Jump to content

Event id 4226


Tassadaru

Recommended Posts


Hmm, thought of that, but I can't leave my PC unprotected by a firewall... Since problems can and WILL arise from stupid viruses and so on that may appear... Any other ideas someone?

why don't you disable the vista firewall and see if that works.
Link to comment
Share on other sites

well you can try it for a bit to see if it really is the firewall that is blocking your programs from making new connections. if it doesn't make any difference after you disable it, then we can rule out the firewall as the cause of the problem.

Link to comment
Share on other sites

"It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone."

Hmmmm, something isn't right here. If there is not already a rule to block something the Vista firewall doesn't block anything new until it sees a threat. If the Vista firewall is actually blocking all new connections then your problem is not with the 4226 event because the firewall blocking something doesn't have a thing to do with the 4226 event. And your not experiencing lock-ups either, even though thats what it looks like to you. I didn't realize what you were seeing until now, in your post, when you said "It doesn't just block ONE application, it blocks ALL applications ..." I'm just now seeing the context. I saw a very similar problem with someone else about two weeks after Vista went RTM and after your last post I remembered it. Are you sure your using an RTM version of Vista, thats properly licensed, actually from Microsoft? And...your not using any sort of KMS. If your running a legitimate properly licensed version actually from MS and not using any sort of KMS then something is seriously screwed up with your install, i'd suggest a re-install.

Another thought also,,,,are you sure your bandwidth is OK? have you checked your connection and made sure your actually getting the bandwidth from your ISP to support your connections? I's also take another look at that Scientific Atlanta cable modem too, someone else said that only DSL modems act as routers, thats not exactly true, Scientific Atlanta and Motorola cable modems will both act as routers its just that the capability to physically access the router portion is not there.

I disabled UAC, but not defender. Anyways, I don't want UAC since I want to run all of my programs as administrator, I know it's risky but I hate always pressing the As administrator button and so on, anyways, is what's causing the internet lockups? If yes, what do I need to do? It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone. I just want to fix this. My patience is getting out of hand here, since I am really beginning to get annoyed by this stupid lockup. Please tell me if I can do something to avoid the lockups or not. Thank you.

PS: It doesn't restrict the application to accept incoming connections. It restricts all aplications from accepting or making new connections.

Edited by Spooky
Link to comment
Share on other sites

I tried disabling Windows Firewall... as duceyaj mentioned, now I'll see what's happening. And yes, I am sure it's the RTM version I'm using, activated and with all updates installed, I don't know what KMS is, but anyway, I'll see how it behaves without Windows Firewall turned on.

Link to comment
Share on other sites

Later edit. It did it again, without Windows Firewall active. And nothing shows in event log but this:

A crash in Application log, that has been 3-4 hours before lockdown,

Security (3-3:30 hours before the lockdown):

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/25/2006 8:54:22 PM

Event ID: 4672

Task Category: Special Logon

Level: Information

Keywords: Audit Success

User: N/A

Computer: DarkMind

Description:

Special privileges assigned to new logon.

Subject:

Security ID: SYSTEM

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

<EventID>4672</EventID>

<Version>0</Version>

<Level>0</Level>

<Task>12548</Task>

<Opcode>0</Opcode>

<Keywords>0x8020000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T18:54:22.991Z" />

<EventRecordID>904</EventRecordID>

<Correlation />

<Execution ProcessID="612" ThreadID="1464" />

<Channel>Security</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="SubjectUserSid">S-1-5-18</Data>

<Data Name="SubjectUserName">SYSTEM</Data>

<Data Name="SubjectDomainName">NT AUTHORITY</Data>

<Data Name="SubjectLogonId">0x3e7</Data>

<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege</Data>

</EventData>

</Event>

And in System logs, the following events (dunno the exact hour of the lockdown):

Log Name: System

Source: Tcpip

Date: 12/26/2006 12:00:31 AM

Event ID: 4226

Task Category: None

Level: Warning

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Tcpip" />

<EventID Qualifiers="32768">4226</EventID>

<Level>3</Level>

<Task>0</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:00:31.201Z" />

<EventRecordID>1971</EventRecordID>

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data>

</Data>

<Binary>00000000010000000000000082100080000000000000000000000000000000000000000000000000</Binary>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:13:18 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:13:18.000Z" />

<EventRecordID>1972</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">running</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:29:48 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:29:48.000Z" />

<EventRecordID>1973</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">stopped</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-SharedAccess_NAT

Date: 12/26/2006 12:59:35 AM

Event ID: 31004

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />

<EventID Qualifiers="0">31004</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:59:35.000Z" />

<EventRecordID>1974</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">

<Data Name="param1">0</Data>

</EventData>

</Event>

What's happening? For the lockdown to be removed, I closed my torrent program and started it again. But I had NO PROBLEMS WHATSOEVER in XP SP2 with Windows Firewall ON and Nod32 as an antivirus. I don't know what the heck is wrong here.

post-119172-1167088604_thumb.jpg

Link to comment
Share on other sites

Event ID: 4672 - thats normal activity, no problems there

Event ID: 7036 - this should be have started then stopped within a few minutes or so but yours ran for a little bit longer. Doesn't mean theres a problem, but check your connection settings/LAN settings and make sure nothing is checked there. Are you on a home network?

