EventID 4226 with WINDOWS XP SP2
If you are running VNC Neighborhood with Windows XP SP2 you may
experiment a strange behavior. In some cases you may get an incomplete
list of machines running VNC server. Having a look to the event viewer
of your machine may help. Search for event ID 4226 in the system log. If
you find one appearing during a network scan:
it means that you have reached the new TCP outbound connections limit
introduced by Windows XP SP2 during VNC Neighborhood network scan.
What is the impact on VNC Neighborhood?
You will get an incomplete list of machine running VNC server...
What is the problem?
The Windows XP SP2 TCP/IP stack now limits the number of simultaneous
incomplete outbound TCP connection attempts. After the limit has been
reached, subsequent connection attempts are put in a queue and will be
resolved at a fixed rate. Under normal operation, when applications are
connecting to available hosts at valid IP addresses, no connection
rate-limiting will occur. When it does occur, a new event, with ID 4226,
appears in the system’s event log.
Microsoft made this change as of SP2 to limit the speed at which
malicious programs, such as viruses and worms, spread to uninfected
computers. SP2 limits the number of half open connections to 10.
Malicious programs often attempt to reach uninfected computers by
opening simultaneous connections to random IP addresses. Most of these
random addresses result in a failed connection, so a burst of such
activity on a computer is a signal that it may have been infected by a
How can I solve this issue?
There is no official solution for this, and no registry value exists to
increase this limit. However there is a small application developed by
LvlLord which will hack the system file "TCPIP.SYS" and increase the max
number of connections. You can find the patch
Note: This is not an official patch, use it at
your own risk.
You can also play with the VNC Neighborhood scanner parameters:
Reducing the "Max connections" value to 2 is really helping in most
cases. If you still have issues you can also unchecked the "Threaded
scan" checkbox. In both cases the network scan will get slower...