After installing SP2, a few users noticed that they were getting
messages such as “EventID 4226: TCP/IP has reached the security
limit imposed on the number of concurrent TCP connect attempts.”
This is because, in an effort to reduce the spread of worms through
XP, Microsoft has reduced the number of concurrent TCP connections
“This new feature is one of the stack's "springboards",
security features designed to proactively reduce the future threat
from attacks like Blaster and Sasser that typically spread by
opening connections to random addresses. In fact, if this feature
had already been deployed, Sasser would have taken much longer to
It's not likely to help stop the spread of spam unless spammers are
trying to reach open email relays in the same way, by opening
connections on SMTP ports of random IP addresses. This is new with
XP SP2 and we're trying to get it right so that it does not
interfere with normal system operation or performance of normal,
legitimate applications, but does slow the spread of viral code.
New connection attempts over the limit for half-open connections
get queued and worked off at a certain (limited rate)."
While this goal is a commendable one, it may prove to be a
problem for users with many TCP connections – especially those
using file-sharing programs. You can change the setting which
controls this maximum limit with the Registry Editor.
To change this, follow the next steps:
- Open the Registry Editor click on the Start button on
your taskbar, then click on Run and type "regedit"
and click on OK to start the regedit utility.
(see picture 1).
- Create a new DWORD value or modify the existing value
called "TcpNumConnections" and set the value to
0xfffffe is the value used for unlimited connections, although you
may want to set the number far lower if you wish to preserve
Microsoft’s original intent of slowing the spread of worms. I would
recommend incrementing the number slightly (remember the value is
hexadecimal) and seeing if you still experience a “maximum
connections reached” error before bumping the value up any
If you don’t find the “TcpNumConnections” value in the
“\Parameters” folder, you should check all of the folders in the
“\Parameters\Interfaces” folder for the value as well. If you’re
still experiencing problems with 4226 error messages popping up,
you can try a patch (at your own risk), downloadable here: http://lvllord.de/4226fix/4226fix.htm
- The modifications you made will be in effect after you logout
or reboot your PC.