Event ID: 31004: How much memory you have in this machine? Do you have shared access enabled? If you do have access sharing enabled, turn it off and see what happens. Access sharing enabled (even if your not using it) and then running some P2P programs can cause problems, can also in certain conditions make Vista think there are more connections then there really are (certain FTP and P2P clients) - don't know if your in this state tho. Also, do you have more then IE installed for a browser (firefox, mozilla, opera, etc...), if so check the services and make sure a service for those browsers is not running. Do you have a messenger client installed (MSN, etc...)? If so check to make sure its not really running (check services, etc..remember the messenger service in XP - same thing here, will run without starting up and make connections just to be ready for you when it does start.)

What services have you disabled? Contrary to popular belief its not necessarly a good thing to disable services on Vista. Is your TCP/IP NetBIOS helper service running?

Later edit. It did it again, without Windows Firewall active. And nothing shows in event log but this:

A crash in Application log, that has been 3-4 hours before lockdown,

Security (3-3:30 hours before the lockdown):

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/25/2006 8:54:22 PM

Event ID: 4672

Task Category: Special Logon

Level: Information

Keywords: Audit Success

User: N/A

Computer: DarkMind

Description:

Special privileges assigned to new logon.

Subject:

Security ID: SYSTEM

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

<EventID>4672</EventID>

<Version>0</Version>

<Level>0</Level>

<Task>12548</Task>

<Opcode>0</Opcode>

<Keywords>0x8020000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T18:54:22.991Z" />

<EventRecordID>904</EventRecordID>

<Correlation />

<Execution ProcessID="612" ThreadID="1464" />

<Channel>Security</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="SubjectUserSid">S-1-5-18</Data>

<Data Name="SubjectUserName">SYSTEM</Data>

<Data Name="SubjectDomainName">NT AUTHORITY</Data>

<Data Name="SubjectLogonId">0x3e7</Data>

<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege</Data>

</EventData>

</Event>

And in System logs, the following events (dunno the exact hour of the lockdown):

Log Name: System

Source: Tcpip

Date: 12/26/2006 12:00:31 AM

Event ID: 4226

Task Category: None

Level: Warning

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Tcpip" />

<EventID Qualifiers="32768">4226</EventID>

<Level>3</Level>

<Task>0</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:00:31.201Z" />

<EventRecordID>1971</EventRecordID>

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data>

</Data>

<Binary>00000000010000000000000082100080000000000000000000000000000000000000000000000000</Binary>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:13:18 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:13:18.000Z" />

<EventRecordID>1972</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">running</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:29:48 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:29:48.000Z" />

<EventRecordID>1973</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">stopped</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-SharedAccess_NAT

Date: 12/26/2006 12:59:35 AM

Event ID: 31004

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />

<EventID Qualifiers="0">31004</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:59:35.000Z" />

<EventRecordID>1974</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">

<Data Name="param1">0</Data>

</EventData>

</Event>

What's happening? For the lockdown to be removed, I closed my torrent program and started it again. But I had NO PROBLEMS WHATSOEVER in XP SP2 with Windows Firewall ON and Nod32 as an antivirus. I don't know what the heck is wrong here.

Edited by Spooky
Link to comment
Share on other sites

Well, I have ICS enabled, but I can't turn it off or my mother would kill me, since her computer need internet. No services were disabled whatsoever, NetBIOS Helper is enabled and running, it already did this thing twice, no event associated with it, just that windows firewall was unable to inform that it blocked an application from ... I don't know what to do anymore, I think I will remove vista and call it unresolved. I really didn't have ANY problems with XP SP2 installed, even if I used Windows Firewall or another firewall. It's clearly declared in Windows Firewall that uTorrent and other applications I use are ALLOWED. I don't know what to say anymore. Vista let me down. I am running one or two connected instances of mIRC, Yahoo Messenger is opened, I have narrowed my uTorrent's settings to like a minimum, but I still keep having problems. I have 1 GIG of DDR running in Dual-Channel configuration. I think that minimum system requirements for vista are 512 MB ram. I will get back to XP as soon as I get a free day from work, this can't go on like this. I'm sick of Vista and of the things it's been doing. It's a swell good operating system, but this thing is like the lamest I ever encountered, for the OS to restrict your connections without notice and without anything... It's just lame, and I guess that besides this, it's a very stable os. But I need to have no downtime on my PC whatever the reasons. And this is a reason I cannot control. If I'd knew what to do I'd do it, but I don't. If any of you got any more suggestions before Friday, let me know, since then it will be - bye bye vista. Thank you all for trying to help me.

