Jump to content

Event id 4226


Tassadaru

Recommended Posts

The thing that did the trick for me was disabling ICS. It's quite annoying because neither of my two routers work properly, which is why I switched to using an old hub and ICS in the first place.

Edited by Peekaboo
Link to comment
Share on other sites


Well, the "fix" or "tweak" that Spooky gave me didn't work, I still have the lockdowns but STILL, with somekind of slowdown of the times / day they occur. I only got one or two when I was at the computer, so it MAY be a temporary fix to the problem.

@ Spooky:

If you would please be so nice to make a good limit increasing in the registry entries you provided, so that no problems will/can occur, I mean a real limit boost, since I am not really a HEX kinda guy :P (I don't really get around with HEX editing, and I don't want to screw up something).

Please try increasing the limit to 200 and pasting the code here. I know what are the risks but at the same time I know I can't get infected :) I was before, and now my protection services are up2date and fully loaded.

Thank you, and I'm awaiting an answer with the code reg-tweak.

Link to comment
Share on other sites

Lets review a little bit about what the 4226 really is before we start hacking stuff up. Take a look here first : What 4226 really means

OK, now, take a look at the The TCP Handshake Process also from the above. What this limit does is limit the "half open" (syn sent or syn recvd) connections..ONLY IF THEY DO NOT CONNECT AND WE ARE WAITING FOR THEM TO TIME OUT!

Lets say we want to make 50 connections, our client sends SYN to the first 10 hosts. Lets say connection 1 responds, connection 2 - 10 time out, so it sends now to host 11, 12-20 time out, it now sends to hosts 21 - 30 and lets say all those connect and do not time out, and lets say 31-40 also connect and do not time out, and lets also say that 41 - 50 also connect and do not time out.

OK we are now connected to 32 connections, but we look in or error logs and see Event 4226; for the example above this is because of the connections 2-10 and 12 -20 timing out and not actually connecting. But wait a second, we still made 32 connections out of the 50 we attempted....not only 10!

You see the picture here....the limit imposed of 10 does not keep you from making any number of connections you want to make. Basically, the limit of 10 only does one thing and one thing only - it simply breaks down the number of connections in blocks of 10 and handles 10 at a time, if all 10 connect then it takes the next block of 10, then the next block, and so on. The event 4226 DOES NOT MEAN THERE IS A LIMIT ON THE NUMBER OF CONNECTIONS YOU CAN MAKE! The limit in TCP/IP does not limit your clients or the number of connections you can make, it never has, and its a myth that it does plain and simple.

If for example we are trying to make 100 connections from our clients heres what would happen if some of them timed out not completing the handshake and some of them didn't, here is what it might look like and when you would get an Event 4226, lets use a mythical P2P application called 'MakeConnect' to demonstrate:

A. MakeConnect wants to download something from 200 other P2P client sharing computers. We start our connections

B. Connections 1 - 50 connect, do the handshake sucessfully and do not time out - OK we are good - there will not be an Event 4226 for these connections.

C. connections 51 - 60 try to connect but all of them don't complete the handshake and time out - not so good - because they timed out and did not connect we will see an Event 4226 in the logs - this does not mean that we had a problem or there was a limit imposed of any type (because there isn't) it just means connections 51-60 didn't complete the handshake and timed out.

D. connections 61 - 200 complete the handshake and connect - OK good to go - there will not be an Event 4226 for these connections.

I know the examples don't cover everything, but the Event 4226 only happens if the connections time out and do not connect during the TCP/IP handshake. There is no limit imposed at all in TCP/IP. If you look in the logs you see for Event 4226 this : "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." All this means is that a block of 10 attempted connections timed out and did not connect or respond, thats all it means, it does not mean you have reached any limit at all. People have taken this and twisted it all out of proportion to mean a dooms day sceinario indicating that MS has taken steps to restrict their internet use, this is not true and never has been, why would a company who makes its money by producing an OS thats made to connect to the net limit the number of connections you can make? There is no sinister plot here, there is no "to keep people from pirating or sharing stuff" sceinario here, its just the way that TCP/IP in Vista works and designed to limit the spread of worms, and thats all it is plain and simple. People simply do not understand what is happening and how its really supposed to work. The way this description of Event 4226 is worded makes it seem like the connections are limited, perhaps its badly worded, but take into account its a "techinical" and literal explaination, so if we look at it and knowing what we know about how its supposed to work, the wording now begins to make sense. Maybe they could have worded it better. Read what is says carefully; "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." It does not say "TCP/IP has reached the limit imposed on the number of concurrent TCP connect attempts." Its simply doing what it was designed for to limit the spread of worms, it will not keep valid connections that sucessfully complete the full TCP/IP connection process from being made, unfortunately some P2P connections don't make the grade for connection attempts on every system due to whats between the client and the host, most P2P clients also have very sloppy and inefficient methods of utilizing TCP/IP because of including things that really don't do well on TCP/IP but have an effect on TCP/IP.

