XP SP2 event ID 4226 - TCP/IP has reached the security limit imposed on the number of concurrent TCP

  • Thread starter Torgeir Bakken \(MVP\)
  • Start date
T

Torgeir Bakken \(MVP\)

Eitan said:
Hello,

After installing windows XP SP2, I was unable to browse web sites or send /
receive emails.
I disabled the use of windows firewall (I am using another personal fw).

My system is not infected by anything, checked.

I have found in the "system" event log the event ID 4226 - "TCP/IP has
reached the security limit imposed on the number of concurrent TCP connect
attempts".

I was able to find a text referring to this issue only by clicking the link
within the event ID description. It didn't include a way to overcome this
limitation.
I could not find any TechNet article by MS referring to this issue and thus
not a workaround, either by a binary or by a registry key / value.

I wish to know, preferably by someone from "Microsoft", how can I remove
this limitation or set it to a higher limit?
Click to expand...
Hi

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx

Click TCP/IP in the link above and look for:

"Limited number of simultaneous incomplete outbound TCP connection attempts"


You should not be able to reach this limit by only surfing some Web
sites and send / receive emails manually. There must be something
else in your computer that creates a lot of TCP connections.

There is no supported way to change the limitation, but I have seen
statements that it is possible to do a hex edit on the tcpip.sys file
to increase the limit.
 
E

Eitan Caspi

Hello,

After installing windows XP SP2, I was unable to browse web sites or send /
receive emails.
I disabled the use of windows firewall (I am using another personal fw).

My system is not infected by anything, checked.

I have found in the "system" event log the event ID 4226 - "TCP/IP has
reached the security limit imposed on the number of concurrent TCP connect
attempts".

I was able to find a text referring to this issue only by clicking the link
within the event ID description. It didn't include a way to overcome this
limitation.
I could not find any TechNet article by MS referring to this issue and thus
not a workaround, either by a binary or by a registry key / value.

I wish to know, preferably by someone from "Microsoft", how can I remove
this limitation or set it to a higher limit?

Thanks in advance,
 
T

Torgeir Bakken \(MVP\)

Eitan said:
Thank you Torgeir,

The text you referred to is similar to the one from the link in the link
followed from the event ID description.

I have also found this "patch", that hacks tcpip.sys, but I don't want to
use it until I read an official statement by MS regarding this issue, and of
course, it is not so safe to use such unknown solution. you can never know
when this "hacked" version will hit you.
This is why I didn't mention it here or provided a link.

I understand MS base reasoning for this issue, but it can't decide for me
what is "normal" in the way I activate my system.
Not all half-open TCP connections are driven from a malicious cause. Maybe I
am network admin scanning my network for threats?

I believe MS should provide a registry value to be added, that will omit
this limitation for users who know what they are doing, and know how to
protect themselves in the first place.
The current state is really not acceptable, and it is defecting XP.
Click to expand...
Hi

The official statement from Microsoft at the time being is "Sorry,
there is no way to change this limit, this is by design".

But I would not be very surprised if Microsoft some time in the
future will release a hotfix that makes it possible to adjust the
limit (but I would guess that would be a type of hotfix documented
in a Knowledge Base article and where you need to call Microsoft
to obtain the updated file(s)).
 
E

Eitan Caspi

Thank you Torgeir,

The text you referred to is similar to the one from the link in the link
followed from the event ID description.

I have also found this "patch", that hacks tcpip.sys, but I don't want to
use it until I read an official statement by MS regarding this issue, and of
course, it is not so safe to use such unknown solution. you can never know
when this "hacked" version will hit you.
This is why I didn't mention it here or provided a link.

I understand MS base reasoning for this issue, but it can't decide for me
what is "normal" in the way I activate my system.
Not all half-open TCP connections are driven from a malicious cause. Maybe I
am network admin scanning my network for threats?

I believe MS should provide a registry value to be added, that will omit
this limitation for users who know what they are doing, and know how to
protect themselves in the first place.
The current state is really not acceptable, and it is defecting XP.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Event 4226 1
TCP/IP has reached the security limit imposed 1
tcp\ip 4226 6
TC/PIP security limit reached 1
TCP/IP has reached the security limit imposed on the number of 1
TCP/IP security limit 2
Event 4226 & TCP connection issue 1
Tcp concurrent connection limit in sp2 6

Top