playsafe Posted July 11, 2007 Share Posted July 11, 2007 Server: Windows 2003 server as Active Directory and domain controller.All clients are using Windows XP Pro SP 2.There are 6 printers attached to 6 different client systems for print sharing. All printer have "List in directory" checked in Sharing Tab of printer properties.There is a limit of ten simultaneous connections for win XP as described by Microsoft.When client computers are switched on in the morning, they start connecting themselves with the print shares, as the limit of ten connections for a system with printer reaches. Other clients get "Unable to connect" message when connecting to printer.I read following related support articles at microsoft.com, http://support.microsoft.com/kb/314882http://support.microsoft.com/kb/328459Is there a workaround so that a connection (session) be made when a system sends a print and not when it is switched on holding a NULL SESSION. Link to comment Share on other sites More sharing options...
N1K Posted July 11, 2007 Share Posted July 11, 2007 Event ID 4226 PatcherWhat's this all about?After almost everybody knows the <<EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts>>, I used a day to create for educational purpose a fix for this argumentative feature.Unfortunately there exists no REG-key which could easily be set (would be so nice and easy, right? *smile*). The file TCPIP.SYS in the directory C:\WINDOWS\SYSTEM32\DRIVERS and C:\WINDOWS\SERVICEPACKFILES\I386 has to be changed (system depended eventually in C:\WINDOWS\SYSTEM32\DLLCACHE, too).Needed things:- Windows XP SP2 (from RC2 upwards) or Windows 2003 Server SP1 beta- patcher- a small amount of timeWhat's been done:To say it easy: the before 10 half-open connections are being increased to 50 (can be changed during runtime and with the parameter /L) and the CRC is been corrected. And that's it!Comment:The method described here, should only be used by users, who know how to handle all the described. With the download of the here published program the user know, that changes are made on third party files. For damages in every kind I cannot be hold responsible for. Indeed, tests worked fine here. However, nothing is impossible.Info: When error occurs, the patcher can change the TCPIP.SYS back to the original! Instruction:Just download the patcher and execute it. It will automatically find the windows directory and ask, if it should increase/decrease. For higher values, please check the help with parameter /?.After a successful patch, the new TCPIP.SYS will be automatically installed. After that, the computer should be restarted.Download LINKNotice: You should be a Windows Server license holder or this action is considered as illegal!! Link to comment Share on other sites More sharing options...
Idontwantspam Posted July 13, 2007 Share Posted July 13, 2007 Is your fix legal? Because the EULA specifically says, limit of 10 connections. It seems kind of... fishy. Link to comment Share on other sites More sharing options...
cluberti Posted July 13, 2007 Share Posted July 13, 2007 In countries where the EULA is considered binding, this is technically a violation of the EULA as it modifies the product (XP) to work other than designed.(partially extracted from the EULA)GRANT OF LICENSE. Manufacturer grants you the followingrights, provided you comply with all of the terms andconditions of this EULA:* Installation and Use. Except as otherwise expresslyprovided in this EULA, you may install, use, access, displayand run only one (1) copy of the SOFTWARE on the COMPUTER. The SOFTWARE may not be used by more than two (2) processorsat any one time on the COMPUTER, unless a higher number isindicated on the Certificate of Authenticity. You may permita maximum of ten (10) ("Connection Maximum") computers orother electronic devices (each a "Device") to connect to theCOMPUTER to utilize one or more of the following services ofthe SOFTWARE: File services, Print services, InternetInformation services, and remote access (including connectionsharing and telephony services). The ten (10) ConnectionMaximum includes any indirect connections made through"multiplexing" or other software or hardware which pools oraggregates connections. Except as otherwise permitted herein,you may not use the Device to use, access, display or run theSOFTWARE, the SOFTWARE's User Interface or other executablesoftware residing on the COMPUTER. This ten connectionmaximum does not apply to any other uses of the Product.* Software as a Component of the Computer - Transfer. THISLICENSE MAY NOT BE SHARED, TRANSFERRED TO ORUSED CONCURRENTLY ON DIFFERENT COMPUTERS. The SOFTWARE is licensed with the COMPUTER as a singleintegrated product and may only be used with the COMPUTER. Ifthe SOFTWARE is not accompanied by HARDWARE, you may not usethe SOFTWARE. You may permanently transfer all of your rightsunder this EULA only as part of a permanent sale or transferof the COMPUTER, provided you retain no copies, if youtransfer the SOFTWARE (including all component parts, themedia, any upgrades, this EULA and the Certificate ofAuthenticity), and the recipient agrees to the terms of thisEULA. If the SOFTWARE is an upgrade, any transfer must alsoinclude all prior versions of the SOFTWARE.) Link to comment Share on other sites More sharing options...
