EventID 4226: TCP/IP has reached the security limit - gHacks Tech News

EventID 4226: TCP/IP has reached the security limit

Windows XP with Service Pack 2 and Windows Vista have both a TCP/IP connection limit that limits the half-open connections of the system. If that limit is reached a new entry in the Event Viewer is created stating "EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.".

It is not absolutely clear to me why Microsoft did set the limitation, some possible reasons could be to prevent worms and other malicious scripts from spreading to fast or to limit filesharing. Users will most likely notice that something is wrong when running P2P clients, slow downloads and timeouts are indicators that the limit is set.

The easiest way to check if the limit is responsible for slow downloads or other issues related to downloading files, is to check the Windows Event Viewer for these events.

To open the Event Viewer click on the start button of the operating system and enter Event Viewer in the search and run box there. Select the program from the list and wait until it has loaded. Now search for the eventID mentioned above and see if you get hits.

Thankfully a solution exists that can patch the file tcpip.sys and remove the security limit. To do that you need to download the file Vista TCP Patch, open an elevated command prompt with administrator rights and enter the following command. VistaTcpPatch /n X with X being the maximum amount of half-open connections allowed on that system.

The computer needs to be restarted afterwards. Some users reported that they needed to execute Vista TCP Patch from the \Windows\System32\ folder to make it work.

Windows XP users can download and run the software EventID 4226 Patcher Version 2.23d instead which basically does the same thing but sets the limit to 50 half-open connections.

Vista TCP Patch (for Windows Vista)
EventID 4226 Patcher Version 2.23d (for Windows XP)





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. rruben said on October 24, 2007 at 11:16 am
      Reply

      I get the massage:

      Usage:
      VistaTcpPatch [/n connection_number]
      Parameter:
      connection_number – new half-open limit

      Current Half-Open limit: default value

      Does that mean it’s okay or not okay?

    2. Martin said on October 24, 2007 at 11:28 am
      Reply

      No, it means that you still have the default value in place.

    3. rruben said on October 24, 2007 at 12:53 pm
      Reply

      Than I did something wrong but I don’t know what.
      Can somebody tell me how you do it well?
      I just clicked on the patch, but don’t know what to do with the command prompt.

    4. Martin said on October 24, 2007 at 1:07 pm
      Reply

      Rruben you have to use the command line to use it, clicking on it does not do anything

    5. rruben said on October 24, 2007 at 1:21 pm
      Reply

      I read that it doesn’t work if all the ms updates are installed. That’s the case with my pc. But thanks anyway

    6. Anonymoose said on October 25, 2007 at 10:15 am
      Reply

      Bookmarked the Vista link in case I ever get forced to upgrade (it’s going to have to be at gunpoint!) – MS not very helpful explanation for the limit from the Technet doc describing changes in XP SP2 is

      “This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.”

      http://technet.microsoft.com/en-us/library/bb457156.aspx

      So you were pretty much spot on :) It’s one of those enhancements more for corporate users than the home user – if you think of the chaos the CodeRed worm caused back in the day, this is something which which administrators could have watched out for in logs and slowed the incredible rate the worm spread through unpatched LANs…

    7. AA said on November 22, 2007 at 6:21 pm
      Reply

      The patch works with all the latest Vista updates. Read the instructions completely.
      Have the file on the \Windows\System32\ folder and use the command prompt to run it.

    8. Confused said on December 22, 2007 at 11:47 pm
      Reply

      I’ve been trying to get the patch to work. Put it in sys32 folder as mentioned above, but i get an error message saying the followin, “Tcpip.sys file version unsupported” What the heck does that mean? and how can i remedy it?

    9. Martin said on December 22, 2007 at 11:57 pm
      Reply

      are you using the correct program for your operating system ? Which do you have and which file did you download ?

    10. Confused said on December 23, 2007 at 12:06 am
      Reply

      Well actually, just after I posted this I went out on a limb and deleted a bunch of updates (for vista). Rebooted and tried the patch again. Worked like a charm! Thanks anyway for the quick reply! :) Merry X-mas and Happy New Year!

    11. pain4money said on February 14, 2008 at 6:04 am
      Reply

      followed instructions

      copyed to sys 32

      ran from command prompt “Tcpip.sys file unsupported”

      currently looking for a more updated version (SP1 RTM vista home premuim, not sure of tcpip version)

    12. Alfred said on June 1, 2008 at 10:55 am
      Reply

      hmm the file does not exist !!!
      I think the file has been removed…
      Could you give a link for the file download please

    13. stan said on December 25, 2008 at 10:55 am
      Reply

      Hi,

      I deleted all updates up to/including sp3, because I kept on getting an “unsupported” message. Thats solved now, but now i get the “default value” message instead. It seems the patch is not working.
      What to do? I run Vista Home Basic

    14. Mist said on January 17, 2009 at 4:14 am
      Reply

      Hello,

      If you dont know what you are doing, you might wanna think about not doing anything at all. I read alot that you dont wanna alter windows registry or the windows system files to be modified with 3rd party isseus & patches as this can severely decrease your system’s stability & performance.

    15. Mist said on January 17, 2009 at 4:19 am
      Reply

      Update:

      Best is to set tcp/ip settings manually.

      Greets,

      Mist

    16. Jan said on March 25, 2009 at 12:25 pm
      Reply

      I downloaded and run the patch for Windows XP service pack 2 by mistake cause I have service pack 3. Is there anyway i can removed it?

    Leave a Reply