Over the last few days, I’ve been troubleshooting this error. The event log in this case was “WitnessServiceAdmin”, and having a look at the server I couldn’t find the log anywhere. I could create an override to disable this Monitor, but would I potentially create an overrides that disables critical alerts? I decided against creating an override, and started to look for a solution/workaround.
If this log does not exist, what will happen if I create it? With a simple PowerShell command I created the log.
New-Eventlog -Source “WitnessClientAdmin” -LogName “WitnessClientAdmin” -MessageResourceFile “C:\Logs\WitnessClientAdmin.dll”
After a few minutes, that alert/warning disappeared from my SCOM console.
This could be a bug in the installation, or the management pack. I sent the alerts to our DevOps to look into the issue before creating this workaround.