|
Shortcuts
|
Windows XP SP2 tcpip.sys connection limit patchAdditional XP SP2 tweaks - Remove the Windows XP SP2 TCP Connection limit (Event ID 4226)2004-09-18 (updated: 2009-12-08) by Philip Tags: tweak, XP, TCP/IP, tcpip.sys, patch In addition to the tweaks already covered in Win 2k/XP Registry Tweaks and More Win 2k/XP Tweaks, the Windows XP Service Pack 2 introduces a few new issues covered in the article below. Please make sure you understand what you are doing before making any changes to your Operating System. Note the information below only applies to Windows XP Service Pack 2.
Remove the limit on TCP connection attempts Windws XP SP2 introduces a few new twists to TCP/IP in order to babysit users and "reduce the threat" of worms spreading fast without control. In one such attempt, the devs seem to have limited the number of possible TCP connection attempts per second to 10 (from unlimited in SP1). This argumentative feature can possibly affect server and P2P programs that need to open many outbound connections at the same time. Rant: The forward thinking of Microsoft developers here is that you can only infect 10 new systems per second via TCP/IP ?!?... If you also consider that each of those infected computers will infect 10 others at the same rate: In other words, even though it is not going to stop worm spreading, it's going to delay it a few seconds, limit possible network congestion a bit, and limit the use of your PC to 10 connection attempts per second in the process ! I have no problem with the new default setting limiting outbound connection attempts. Still, users should have the option to easily disable or change this setting. I might be going out on a limb here, but ever since the introduction of Windows XP I can't help thinking that I dislike all the bult-in Windows "wisardry" in a sense that the system also limits user access. That irritating trend to ease the mental load on end users is somewhat insulting, considering that Windows is to make the more "intelligent" choice instead of the end user, as well as limit their access to tuning such settings... With the new implementation, if a P2P or some other network program attempts to connect to 100 sites at once, it would only be able to connect to 10 per second, so it would take it 10 seconds to reach all 100. In addition, even though the setting was registry editable in XP SP1, it is now only possible to edit by changing it directly in the system file tcpip.sys. To make matters worse, that file is in use, so you also need to be in Safe mode in order to edit it. You only need to worry about the number of connection attempts per second if you have noticed a slowdown in network programs requiring a number of connections opened at once. You can check if you're hitting this limit from the Event Viewer, under System - look for TCP/IP Warnings saying: "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts". Keep in mind this is a cap only on incomplete outbound connect attempts per second, not total connections. Still, running servers and P2P programs can definitely be affected by this new limitation. Use the fix as you see fit. To change or remove the limit, you can use the following program:
Edit tcpip.sys manually to remove the TCP/IP socket creation limit Another option, for the more adventurous is to modify your tcpip.sys file manually, using a hex editor. The following instructions refer to the final release of XP SP2, with a tcpip.sys file of exactly 359,040 bytes, CRC-32 is 8042A9FB, and MD5 is 9F4B36614A0FC234525BA224957DE55C. Even thouh there might be multiple tcpip.sys files in your system, make sure to work with the one in c:\windows\system32\drives\ directory. To remove the tcpip.sys socket creation limit: All done ! The above change does not require editing of the CRC in offset 130 hex (thanks for the clever solution Thomas Wolf Tompkins). Notes: The above information increases the RATE of opening outgoing connections. It has nothing to do with the limit of 10 connections to network shares on a Windows workstation PC for sharing files (a MS imposed limit to force you to upgrade to a server version of the OS). This 10 connections to network shares limit was introduced with NT4 workstation (SP3), and exists in Windows 2k workstation, and Windows XP home/pro/mc. It only applies to authenticated windows services, such as file and print sharing.
For a Vista version of the above tweak, see our Windows Vista tcpip.sys connection limit patck for Event ID 4226 article.
User Reviews/Comments:
rate:
avg:
by
mrdreamers - 2009-08-07 23:44
i cant install the patch my avg pro says its some sort of virus and pops up something that does not give me the option to install anyway can anyone help??