Connections that time out not completing the TCP/IP handshake and cause a Event 4226 may simply have been slow in responding and may connect fine later when another attempt is made. Another little secret too, you remember the TCPIP.sys files for XP that were modified to defeat this '10 limit'? They actually didn't do anything at all other than change or remove when the Event 4226 was triggered, the connections that did not initially respond and would have triggered the 4226 were simply slow in initially responding and responded later or just failed, this is why it 'appeared' to have 'removed a limit' because it wasn't reported until much later or not as frequently but tcpip.sys was still doing what it was designed to do, make connections, there was never any connection limit to remove in the first place, but this is another story.

Now all this considered, when it comes down to it, the Event 4226 simply means that a block of 10 connections failed to respond and connect in the TCP/IP handshaking stage. Thats all it means, it does not mean you are limited to only 10 connections. Heck, those 10 connections from the Event 4226 might connect later and be fine too. The TCP/IP imposed limit does not limit then number of connections you can make.

Edited by Spooky
Link to comment
Share on other sites

It's a myth that the 10 limit slows your connections. TCP only connects as quickly as it will connect and thats it, the connections can be made only as fast as your path to where ever will allow, but the Vista TCP/IP tries to connect immediately. No one connection is exactly the same as another, even if they are made to the same host at the same time, they are all different. There are so many variables involved that its impossible to determine how quickly it will really connect. If your connecting 'slowly' it can be that the host is taking its time, it can be that there are slow servers and routers on the net you have to pass through that are taking their time, it can be that the client your using is taking its time to report the connection, it can be that a server along the route has hardened their own TCP/IP against SynAttack (not uncommon for this to happen, in fact its recommended - remember we are dealing with Syn here in the TCP/IP handshaking, if this is the case its entirely possible for repeated connections from the same source to be timed out going thru the server enroute to its destination, depends on how the server is set up), it can be anything at all. TCP attempts connections immediately, its the other stuff that it has to go thru that determines the quality of those connections. The myths that the limit of 10 concurrent connections with Vista TCP/IP keeps you from making more than 10 connections or slows your connections is false.

The 10 limit in TCP/IP has nothing at all to do with how quickly you connect and does not keep you from making more than 10 concurrent connections if all the connections respond properly and in time. The wording for the 4226 event doesn't mean that at all, its just telling you that this happened because the connections either couldn't be made or they timed out for some reason. It could be that the host end has a limit on the number of connections allowed and additional connection attempts beyond that limit simply time out, it could be that the host end is already saturated with numerous connections and is slow in responding which causes it to time out from your end, it could be a slow or screwed up router or server in between you and the host for the route your connection took, it could be the ISP is doing some type of automatic 'throttling' of some sort, it could be a server along the route that only allows so many connections at a time to get thru and yours is in line some where and times out, and it could just be that your having a bad internet day. It could be anything at all. But if your using the default TCP/IP stack in Vista, it is not the TCP/IP stack in Vista that is keeping you from making more than 10 connections.

right.. but slows u down making all those connections..
Edited by Spooky
Link to comment
Share on other sites

OK, here's some reg settings, I don't make any promises about them. They will not defeat the event 4226 event and are not intended, nor offered, to do so. They might help with compensating for some P2P clients. Use them at your own risk, do not complain if they don't do anything for you or even kill your connection. A few of these affect settings already existing in the registry, they are provided to ensure something hasn't messed with these and changes them back to their defaults. A few of the entries could adversly affect security of your system and expose it to attack. These may fundamentally alter the way TCP/IP operates in an adverse manner from slower connections up to and including no connection at all. All of the values are at max except for one of them but its in an entirely reasonable range for anyones use using any client. Back up this reg key before using these entries. Once again, use at your own risk, I do not assume any responsibility for their use or for what you do with them or for any damage or adverse condition that may occur from their use.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"TcpFinWait2Delay"=dword:ffffffff
;use DisableTaskOffload only if your NIC can handle it
"DisableTaskOffload"=dword:00000000
"EnableICMPRedirect"=dword:00000001
"EnableFastRouteLookup"=dword:00000001
"MaxFreeTcbs"=dword:000007d0
"MaxHashTableSize"=dword:00000800
"MaxNormLookupMemory"=dword:ffffffff
"TcpMaxHalfOpenRetried"=dword:0000ffff
"TcpMaxHalfOpen"=dword:0000ffff

Edited by Spooky
Link to comment
Share on other sites

there's a good chance that i'm mistaken but i applied it and it now seems like in XP opposed to several days ago when uT just couldnt connect to a certain number of peers in a good amount of time.. now it looks perfect.. it's all up to cmedia and ati now.. thx Spooky :D

Link to comment
Share on other sites

Its difficult to test something like this on just one or even a few systems, it might turn out they don't do anything at all except in very narrow circumstances or only with a specific system set-up. Might work for some and not for others. Keep checking them out and let us know how it goes for you.

there's a good chance that i'm mistaken but i applied it and it now seems like in XP opposed to several days ago when uT just couldnt connect to a certain number of peers in a good amount of time.. now it looks perfect.. it's all up to cmedia and ati now.. thx Spooky :D
Edited by Spooky
Link to comment
Share on other sites

It's almost the same, but with added P2P problems, or any other software that wants to connect to the internet for that matter, and has no connection made. I can't do nothing, untill I restart my uTorrent software several times to fix the lockdown.

