Jump to content

Welcome to MSFN Forum
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message will be removed once you have signed in.
Login to Account Create an Account


Photo

Event id 4226

- - - - -

  • Please log in to reply
80 replies to this topic

#1
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Greetings.

I am continuously receiving an event id 4226 error and my whole internet sometimes locks up, leaving all established connections alive, but giving permission denied to new attempts. I don't know how to make this not happen again, it's starting to drive me nuts. I've set my torrent client to do max 4 halfopen connections per second and max 2 new connections per second, but it keeps crashing my internet. I would love to see a fix for this thing, since every time this happens, my internet stops. All established connections work, while all new attempts get a permission denied. Please help me. Thank you.


How to remove advertisement from MSFN

#2
Spooky

Spooky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 718 posts
I posted something about this in the Vista Tweaks and Tips section, explaining what this event really is. See this post: About Event 4226

There is no fix for it because nothing is really wrong, its by design. The event is reported because its simply trying to tell you a limit was reached. As I post this reply I have 46 active connections going for various things and i'm able to establish new connections with no problem. Have you made any alterations to your TCP/IP stack, especially any changes that are supposed to 'tweak' your connection from any of the connection tweakers like the popular for XP cablenut tweaker...if you did you need to dump those changes, contrary to popular belief they don't actually help your connection at all in Vista. Have you disabled AutoTuning...if so re-enable it. Then see what happens. BTW, some torrent clients actually have more connections going in the backgroud then what the client shows, and some of them hold onto timed out connections (which should be available to you to make new connections with) and report them to the stack as active when they really aren't. Actually while some look like it, or say they 'work in Vista' I don't think many of them actually report accurately to Vista for the actual number of connection and the actual status of timed out connections.


Greetings.

I am continuously receiving an event id 4226 error and my whole internet sometimes locks up, leaving all established connections alive, but giving permission denied to new attempts. I don't know how to make this not happen again, it's starting to drive me nuts. I've set my torrent client to do max 4 halfopen connections per second and max 2 new connections per second, but it keeps crashing my internet. I would love to see a fix for this thing, since every time this happens, my internet stops. All established connections work, while all new attempts get a permission denied. Please help me. Thank you.


Edited by Spooky, 23 December 2006 - 09:05 PM.


#3
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
I have not made any alterations to my windows box, since none was needed and there were none I could find. I didn't enable or disable anything. It's just that I hate it when my internet locks up and no new connections can be made. It's really annoying especially when you need to do something quick. tcpip.sys is the original, sometimes the error appears and does nothing, sometimes the whole **** net freezes. That's what I want to avoid. The internet freezing part. Everything that is connected remains connected without a problem, what is not, can't establish a new connection and gets Permission denied. Please tell me or advise me what to do about the permission denied part, since I'm really considering burning vista and kicking it to a trashcan. My tcpip.sys file is version 6.0.6000.16386 size 784 KB (802,816 bytes). Please give some feedback on what CAN I do for the internet just not stop, even if it slows down. What can be causing theese lockups? Thanx!

#4
duceyaj

duceyaj

    Newbie

  • Member
  • 21 posts
i had the this same exact problem. in order to resolve this, they say you have to disable spi in your router. it has something to do with vista's tcp window scaling not being compatible with most routers. although sometimes that doesn't fix it completely.
for my router (linksys rv042), i had to disable the router firewall completely and i no longer have connection problems. try either one and see if it works for you.
as soon as linksys updates their firmware for the rv042 to support tcp window scaling, i should be able to enable the firewall again.

#5
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Thanks for the advice but I don't use a router. My connection is cable modem based, using a Scientific Atlanta Webstar 2000 Series cable modem through nVidia nForce Networking Controller (nForce4), since the modem doesn't have drivers for vista rtm so I can plug it in the USB and worry no more (maybe). So no routers are present in my configuration, just the vista default config of firewall, that ALLOWS utorrent (that may be causing the problems) to connect as he wishes. I narrowed down the uTorrent configuration options to net.max_halfopen to 4 and net.connect_speed to 5, so the max half-open connections that uTorrent will attempt is 4, and the maximum connections per second that uTorrent will do are 5. That will slow things down, I know, but may be a temporary fix until something good comes along and a patch to tcpip.sys is released. But I don't know how to disable the net lockup part. What's causing that? I see nothing in my logs, about some component of vista restricting one of my running apps, it just... freezes, and what's connected remains connected, what not, ... tough luck!

