment checked in less than an hour (with Debian net install). So… hope you will find it useful and it will help you, dear Reader.
Let’s begin
Table of Contents
- Assumptions for installing OCS Inventory NG on Debian
- Preparation to install OCS Inventory NG
- Debian Installation
- Apache, MySQL and packages installation
- OCS Inventory NG Installation
- OCS Inventory NG Configuration
- OCS Inventory NG Agent Installation
- OCS Inventory NG Software Deployment
- Summary
This seems to be long and complicated but I found this release of OCS Inventory NG server more user friendly and actually easier to setup. There are, however, few catches that you have to keep in mind, but they are all described or mentioned. So don’t be afraid. Just proceed and in and hour or two you should get fully working OCS Inventory NG server with first computer inventoried and deployment tested and working!
We will install everything from the scratch (well, without VM Host/VM Player/Workstation). Everything is in their newest versions at the time of writing this Guide. All commands are tested and can be directly copied to console. I advise using PuTTY as console host since it provides copy/paste and I find it more convenient than using VM console. Also, for performing file copy/paste to VM/Linux host I’m using WinSCP. As VM for this guide I will use VM Workstation Player which is pretty good and allows you do define all VM settings as well as configure advanced network settings like lan-segments and network type. It can be downloaded here.
Ok, making long story short. It’s easy and it’s FREE! :)
1. Assumptions for installing OCS NG on Debian
- We are installing OCS Inventory NG on official Debian Linux Distro available at:
- We are installing official OCS NG Inventory Server and OCS NG reports available at: https://github.com/OCSInventory-NG
- We are installing all in VMWare Workstation Player available at: http://www.vmware.com/pl/products/workstation.html but this not really matter. Just pointing this.
- We will install both roles (yeah, I know it sounds kind a Windows Server naming) on one Virtual Machine. Unless your environment is very big or distributed it’s ok.
- We will use self-signed certificates in order to secure communication and allow proper working of Deployment feature
- We will set ocs-reports as main page for Apache since it runs on separate VM. No more fqdn/ip/ocsreports for accessing reports console.
- VM will use 2 addresses: WAN (bridged to real network) and LAN (host only network)
- We will use MySQL as DB and phpMyAdmin as admin console for MySQL
Ok now, if we know what exactly we will do, let’s actually do something! Let’s prepare all stuff that will be needed:
2. Preparation to install OCS Inventory NG
Download current Debian ISO from http://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-8.7.1-amd64-netinst.iso
- Download or keep links for both OCS Inventory NG Reports:
https://github.com/OCSInventory-NG/OCSInventory-ocsreports/releases
- Download and install VMWare player or anything else capable of running this VM OR install on real host (I do not recommend this in terms of time, scalability, moving capabilities etc.)
- Download and install WinSCP if you do not have it already (we will use it to download SSL cert from the server)
- Download OCS Packager from: https://github.com/OCSInventory-NG/Packager-for-Windows/releases
- Download OCS Windows Agent from: https://github.com/OCSInventory-NG/WindowsAgent/releases
- Generate some passwords: for DB, for Root Users (DB and Debian), for Admin
If we have all the data, we can proceed to installing stuff. It will take some time but if you follow all the steps, it should be successful.
Thanks a lot, i was struggling (a lot) to understand why i had the “WARNING: Can’t find information file at https…” error… you confirmed that i am not that crazy…
one comment : there’s sometinhg missing in the default-ssl.conf :
DirectoryIndex disabled
Options Indexes
Require all granted
Thanks for the comment! I was surprised as well with that warning but I found that deployment just works. Don’t know , however, what you mean by there’s something missing in default-SSL.conf. Lines you posted seems good: Users are not allowed to index/browse folder, and all users are allowed to access. Do you see any errors? Can you post them?
Great job and good stuff !
Thanks for the feedback. Good to know that it worked for you!
I’M so sorry man, i made every step jus like you said….but for the 3º time, my oassword don’t go. I use the same user and password on website that a put on phpmyadmin and apache2.conf……what should I do?
If you are talking about first time login to Ocs-ng just input admin/admin :) that’s the problem?
Man, thanks a lot…. worked……I know that my questions are newbie questions,,,,,but is just because I’m learning right now on the university…..and I have another question…..on my VM I only installed because I installed the build-essential before to run the ‘./setup.sh’ why can’t I install like your tutorial if I’m doing what u tell to do? can u tell me something…..and I’m trying to do this to make a link to glpi in the same server….thanks a lot…….
Hi Johny, I do not know what distro you are using?
