Selectively Generating Helpdesk Tickets from the SCOM Console – Using Resolution States

Many organizations have some form of an audit requirement that critical alerts from a monitoring system are mapped to helpdesk tickets for tracking. While the simplest solution would be a configuration that generated helpdesk tickets (with an email or script) for every critical alert fired, this is not always practical. Examples of this problem are easy to think of: if connectivity is lost to a remote site, many alerts (system and network) may be generated, but only one helpdesk ticket should be generated; or in SCOM-monitored environments, if an administrator reboots a cluster node and doesn’t put the cluster in maintenance mode, or a threshold monitor (e.g. SQL database free space) is floating just above and below the threshold repeatedly, many alerts can be generated, but not all should translate to helpdesk tickets.

This scenario leads to three possible outcomes: 1) superfluous helpdesk tickets are created with full automation, 2) no tickets are created (no automation), or 3) tickets are manually created after review of the alerts by an operator. Obviously, the latter option is more desirable than creating no tickets and is likely to be more desirable than creating too many tickets. If opting for the manual ticket creation option, it is very easy in SCOM to use custom Resolution States to facilitate manual ticket creation from within the SCOM console (an alert console task could also be used, but the resolution state option is much easier), thus creating a partially automated solution.

 When the resolution state of an alert is changed, SCOM reanalyzes the notification subscriptions and will trigger notification subscriptions that match the new resolution state. So, by adding a custom resolution state (perhaps named: “Create HelpDesk Ticket”) a new notification subscription can be added (filtered to this resolution state) in order to fire a different response than the original subscription that responded to the “New” resolution state. With this configuration, any SCOM operator can simply set the resolution state in the SCOM console and let the notifications take it from there. If your helpdesk system doesn’t listen for inbound email messages, a SCOM command notification could be used in the same way to fire a script or executable that creates the helpdesk ticket.

Walkthrough:

Firstly, create a custom Resolution State. In the SCOM console, access the Administration tab, go to Settings -> Alerts. Insert a new Resolution State with a custom value and the desired name, e.g. “Create Helpdesk Ticket.”

Next, in the Notifications section, add a notification recipient. Give it an appropriate name, add a notification device (most likely e-mail, unless using command notifications) and input the notification address.

Then create a new Notification Subscription. Input a name for the subscription and associate it with the recipient that was just created.

You can apply class or group filters, but since we will be using a custom resolution state to filter alerts, this is probably not necessary. On the Alert Criteria page, select the Custom Resolution state (and deselect the others), choose what severities and priorities this will apply to and continue. If you need to customize the text of the notification message, do so on the next page.

Now, to fire the email to the HelpDesk manually, all the operator needs to do is right-click an alert, choose Set Resolution State and select “Create HelpDesk Ticket”