Hummm... we all know by now that the great MS idea will not stop people spreading over worms and disabling it will also NOT INCREASE YOU FREAKING DOWNLOAD SPEED, but there some other uses for it.
One question though: how exactly have you found out the correct hexadecimal address?
Nothing happens after running the file. About manual way, value is not matched after go to 4F322. Thanks anyway
pls help I have XP SP2 .My network is low .pls help .i use it but cant do it right
tank. hey seen you around before. yeah microsoft patches are now lethal... get a non service pack 3 GARBAGE windows disk... stick with windows xp.... and download spybot search and destroy + avg and your system will be completely immune... btw if u can get a manual update and download for avg 7.5 on filehippo. do so... new version sucks monkey !@#, cpu cycles and bandwidth! windows is trying to force a one way monopoly.. which is in fact illegal. contact me on (myname)@yahoo(.com)
Another way to achieve this is to just copy the tcpip.sys file from a windows 2003 server...
cheers, L
Manual method worked fine... btw, how did u get the exact offset value?
Re: Mr.Bean -2011.03.21 08:57 Manual method worked fine... btw, how did u get the exact offset value?
You have to be able to read the hex in machine code, an aquired skill, a good editor helps.
awesome works good....
how mwny connections should i keep half open to get maximum download rate can i keep it to 1000...?
The manual instructions on this page are outdated/obsolete.
To modify a current tcpip.sys file do the following: Reboot into Safe Mode. Open a hex editor and open your tcpip.sys which should be at %windir%\system32\drivers\tcpip.sys Find/Search/Ctrl+F this hex data: 0A 00 00 00 B8 Change it to: 00 00 0A 00 B8 Save the file and it's done. This mod will change the limit from 10 to 655360 half-open connections and should be more than enough even for heavy P2P and/or server use. If you need more than that (unlikely), replace 0A 00 00 00 B8 with FF FF FF 00 B8 (and fix the CRC-32) which will make the limit 16777215.
I have about 20 Computers on the network in a workgroup enviroment. I want all 20 computer to be able to access one computer for Files. Once ten computers are accessing files on this main computer the 11th one gets a error saying the limit of connections has been reached?
this problem is not solved through the give patch please help me
Non-server Windows OSes are limited to 10 simultaneous inbound connections (20 for Windows 7). You will have to purchase a server OS if you need more.
Use a NAS box as they usually run some variety of Linux without that 10 user connections. You can still see your file with any Windows Explorer based file browser. The NAS box also frees up one system as having to be always on/ up and it can be used for any other purpose. You can also hang a USB printer on the same box which makes it a cheap network printer.
For those of you who are still a bit leery about running a binary .exe which returns virus/malware positives and would rather resort to manually editing the tcpip.sys file in a Hex editor, please note the following:
Your tcpip.sys file may not return the specified values at the offset noted in the instructions on this page. For example, my copy returns the limit values at offset 4FA46 exactly as specified (0A 00 00 00). That being said, the positives that are returned by scanning the patch file are merely indicating that this is software which is capable of modifying system files and is not licensed to do so by the manufacturer of those files (basically). It's a common occurrence and anyone should research what they are doing to modify files that are core components of their operating system - and then double-check that research by verifying what has been found with other users who are experienced enough to know whether they cause a threat or not. If you want to run the patch tool, you can do so without executing the modifications and in your cmd interpreter it will specify at what offset in the tcpip.sys file the settings for the limit cap are found; you may then abort the procedure (Press "N") and modify your tcpip.sys file in a hex editor manually. By all means - backup the original whatever method you choose to use.
Microsoft's connection limit cripples FTP, which opens a new connection for every file transferred. On a LAN, the large number of ports required for this to happen (configurable with MaxUserPort) or latency are not a big issues. It is normally possible to open in the order of 100 connections per second. Not anymore on XP SP2 without a patch. FileZilla FTP is a reliable method to connect computers running differrent versions of Windows, which will not talk over the Network Neighborhood, at high speed.
|