Any more ideas?

i had the this same exact problem. in order to resolve this, they say you have to disable spi in your router. it has something to do with vista's tcp window scaling not being compatible with most routers. although sometimes that doesn't fix it completely.
for my router (linksys rv042), i had to disable the router firewall completely and i no longer have connection problems. try either one and see if it works for you.
as soon as linksys updates their firmware for the rv042 to support tcp window scaling, i should be able to enable the firewall again.



#6
Spooky

Spooky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 718 posts
Well then, you may have found your problem...maybe. Some versions of the Nvidia nForce controller have problems with spi, the Vista firewall its self has a little problem with spi (that will be fixed in SP1). However, while the Vista firewall has a slight problem with spi I don't think its causing your problem. Take a closer look at the Nvidia (are you using any beta drivers from Nvidia?), try using a different NIC...also...the Scientific Atlanta cable modems might be having some issues with spi (because cable modems are basically routers).

Of course, all these are guess's at this point. Its hard to trouble shoot a problem unless your looking at the entire system. Also it depends if your running the RTM or one of the previous builds prior to RTM. Builds prior to RTM had the issues you describe with the 'lockup' part.

These are just suggestions for you.


Thanks for the advice but I don't use a router. My connection is cable modem based, using a Scientific Atlanta Webstar 2000 Series cable modem through nVidia nForce Networking Controller (nForce4), since the modem doesn't have drivers for vista rtm so I can plug it in the USB and worry no more (maybe). So no routers are present in my configuration, just the vista default config of firewall, that ALLOWS utorrent (that may be causing the problems) to connect as he wishes. I narrowed down the uTorrent configuration options to net.max_halfopen to 4 and net.connect_speed to 5, so the max half-open connections that uTorrent will attempt is 4, and the maximum connections per second that uTorrent will do are 5. That will slow things down, I know, but may be a temporary fix until something good comes along and a patch to tcpip.sys is released. But I don't know how to disable the net lockup part. What's causing that? I see nothing in my logs, about some component of vista restricting one of my running apps, it just... freezes, and what's connected remains connected, what not, ... tough luck!

Any more ideas?

i had the this same exact problem. in order to resolve this, they say you have to disable spi in your router. it has something to do with vista's tcp window scaling not being compatible with most routers. although sometimes that doesn't fix it completely.
for my router (linksys rv042), i had to disable the router firewall completely and i no longer have connection problems. try either one and see if it works for you.
as soon as linksys updates their firmware for the rv042 to support tcp window scaling, i should be able to enable the firewall again.



#7
duceyaj

duceyaj

    Newbie

  • Member
  • 21 posts
actually, cable modems aren't really routers. only dsl modems act as routers.

i'm currently using utorrent and emule with 4 half-open connections for utorrent and 4 half-open connections for emule. i'm getting the 4226 event id only once a day. but it doesn't kill my net connection. double check your other apps to see if they aren't hogging your half open connections.

and if you still are having problems, the last thing you can do to try to resolve your net problems is to turn of vista's auto tuning.

Turning off auto-tuning is a simple command line command (running with Admin rights):
netsh interface tcp set global autotuninglevel=disabled

and to enable again:

netsh interface tcp set global autotuninglevel=normal

#8
dAbReAkA

dAbReAkA

    Member

  • Member
  • PipPip
  • 196 posts
10 half-open concurrent connections is too little in todays world..
30 - bearable, 50 - why not, 100 - just perfect, 10 - ffs, it's not 1980

#9
Spooky

Spooky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 718 posts
your right, its not 1980, if it was 1980 the hacker idiots wouldn't be exploiting everything they could. As it is, its the way it is because of those hacker idiots who produce the stuff that takes advantage of a generous allowance of more then the current limit.

10 half-open concurrent connections is too little in todays world..
30 - bearable, 50 - why not, 100 - just perfect, 10 - ffs, it's not 1980



#10
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Well, if you want, I can generate a report for you and you could see what's on my system. Anyways, I'm running Windows Vista Professional 6.0 (Build #6000).

