SBS - Event ID 36887

I have a client who is experiencing network slowness. We have checked everything & nothing much is showing as an issue.

The only thing we are getting is an Error in Event Viewer every minute -

The following fatal alert was received: 70
Log Name: System
Source: SChannel
Event ID: 36887

Any ideas if this could be causing the issues & how to solve it?

This is a DC running SBS 2011.
Optima SystemsNetwork EngineerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This error relates to the use of TLS 1.0 by the network clients. If you force them to use TLS 1.2 then the error should disappear.
Optima SystemsNetwork EngineerAuthor Commented:
Is there a way to do this remotely or will this have to be done on each machine individually?
More specifically, this error is being generated by a specific device or devices using TLS 1.2, and which were probably connected fairly recently. See when the errors started appearing in the event viewer and then ask your client what devices were connected to the network at around that time. It might be an older mobile phone or phones using ActiveSync to retrieve email from the copmpany server, for example.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Optima SystemsNetwork EngineerAuthor Commented:
The error messages have been going on for quite a while but we didnt think they were causing the network issues.

They have recently had IP phones put in, do you think these could be causing the issue?
How is your network laid out and when did it start running slower? What had happened around that timeframe. You're giving bits and pieces here. While the server errors are an issue that need to be sorted, it doesn't mean that it is the cause of your slowness.

The IP phones might be relevant. Is the PBX  onsite or in the cloud? Ideally you created a separate VLAN for the phones in order to segregate that traffic. If not, you're going to want to look into doing that.

What else is on the network? Have you done either a capture or at least looked at logs on managed switches and routers?

By the way, I am sure you very well know that you should be trying to get rid of SBS 2011.

Edit: How is your server configured? What protocols and ciphers is it allowing connections for? Have you also checked the performance of the server itself?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Optima SystemsNetwork EngineerAuthor Commented:
I am pretty sure it happened a similar time the phones were put in. The PBX is in the cloud. They are already on a separate switch which was done as we thought it could be the phones.

This is why I am now thinking its the TLS error message.

Network wise - Multiple servers & PC's/laptops on a non managed switch with a Cisco ASA. We have captured the traffic but havent seen any issues with that.

Yes, we are aware SBS is not supported after 2020. We are thinking upgrading this will probably be our next step.

Server performance seems ok.
I am pretty sure it happened a similar time the phones were put in. The PBX is in the cloud. They are already on a separate switch which was done as we thought it could be the phones. 
Do they phones have any reason to interact with the server? DNS or DHCP? I would try to ensure that completely does not occur at all. Ideally you have them entirely bypassing the subnet the server is on, which would eliminate the factor of the phones.
Optima SystemsNetwork EngineerAuthor Commented:
They are using both DNS & DHCP from the server. The phones are supported by another company so I will need to speak to them about getting them completely bypassing the server
What type of firewall or router do you have? Do you have any available public IP addresses?
Optima SystemsNetwork EngineerAuthor Commented:
They are using a Cisco ASA but I couldnt tell you what exactly. This was instaled/supported by the same company as the phones. I will speak to them & see if we can get the phones to completely bypass the server to see if that helps
What ended up happening with this?
Optima SystemsNetwork EngineerAuthor Commented:
VOIP phones were the issue
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.