SysWorkSoft.net!HomeProductsSupportDownload
Contacts
Links
System & network administration  

EventID 4226 with WINDOWS XP SP2


If you are running VNC Neighborhood with Windows XP SP2 you may experiment a strange behavior. In some cases you may get an incomplete list of machines running VNC server. Having a look to the event viewer of your machine may help. Search for event ID 4226 in the system log. If you find one appearing during a network scan:


it means that you have reached the new TCP outbound connections limit introduced by Windows XP SP2 during VNC Neighborhood network scan.


What is the impact on VNC Neighborhood?

You will get an incomplete list of machine running VNC server...


What is the problem?

The Windows XP SP2 TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system’s event log.

Microsoft made this change as of SP2 to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. SP2 limits the number of half open connections to 10.


Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.


How can I solve this issue?

There is no official solution for this, and no registry value exists to increase this limit. However there is a small application developed by LvlLord which will hack the system file "TCPIP.SYS" and increase the max number of connections. You can find the patch Here.

Note: This is not an official patch, use it at your own risk.

You can also play with the VNC Neighborhood scanner parameters:


Reducing the "Max connections" value to 2 is really helping in most cases. If you still have issues you can also unchecked the "Threaded scan" checkbox. In both cases the network scan will get slower...


Useful links

http://support.microsoft.com/default.aspx?kbid=314053

http://www.msfn.org/comments.php?shownews=9017

http://www.lvllord.de/

 


© 1998-2006 SysWorkSoft.net