nmX.Memnoch Posted July 13, 2007 Share Posted July 13, 2007 (edited) The link N1K provided is the supposed fix for the 10 half-open connections limit that was added in SP2, not a fix for the 10 connection limit.The legal answer is no. For true server duties you should use the server version of the OS (i.e. Server 2003 R2, Standard Edition). If printing is your only requirement, a cheaper option would be to purchase a dedicated print server device and configure the clients for direct-IP printing. If you already have a server then I would suggest purchasing a dedicated print server device for each printer (or if they have the capability of adding a network card, that's your best option). Then configure those printers on the server using IP printing and share them from there. It won't add that much load to your server...particularly since you're only talking about six printers. Edited July 13, 2007 by nmX.Memnoch Link to comment Share on other sites More sharing options...
Idontwantspam Posted July 13, 2007 Share Posted July 13, 2007 Cluberti, So isn't that sort-of against MSFN rule 1, a little bit? Circumvention of whatchamacallit restrictions or whatever? I'm not trying to be mean or picky or anything, I just think this topic is a bit... on the fine line between OK and not OK. Link to comment Share on other sites More sharing options...
cluberti Posted July 13, 2007 Share Posted July 13, 2007 I try not to play in the grey area on things like this - it's not illegal everywhere, and it doesn't allow you to illegaly use XP itself (like circumventing WGA or activation), so it doesn't technically violate rule #1 in my book. It's such a broad area, and since we're a global site on the 'net, I can't assume that it's illegal for everyone just because it's a violation of the EULA in, say, the US. Link to comment Share on other sites More sharing options...
Idontwantspam Posted July 14, 2007 Share Posted July 14, 2007 You are a mod, so as long as you approve, it's alright with me. Link to comment Share on other sites More sharing options...
Tarun Posted July 14, 2007 Share Posted July 14, 2007 Patching tcpip.sys is unwise... most people don't understand what the limit even means. I've never been limited by it, ever. People patched tcpip.sys and spread it around as an enhancement when it does nothing but allow you to destroy Winsock that much faster.How's that an enhancement? I don't know...The thing is, it's pretty hard to hit ten at the same time. It's not as if the half-open connections stay open very long. They time out fast enough that it never happens. If you just hit ten invalid IP addresses at the same time and they're all half-open, maybe you should consider stopping whatever it is you're doing.SP2 imposed a limit of ten on the amount of half-open stalled outbound connections. When the limit is reached, an event is logged. The reason they did it is to curb the payload of viruses/etc, so when you end up with port scanning trojans, etc. they would be stopped. The statistics that came back after they did this proved that it was a wise move.People think it's going to affect their P2P somehow and it doesn't. All of the addresses are valid and ones that end up half-open close pretty quickly. Sadly, even Shareaza believes in this FUD. It warns you that your experience won't be as good because of the limit. So they released this "patched" tcpip.sys to remove the limit and say it's a "tweak".So yeah, if you get infected, welcome to 65535 half-open connections. Enjoy your Winsock. Link to comment Share on other sites More sharing options...
