Windows Vista tcpip.sys Connection Limit Patch for Event ID 4226

Apparently in Windows Vista, Microsoft still enforce and hard-limit (hard coded in tcpip.sys) the maximum simultaneous half-open (incomplete) outbound TCP connection attempts per second that the system can make, as in Windows XP SP2, in order to protect the system from being used by malicious programs, such as viruses and worms, to spread to uninfected computers, or to launch distributed denial of service attack (DDoS). When the limit is hit, in Event Viewer, there will be such an entry:

EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts

Unless Windows XP SP2 which has 10 maximum incomplete concurrent connection attempts limit per second, Windows Vista default limit is based on which edition of Vista users are using. For example, Home Basic has maximum limit of 2, and Vista Ultimate is 25 per second. Normal Windows Vista users should not face any problem or slow network connection with the half-open connections limit. However, heavy P2P (peer-to-peer) applications users such as uTorrent, BitTorrent, BitComet, Azureus, ABC, eMule (eDonkey network), etc, or P2PTV such as TVants, PPLive, PPStream, Sopcast, etc may face some error or slow download and upload speed due to this limit.

Due to enhanced security, to fix or crack the TCP concurrent connection limit in Vista is not as easy as in Windows XP. To remove maximum concurrent half-open connection limits in Windows Vista, apply the patched tcpip.sys with the following steps:

1. Download patched tcpip.sys: 64-bit tcpip.sys or 32-bit tcpip.sys. Alternative download link for 32-bit and 64-bit.
2. Open command prompt, and run the following 2 commands:

   1. takeown /f c:\windows\system32\drivers\tcpip.sys
   2. cacls c:\windows\system32\drivers\tcpip.sys /G “username”:F

   Replace username with the actual user name that used to log on to Windows Vista currently.

   The second command can also used improved lcacls:

   icacls c:\Windows\System32\drivers\tcpip.sys /grant “username”:f

3. Disable the TCP/IP Auto-Tuning feature by running the following command in command prompt:

   netsh int tcp set global autotuninglevel=disable

4. For 64-bit Windows Vista (x64), the integrity checks need to be disabled as it need all drivers to be signed. So run the following command in DOS prompt:

   bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS

5. Replace the tcpip.sys in C:\windows\system32\drivers folder with the patched tcpip.sys downloaded from step 1 (remember the use the correct x64 or x86 version）. Normally, this procedure can be done by simply login to Windows Vista with administrator account. However, if the process failed, reboot the computer and then press F8 to boot up in Safe Mode, and then copy and paste overwrite the tcpip.sys.
6. Next, the maximum number of TCP half complete connection limits need to be set in registry. Open registry editor (regedit), and navigate to the following registry key:

   HKEY_LOCALL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

7. Right click on the right pane, select “New”, then select “DWORD value”. Enter the new value name as “TcpNumConnections” (without quotes).
8. Double click on TcpNumConnections registry value, and modify the value data to the desired maximum TCP/IP connection limit that you want to allow, in decimal value. For example, enter 500 as the value data for TcpNumConnections. You can use any limit that you prefer. Alternatively, download this registry registration file (another download link) that when executed, will set the TCP simultaneous connection limit to 16777214 (you can always modify the value in the file or in the registry after applied).
9. Restart computer.

New: Windows Vista Event ID 4226 Auto Patcher

Instruction: Unpack the archive and run InstallPatch32.bat (for x86) or InstallPatch64.bat (for x64). Run UndoPatch.bat to uninstall concurrent half-open TCP/IP connection limit patch.

Latest Version: 1.5

Download Link 1
Download Link 2

Gui Version: VistaTcpPath TCP Auto Patcher

Old Version:

Version 1.0
Version 1.2
Version 1.3
Version 1.4

Changelog:

Version 1.5 (30 April 2007
- Fix minor bug in uninstall script.

Version 1.4 (28 April 2007)
- Replace cacls with icacls for better management of ACL (Access Control List) to fix permission issues.
- Minor cosmetic change.

Version 1.3 (20 April 2007)
- Fix installation path.
- Fix TCP/IP re-enable Auto Tuning flag.

Version 1.2 (20 April 2007)
- Support non C drive Windows Vista installation.
- Allow user to terminate the install script even after running the auto patcher (confirmation needed before applying).
- No longer ask user to enter Y to run one command.
- Original tcpip.sys driver has been backup copy as tcpip.original in case in need to restore.
- UndoPatch.bat added to automate uninstallation of patch.

Version 1.0 (9 April 2007)
- Initial release

With thanks to YaronMaor for batch script.

The TCP connection limit which trigger Event ID 4226 has now increased to 500 (or any other value you set), and will likely fix the error for re-occurring again.

Related Articles

• Windows XP SP2 TCP Connection Limit (Event ID 4226)
• TCP/IP Has Reached the Security Limit Imposed on the Number of Concurrent TCP Connect Attempts Error on Windows Vista
• VistaTcpPatch Windows Vista TCP Half Open Limit Auto Patcher GUI Version
• Increase Multithread Download Speed by Disable Vista Auto Tuning on TCP/IP
• Workaround to Run eMule in Windows Vista
• ppStream Connection Limit in Configuration Settings
• Improve Vista Performance and Reliability with KB938979 Performance Update
• Add Event Viewer Item to Computer’s Right Click Menu in Windows Vista/XP
• ppStream - P2P based Streaming Media (P2P Internet TV)
• Watch Streaming p2p Live TV on the Internet

This entry was posted on Monday, April 9th, 2007 at 3:30 am and is filed under Windows Vista. You can leave a response, or trackback from your own site.