Jump to content
Sign in to follow this  
James_A

Event ID 4226 TCP/IP security limit on concurrent TCP connect attempts

Recommended Posts

Windows XP has a problem with trying to open too many TCP/IP connections at the same time. The driver file (tcpip.sys) has a hard-coded limit of 10 attempts built-in and there is no Registry key or value that can over-ride it. It was introduced in Windows XP Service Pack 2 and is present in all later versions of Windows right up to (but not including) Vista Service Pack 2 and Windows 7.

When the limit is reached, Windows generates an error event in the Event log, Event ID 4226.

I know of two programs that can overcome this limit. Both of them have been around for several years now:-

  • 4226 fix by LvlLord (latest version is EvID4226Patch223d-en.zip)
  • TCP-Z by deepxw (latest version is tcpz_20090409.7z)

They work either by patching the value in memory, once Windows has booted, or by patching the tcpip.sys file itself.

Has anyone ever used either of these two programs?

.

Share this post


Link to post
Share on other sites

Honestly the "fixes" are never really needed, nor are they recommended. The limit was imposed to help stop malware from spreading as rapidly and from making the computers bot networks.

Share this post


Link to post
Share on other sites

I understand why the limit was brought in but not, incidentally, why it was completely removed with the release of Vista SP2 and Windows 7, instead of just making the limit larger.

However, with the current versions of browsers (such as Firefox) pre-emptively looking things up in the background, it's possible to hit the limit by just browsing the internet.

Modern methods of balancing server loads, by splitting the web page across multiple URLs, means there are many many more connections being opened per web page than a few years ago.

It doesn't happen all the time, of course, but when network congestion, along with deep-packet inspection, and other surveilance and monitoring techniques being carried out on a wide scale by ISPs causes delays, then it happens.

.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×