My specs (short) are: OS: Windows Vista Professional 6.0 (Build #6000) CPU: AMD Athlon 64 3500+, 2.50 GHz, 512KB Video: NVIDIA GeForce 7600 GT (1024x768x32bpp 75Hz) Sound: Speakers (NVIDIA nForce Audio) Memory: Used: 488/1023MB Uptime: 7m 32s HD: Free: 54.42 GB/298.10 GB Connection: NVIDIA nForce Networking Controller @ 100.0 Mbps (Rec: 14.56MB Sent: 8.09MB).

The drivers I'm using are from Microsoft Update, since they installed at the first update. So they're WHQL signed, and Microsoft trusts them and tested them. And no apps in the background that could be making other connections. mIRC and Yahoo Messenger are connected, but they're in ESTABLISHED state. I don't know what to do...

#11
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Well I have changed the adapters between them, as a little try of resolving my problems:

I forgot to mention I have two adapters in my Computer:

1. nVidia nForce networking controller (inet connection with ics enabled)
2. Realtek RTL8319/810x Family Fast Ethernet NIC

The net got to my computer through nVidia Network and then got to my mom's pc through Realtek.
I changed the roles, now the net comes through Realtek and goes to my mom's through nVidia.

Maybe this will help, I dunno. I also got a "patched" (or so he said) tcpip.sys from a friend who said that there limit in that .sys is patched. I don't know for that, but problems still arose after installing of the new .sys file. We'll see how it will behave in this configuration.

Anyways thank you all for trying to help!

#12
dAbReAkA

dAbReAkA

    Member

  • Member
  • PipPip
  • 196 posts
there's no patched tcpip.sys file for vista..

#13
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts

there's no patched tcpip.sys file for vista..


I don't know what to say, but I saw something in my logs today looking like this:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/25/2006 4:00:05 PM
Event ID: 5032
Task Category: Other System Events
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DarkMind
Description:
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5032</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12292</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T14:00:05.847Z" />
<EventRecordID>898</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="3380" />
<Channel>Security</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="ErrorCode">2</Data>
</EventData>
</Event>

What to do? What is happening?

#14
Spooky

Spooky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 718 posts
"Description:
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network."

Specifically: "Windows Firewall was unable to notify"

Did you disable UAC and defender? Both of these need to be on to receive notifications from the firewall.


there's no patched tcpip.sys file for vista..


I don't know what to say, but I saw something in my logs today looking like this:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/25/2006 4:00:05 PM
Event ID: 5032
Task Category: Other System Events
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DarkMind
Description:
Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5032</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12292</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T14:00:05.847Z" />
<EventRecordID>898</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="3380" />
<Channel>Security</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="ErrorCode">2</Data>
</EventData>
</Event>

What to do? What is happening?



#15
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
I disabled UAC, but not defender. Anyways, I don't want UAC since I want to run all of my programs as administrator, I know it's risky but I hate always pressing the As administrator button and so on, anyways, is what's causing the internet lockups? If yes, what do I need to do? It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone. I just want to fix this. My patience is getting out of hand here, since I am really beginning to get annoyed by this stupid lockup. Please tell me if I can do something to avoid the lockups or not. Thank you.

PS: It doesn't restrict the application to accept incoming connections. It restricts all aplications from accepting or making new connections.

Edited by Tassadaru, 25 December 2006 - 01:26 PM.


#16
duceyaj

duceyaj

    Newbie

  • Member
  • 21 posts
why don't you disable the vista firewall and see if that works.

#17
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Hmm, thought of that, but I can't leave my PC unprotected by a firewall... Since problems can and WILL arise from stupid viruses and so on that may appear... Any other ideas someone?

why don't you disable the vista firewall and see if that works.



#18
duceyaj

duceyaj

    Newbie

  • Member
  • 21 posts
well you can try it for a bit to see if it really is the firewall that is blocking your programs from making new connections. if it doesn't make any difference after you disable it, then we can rule out the firewall as the cause of the problem.

#19
usasma

usasma

    Newbie

  • Member
  • 48 posts
A list of Vista compatible apps (to include firewalls): http://www.iexbeta.c...lls_.2F_IDS.27s
aka John MVP Windows - Desktop Experience
"There are very few problems in life that can't be fixed by the proper application of high explosives"
If I haven't replied in 48 hours, please send me a PM.
**If you need a more detailed explanation, please ask for it. I have the Knack. **

#20
Spooky

Spooky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 718 posts
"It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone."

Hmmmm, something isn't right here. If there is not already a rule to block something the Vista firewall doesn't block anything new until it sees a threat. If the Vista firewall is actually blocking all new connections then your problem is not with the 4226 event because the firewall blocking something doesn't have a thing to do with the 4226 event. And your not experiencing lock-ups either, even though thats what it looks like to you. I didn't realize what you were seeing until now, in your post, when you said "It doesn't just block ONE application, it blocks ALL applications ..." I'm just now seeing the context. I saw a very similar problem with someone else about two weeks after Vista went RTM and after your last post I remembered it. Are you sure your using an RTM version of Vista, thats properly licensed, actually from Microsoft? And...your not using any sort of KMS. If your running a legitimate properly licensed version actually from MS and not using any sort of KMS then something is seriously screwed up with your install, i'd suggest a re-install.

Another thought also,,,,are you sure your bandwidth is OK? have you checked your connection and made sure your actually getting the bandwidth from your ISP to support your connections? I's also take another look at that Scientific Atlanta cable modem too, someone else said that only DSL modems act as routers, thats not exactly true, Scientific Atlanta and Motorola cable modems will both act as routers its just that the capability to physically access the router portion is not there.


I disabled UAC, but not defender. Anyways, I don't want UAC since I want to run all of my programs as administrator, I know it's risky but I hate always pressing the As administrator button and so on, anyways, is what's causing the internet lockups? If yes, what do I need to do? It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone. I just want to fix this. My patience is getting out of hand here, since I am really beginning to get annoyed by this stupid lockup. Please tell me if I can do something to avoid the lockups or not. Thank you.

PS: It doesn't restrict the application to accept incoming connections. It restricts all aplications from accepting or making new connections.


Edited by Spooky, 25 December 2006 - 04:31 PM.


#21
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
I tried disabling Windows Firewall... as duceyaj mentioned, now I'll see what's happening. And yes, I am sure it's the RTM version I'm using, activated and with all updates installed, I don't know what KMS is, but anyway, I'll see how it behaves without Windows Firewall turned on.

#22
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Later edit. It did it again, without Windows Firewall active. And nothing shows in event log but this:

A crash in Application log, that has been 3-4 hours before lockdown,
Security (3-3:30 hours before the lockdown):

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/25/2006 8:54:22 PM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: DarkMind
Description:
Special privileges assigned to new logon.

Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T18:54:22.991Z" />
<EventRecordID>904</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="1464" />
<Channel>Security</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>

And in System logs, the following events (dunno the exact hour of the lockdown):

Log Name: System
Source: Tcpip
Date: 12/26/2006 12:00:31 AM
Event ID: 4226
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Tcpip" />
<EventID Qualifiers="32768">4226</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:00:31.201Z" />
<EventRecordID>1971</EventRecordID>
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000000010000000000000082100080000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/26/2006 12:13:18 AM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:13:18.000Z" />
<EventRecordID>1972</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>
<Data Name="param2">running</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/26/2006 12:29:48 AM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:29:48.000Z" />
<EventRecordID>1973</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>
<Data Name="param2">stopped</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 12/26/2006 12:59:35 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:59:35.000Z" />
<EventRecordID>1974</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

What's happening? For the lockdown to be removed, I closed my torrent program and started it again. But I had NO PROBLEMS WHATSOEVER in XP SP2 with Windows Firewall ON and Nod32 as an antivirus. I don't know what the heck is wrong here.

Attached Files



#23
Spooky

Spooky

    Friend of MSFN

  • Member
  • PipPipPipPipPip
  • 718 posts
Event ID: 4672 - thats normal activity, no problems there

Event ID: 7036 - this should be have started then stopped within a few minutes or so but yours ran for a little bit longer. Doesn't mean theres a problem, but check your connection settings/LAN settings and make sure nothing is checked there. Are you on a home network?

Event ID: 31004: How much memory you have in this machine? Do you have shared access enabled? If you do have access sharing enabled, turn it off and see what happens. Access sharing enabled (even if your not using it) and then running some P2P programs can cause problems, can also in certain conditions make Vista think there are more connections then there really are (certain FTP and P2P clients) - don't know if your in this state tho. Also, do you have more then IE installed for a browser (firefox, mozilla, opera, etc...), if so check the services and make sure a service for those browsers is not running. Do you have a messenger client installed (MSN, etc...)? If so check to make sure its not really running (check services, etc..remember the messenger service in XP - same thing here, will run without starting up and make connections just to be ready for you when it does start.)

