Windows Vista tcpip.sys connection limit patch for Event ID 42262008.07.08 12:18 by Philip
Keywords: patch, tweak, Vista, tcpip.sys
Microsoft enforces a limit on half-open TCP/IP connections that is hard-coded in tcpip.sys. The maximum simultaneous half-open (incomplete) outbound TCP connection attempts per second that the system can make is intended to limit the spread of malicious viruses and worms, as well as limit the possibility of launching a DDoS attack. However, it has proven to also limit some applications using many TCP connections, such as P2P and P2PTV programs.
When the OS reaches the half-open connection limit, Event Viewer displays the following entry:
The limit in Windows XP (SP2) is 10 incomplete concurrent connection attempts per second. In Windows Vista, the default limit differs, depending on the edition - ranging from 2 half-open connections in Vista Home Basic, to 25 in Vista Ultimate.
Under normal use, this limit is rarely reached (especially in Vista Ultimate), however it often hinders P2P and P2PTV applications that depend on a large number of TCP connections.
Due to the enhanced security in Vista, it is a bit more complicated to increase the TCP concurrent half-open connections limit. It requires downloading a patched tcpip.sys, changing a registry parameter and disabling driver signing in x64 editions (potentially after every reboot). Note that subsequent Windows updates and Service Packs may override tcpip.sys with a newer version as well.
The required steps are outlined below:
1. Note your current tcpip.sys version. To check your tcpip.sys version, navigate to C:\Windows\system32\drivers\ , right-click on tcpip.sys and choose "Properties" - the version information will be listed in the "Details" pane.
2. Download a patched tcpip.sys file for your particular tcpip.sys and Vista version. You can download patched versions of tcpip.sys from -here-. Note that 32-bit and 64-bit versions of Vista use different tcpip.sys files. Files are listed as tcpipXX-YYYYYY.sys, where XX is the Vista variant (32 or 64-bit), and YYYYYY is the tcpip.sys version.
3. Open command prompt, and execute the following commands exactly (administrator account, and elevated command prompt recommended):
4. Disable driver signing integrity checks for 64-bit Windows Vista versions only. You can do this using the ReadyDriver Plus v 1.1 software, or pressing F8 at boot time. More information on disabling driver signing integrity checks in Vista is available -here-.
5. Backup tcpip.sys by copying it to another location/file. You can do it in Windows Explorer, or running the following in command prompt:
6. Replace the original tcpip.sys in C:\Windows\system32\drivers\ with the patched tcpip.sys for your correct version of Windows, downloadable from our website -here-. You'd have to be logged in as administrator, if it fails you may want to try restarting in safe mode (F8 on system startup).
7. Set the desired new limit for TCP half-open connections in the Windows Registry. Open the registry editor by clicking the Windows button > Run > type: regedit . You'd need to add a new DWORD value under the following key:
Alternatively, you can download the sg_vista_tcpip_limit_patch to apply the registry change above automatically.
Update in Vista Service Pack 2
According to Microsoft, Vista SP2 completely removes the limit of 2-25 half-open TCP connections that existed in previous versions for application compatability reasons. If this works as intended, there should be no need to patch tcpip.sys, and users should no longer see Event ID 4226.
This Registry parameter can set, or disable the half-open TCP connection limit in Windows 7, Vista (SP2), Server 2008, or later. Some Microsoft OSes, such as, Vista before SP2, and 2008 Server before SP2, limit the number of half-open TCP connections to 10. Just check the below key and make sure it is either not present, or set to zero. Windows 7, and Windows Server 2008 SP2 or later should not have to make any changes.
Windows Vista / 2008 Tweaks - for P2P applications, you may want to set TCP Auto-tuning to highlyrestricted since the normal setting can consume too much system resources per connection.
If you experience problems with any of the above, please note any errors, and the exact versions of Vista and tcpip.sys. You may also try the following in elevated command prompt (limits TCP Receive Window to 65535 per connection): netsh int tcp set global autotuninglevel=disabled