With SCOM alerts, it’s sometimes helpful to be able to view SCOM Knowledge Base (KB) articles in order to help resolve the issue detected by SCOM. But finding those articles quickly can sometimes be a pain. In order to help with this, here’s a script that will allow you to receive the KB articles for specific alerts utilizing Enterprise Alert’s Remote Action capability.
In order for this to work, you will need the Application Programming Toolkit and Remote Remediation Add-ons for Enterprise Alert.
The script uses the SCOM SDK to query a specific alert ID, transforms Microsoft’s MAML format into text, and forwards this on via email to Enterprise Alert where an alert policy is triggered. This policy will then send a push notification, with the KB article text, to the executor of the remote action.
So let’s look at how to set this up.
First, add the ExportSimple.ps1 Script file (attached at bottom of page) to your preferred directory on the Enterprise Alert Server.
Then, add a new Remote Action to Enterprise Alert
Note: Since the Enterprise Alert Scripting Host only supports JavaScript and VBScript, you have to execute the PowerShell Script via the predefined “Execute Powershell” JavaScript, which is included by default.
The easiest way to implement the script is to create a copy of the “ExecutePowershell” script and add the path, as well as the required parameters. You can find the script files under “System Scripting Host” in Enterprise Alert. Create the mentioned copy, open the Code editor by clicking and add the path parameter like in the figure below:
After adding the required code, you can select the modified script as “Action To Execute.” You can then complete the email address by adding the dynamic content “Executor” to the domain of the user account, as below:
Save the Remote Action and then bring up (or create) the alert policy you want to add it to.
SCOM Policy
Create or edit a policy which gets triggered by SCOM events:
Be sure that the alert is going out to the Mobile App (ie, as Push Notification)
Configure the policy in that way that you add the AlertID of SCOM to the outgoing message:
Add the previously configured Remote Action as “Recommended Remote Action”:
Click “Edit mapping.” In the dialog box, add “AlertID” as Dynamic Content for the parameter alertID:
KB Policy
Now, to get the required Knowledgebase article to your phone, you need to add another policy that sends the received text of the script back to the executor of the remote action.
Create a new policy that triggers on the incoming message of the script. In the example, I’ve chosen as a Condition: “Subject equals KBTest.” I’ve then set the Destination as “Originator Address” with an “Event Parameter Type” set to Custom Address.
With this configuration, you ensure that the executor of the Remote Action gets the KB article text.
The last step is to add the Text of the incoming message as Dynamic Content into the General Alert Message:
Mobile App
If everything is configured properly, you are ready to receive the SCOM Alerts on your mobile device and get notified when a new alert is triggered. You can then execute the new Remote Action and receive the associated Knowledgebase article. The workflow is as follows:
SCRIPT
param([string]$alertID, [string]$executer) <#************************************************************************** Author: Jens Klinger; Derdack GmbH Date: November 2016 Code is based on the following articles and scripts:Operations Manager – Get Company Knowledge using PowerShell and Operations Manager SDKhttp://apexinfotech.co.uk/P1/?cat=2 http://tetris38.blogspot.de/2013/04/opsmgr-2007-r2-powershell-script-to.html Prerequisites: Operations Manager SDK Assemblies (Installed with OpsMgr Console) Enterprise Alert® Application Programming Toolkit and Remote Remediation Addon Enterprise Alert® Scripting Host needs access rights to SCOM Console Tested on Windows Server 2012 R2, Enterprise Alert 2016 6.2.3., Derdack An-droid App 1.1.5, SCOM 2012 Feel free to refactor and modify for your concerns. **************************************************************************#> # Function