Hello Oleg,
'Unavailable Critical Extension' can come from a lot of places (mostly plugins but not only).
So yes, you need to find that in logs.
First of all, you can check the access log and check if some operations have requested something unusual (some server-side control or something).
Or, also, If the OID is not supported, it will return 'Unavailable Critical Extension'.
If you won't find anything useful there, then you can try to look for the info in errors log.
I think it makes sense to add 8192 — Replication debugging - first. And wait for the error.
Then, if your error still happens silently in the logs, you can check - 128 — Access control list processing too.
Be aware, that the logs may cause performance issue so I won't recommend running that on production.
Sincerely,
Simon