failure audits

[alice]

For the last week or so, my event log is full of a bunch of Failure
Audits, about every 5 minutes or so. They all look like this
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Date: 5/10/2007
Time: 6:02:36 PM
User: NT AUTHORITY\SYSTEM
Computer: AURAFICE2
Description:
The Windows Firewall has detected an application listening for
incoming traffic.

Name: -
Path: C:\WINDOWS\system32\svchost.exe
Process identifier: 424
User account: SYSTEM
User domain: NT AUTHORITY
Service: Yes
RPC server: No
IP version: IPv4
IP protocol: UDP
Port number: 4329
Allowed: No
User notified: No

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

What does this mean? This same PC is sometimes disconnecting from the
internet and also has some of these in the log now and then-

Event Type: Warning
Event Source: Tcpip
Event Category: None
Event ID: 4226
Date: 5/9/2007
Time: 11:50:02 AM
User: N/A
Computer: AURAFICE2
Description:
TCP/IP has reached the security limit imposed on the number of
concurrent TCP connect attempts.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00 00 00 00 01 00 54 00 ......T.
0008: 00 00 00 00 82 10 00 80 ....‚..€
0010: 01 00 00 00 00 00 00 00 ........
0018: 00 00 00 00 00 00 00 00 ........
0020: 00 00 00 00 00 00 00 00 ........

 

[Wesley Vogel]

Event Source: Security
Event ID: 861
http://www.eventid.net/display.asp?eventid=861&eventno=4615&source=Security&phase=1

Ignore the Tcpip 4226 Warning, but see this...

ID: 4226
Source: Tcpip
Explanation
http://www.microsoft.com/technet/su...ProdVer=5.2&EvtID=4226&EvtSrc=Tcpip&LCID=1033

If you want to screw around, see these...

Remove the limit on TCP connection attempts
http://www.speedguide.net/read_articles.php?id=1497

Event ID 4226 Patcher (4226 fix)
http://www.lvllord.de/?url=tools#4226patch

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In