G'day.

Link to comment
Share on other sites

I had the exact same problem before my reinstall (haven't yet checked if it's fixed now, but I suspect it isn't).

System: Intel C2D, 2 GB DDR RAM, Intel Pro/100+ Management LAN Adapter for ISP connection, Onboard Marvell Yukon 1Gbps for LAN (ICS is enabled).

Vista Ultimate x64 RTM, not yet activated. All updates installed, NO system tweaking whatsoever, except for disabling Windows Defender. My connection uses PPPoE (it isn't broadband though - it uses UTP cable that comes from a local switch that connects to the local media converter that goes to my ISP).

The problem occured with both the default Windows driver for the Intel adapter, and the WHQL one supplied by Intel, and it manifested itself exactly as Tassadaru described it: all existing connections continued to work flawlessly, NO new connections could be made. Windows didn't inform me of any cricical error, but I checked and the 4226 event wasn't reported along with the freeze. As I had uTorrent running in the background I didn't think of restarting it to fix the problem, instead I resorted to rebooting, which fixed the problem for the moment.

I am curious to find out whether the auto-thing in Vista is responsible for it. What Tassadaru and me have in common is:

1. ICS

2. uTorrent

3. Vista

4. nationality :)

Link to comment
Share on other sites

Are you using one of the ISP's on this list: ISP's known to interfer with Torrent and other P2P applications

I don't think the problems your experiencing have anything to do with Event 4226. However, now that another has come forward reporting the exact same problems, and you have something in common (uTorrent), and considering that uTorrent in their own forums reports that some ISP's will cause problems for torrent clients, if might be worth a look.

Also, its possible that your clients are not properly configured, thats worth a look too. Have a look here Good Settings and here NAT Problems

You might also get some information in the uTorrent Speed Problems forum at: uTorrent Speed Problems

And...just a thought, what version of Java are you running (Sun Java?)? For some reason, some versions of Java interfer with network/internet connections.

Another thing too, for the firewall, make sure your torrent clients have a rule in the firewall for both TCP and UDP, also make sure your Java version also has a rule for both TCP and UDP, do this for both inbound and outbound.

Also, heres an interesting post that seems to go along with what your reporting, kind of: Good speed at the beginning then slow down

My own opinion is that there are not any torrent clients that work fully with Vista. Yeah, I know the people who make these things always say 'It works with Vista', well it might be true to a certain extent. But...the issue is, was it actually made/coded with Vista in mind and does it actually fully work with Vista in all aspects, just not on the surface for some basic functionality. Just because something seems to operate in Vista doesn't always mean it actually works in Vista. There is a big difference between 'operating in Vista' and 'working in Vista'.

Edited by Spooky
Link to comment
Share on other sites

It just happened to me again, so the reinstall didn't solve anything. I re-checked, and no 4226 was reported, or anything at all for that matter. This time I closed uTorrent but nothing would work. Then after ~2 minutes everything started working again. I would take a look at uTorrent, but I would definitely not rule out ICS.

The guy reporting speed problems with uTorrent certainly has a completely different problem than us. Our connection just stops working all of the sudden.

Edited by bkraptor
Link to comment
Share on other sites

Are any services stopping when this happens? (look in event viewer)

Do you have any services disabled, or have you blocked any services in the firewall?

The guy with the speed problem really didn't have a completly different problem, it was actually part of the same problem thats been related just a different cause and not as extensive as yours. If your bandwidth suffers greatly because of ISP interaction in relation to P2P applications, when the bandwidth gets low enough it will mimic the loss of a connection. You say two minutes? When this happens are you able to renew your IP address?

It just happened to me again, so the reinstall didn't solve anything. I re-checked, and no 4226 was reported, or anything at all for that matter. This time I closed uTorrent but nothing would work. Then after ~2 minutes everything started working again. I would take a look at uTorrent, but I would definitely not rule out ICS.

The guy reporting speed problems with uTorrent certainly has a completely different problem than us. Our connection just stops working all of the sudden.

Link to comment
Share on other sites

Nothing appears in event viewer. I haven't stopped or blocked any services.

If that guy's problem was the same as ours he would be reporting that his connection stopped working all of the sudden, he wouldn't be worried about decreasing download rates in uTorrent.

uTorrent never eats up more than 20 kB/s upband, whereas I have around 512 kB/s upload bandwidth (tested!)

I remember once when this happened, I can't really recall what exactly I tried to do, but I know I got a message saying something like I didn't have enough privileges to complete that action. One reboot later and everything was fine again.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...