With SCOM alerts, it’s sometimes helpful to be able to view SCOM Knowledge Base (KB) articles in order to help resolve the issue detected by SCOM. But finding those articles quickly can sometimes be a pain. In order to help with this, here’s a script that will allow you to receive the KB articles for specific alerts utilizing Enterprise Alert’s Remote Action capability.
In order for this to work, you will need the Application Programming Toolkit and Remote Remediation Add-ons for Enterprise Alert.
The script uses the SCOM SDK to query a specific alert ID, transforms Microsoft’s MAML format into text, and forwards this on via email to Enterprise Alert where an alert policy is triggered. This policy will then send a push notification, with the KB article text, to the executor of the remote action.
So let’s look at how to set this up.
First, add the ExportSimple.ps1 Script file (attached at bottom of page) to your preferred directory on the Enterprise Alert Server.
Then, add a new Remote Action to Enterprise Alert
The easiest way to implement the script is to create a copy of the “ExecutePowershell” script and add the path, as well as the required parameters. You can find the script files under “System Scripting Host” in Enterprise Alert. Create the mentioned copy, open the Code editor by clicking and add the path parameter like in the figure below:
After adding the required code, you can select the modified script as “Action To Execute.” You can then complete the email address by adding the dynamic content “Executor” to the domain of the user account, as below:
Save the Remote Action and then bring up (or create) the alert policy you want to add it to.
Create or edit a policy which gets triggered by SCOM events:
Be sure that the alert is going out to the Mobile App (ie, as Push Notification)
Configure the policy in that way that you add the AlertID of SCOM to the outgoing message:
Add the previously configured Remote Action as “Recommended Remote Action”:
Click “Edit mapping.” In the dialog box, add “AlertID” as Dynamic Content for the parameter alertID:
Now, to get the required Knowledgebase article to your phone, you need to add another policy that sends the received text of the script back to the executor of the remote action.
Create a new policy that triggers on the incoming message of the script. In the example, I’ve chosen as a Condition: “Subject equals KBTest.” I’ve then set the Destination as “Originator Address” with an “Event Parameter Type” set to Custom Address.
With this configuration, you ensure that the executor of the Remote Action gets the KB article text.
The last step is to add the Text of the incoming message as Dynamic Content into the General Alert Message:
If everything is configured properly, you are ready to receive the SCOM Alerts on your mobile device and get notified when a new alert is triggered. You can then execute the new Remote Action and receive the associated Knowledgebase article. The workflow is as follows:
param([string]$alertID, [string]$executer) <#************************************************************************** Author: Jens Klinger; Derdack GmbH Date: November 2016 Code is based on the following articles and scripts: