Looking for an easy utility to fix or patch the tcpip.sys of Windows Vista, Windows XP and Windows Server 2003 to fix the Event ID 4226 and unlock (make no limit on) concurrent simultaneous outbound half-open TCP/IP connection? For Windows XP, LvlLord.de wrote an automated tool EventID 4226 Patcher to patch the binary of tcpip.sys without user manual intervention. However, for Windows Vista, users have to manually replace the original tcpip.sys with patched version (using simple auto-patcher batch command script, or memory resident driver to change limit on the fly) to do the hack, until now.

Windows Half-Open Limit Fix or Patch is an utility program wrote by Dmitry, a Russian, that cracks, hacks or patches the system’s tcpip.sys file, the main file that provides TCP/IP communication protocol to change the maximum number of concurrent half-open outbound TCP connections, or connection attempts.

As explained before, Microsoft started to implement a upper-bound limit on number of simultaneous half open outgoing TCP connection attempts in Windows XP SP2 and all future and new versions of Windows in order to slow the spreading rate of virus infection and malicious program and reduce the ability for computer to launch DDoS or DoS (Denial of Service) attack.

In Windows XP SP2 and SP3, the maximum concurrent half-open connect attempt limit is 10, and remains the same (10) in Windows Vista and other Windows OS. When the limit is hit, new connection attempt will be put into queue. Thus, the limit also causes consequences of slow Internet download as speed of connection established to external peer computer is restricted. The limit especially and critically affect use of P2P (Peer-to-Peer) file sharing programs such as µTorrent, BitComet, eMule, etc., and P2PTV such as TVUplayer, PPStream, TVants, PPLive and etc.

The most obvious symptom when the TCP/IP concurrent connection limit is hit is an entry in the Windows Event Viewer log:

EventID 4226: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts

When it happens (normally when P2P application programs are running), the web pages will load extremely slow, or even cannot or fail to load. And inevitable, the BitTorrent (BT), ED2K and P2P-TV channels will be downloading slowly and frequently stopped too (see how to optimize P2P and torrent speed in Vista).

Half-Open Limit Fix patches and fixes the tcpip.sys to unlock, clean and remove this limit, by increasing the maximum limit of half-open connection attempts allowed. The best thing about the Half-Open Limit Fix is that it’s fully automated, and works on all versions of tcpip.sys released so far on both 32-bit (x86) and 64-bit (x64) of Windows XP SP2, Windows XP SP3, Windows Vista, Windows Vista SP1, Windows Server 2003 SP1 and Windows Sever 2003 SP2. Version 3.1 also added support for Windows 7 beta build 6801 (x86,x64).

Half-Open Limit Fix

The current version of Half-Open Limit Fix is version 3.1, and the program Half-open_limit_fix_3.1.zip (mirror) can be downloaded from half-open.com (project closed, try TCP-Z instead).

Note: Half-Open Limit Fix 3.1 supports up to Windows 7 Build 6801 only.

To apply the patch using Half-Open Limit Fix, follow these steps:

  1. Unpack and extract the ZIP archive to any folder.
  2. Run the Half-Open Limit Fix program, i.e. Half-open_limit_fix_2.8.exe or Half-open_limit_fix_3.1.exe (Different version may have different names).
  3. Select a new value for the limit for concurrent half-open outbound TCP connections. Valid value range from 1 to 255 (FF).
  4. Click on Add to tcpip.sys button.
  5. Restart computer.

Note that the patch is not foolproof. Whenever Microsoft releases new version of tcpip.sys, such as in the case of new service pack, the altered tcpip.sys will get replaced back to unpatched version. In this case, user will have to download new version of patched tcpip.sys auto-patcher or new version of Half-Open Limit Fix.

For user that wonders what is the program actually doing in the background, here’s a little clue. The program take ownership and grant full access permissions to administrator on tcpip.sys, and then alter the binary code bytes that represents the connection limit. For Windows Vista, user’s PC will be put into TESTSIGNING mode, with a testing certificate automatically generated and installed with makecert.exe and certmgr.exe, and used to sign the patched tcpip.sys with signtool.exe. This step is required because Windows Vista now require most drivers to be certified and digitally signed. With TESTSIGNING turned on, a “Test Mode” watermark will be displayed on four corner of desktop too. The tool will patch user32.dll.mui to remove the watermark too. Thus, in the case of you suddenly seeing “Test Mode” appearing on your desktop, either re-apply the Half-Open Limit Fix or manually removes the watermark.

Note: Since Windows Vista and Windows Server 2008 SP2, there is no more restriction (now unlimited) concurrent half open TCP/IP connection limit. But the connection limit remains for Windows XP.