What services have you disabled? Contrary to popular belief its not necessarly a good thing to disable services on Vista. Is your TCP/IP NetBIOS helper service running?



Later edit. It did it again, without Windows Firewall active. And nothing shows in event log but this:

A crash in Application log, that has been 3-4 hours before lockdown,
Security (3-3:30 hours before the lockdown):

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 12/25/2006 8:54:22 PM
Event ID: 4672
Task Category: Special Logon
Level: Information
Keywords: Audit Success
User: N/A
Computer: DarkMind
Description:
Special privileges assigned to new logon.

Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>4672</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12548</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T18:54:22.991Z" />
<EventRecordID>904</EventRecordID>
<Correlation />
<Execution ProcessID="612" ThreadID="1464" />
<Channel>Security</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">SYSTEM</Data>
<Data Name="SubjectDomainName">NT AUTHORITY</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege</Data>
</EventData>
</Event>

And in System logs, the following events (dunno the exact hour of the lockdown):

Log Name: System
Source: Tcpip
Date: 12/26/2006 12:00:31 AM
Event ID: 4226
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Tcpip" />
<EventID Qualifiers="32768">4226</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:00:31.201Z" />
<EventRecordID>1971</EventRecordID>
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Binary>00000000010000000000000082100080000000000000000000000000000000000000000000000000</Binary>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/26/2006 12:13:18 AM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:13:18.000Z" />
<EventRecordID>1972</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>
<Data Name="param2">running</Data>
</EventData>
</Event>

Log Name: System
Source: Service Control Manager
Date: 12/26/2006 12:29:48 AM
Event ID: 7036
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="16384">7036</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:29:48.000Z" />
<EventRecordID>1973</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>
<Data Name="param2">stopped</Data>
</EventData>
</Event>

Log Name: System
Source: Microsoft-Windows-SharedAccess_NAT
Date: 12/26/2006 12:59:35 AM
Event ID: 31004
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: DarkMind
Description:
The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />
<EventID Qualifiers="0">31004</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2006-12-25T22:59:35.000Z" />
<EventRecordID>1974</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>DarkMind</Computer>
<Security />
</System>
<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">
<Data Name="param1">0</Data>
</EventData>
</Event>

What's happening? For the lockdown to be removed, I closed my torrent program and started it again. But I had NO PROBLEMS WHATSOEVER in XP SP2 with Windows Firewall ON and Nod32 as an antivirus. I don't know what the heck is wrong here.


Edited by Spooky, 25 December 2006 - 07:58 PM.


#24
Tassadaru

Tassadaru

    Newbie

  • Member
  • 25 posts
Well, I have ICS enabled, but I can't turn it off or my mother would kill me, since her computer need internet. No services were disabled whatsoever, NetBIOS Helper is enabled and running, it already did this thing twice, no event associated with it, just that windows firewall was unable to inform that it blocked an application from ... I don't know what to do anymore, I think I will remove vista and call it unresolved. I really didn't have ANY problems with XP SP2 installed, even if I used Windows Firewall or another firewall. It's clearly declared in Windows Firewall that uTorrent and other applications I use are ALLOWED. I don't know what to say anymore. Vista let me down. I am running one or two connected instances of mIRC, Yahoo Messenger is opened, I have narrowed my uTorrent's settings to like a minimum, but I still keep having problems. I have 1 GIG of DDR running in Dual-Channel configuration. I think that minimum system requirements for vista are 512 MB ram. I will get back to XP as soon as I get a free day from work, this can't go on like this. I'm sick of Vista and of the things it's been doing. It's a swell good operating system, but this thing is like the lamest I ever encountered, for the OS to restrict your connections without notice and without anything... It's just lame, and I guess that besides this, it's a very stable os. But I need to have no downtime on my PC whatever the reasons. And this is a reason I cannot control. If I'd knew what to do I'd do it, but I don't. If any of you got any more suggestions before Friday, let me know, since then it will be - bye bye vista. Thank you all for trying to help me.

G'day.

#25
duceyaj

duceyaj

    Newbie

  • Member
  • 21 posts
one of your logs say that you are low on virtual mem. you should at least double check what you have that set to. the default is system managed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users



How to remove advertisement from MSFN