This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 48%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECL%3C/text%3E%3C/svg%3E)
How can we fix this issue, the agent is configured using local system. Tried to flush the agent but did not recalculate,
The log path does not exist.
The Windows Event Log Provider was unable to open the Microsoft-Windows-TaskScheduler/Operational event log on computer <hostname>' for reading. The provider will retry opening the log every 30 seconds. Most recent error details: The system cannot find the file specified. One or more workflows were affected by this.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 31%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC%3C/text%3E%3C/svg%3E)
From the name of the workflow, it looks like it was created directly in the SCOM console by someone from your company.
You can run the following command to find its display name and which management pack it's stored in :
Get-SCOMRule -Name MomUIGeneratedRuleafc86050fc76455eab425ce588c73c7e
Thanks a lot, We managed to trace the rule name.
That event shows up because you have a management pack that tries to access the Microsoft-Windows-TaskScheduler/Operational event log, and that event log doesn't exist in Windows 2003.
So you need to find what rules/monitors are trying to access the event log (should be written somewhere in the error events) and disable them for the windows 2003 servers.
Microsoft-Windows-TaskScheduler/Operational event log this event log should exist by default?
Only starting with Windows 2008 and the "new" event log format, not in windows 2003
it seem not wise to disable the monitoring as it is part of the core monitoring MP or we can't disable for specific log path also. We can't remove the monitoring by flush/delete "health service state" folder on the windows 2003 servers?
We only can recreate the path manually on the windows 2003 servers to get rid of the warning message?
As far as I know, the only "public" MPs that are trying to access to that event log are Raphael Burri's "Scheduled Tasks" MP ( https://rburri.wordpress.com/2014/08/12/scheduled-task-and-ps-scheduled-job-management-pack-1-2-0-500/ ) and Nathan Gau's "Security" MP ( https://nathangau.wordpress.com/2019/05/10/security-monitoring-1-6-management-pack-is-up/ )
These MP are not a "core monitoring MP", and they have not been authored with Windows 2003 in mind, since it has been unsupported for a while now.
However, the alert you are seeing does indeed come from a core MP : this single generic rule allows SCOM to alert you if any other rule or monitor from any MP tries to access to an event log that is not available.
So what you need to do is to override(disable) for windows server 2003 group whatever discovery/rule/monitor from these MPs that is trying to read the Microsoft-Windows-TaskScheduler/Operational event log, not the rule which trigger the alert. After that you won't see the alert showing up anymore.