to convert Knowledgebase Article from MAML Format to Text********************************** function ConvertMAML-ToText { param([System.String] $maml) $maml = $maml.Trim() if ($maml.Length -gt 1) { #Remove Section Tag $maml = $maml -Replace '(<maml:section xmlns:maml="http://schemas.mi-crosoft.com/maml/2004/10">|</maml:section>)','' # Replace TITLE tag by Cariage return, line feed $maml = $maml.Replace('<maml:title>',"`r`n") $maml = $maml.Replace('</maml:title>',"`r`n") Replace PARA tag by Cariage return, line feed $maml = $maml.Replace('<maml:para>',"") $maml = $maml.Replace('</maml:para>',"`r`n") $maml = $maml.Replace('<maml:para />',"`r`n") Replace LIST tag $maml = $maml.Replace('<maml:list>',"") $maml = $maml.Replace('</maml:list>',"") # Replace LISTITEM tag $maml = $maml.Replace('<maml:listItem>',"* ") $maml = $maml.Replace('</maml:listItem>',"") # Replace LINKTEXT tag $maml = $maml.Replace('<maml:linkText>',"") $maml = $maml.Replace('</maml:linkText>',"") # Replace NAVIGATIONLINK tag $maml = $maml.Replace('<maml:navigationLink>',"") $maml = $maml.Replace('</maml:navigationLink>',"") # Remove any additional Tag while ($maml.Contains('<') -eq $True) { $tagStart = $maml.Indexof('<') $tagEnd = $maml.Indexof('>') if ($tagend -gt $tagStart) { $tag = $maml.Substring($tagstart, $tagEnd - $tagstart + 1) If($tag.Contains('<maml:uri href="') -eq $True) { # Discard tag, but keep URL link $maml = $maml.Replace('<maml:uri href="'," (") $maml = $maml.Replace('" />',") ") $maml = $maml.Replace('"/>',") ") } else { # Discard Tag $maml = $maml.Replace($tag,'') } # tag contain URI } # tagEnd Greater then tagStart else { # No Closing Tag ??? Delete starting tag then to avoid infinite loop $maml = $maml.Replace('<','') } } # While return $maml } else { return "" } } # Function to export Knowledgebase Articles for a specific new alert********************************** function GetAlertKnowledge { [System.String]$messageBody = "" $alert = "" $alertRule = "" $messageBody = "" $knowledgeArticle = "" <# Modify the query variable to change criteria and/or retrieve specific Company/Product Knowledge Check the following link for the query syntax of the MonitoringAlert-Criteria method: https://msdn.microsoft.com/en-us/library/microsoft.enterprisemanage-ment.monitoring.monitoringalertcriteria.aspx #> $query = "Id = '" + $alertID + "'" $criteria = New-Object Microsoft.EnterpriseManagement.Monitoring.Moni-toringAlertCriteria($query) $alert = $mg.GetMonitoringAlerts($criteria) $foundRule = $True # Retrieve the associated Rule or Monitor Try {$alertRule = $mg.GetMonitoringRule($alert.MonitoringRuleId) } Catch { Try {$alertRule = $mg.GetMonitor($alert.MonitoringRuleId) } Catch {$foundRule = $False Write-Host "No matching rule/monitor found!"} } # Retrieve the Knowledgebase Article associated to an specific ID/Moni-tor/Rule If($foundRule = $True) {$knowledgeArticle = $mg.GetMonitoringKnowledgeArti-cles($alertRule.id).Mamlcontent $knowledgeArticle = ConvertMAML-ToText($knowledgeArticle) $knowledgeArticle = $knowledgeArticle.toString() $messageBody = $messageBody + $knowledgeArticle +"`r`n" $messageBody SMTP Client to send an email to Enterprise Alert $smtp = New-Object Net.Mail.SmtpClient("127.0.0.1") Send(FROM, TO, SUBJECT, BODY) $smtp.Send($executer, "EnterpriseAlert@EA.com", "KBTest", $message- Body) } } # Main function************************************************************************ *************** function Main { Write-Host "Establishing connection" # Load SCOM SDK Assemblies $assembly1 = [System.Reflection.Assembly]::LoadWithPartialName("Mi-crosoft.EnterpriseManagement.Core") $assembly2 = [System.Reflection.Assembly]::LoadWithPartialName("Mi-crosoft.EnterpriseManagement.OperationsManager") Try { # FQDN of Management Server (Enterprise Alert Scripting Host Service re-quires Access Rights!) $mg = New-Object Microsoft.EnterpriseManagement.Management-Group(“scom2012.derdack-support.local”) Write-Host "Connected successfully" # Get Knowledgebase Article GetAlertKnowledge Write-Host "Sending data"} Catch {Write-Host "Connection failed, missing access rights or wrong ID!" } }