Version 5

    Updated 2019-02-26 to support recent changes to the Solarwinds API.

    Updated 2019-07-02 to support passing credentials as encrypted credentials files or as clear text username and password on the command line. To keep Task Scheduler configuration simple, I've included instructions for setting the credentials within the script.

     

    This Powershell script allows end users to acknowledge or comment upon a Solarwinds alert via email. The script assumes that your organization uses Exchange as its email platform.

     

    Prerequisites:

    • An email account ("the email account") for the default reply-to address used by your Solarwinds installation. This should be a dedicated account that isn't used by any other applications or users.
    • A Solarwinds individual account ("the Solarwinds account") that can acknowledge alerts. This account must have the following permissions in Solarwinds:
      • Allow alert management rights = yes
      • Allow account to disable actions = yes
      • Allow account to disable alerts = yes
      • Allow account to disable all actions = yes
      • Allow Account to Clear Events, Acknowledge Alerts and Syslogs = yes
    • MS Exchange Web Services Managed API installed on the server that will run the script. Download the script from the MS Download Center.

     

    Configuration:

    1. Log in to Windows as the account that will run the PowerShell script. Create a Windows credentials file for the email account and for the Solarwinds account. For each account, run the PowerShell command
      Get-Credential | Export-Clixml -Path [full path to file]
    2. In your Solarwinds alerts, configure the alert to send email. Make sure that the email body includes this text and variable:
      [AlertObjectID=${N=Alerting;M=AlertObjectID}]
    3. Edit the script as follows.
      1. Edit the line
        $exchangeEmail    = "solarwinds@mydomain.com"
        and replace "solarwinds@mydomain.com" with the address of the email account.

      2. Edit the line
        $SWServer = "solarwinds.mydomain.com"
        and replace "solarwinds.mydomain.com" with the fully-qualified domain name or IP address of your Solarwinds server

      3. If you are using a credentials file for the Exchange user, edit the line
        $ex_credstore = "c:\Users\solarwinds\Exchange_credentials.xml"
        and replace "c:\Users\solarwinds\Exchange_credentials.xml" with the full path to the Exchange credentials file you created.
      4. If you are using a clear text username and password for the Exchange user, edit the line
        $ex_credstore = "c:\Users\solarwinds\Exchange_credentials.xml"
        and replace "c:\Users\solarwinds\Exchange_credentials.xml" with "", then update the values for $ex_username and $ex_password on the next two lines.

      5. If you are using a credentials file for the Solarwinds user,
        $sw_credstore = "c:\Users\solarwinds\Solarwinds_credentials.xml"
        and replace "c:\Users\solarwinds\Solarwinds_credentials.xml" with the full path to the Solarwinds credentials file you created
      6. If you are using a clear text username and password for the Solarwinds user, edit the line
        $sw_credstore = "c:\Users\solarwinds\Solarwinds_credentials.xml"
        and replace "c:\Users\solarwinds\Solarwinds_credentials.xml" with "", then update the values for $sw_username and $sw_password on the next two lines.
    4. Copy the script to your Solarwinds server. You can run the script from the Powershell IDE to test it.
    5. Configure a task manager job to run the script at the desired interval. I run it once per minute to ensure that acknowledgement/comment emails are processed quickly enough to satisfy my end users.

     

    Use:

    This script assumes that the first word in the email message is a command verb such as ack or comment. Any text between the command and a return and/or newline character(s) is treated as a comment, and it will be appended to the alert in Solarwinds.

     

    Message syntax:

    At minimum, the email message must contain the Alert Object ID, formatted as described below. This element can appear anywhere in the message body.

    Alert Object ID: A string of digits, in brackets, formatted like this:

        [AlertObjectID=99999]

     

    For backward compatibility, the message may contain these elements instead of the Alert Object ID.

    Alert definition ID: A GUID in brackets, formatted like this:</>

        [AlertDefinition=D1A5279D-B27D-4CD4-A05E-EFDD53D08E8D]

    Object ID: A string of digits, in brackets, formatted like this:

        [ObjectID=99999]

    Object Type: A string representing a valid Solarwinds object type, formatted like this:

        [ObjectType=APM: Application]

     

    Commands:

    The command must be the first word in the message body.

    ack:    Acknowledge the alert and append a comment if one is supplied.

    comment: Append a comment to the alert

     

    Comments:

    Comments are optional. Any text between the command verb and a newline or return character will be treated as a comment. There are no formatting requirements for comments.

     

    Example 1:

    This message would acknowledge an alert and append a comment

     

        Ack  Alert comment from ME

        [AlertObjectID=46673]

    Example 2:

    This message would also acknowledge an alert and append a comment.

     

        Ack Kurt is looking into this

        ~~~~~~~~~~~~~~~~~~~~~

        Me, Senior Systems Administrator

        ~~~~~~~~~~~~~~~~~~~~~~

        From: Solarwinds

        Sent: Friday, October 02, 2015 12:33 PM

        To: Me <me@myemail.com>

        Subject: Solarwinds Alert: Oracle database disk utilization KURTSDB on Node kurtsserver.mydomain.com is Down

     

        When replying, type your text above this line

        ________________________________________

     

        To acknowledge this alert, click here or reply to this message with "ack" as the first word in the body.

     

        Alert details:

        Oracle database disk utilization KURTSDB on Node kurtsserver.mydomain.com is Down at Friday, October 2, 2015 12:32 PM.

     

        When replying, do not delete text below

        ________________________________________

     

        [AlertObjectID=46673]

     

    Example 3:

    Deprecated format for backwards compatibility. This message would also acknowledge an alert and append a comment

     

        Ack  Third alert comment from ME

        [AlertDefinition=535d1493-a543-4df0-acbf-6b43770aceeb] [ObjectID=673] [ObjectType=APM: Application]