Hello i made every step but my w10 is no’t importing in my ocs server :/
Any errors? Logs please? Server url added correctly with ocsinventory at the end? If you have valid SSL cert, you MUST include it in ocs agent or add later in order to use https. Paste agent log files for start, cheers!
I can’t access to myip/ocsinventory.
This is my log :
********************************************************
Starting OCS Inventory NG Agent 2.3.0.0 setup on 17/03/2017 at 11:20:55
Checking if setup not already running…OK.
Checking Operating System…OK, Windows 2000 or higher.
Command line is: “B:\ocs\OCSNG-Windows-Agent-2.3.0.0\OCSNG-Windows-Agent-2.3.0.0\OCS-NG-Windows-Agent-Setup.exe”
Parsing command line arguments…OK.
Checking for silent mode…Disabled.
Checking for splash screen…Enabled.
Checking if logged in user has Administrator privileges…OK.
Creating directory …
SetACL allowing Users / Power users read/write permissions on …Result: error
SetACL propagating inherited permissions on …Result: error
Trying to determine if service was previously installed…Yes.
Trying to stop service and kill processes…
Is Service running…Yes.
Trying to stop Service …Ok
Is Service running…No – Waiting 1 second(s) for Service to stop…
Trying to kill process OcsSystray.exe…Result: 0
Trying to kill process OcsSystray.exe…Result: 603
Trying to kill process OcsService.exe…Result: 603
Trying to kill process OCSInventory.exe…Result: 603
Trying to kill process download.exe…Result: 603
Trying to kill process inst32.exe…Result: 603
Waiting 10 seconds for processes to terminate…
Copying new files to directory …
Windows XP or higher detected, installing default cURL library and MS CRT/MFC 9.0…
Copying new files status is ;-)
Writing agent configuration file by launching ocsinventory.exe /SAVE_CONF…Result: 0
Windows Advanced Firewall is not available (Vista or higher). Skip adding custom rules.
[/NOW] used, so launching “C:\Program Files (x86)\OCS Inventory Agent\ocsinventory.exe”…Result: 4
Creating startup menu shortCut to start Systray applet…
Checking if service OCS Inventory Service is registered into Windows Service Manager…Yes
Nothing to do to register OCS Inventory Service into Windows Service Manager.
Starting OCS Inventory Service…Ok.
SUCCESS: OCS Inventory NG Agent 2.3.0.0 successfully installed on 17/03/2017 at 11:22:06
;-)
Can you post OCSInventory.log located in C:\ProgramData\OCS Inventory NG\Agent
Then if you can post apache access.log and error.log from server? Any other errors?
Also I don’t see any server information in posted log file.
Hi !
I encountered a problem at the end of ssl encryption. I followed every steps like you but when I try to connect to my ocs with my desktop at https://my_ip/ocsreports the ssl don’t work and it told my that the website is not safe.
Thanks in advance for your help :)
This is normal! If you generate SSL cert that is self signed and the signing Party(aka certification authority) is not in your trusted root CA store on Windows box(or ssl store in Firefox) it will give you that kind of warning. That’s normal. You can safely ignore that warning and proceed with using OCS.
Thanks for the help !
Is there a way to ensure that the certificate is authorized and the site is “safe” when I’m using Chrome, firefox or IE ?
Yes it is. You can follow the steps. The cert is for OWA but you can adjust steps to cover your cert: https://blogs.technet.microsoft.com/sbs/2008/05/08/installing-a-self-signed-certificate-as-a-trusted-root-ca-in-windows-vista/
FF has it’s own certificate store so you need to add it in FF options. If you have AD you can deploy that cert through GPO.
Hope this helps, regards
Hi !
Thanks for your awesome job here, this site is a gold mine !
I encountered a problem a the end of ssl part. The SSL works when I’m on my linux VM but when I go to https://my_ip_server/ocsreports the SSL don’t work and it told me that the website is not safe.
I don’t understand why… Can you help me pls ?
this article is wonderful, congratulations.
i have a problem….
when I export to XML received ACCESS DENIED
can you help me?
thansk you
Could you share a bit more information what do you want to export to xml? Computer data? You can examine access.log and error.log in apache. Maybe some permissions are missing somewhere?
thanks for your answer.
this access denied is when select any computer for view all componets such as network, memory, hard disk, ertc y go to Export XML.
I don’t any errors in the logs of Apache.
I suppose that is an error in permission but i don’t see.
please a need your help.
thanks you
I tried what you did on a fresh install and I was able to download the xml file without any problems. is www-data owner of /usr/share/ocsinventory-reports and /var/lib/ocsinventory-reports. What OS you are running?
thank you, nice job.
Thank you for the feedback. You’re welcome!
