somewhere in our network an ldap client is querying our AD servers without the proper CA information. This provokes the (in my view useless) system critical (source: schannel) event id 36887 on the domain controllers' event log:
The following fatal alert was received: 46.
How can I locate the misconfigured client?
Best Answer
Built-in you can't find easily the source of the message.
You need tcpdump, microsoft network monitor or wireshark to find the machine causing the error. (many thread told the same, there, there or there (See in the comment the answer to George about tcpdump))