Looking for half-open concurrent TCP connections limit patcher? Microsoft introduces a limit (of 10) to restrict number of allowed simultaneous outgoing half-open TCP connections in Windows XP SP2 in a bid to prevent virus or malicious program to make unlimited infectious connections to other system when a PC is compromised. The limit continues to exist in Windows Vista RTM and SP1. Result is event ID 4226 with error message “TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts”, and fanatic search for patched TCPIP.sys or half-open TCP connections limit memory value crack by many Windows users, especially P2P and torrent downloaders.

Microsoft appears to have a change of heart on the half-open outbound TCP connection attempts limit with the release of Windows Vista SP2 and Windows 7, probably due to the fact that the limit never effective in stopping the spreading of worms and viruses, or Microsoft has grown more confident about security feature of newer operating system.

According to Notable Changes in Windows Server 2008 SP2 and Windows Vista SP2 document published in conjunction with the release of SP2 RTM:

SP2 removes the limit of 10 half open outbound TCP connections. By default, SP2 has no limit on the number of half open outbound TCP connections.

The complete removal of the limit for half-open outbound TCP connections, which is defaulted to 10, was finalized with the release of Windows Server 2008 and Vista SP2 Build 17506. In fact, the half-open outgoing TCP connection limit has been bypassed by default since Windows Vista SP2 RC Build 16670. Previously, the changelog of SP2 showed that Microsoft looks like going to “add a registry key that enables modification of the maximum number of open TCP connections to increase application compatibility”.

Instead, Microsoft adds a registry key that allows user or administrator to enable (turn on) or disable (turn off) the half-open TCP connections limit in Windows Vista with Service Pack 2 and in Windows Server 2008 with Service Pack 2. The registry key is EnableConnectionRateLimiting. The Knowledge Base article KB969710 confirms that the half-open TCP connections limit is disabled in Windows Server 2008 with Service Pack 2 (SP2) and in Windows Vista with Service Pack 2 (SP2).

What the EnableConnectionRateLimiting does it that if its value if 0 or non-existent (Disabled), the operating sysstem will set the TcpCreateAndConnectTcbRateLimitDepth value 0 in the kernel memory, and the half-open outgoing TCP connections limit is removed immediate, without having to restart. The system will treat the new half-open TCP connections as always 0, and thus bypass the limit comparison altogether. Thus, you will notice that event ID 4226 will no longer been logged in Event Viewer. Likewise, when the EnableConnectionRateLimiting is set to 1 (Enabled), TcpCreateAndConnectTcbRateLimitDepth will also be set from 0 to 1 in the kernel memory, the OS will calculate the rated speed of ‘create and connect’ TCP connections been established, and limit the maximum attempts to 10.

Best of all, the similar behavior on outgoing half-open TCP connections and EnableConnectionRateLimiting registry key have been implemented in Windows 7 too, enable Windows 7 users to achieve full connection speed and potential.

Hence, the newest method on how to patch TCPIP.sys or remove and disable half-open outbound TCP connections limit:

  • Windows XP SP2 or Windows XP SP3: Event ID 4226 Patcher by lvllord.de or Universal Tcpip.sys Patch is working fine to patch the TCPIP.sys to set a higher limit or remove the limit to virtually allow unlimited half-open connections.
  • Windows Vista or Windows Vista SP1: Upgrade to Windows Vista SP2 and no change is necessary. By default, the system does not limit the amount of half-open outgoing TCP connections system can create concurrently. If you want peach of mind, it’s also possible to set the registry key to disable half-open outbound TCP connections limit.
  • Windows 7: Half-open TCP connections limit is not implemented in Windows 7 since Windows 7 Beta release. So no patch is necessary.

Tip: It’s possible to check the current value for TcpCreateAndConnectTcbRateLimitDepth in the kernel memory with TCP-Z.

TCP-Z Displays TCP/IP Connection Limits

The value is reflected by Create Depth (yellow) item in the graph of TCP-Z and the lock icon.

Related Posts