Hi Milosz,
thanks for your tutorial. I’m having a problem:
-Starting OCSLogon from cmd: C:\Users\asdf\Desktop>OcsLogon.exe /SERVER=https://ocsng/ocsinventory /PACKAGER /DEBUG
Logfile:
Downloading the ocs package from Server fails with Downloading file without server authentication…SendRequest Error: Failed downloading file !
-If i open URL with Firefox->Download start.
Where could be the problem?
Ps. With /GPO everything is fine…
hi Peter, never actually used ocslogon. I used packager to all types of install as it has all in one (certs, config, etc.). But back to your problem. From official github you must specify all parameters required by agent to communicate. I would start with /SSL=1 and provide login and pass if server requires that. Here is the info on github: https://github.com/OCSInventory-NG/WindowsAgent/tree/master/logon
[…] logue como admin admin Usei como base o tutorial: https://miloszengel.com/ocs-inventory-ng-2-3-complete-install-guide-on-debian-8-7-jessie/4/ Porém fiz o teste com esse script no ambiente Ubuntu e com a versão 2.3.1 do OCS, ou seja, este […]
Thank you for the comment and linking to my blog! Didn’t get the full comment but i believe this guide worked for you as well :)
Muito obrigado!
I did everything according to the instructions but i have error this is log from agent:
Starting OCS Inventory NG Agent on Friday, May 05, 2017 14:02:56.
AGENT => Running OCS Inventory NG Agent Version 2.3.0.0
AGENT => Using OCS Inventory NG FrameWork Version 2.3.0.0
AGENT => Loading plug-in(s)
AGENT => Using network connection with Communication Server
AGENT => Using Communication Provider Version
AGENT => Sending Prolog
ERROR *** AGENT => Failed to send Prolog
AGENT => Unloading communication provider
AGENT => Unloading plug-in(s)
And this is log from apache:
[Fri May 05 13:53:03.377784 2017] [ssl:warn] [pid 1760] AH01909: 127.0.1.1:443:0 server certificate does NOT include an ID which matches the server name
[Fri May 05 13:53:03.381924 2017] [mpm_prefork:notice] [pid 1760] AH00163: Apache/2.4.10 (Debian) OpenSSL/1.0.1t mod_perl/2.0.9dev Perl/v5.20.2 configured — resuming normal operations
[Fri May 05 13:53:03.381944 2017] [core:notice] [pid 1760] AH00094: Command line: ‘/usr/sbin/apache2’
this is error from agent
SSL peer certificate or SSH remote key was not OK
Hello Maciej, yes according to logs you posted there is a problem with SSL certificate. Most common problem is CN/subject name not matching hostname/ip configured on the client side. You should always enter the same subject name/ip address that will be used for connecting. I added note about that. Thanks for your comment
Excellent blog.You’re doing a great job.
I had a little problem creating and seeing an SSL certificate..
A little note if we want to use Software Deployment:
If we used the server name instead of the server IP, when we created the SSL certificate, then we have to remember when activating the package and write the appropriate: https://name_ocs_server/download
The above can be set on the OCS server (to automatically supplement the server name instead of IP):
Menu config> deployment> DOWNLOAD_URI_FRAG> customize (name_ocs_server/download).
Same for DOWNLOAD_URI_INFO.
Thanks for your comment. Yes, server by default provides ip instead of hostname/fqdn so setting that in SSL must be followed by change in the config. Thanks for pointing this out!
Hello,
Thank you for this job. Very helpfull.
But I have a question, how can I inventoried printers please? Thanks
Hi, you can inventory every device that implement SNMP. Basically it works without agents and you need to configure snmp both on client(community user and pass for read/write data). Then on server you need to provide that info to process the data. Also very useful is ip discoverer feature that will periodically scan all net to get new devices. Link to official wiki: http://wiki.ocsinventory-ng.org/index.php?title=Documentation:SNMP
Great job! Works fine!!!
Thanks for feedback, glad it worked for you!
Thanks Milosz,
I wasted 3 days to configure OCS on Ubuntu 14.4, finally installed on Debian.
Thank you once again…
Thanks for your feedback. I just prefer Debian over Ubuntu. Without arguing which distribution is better I just find it easier to play with. That’s why all my guides are on Debian:)
Can I create a distribution pack executing a command with a saved path?
Eg – copy “c:\program files (x86)\file.txt” c:\
The problem is that each OCS parameter is starting and ending with the symbol “.
How to properly write the syntax of such an EXECUTE command in this case?
up
batchfile only?
To be honest with you apart from some rare cases i always use batch file. You can include logic, variables etc in it.
