Jobs stay in status Notified with OCS Inventory Agent 2.1.1.1

Question

I recently updated some test person's Windows OCS Inventory Agent 2.1.0.1 to 2.1.1.1.

When deploying any package (even a simple file-copy .cmd script), I noticed that after launching "Run OCS Inventory NG Agent now", the package deployment status stays in Notified forever.

This has been reported in the past : http://forums.ocsinventory-ng.org/viewtopic.php?pid=62791

Has any corrective action been taken meanwhile on Agent 2.1.1.1 or should we still use 2.1.0.1

Many thanks.

Answer 1

Hi

Is the certificate present on the machine?

Regards

Comments

Thanks for your reply, Frankb.

The certificate (acme.pem) was included in the created ocspackage.exe, and is found back on the workstation in C:\ProgramData\OCS Inventory NG\Agent\

It is exactly the same location as for the Agent 2.1.0.1 ...

Regards,

Answer 2

After a while, I discovered the format for the account running the service "OCS Inventory Service" needs to be in the form :

mydomain\deployserviceaccount

and not deployserviceaccount@mydomain
(and of course also not running as local system)

Answer 3

Hi,

Ok. That's running as you will?

Frank

Answer 4

To come back to the very first question about the presence of the certificate:

As I replied earlier, it was present indeed, BUT:
From C:\ProgramData\OCS Inventory NG\Agent\OCSInventory.log the following was found:

================= TRACE START ===============
<?xml version='1.0' encoding='UTF-8'?>
<REPLY>
  <OPTION>
    <NAME>IPDISCOVER</NAME>
    <PARAM IPDISC_LAT="100">10.122.37.0</PARAM>
  </OPTION>
  <OPTION>
    <NAME>DOWNLOAD</NAME>
    <PARAM FRAG_LATENCY="10" PERIOD_LATENCY="1" ON="1" TYPE="CONF" CYCLE_LATENCY="60" TIMEOUT="30" PERIOD_LENGTH="10" EXECUTION_TIMEOUT="120" />
    <PARAM ID="1426676919" SCHEDULE="" CERT_FILE="INSTALL_PATH/cacert.pem" TYPE="PACK" INFO_LOC="ocsserver.acme.com/download" CERT_PATH="INSTALL_PATH" PACK_LOC="ocsserver.acme.com/download" FORCE="1" POSTCMD="" />
  </OPTION>
  <RESPONSE>SEND</RESPONSE>
  <PROLOG_FREQ>1</PROLOG_FREQ>
</REPLY>

Note : I faked the server name into ocsserver.acme.com

I found however that the certificate that was expected (see CERT_FILE) was cacert.pem
This was not the correct name.
Conclusion:
Something went wrong when creating the OCS Client Package using the new version of OCSNG-Windows-Packager-2.1.1 ....
I specified the correct PEM file though.
Next week I will compose a new OCSpackage, and update this thread.

Answer 5

Hi,

If you want to use your own name for certificate file name, you have to modify ocsinventory.ini file to set the correct name.

Regards

Frank

Answer 6

@Frank:

The ocsinventory.ini on the client looks like this:

[OCS Inventory Agent]
ComProvider=ComHTTP.dll
Debug=2
Local=
NoSoftware=0
HKCU=0
NoTAG=0
IpDisc=
[HTTP]
Server=https://myserver.acme.local/ocsinventory
SSL=1
CaBundle=acme.pem
AuthRequired=0
User=
Pwd=
ProxyType=0
Proxy=
ProxyPort=0
ProxyAuthRequired=0
ProxyUser=
ProxyPwd=
[OCS Inventory Service]
PROLOG_FREQ=1
OLD_PROLOG_FREQ=1
TTO_WAIT=0

(acme is a fake company name to mask our own)

Nevertheless, in the actual ocsinventory.log, reference is made only to "cacert.pem" :

CERT_FILE="INSTALL_PATH/cacert.pem"

To me it looks like the packager does not properly process the parameters entered at its creation:

Command line options: /SSL=1 /CA=acme.pem /NP /S /DEBUG=2 /NOW /SERVER=https://myserver.acme.local/ocsinventory

It does not properly inject the user name entered for the service, nor the certificate.

This did not happen with the previous packager version...