GatewayHealthMonitorProvider attempted to register query "select * from MSFT_GatewayHealthEvent" whose target class "MSFT_GatewayHealthEvent" in //./root/Microsoft/Windows/RemoteAccess/GatewayHealthMonitor namespace does not exist. The query will be ignored.

This is coming up on our Windows 2016 Application Event Log:

Log Name:      Application
Source:        Microsoft-Windows-WMI
Date:          24/10/2018 13:18:43
Event ID:      24
Task Category: None
Level:         Error
Keywords:      
User:          SYSTEM
Computer:      %ComputerName%.DOMAIN.suffix
Description:
Event provider GatewayHealthMonitorProvider attempted to register query "select * from MSFT_GatewayHealthEvent" whose target class "MSFT_GatewayHealthEvent" in //./root/Microsoft/Windows/RemoteAccess/GatewayHealthMonitor namespace does not exist. The query will be ignored.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI" Guid="{1EDEEE53-0AFE-4609-B846-D8C0B2075B1F}" />
    <EventID>24</EventID>
    <Version>2</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-10-24T12:18:43.560433300Z" />
    <EventRecordID>2357</EventRecordID>
    <Correlation ActivityID="{02778F69-6ADC-0000-5DBC-7802DC6AD401}" />
    <Execution ProcessID="1160" ThreadID="3012" />
    <Channel>Application</Channel>
    <Computer>%ComputerName%.DOMAIN.suffix</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <EventProvider>GatewayHealthMonitorProvider</EventProvider>
      <Query>select * from MSFT_GatewayHealthEvent</Query>
      <Class>MSFT_GatewayHealthEvent</Class>
      <Namespace>//./root/Microsoft/Windows/RemoteAccess/GatewayHealthMonitor</Namespace>
    </data_0x8000003F>
  </UserData>
</Event>

Is this an indication that the config is wrong?

All of the system diagnostics light green but we see no clients in the Remote Access MMC

This seems to coincide with the following:

Log Name:      Application
Source:        Microsoft-Windows-WMI
Date:          24/10/2018 13:18:40
Event ID:      63
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      %ComputerName%.domain.local
Description:
A provider, WebAdministrationProvider, has been registered in the Windows Management Instrumentation namespace Root\WebAdministration to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI" Guid="{1EDEEE53-0AFE-4609-B846-D8C0B2075B1F}" />
    <EventID>63</EventID>
    <Version>2</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2018-10-24T12:18:40.523075300Z" />
    <EventRecordID>2352</EventRecordID>
    <Correlation />
    <Execution ProcessID="1160" ThreadID="936" />
    <Channel>Application</Channel>
    <Computer>%ComputerName%.domain.local</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <UserData>
    <data_0x8000003F xmlns="http://manifests.microsoft.com/win/2006/windows/WMI">
      <Provider>WebAdministrationProvider</Provider>
      <Namespace>Root\WebAdministration</Namespace>
    </data_0x8000003F>
  </UserData>
</Event>

We are also seeing the following that could be related:

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          23/10/2018 14:42:12
Event ID:      6005
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      Server.Domain.local
Description:
The winlogon notification subscriber <GPClient> is taking long time to handle the notification event (CreateSession).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
    <EventID Qualifiers="32768">6005</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2018-10-23T13:42:12.164668200Z" />
    <EventRecordID>2256</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>Server.Domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>GPClient</Data>
    <Data>CreateSession</Data>
    <Binary>28FB8D28</Binary>
  </EventData>
</Event>

this is actually a Windows Defender issue and the system needs to be repaired to fix it.

You can try sfc /scannow to see if the files can be fixed that way

if you are using Windows 10, some people have successfully run the installed here: https://www.microsoft.com/en-us/software-download/windows10 and that has solved the issue.

You can also try a full repair of Windows 10 from the control panel>recovery section or a full clean of the system using the windows DVD recovery environment, but this is a last resort.