I haven’t tested double quotations’ but I think it should look like this: “command ‘text with space'”
Unfortunately OCS replaces inside .bat file, character ” to similar character ” but not the same (if you know what i mean) and the command does not execute correctly.
Double quotation ‘ “path” ‘ doesn’t work.
Can you attach that bat file? Seems strange to me as commands are inside the batch file and OCS has nothing to do with it. I would recommend checking file encoding? Maybe that is the case here?
i’ll try something like this (line from a batchfile):
cscript “C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs” /dstatus > c:\file.txt
Try to embed full path to cscript OR include all in cmd /k cscript […] this will startup new command host and automatically close it after execution. Since it starts(should) as System account end user will not see it anyway.
“cmd /k cscript […]”
Thanks, This method works fine.
No problem, glad it worked for you!
Another question
Do you know of any easy way to re-install a package that was previously installed using the deployment package? Every time I get SUCCESS_ALREADY_IN_HISTORY status and nothing happens.
yes, it’s quite easy. Client checks the contents of history file in ocs agent directory in c:\programdata. In order to delete it stop the ocs service.
Hmm, but deleting the history file will remove all information about previously installed packages on that station.
On the other hand it’s a bit annoying to delete one history file from each station.
Is it possible to disable OCS overwriting a history file?
Hi Milosz,
the new stable version of OCS Inventory (v. 2.4) is now available…
Thank you for your great work around OCS Inventory NG !
Kinds regards,
Stephane
Yes I know. I will create a new guide soon :)
Could you make another great install guide for OCS Inventory NG 2.4?
hey, some time i will. currently a bit busy with setting up complete wordpress on newest debian – from the scratch :)
I followed your guide, and get the server and everything running, but cant get the agent to conect, this is the log: ==============================================================================
Starting OCS Inventory NG Agent on Monday, December 18, 2017 11:34:00.
AGENT => Running OCS Inventory NG Agent Version 2.3.1.1
AGENT => Using OCS Inventory NG FrameWork Version 2.3.1.1
AGENT => Loading plug-in(s)
AGENT => Using network connection with Communication Server
AGENT => Using Communication Provider Version
AGENT => Sending Prolog
ERROR *** AGENT => Failed to send Prolog
AGENT => Unloading communication provider
AGENT => Unloading plug-in(s)
AGENT => Execution duration: 00:00:00.
I find the solution to my problem, it was that in the config file of the server I put the ip of the server instead of “localhost” and somehow that caused the error…
Installed OCS 2.3 via your instructions (helpdesk.gov.kn) . However, unable to get clients to inventory. Tried the steps in exact order. Can you assist?
Thanks Much
Hi Miłosz
How do you do update ocsserver if you have any plugins installed?
Every time I do update ocsserver, plugins do not work and I have to first clean them manually and reinstall them.
Is there any faster way?
I’m afraid not as every plugin, or at least the one we use, makes changes to DB(new tables etc). I would suggest asking OCS team directly. Good point, anyway. I will dive into it
I have tried generating a cert on linux, 2048 bit and 4096 bit with CN=FQDN of server(ocsinventory-ng..com
Have even generated a cert on windows with openssl, but I continue to get the error at bottom when trying to deploy.
Is PS-EXEC required to be installed on all client pcs for this to work?
If not, does anyone have a solution? I have tried asking in irc and haven’t gotten anything to work, have work on this for several days now.
ERROR *** AGENT => Failed to send Prolog
more important is located in download.log in programdata/ocs inventory file. Please provide it. I’m in middle of preparing updated version for debian 9.x and ocs 2.4 with ssl, deploy and ad so stay tuned!
Besides, PS-exec is not required to utilise download/deploy functionality. Never used it to be honest as we run in AD environment. Also keep it mind, that setup is run as SYSTEM account and if you want messages/interaction/warning with end user, systray must be running.
Just wanted to say that I banged my head against this error for weeks:
ERROR *** DOWNLOAD => Failed to download Metadata file”
Had https inventory working, could download the info file via https just fine.
I rebuilt the package and put in the ‘CN’ that was used in the cert for the fragments and https url and then it worked. Just in case others are having the same problem, you may need to review your advice about not changing it.
Having a cert with alt_names that included the ip, did not solve the issue for me.
Hello Henry! Thanks for your comment! Yes, the fragments URI must correspond to cert CN or DNS names. We can adjust default URI in OCS config section in management GUI so no need to adjust/change it every time new deployment is created.
Unfortunately I do not know how your cert looks, therefore why alternative names weren’t trusted but I create them using Windows PKI with CN and DNS names as Alternative addresses like CN=OCS Inventory NG, DNS1=ocsng, DNS2=ocsng.domain.com, DNS3=192.168.1.1 etc and it works. Server cert needs to be attached to ocs package as well. I will be doing new guide for 2.5 and I will try include as many comments and observations as I can:)
Thanks for your findings and comment!
