I recently started seeing Event ID 4226 with source TCPIP (EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED) in my System event log. The message is "TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts." It sounded familiar, so I figured I had seen it before and filed it away as a low priority item to deal with when I got the time.
I tore into it a bit more because it was starting to bother me a bit. I use Avant Browser's "Groups" feature to open 30 or so web pages multiple times a day. This is fine and dandy, but during the process where Avant is trying to load all of the pages, my system's network connectivity would go downhill. So I figured Windows was imposing some artificial limit on the number of outgoing TCPIP connections. Sure enough, "Changes to Functionality in Microsoft Windows XP Service Pack 2 - Part 2: Network Protection Technologies" indicates:
Limited number of simultaneous incomplete outbound TCP connection attempts
Detailed descriptionThe TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system’s event log.Why is this change important? What threats does it help mitigate?This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
What works differently?This change may cause certain security tools, such as port scanners, to run more slowly.
How do I resolve these issues?Stop the application that is responsible for the failing connection attempts.
The interesting thing is that there's nothing to change this behavior - you're limited to what appears to be 10 "concurrent TCP connect attempts".
Well, maybe it's more accurate to say that there's no Microsoft-sanctioned way to change this behavior. There _is_ a utility at http://www.lvllord.de/ that patches TCPIP.SYS and allows one to set the limit (default is 50, up from 10). Of course, this annoys Windows File Protection, and the patched TCPIP.SYS can be replaced by an update from Microsoft, but it appears the utility's author keeps the utility up-to-date so that in little or no time one can re-patch TCPIP.SYS if necessary.
It worked for me... :) Thanks, LvlLord!