TCP limit & network issue

  • Thread starter Thread starter Keith B. Rosenberg
  • Start date Start date
K

Keith B. Rosenberg

We have been having an issue with a Vista Ultimate desktop cutting off
its shared folders from the other computer. Only a reboot fixes it and
Vista will not complete a shutdown and has to be powered off.

We are getting the following error message each time this happens. Any
idea how to fix this problem?

Event ID: 4226
TCP/IP has reached the security limit imposed on the number of concurrent
TCP connect attempts.



It is possible that something else is wrong and the above error is just a
symptom.



Thanks!!



Keith B. Rosenberg
 
Keith B. Rosenberg said:
We have been having an issue with a Vista Ultimate desktop cutting off
its shared folders from the other computer. Only a reboot fixes it and
Vista will not complete a shutdown and has to be powered off.

We are getting the following error message each time this happens. Any
idea how to fix this problem?

Event ID: 4226
TCP/IP has reached the security limit imposed on the number of concurrent
TCP connect attempts.



It is possible that something else is wrong and the above error is just a
symptom.
Click to expand...

I can't find a Vista example, but this XP explanation menas the same thing.
The machine can only have so many concurrent connections open.

<http://www.microsoft.com/technet/su...ProdVer=5.2&EvtID=4226&EvtSrc=Tcpip&LCID=1033>

However, it could mean that you have a compromise issue if you're only
talking about two machines.
 
Event ID: 4226
TCP/IP has reached the security limit imposed on the number of concurrent
TCP connect attempts.

It is possible that something else is wrong and the above error is just a
symptom.
Click to expand...

Almost certainly.

That error indicates that the number of half-open TCP connections
allowed has been exceeded. Half open connections happen when a host begins
the TCP handshake sequence but never completes it. That can be deliberate
(due to malicious action) or accidental because of a network problem.
There's no easy way to adjust it in Vista because Microsoft Knows Better Than
You Ever Will.

Typically, a lot of half open conditions do in fact indicate an attack,
a badly behaved progam, or poor network quality. My first guess would be
that you're running some sort of file sharing program like bittorrent. because
those open a large number of connections to and from unreliable hosts you can
see "too many" half open connections. If you are, them, well, turn it off...

The easiest way to figoure out something like this is to look at
the traffic. How good are you with tcp stuff? Wireshark runs on windows...
 
Thanks for all of the answers.

I had previously researched the event message and I also discovered that
Microsoft knows better. What is not clear is how many connections Vista
can have. Some say 2 for Home and 25 for Ultimate or 10 for Vista. 2 sounds
a bit on the low side and since the problem machine has Ultimate even 25
sounds
low. Microsoft's explanation for limiting the number of TCP connections to a
static
number seems to make sense on the surface. But it also has the effect of
making
you buy one of their server products to do any real file sharing in a
client/server
type of relationship (which is what we are doing).

I am not running any file sharing stuff other than what comes with Vista.
Nor do I believe that these two machines are compromised as someone else
suggested. My firewall would be picking up the traffic and there would be
other
signs. I have used Wiresharks ancestor Ethereal.

It had been a minor problem happening once or so every week. But when I
Installed Norton Antivirus 2009 it got MUCH worse and happens a few times
per day now. So it appears to me to be related. Unfortunately Symantec
suggests
running the computer with Antivirus shut down to see if it is their product
or not.
Interestingly Microsoft suggested the same thing months ago when I would
have had
to run it for a week or more that way to replicate the problem. You can
imagine
I am not at all keen on doing that even for a few hours of normal
operation - it might
take half a day or more to happen. Antivirus has been reinstalled from
scratch by
a Symantec chat support tech without any change in the issue.
 
Keith B. Rosenberg said:
Thanks for all of the answers.

I had previously researched the event message and I also discovered that
Microsoft knows better. What is not clear is how many connections Vista
can have. Some say 2 for Home and 25 for Ultimate or 10 for Vista. 2
sounds
a bit on the low side and since the problem machine has Ultimate even 25
sounds
low. Microsoft's explanation for limiting the number of TCP connections to
a static
number seems to make sense on the surface. But it also has the effect of
making
you buy one of their server products to do any real file sharing in a
client/server
type of relationship (which is what we are doing).

I am not running any file sharing stuff other than what comes with Vista.
Nor do I believe that these two machines are compromised as someone else
suggested. My firewall would be picking up the traffic and there would be
other
signs. I have used Wiresharks ancestor Ethereal.

It had been a minor problem happening once or so every week. But when I
Installed Norton Antivirus 2009 it got MUCH worse and happens a few times
per day now. So it appears to me to be related. Unfortunately Symantec
suggests
running the computer with Antivirus shut down to see if it is their
product or not.
Click to expand...


Try downloading AVG free + latest definitions (or one of the other
recommended free antivirus). Download your latest norton definitions plus
malware definitions ( you do use anti spy/malware program??) + any norton
removal tools required for 2009 (from my own and others experience just
uninstalling doesnt remove all of it). Then go off line, scan all to be
certain, then uninstall NAV fully and install AVG with latest definitions
so you are safe to go back online while you are testing.
 
Thanks for all of the answers.

signs. I have used Wiresharks ancestor Ethereal.
Click to expand...

Well, what does wireshark tell you about the tcp connections?
Who's opening them and to what ports?

It can't be an authentication issue (the typical vista file
sharing problem) because that wouldn't result in half-opens. It can't
be a dead deamon because that would give resets. Hmmmm, related to
Norton, wonder if Norton is trying to open a connection to a nonexistent
or unreachable update server???
 
Well it took more than a week to prove, but the problem seems to have
been Symantec's Norton anti-virus (NAV). Once it had been uninstalled
and AVG installed all of the networking issues went away. The disconnect
issue, the slow speed and also a slow copy and paste issue my wife told
me about after the NAV had been uninstalled. Apparently the networking
issue was causing slowness in general at times.

What really frosts me is that when I told Symantec tech support what I had
done they did not acknowledge the issue or provide a fix. They cut off the
support
back and forth when I asked them for a fix or to tell me that they did not
have one.
Apparently they do not feel that their product has an issue.

At this point anyone who wants to use Norton Antivirus on Vista computers
that are set up in a peer-to-peer configuration should think twice about it
until
they have proven it does not cause them any problems.

Thanks for suggesting using another antivirus package. I do not know if I
will use
AVG in the end, but it is a strong contender.
 
Keith B. Rosenberg said:
Well it took more than a week to prove, but the problem seems to have
been Symantec's Norton anti-virus (NAV). Once it had been uninstalled
and AVG installed all of the networking issues went away. The disconnect
issue, the slow speed and also a slow copy and paste issue my wife told
me about after the NAV had been uninstalled. Apparently the networking
issue was causing slowness in general at times.
Click to expand...

I'm glad you identified the problem. I stopped using it years back. It
slowed my old pc down to a crawl. I had a trial of 2007 with Internet
security when I got the new laptop. It lasted 3 days. Took several weeks
before my blood pressure went down!!

AVG hasnt let us down so far.
 
Spikey said:
I'm glad you identified the problem. I stopped using it years back. It
slowed my old pc down to a crawl. I had a trial of 2007 with Internet
security when I got the new laptop. It lasted 3 days. Took several weeks
before my blood pressure went down!!

AVG hasnt let us down so far.
Click to expand...

Yes, I love AVG, but I never had anything but problems with Norton on my
Win98.

Cheri
 
Back
Top