EventID 4226: TCP/IP has reached the security limit
Windows XP with Service Pack 2 and Windows Vista have both a TCP/IP connection limit that limits the half-open connections of the system. If that limit is reached a new entry in the Event Viewer is created stating "EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.".
It is not absolutely clear to me why Microsoft did set the limitation, some possible reasons could be to prevent worms and other malicious scripts from spreading to fast or to limit filesharing. Users will most likely notice that something is wrong when running P2P clients, slow downloads and timeouts are indicators that the limit is set.
The easiest way to check if the limit is responsible for slow downloads or other issues related to downloading files, is to check the Windows Event Viewer for these events.
To open the Event Viewer click on the start button of the operating system and enter Event Viewer in the search and run box there. Select the program from the list and wait until it has loaded. Now search for the eventID mentioned above and see if you get hits.
Thankfully a solution exists that can patch the file tcpip.sys and remove the security limit. To do that you need to download the file Vista TCP Patch, open an elevated command prompt with administrator rights and enter the following command. VistaTcpPatch /n X
with X being the maximum amount of half-open connections allowed on that system.
The computer needs to be restarted afterwards. Some users reported that they needed to execute Vista TCP Patch from the \Windows\System32\ folder to make it work.
Windows XP users can download and run the software EventID 4226 Patcher Version 2.23d instead which basically does the same thing but sets the limit to 50 half-open connections.
Vista TCP Patch (for Windows Vista)
EventID 4226 Patcher Version 2.23d (for Windows XP)
I downloaded and run the patch for Windows XP service pack 2 by mistake cause I have service pack 3. Is there anyway i can removed it?
Update:
Best is to set tcp/ip settings manually.
Greets,
Mist
Hello,
If you dont know what you are doing, you might wanna think about not doing anything at all. I read alot that you dont wanna alter windows registry or the windows system files to be modified with 3rd party isseus & patches as this can severely decrease your system’s stability & performance.
Hi,
I deleted all updates up to/including sp3, because I kept on getting an “unsupported” message. Thats solved now, but now i get the “default value” message instead. It seems the patch is not working.
What to do? I run Vista Home Basic
hmm the file does not exist !!!
I think the file has been removed…
Could you give a link for the file download please
followed instructions
copyed to sys 32
ran from command prompt “Tcpip.sys file unsupported”
currently looking for a more updated version (SP1 RTM vista home premuim, not sure of tcpip version)
Well actually, just after I posted this I went out on a limb and deleted a bunch of updates (for vista). Rebooted and tried the patch again. Worked like a charm! Thanks anyway for the quick reply! :) Merry X-mas and Happy New Year!
are you using the correct program for your operating system ? Which do you have and which file did you download ?
I’ve been trying to get the patch to work. Put it in sys32 folder as mentioned above, but i get an error message saying the followin, “Tcpip.sys file version unsupported” What the heck does that mean? and how can i remedy it?
The patch works with all the latest Vista updates. Read the instructions completely.
Have the file on the \Windows\System32\ folder and use the command prompt to run it.
Bookmarked the Vista link in case I ever get forced to upgrade (it’s going to have to be at gunpoint!) – MS not very helpful explanation for the limit from the Technet doc describing changes in XP SP2 is
“This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.”
http://technet.microsoft.com/en-us/library/bb457156.aspx
So you were pretty much spot on :) It’s one of those enhancements more for corporate users than the home user – if you think of the chaos the CodeRed worm caused back in the day, this is something which which administrators could have watched out for in logs and slowed the incredible rate the worm spread through unpatched LANs…
I read that it doesn’t work if all the ms updates are installed. That’s the case with my pc. But thanks anyway
Rruben you have to use the command line to use it, clicking on it does not do anything
Than I did something wrong but I don’t know what.
Can somebody tell me how you do it well?
I just clicked on the patch, but don’t know what to do with the command prompt.
No, it means that you still have the default value in place.
I get the massage:
Usage:
VistaTcpPatch [/n connection_number]
Parameter:
connection_number – new half-open limit
Current Half-Open limit: default value
Does that mean it’s okay or not okay?