@Spooky: the tweak didn't do anything but slow lockdown occurances down. They don't happen as often as they used to, but they still do happen. Until Microsoft releases a patch (and after the launch of Vista in 31 Jan), users who use ICS will have the same problem, and maybe Microsoft will come up with a fix. Until then, there's no telling what could be wrong, I am still thinking that ICS is the problem. Well.. no one can explain the problem to Microsoft or make them read this post, or even if they see it, we're just some puny little guys from Romania who have this problem, or not? Nevermind, Thanks for all your help Spooky, I'm glad to see that some people still want to help.

Over and out.

Link to comment
Share on other sites

It's almost the same, but with added P2P problems, or any other software that wants to connect to the internet for that matter, and has no connection made. I can't do nothing, untill I restart my uTorrent software several times to fix the lockdown.

@Spooky: the tweak didn't do anything but slow lockdown occurances down. They don't happen as often as they used to, but they still do happen. Until Microsoft releases a patch (and after the launch of Vista in 31 Jan), users who use ICS will have the same problem, and maybe Microsoft will come up with a fix. Until then, there's no telling what could be wrong, I am still thinking that ICS is the problem. Well.. no one can explain the problem to Microsoft or make them read this post, or even if they see it, we're just some puny little guys from Romania who have this problem, or not? Nevermind, Thanks for all your help Spooky, I'm glad to see that some people still want to help.

Over and out.

Well, I use utorrent as well and I'm on nForce4 (you are too, if I am not mistaken). And I also use ICS. After one of those, as you call it, lockdowns I went to the other computer to check, if internet works and it ... had (www, ftp, p2p - all).

Till now I had to reboot whole system to make things work again. You're saying all I have to do is restart utorrent (even serval times) to get back things to work ? It's not a fix, but always better than rebooting once a day. :\

If it's about utorrent, then I've go some bad news as this application won't get any newer versions. Author sold it to some big torrent site (BitCommet or something) and they want to integrate it with their network and software. What a pity.

Link to comment
Share on other sites

Yup that's what I do and it works. I have a 13d 14h 47m uptime as I am typing and when things go 'boom', I restart uTorrent (like close it, wait some 10-20 seconds, open it again, wait 10-20 seconds, check if web works, if it doesn't, close it again, wait ... and so on)... Usually it takes 1-2 restarts of uTorrent to get things working again. Well until a fix comes out, there's nothing we can do. **** I hate Micro$oft! :realmad:

It's almost the same, but with added P2P problems, or any other software that wants to connect to the internet for that matter, and has no connection made. I can't do nothing, untill I restart my uTorrent software several times to fix the lockdown.

@Spooky: the tweak didn't do anything but slow lockdown occurances down. They don't happen as often as they used to, but they still do happen. Until Microsoft releases a patch (and after the launch of Vista in 31 Jan), users who use ICS will have the same problem, and maybe Microsoft will come up with a fix. Until then, there's no telling what could be wrong, I am still thinking that ICS is the problem. Well.. no one can explain the problem to Microsoft or make them read this post, or even if they see it, we're just some puny little guys from Romania who have this problem, or not? Nevermind, Thanks for all your help Spooky, I'm glad to see that some people still want to help.

Over and out.

Well, I use utorrent as well and I'm on nForce4 (you are too, if I am not mistaken). And I also use ICS. After one of those, as you call it, lockdowns I went to the other computer to check, if internet works and it ... had (www, ftp, p2p - all).

Till now I had to reboot whole system to make things work again. You're saying all I have to do is restart utorrent (even serval times) to get back things to work ? It's not a fix, but always better than rebooting once a day. :\

If it's about utorrent, then I've go some bad news as this application won't get any newer versions. Author sold it to some big torrent site (BitCommet or something) and they want to integrate it with their network and software. What a pity.

Link to comment
Share on other sites

Well. Yesterday that trick with closing and opening utorrent worked out, but today I did that like 20 times and without any result. So I started to looking out for some other solution and I found it. This way is faster. Just turn off the ICS and then turn it on again - web should start working.

Edited by apsiq
Link to comment
Share on other sites

Well yes I understand that turning ICS off and then back on is a temporary solution, but I just can't do that sometimes. Since my computer acts as a server, I can't just turn ICS off and on whenever the problem occurs. My current uptime is 16d 8h 33mins, and every day I get the error, when surfing the web, when not, whenever something is going wrong (too many connections are made at once, i dunno)... There's gotta be something that can fix this, other than restarting the applications or restarting ICS. I wonder what can be done...

Well. Yesterday that trick with closing and opening utorrent worked out, but today I did that like 20 times and without any result. So I started to looking out for some other solution and I found it. This way is faster. Just turn off the ICS and then turn it on again - web should start working.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...