Network Tweaks - Limited TCP/IP Connections Windows XP SP2

After installing SP2, a few users noticed that they were getting messages such as “EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.” This is because, in an effort to reduce the spread of worms through XP, Microsoft has reduced the number of concurrent TCP connections allowed.

“This new feature is one of the stack's "springboards", security features designed to proactively reduce the future threat from attacks like Blaster and Sasser that typically spread by opening connections to random addresses. In fact, if this feature had already been deployed, Sasser would have taken much longer to spread.

It's not likely to help stop the spread of spam unless spammers are trying to reach open email relays in the same way, by opening connections on SMTP ports of random IP addresses. This is new with XP SP2 and we're trying to get it right so that it does not interfere with normal system operation or performance of normal, legitimate applications, but does slow the spread of viral code. New connection attempts over the limit for half-open connections get queued and worked off at a certain (limited rate)."

While this goal is a commendable one, it may prove to be a problem for users with many TCP connections – especially those using file-sharing programs. You can change the setting which controls this maximum limit with the Registry Editor.

To change this, follow the next steps:

  1. Open the Registry Editor click on the Start button on your taskbar, then click on Run and type "regedit" and click on OK to start the regedit utility.
  2. Expand HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters (see picture 1).

    Picture 1
  3. Create a new DWORD value or modify the existing value called "TcpNumConnections" and set the value to "0xfffffe".

    0xfffffe is the value used for unlimited connections, although you may want to set the number far lower if you wish to preserve Microsoft’s original intent of slowing the spread of worms. I would recommend incrementing the number slightly (remember the value is hexadecimal) and seeing if you still experience a “maximum connections reached” error before bumping the value up any more.

    If you don’t find the “TcpNumConnections” value in the “\Parameters” folder, you should check all of the folders in the “\Parameters\Interfaces” folder for the value as well. If you’re still experiencing problems with 4226 error messages popping up, you can try a patch (at your own risk), downloadable here:
  4. The modifications you made will be in effect after you logout or reboot your PC.



Lex van der Horst

Date Added:


Last Reviewed: