Jump to content

Event ID 4226 TCP/IP security limit on concurrent TCP connect attempts


Recommended Posts

Windows XP has a problem with trying to open too many TCP/IP connections at the same time. The driver file (tcpip.sys) has a hard-coded limit of 10 attempts built-in and there is no Registry key or value that can over-ride it. It was introduced in Windows XP Service Pack 2 and is present in all later versions of Windows right up to (but not including) Vista Service Pack 2 and Windows 7.

When the limit is reached, Windows generates an error event in the Event log, Event ID 4226.

I know of two programs that can overcome this limit. Both of them have been around for several years now:-

  • 4226 fix by LvlLord (latest version is EvID4226Patch223d-en.zip)
  • TCP-Z by deepxw (latest version is tcpz_20090409.7z)

They work either by patching the value in memory, once Windows has booted, or by patching the tcpip.sys file itself.

Has anyone ever used either of these two programs?


Link to comment
Share on other sites

  • Administrator

Honestly the "fixes" are never really needed, nor are they recommended. The limit was imposed to help stop malware from spreading as rapidly and from making the computers bot networks.

Link to comment
Share on other sites

I understand why the limit was brought in but not, incidentally, why it was completely removed with the release of Vista SP2 and Windows 7, instead of just making the limit larger.

However, with the current versions of browsers (such as Firefox) pre-emptively looking things up in the background, it's possible to hit the limit by just browsing the internet.

Modern methods of balancing server loads, by splitting the web page across multiple URLs, means there are many many more connections being opened per web page than a few years ago.

It doesn't happen all the time, of course, but when network congestion, along with deep-packet inspection, and other surveilance and monitoring techniques being carried out on a wide scale by ISPs causes delays, then it happens.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...