Hi,
thanks for this great tutorial.
But something is wrong. I can’t deploy a package.
There is no one to deploy in the list after selecting computer on the list, and press Deploy.
Validation don’t show any package, but it’s successfully activated and the download URL works.
Can you help me please?
hey, thanks for your comment. Steps that need to be taken in order to deploy stuff are as follows:
Build package no matter what action
activate package in Deployment/Activate menu
affect computer by selecting computer(s) and pressing Deployment/Add package
There should be packages if they are correctly added. Also, you can try with new version of ocs and guide here: https://miloszengel.com/ocs-inventory-ng-2-5-install-guide-on-debian-stretch-with-ssl-and-deployment/
Ok. I try the new one.
Love your work.
What Desktop enviroment should I use? Gnome or Cinammon?
Or better only shell?
Thanks farewell
Upps… I mean Thanks for now…. not farewell.
My englisch is not so good… shame on me
I only use shell for such servers. It is much lighter and boots up faster. I do not use DE at all to be honest(in linux):)
Hello! I have that little problem with computer that failed to communicate with server – agent says “failed sending control message to OCS Inventory Service… Error code 1053”
Can You help with that problem mister Milosz?
==============================================================================
Starting OCS Inventory NG Agent on Tuesday, January 08, 2019 08:44:03.
AGENT => Running OCS Inventory NG Agent Version 2.3.0.0
AGENT => Using OCS Inventory NG FrameWork Version 2.3.0.0
AGENT => Loading plug-in(s)
AGENT => Using network connection with Communication Server
AGENT => Using Communication Provider Version
AGENT => Sending Prolog
ERROR *** AGENT => Failed to send Prolog
AGENT => Unloading communication provider
AGENT => Unloading plug-in(s)
AGENT => Execution duration: 00:00:01.
hey Bartek, please attach ocs inventory agent config file as well as ip address of the server. Also, please specify if server is configured with SSL and what message is displayed when accessing http(s)://ip_or_name_of_ocs/ocsinventory using web browser.
[OCS Inventory Agent]
ComProvider=ComHTTP.dll
Debug=0
Local=
NoSoftware=0
HKCU=0
NoTAG=0
IpDisc=
[HTTP]
Server=https://10.95.9.131/ocsinventory
SSL=1
CaBundle=cacert.pem
AuthRequired=0
User=
Pwd=
ProxyType=0
Proxy=
ProxyPort=0
ProxyAuthRequired=0
ProxyUser=
ProxyPwd=
[OCS Inventory Service]
TTO_WAIT=17640
INVENTORY_ON_STARTUP=0
********************************************************************
Bad Request
Your browser sent a request that this server could not understand.
Apache/2.4.10 (Debian) Server at 10.95.9.131 Port 443
I configured server exactly as you did including SSL.
ERROR *** AGENT => Failed to send Prolog
ERROR *** AGENT => Failed to send Prolog SSL peer certificate or SSH remote key was not OK
from agent log
yes, this seems to be cert issue. You can set ssl=0 and change url to http instead of https for testing. Also, please refer to here:
https://miloszengel.com/ocs-inventory-ng-2-5-install-guide-on-debian-stretch-with-ssl-and-deployment/7/
as this is updated version of the guide. Keep in mind, that cacert.pem is in fact certification authority cert or full chain – not the server cert unless the cert is self signed
[…] again, it’s been a while since my last guide for OCS Inventory NG but since OCS Inventory team released version 2.5 I decided to update my guide, well rewrite it […]
inventory.log and download.log tells me this who can help me
Starting OCS Inventory Package Download and Setup Tool on Saturday, February 13, 2021 00:07:25.
DOWNLOAD => Running OCS Inventory Download Version 2.8.0.0
DOWNLOAD => Using OCS Inventory FrameWork Version 2.8.0.0
DOWNLOAD => Using network connection with Communication Server
DOWNLOAD => Using Communication Provider Version
DOWNLOAD => Starting new period of 10 cycles
DOWNLOAD => Parsing directory for packages
DOWNLOAD => No package found, exiting
DOWNLOAD => Unloading communication provider
DOWNLOAD => Execution duration: 00:00:00.
AGENT => Inventory successfully sent
AGENT => Communication Server asked for Package Download
ERROR *** DOWNLOAD => Failed to download Metadata file to
DOWNLOAD => Download and setup tool successfully started
AGENT => Unloading communication provider
AGENT => Unloading plug-in(s)
AGENT => Execution duration: 00:00:07.