EventID 4226: TCP/IP has reached the security limit

Martin Brinkmann
Oct 24, 2007
Updated • Dec 2, 2012
File Sharing, Windows

Windows XP with Service Pack 2 and Windows Vista have both a TCP/IP connection limit that limits the half-open connections of the system. If that limit is reached a new entry in the Event Viewer is created stating "EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.".

It is not absolutely clear to me why Microsoft did set the limitation, some possible reasons could be to prevent worms and other malicious scripts from spreading to fast or to limit filesharing. Users will most likely notice that something is wrong when running P2P clients, slow downloads and timeouts are indicators that the limit is set.

The easiest way to check if the limit is responsible for slow downloads or other issues related to downloading files, is to check the Windows Event Viewer for these events.

To open the Event Viewer click on the start button of the operating system and enter Event Viewer in the search and run box there. Select the program from the list and wait until it has loaded. Now search for the eventID mentioned above and see if you get hits.

Thankfully a solution exists that can patch the file tcpip.sys and remove the security limit. To do that you need to download the file Vista TCP Patch, open an elevated command prompt with administrator rights and enter the following command. VistaTcpPatch /n X with X being the maximum amount of half-open connections allowed on that system.

The computer needs to be restarted afterwards. Some users reported that they needed to execute Vista TCP Patch from the \Windows\System32\ folder to make it work.

Windows XP users can download and run the software EventID 4226 Patcher Version 2.23d instead which basically does the same thing but sets the limit to 50 half-open connections.

Vista TCP Patch (for Windows Vista)
EventID 4226 Patcher Version 2.23d (for Windows XP)


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Jan said on March 25, 2009 at 12:25 pm

    I downloaded and run the patch for Windows XP service pack 2 by mistake cause I have service pack 3. Is there anyway i can removed it?

  2. Mist said on January 17, 2009 at 4:19 am


    Best is to set tcp/ip settings manually.



  3. Mist said on January 17, 2009 at 4:14 am


    If you dont know what you are doing, you might wanna think about not doing anything at all. I read alot that you dont wanna alter windows registry or the windows system files to be modified with 3rd party isseus & patches as this can severely decrease your system’s stability & performance.

  4. stan said on December 25, 2008 at 10:55 am


    I deleted all updates up to/including sp3, because I kept on getting an “unsupported” message. Thats solved now, but now i get the “default value” message instead. It seems the patch is not working.
    What to do? I run Vista Home Basic

  5. Alfred said on June 1, 2008 at 10:55 am

    hmm the file does not exist !!!
    I think the file has been removed…
    Could you give a link for the file download please

  6. pain4money said on February 14, 2008 at 6:04 am

    followed instructions

    copyed to sys 32

    ran from command prompt “Tcpip.sys file unsupported”

    currently looking for a more updated version (SP1 RTM vista home premuim, not sure of tcpip version)

  7. Confused said on December 23, 2007 at 12:06 am

    Well actually, just after I posted this I went out on a limb and deleted a bunch of updates (for vista). Rebooted and tried the patch again. Worked like a charm! Thanks anyway for the quick reply! :) Merry X-mas and Happy New Year!

  8. Martin said on December 22, 2007 at 11:57 pm

    are you using the correct program for your operating system ? Which do you have and which file did you download ?

  9. Confused said on December 22, 2007 at 11:47 pm

    I’ve been trying to get the patch to work. Put it in sys32 folder as mentioned above, but i get an error message saying the followin, “Tcpip.sys file version unsupported” What the heck does that mean? and how can i remedy it?

  10. AA said on November 22, 2007 at 6:21 pm

    The patch works with all the latest Vista updates. Read the instructions completely.
    Have the file on the \Windows\System32\ folder and use the command prompt to run it.

  11. Anonymoose said on October 25, 2007 at 10:15 am

    Bookmarked the Vista link in case I ever get forced to upgrade (it’s going to have to be at gunpoint!) – MS not very helpful explanation for the limit from the Technet doc describing changes in XP SP2 is

    “This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.”


    So you were pretty much spot on :) It’s one of those enhancements more for corporate users than the home user – if you think of the chaos the CodeRed worm caused back in the day, this is something which which administrators could have watched out for in logs and slowed the incredible rate the worm spread through unpatched LANs…

  12. rruben said on October 24, 2007 at 1:21 pm

    I read that it doesn’t work if all the ms updates are installed. That’s the case with my pc. But thanks anyway

  13. Martin said on October 24, 2007 at 1:07 pm

    Rruben you have to use the command line to use it, clicking on it does not do anything

  14. rruben said on October 24, 2007 at 12:53 pm

    Than I did something wrong but I don’t know what.
    Can somebody tell me how you do it well?
    I just clicked on the patch, but don’t know what to do with the command prompt.

  15. Martin said on October 24, 2007 at 11:28 am

    No, it means that you still have the default value in place.

  16. rruben said on October 24, 2007 at 11:16 am

    I get the massage:

    VistaTcpPatch [/n connection_number]
    connection_number – new half-open limit

    Current Half-Open limit: default value

    Does that mean it’s okay or not okay?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.