cluberti Posted July 14, 2007 Share Posted July 14, 2007 Patching tcpip.sys is unwise... most people don't understand what the limit even means. I've never been limited by it, ever. People patched tcpip.sys and spread it around as an enhancement when it does nothing but allow you to destroy Winsock that much faster.How's that an enhancement? I don't know...Well, XP _does_ impose a limit on inbound connections to the server service at 10 (as does Vista and W2K and NT4 Workstation...). You've obviously never tried to use XP or Vista running the R2 print management console to try and admin hundreds of printers, I take it .Regardless, I personally don't believe in violating the EULA by patching the tcpip.sys to allow more than 10 inbound connections - if you need more than that, you're running a SERVER and need a server-class OS such as Windows Server 2003 (or a Linux Samba server, if you so choose). Link to comment Share on other sites More sharing options...
playsafe Posted July 17, 2007 Author Share Posted July 17, 2007 The link N1K provided is the supposed fix for the 10 half-open connections limit that was added in SP2, not a fix for the 10 connection limit.The legal answer is no. For true server duties you should use the server version of the OS (i.e. Server 2003 R2, Standard Edition). If printing is your only requirement, a cheaper option would be to purchase a dedicated print server device and configure the clients for direct-IP printing. If you already have a server then I would suggest purchasing a dedicated print server device for each printer (or if they have the capability of adding a network card, that's your best option). Then configure those printers on the server using IP printing and share them from there. It won't add that much load to your server...particularly since you're only talking about six printers.First of all, I m really sorry for coming back to the post so late, I was installing my system and removing virus from it that is why I just could not get online.Regarding problem I face, nmXMemnoch is absolutely right. I m talking about no. of inbound connection and NOT TCP/IP half open connections per second.It is not so good to hear that it cant be improved, without going into the hot debate if it is legal or illegal. I will now try to have a combination of print server and printer directly connected and configured through ethernet cards.Still i have one question, can we change something so that client computer makes a connection to the system when computer sends a print and not while it is powered on.I read this page http://support.microsoft.com/kb/328459 again and again, but still unable to understand if it can help me or not. Link to comment Share on other sites More sharing options...
Zxian Posted July 17, 2007 Share Posted July 17, 2007 I'm just wondering why you need the 6 different printers in 6 different locations? Are they each for different purposes, and does everyone in the office need access to all of them? Link to comment Share on other sites More sharing options...
playsafe Posted July 18, 2007 Author Share Posted July 18, 2007 I'm just wondering why you need the 6 different printers in 6 different locations? Are they each for different purposes, and does everyone in the office need access to all of them?I have these printers in two floors, on each floor there exists partitioning. In each partition there are about 10 people who use the printer of there own partition. But if for some reason printer gives problem or something else the adjacent partition printers are used, that is why I want to give them access to their own partition and adjacent one also if possible.No they are not for different purposes. Link to comment Share on other sites More sharing options...
playsafe Posted July 18, 2007 Author Share Posted July 18, 2007 One thing more I want to mention. Previously, they were mostly automatically added by winXP like "Auto printer on system". And everything was going fine as about 50 systems had these auto-configured printers.But As I installed Symantec Client Security, Firewall included I have to Add Printer manually or through script. i-e Auto printer addition stopped working. And though connections problem arose. So I think that "Auto" did not create a connection until print is sent. Whereas adding printer manually does establish a permanent connections as system gets powered on or either at user Log In. Link to comment Share on other sites More sharing options...
Zxian Posted July 18, 2007 Share Posted July 18, 2007 From what I see, you have two options.One - limit people to only being able to use their own section's printer. This isn't really ideal, but it'll cost you nothing more than a little configuration time.Two - Buy a network print server for each printer. These devices will connect to your network, and you won't run into troubles of the limited number of connections. These devices are usually pretty cheap - $50-$100 each - and would cost much less than a server licence for each partition (which is what you'd otherwise need). Something like this is what you're looking for.If it were my office, I'd go for the print servers. It's a bit more expensive, but it makes the printers independent of any systems in the office. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now