• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
Tassadaru

Event id 4226

81 posts in this topic

Greetings.

I am continuously receiving an event id 4226 error and my whole internet sometimes locks up, leaving all established connections alive, but giving permission denied to new attempts. I don't know how to make this not happen again, it's starting to drive me nuts. I've set my torrent client to do max 4 halfopen connections per second and max 2 new connections per second, but it keeps crashing my internet. I would love to see a fix for this thing, since every time this happens, my internet stops. All established connections work, while all new attempts get a permission denied. Please help me. Thank you.

0

Share this post


Link to post
Share on other sites

I posted something about this in the Vista Tweaks and Tips section, explaining what this event really is. See this post: About Event 4226

There is no fix for it because nothing is really wrong, its by design. The event is reported because its simply trying to tell you a limit was reached. As I post this reply I have 46 active connections going for various things and i'm able to establish new connections with no problem. Have you made any alterations to your TCP/IP stack, especially any changes that are supposed to 'tweak' your connection from any of the connection tweakers like the popular for XP cablenut tweaker...if you did you need to dump those changes, contrary to popular belief they don't actually help your connection at all in Vista. Have you disabled AutoTuning...if so re-enable it. Then see what happens. BTW, some torrent clients actually have more connections going in the backgroud then what the client shows, and some of them hold onto timed out connections (which should be available to you to make new connections with) and report them to the stack as active when they really aren't. Actually while some look like it, or say they 'work in Vista' I don't think many of them actually report accurately to Vista for the actual number of connection and the actual status of timed out connections.

Greetings.

I am continuously receiving an event id 4226 error and my whole internet sometimes locks up, leaving all established connections alive, but giving permission denied to new attempts. I don't know how to make this not happen again, it's starting to drive me nuts. I've set my torrent client to do max 4 halfopen connections per second and max 2 new connections per second, but it keeps crashing my internet. I would love to see a fix for this thing, since every time this happens, my internet stops. All established connections work, while all new attempts get a permission denied. Please help me. Thank you.

Edited by Spooky
0

Share this post


Link to post
Share on other sites

I have not made any alterations to my windows box, since none was needed and there were none I could find. I didn't enable or disable anything. It's just that I hate it when my internet locks up and no new connections can be made. It's really annoying especially when you need to do something quick. tcpip.sys is the original, sometimes the error appears and does nothing, sometimes the whole **** net freezes. That's what I want to avoid. The internet freezing part. Everything that is connected remains connected without a problem, what is not, can't establish a new connection and gets Permission denied. Please tell me or advise me what to do about the permission denied part, since I'm really considering burning vista and kicking it to a trashcan. My tcpip.sys file is version 6.0.6000.16386 size 784 KB (802,816 bytes). Please give some feedback on what CAN I do for the internet just not stop, even if it slows down. What can be causing theese lockups? Thanx!

0

Share this post


Link to post
Share on other sites

i had the this same exact problem. in order to resolve this, they say you have to disable spi in your router. it has something to do with vista's tcp window scaling not being compatible with most routers. although sometimes that doesn't fix it completely.

for my router (linksys rv042), i had to disable the router firewall completely and i no longer have connection problems. try either one and see if it works for you.

as soon as linksys updates their firmware for the rv042 to support tcp window scaling, i should be able to enable the firewall again.

0

Share this post


Link to post
Share on other sites

Thanks for the advice but I don't use a router. My connection is cable modem based, using a Scientific Atlanta Webstar 2000 Series cable modem through nVidia nForce Networking Controller (nForce4), since the modem doesn't have drivers for vista rtm so I can plug it in the USB and worry no more (maybe). So no routers are present in my configuration, just the vista default config of firewall, that ALLOWS utorrent (that may be causing the problems) to connect as he wishes. I narrowed down the uTorrent configuration options to net.max_halfopen to 4 and net.connect_speed to 5, so the max half-open connections that uTorrent will attempt is 4, and the maximum connections per second that uTorrent will do are 5. That will slow things down, I know, but may be a temporary fix until something good comes along and a patch to tcpip.sys is released. But I don't know how to disable the net lockup part. What's causing that? I see nothing in my logs, about some component of vista restricting one of my running apps, it just... freezes, and what's connected remains connected, what not, ... tough luck!

Any more ideas?

i had the this same exact problem. in order to resolve this, they say you have to disable spi in your router. it has something to do with vista's tcp window scaling not being compatible with most routers. although sometimes that doesn't fix it completely.

for my router (linksys rv042), i had to disable the router firewall completely and i no longer have connection problems. try either one and see if it works for you.

as soon as linksys updates their firmware for the rv042 to support tcp window scaling, i should be able to enable the firewall again.

0

Share this post


Link to post
Share on other sites

Well then, you may have found your problem...maybe. Some versions of the Nvidia nForce controller have problems with spi, the Vista firewall its self has a little problem with spi (that will be fixed in SP1). However, while the Vista firewall has a slight problem with spi I don't think its causing your problem. Take a closer look at the Nvidia (are you using any beta drivers from Nvidia?), try using a different NIC...also...the Scientific Atlanta cable modems might be having some issues with spi (because cable modems are basically routers).

Of course, all these are guess's at this point. Its hard to trouble shoot a problem unless your looking at the entire system. Also it depends if your running the RTM or one of the previous builds prior to RTM. Builds prior to RTM had the issues you describe with the 'lockup' part.

These are just suggestions for you.

Thanks for the advice but I don't use a router. My connection is cable modem based, using a Scientific Atlanta Webstar 2000 Series cable modem through nVidia nForce Networking Controller (nForce4), since the modem doesn't have drivers for vista rtm so I can plug it in the USB and worry no more (maybe). So no routers are present in my configuration, just the vista default config of firewall, that ALLOWS utorrent (that may be causing the problems) to connect as he wishes. I narrowed down the uTorrent configuration options to net.max_halfopen to 4 and net.connect_speed to 5, so the max half-open connections that uTorrent will attempt is 4, and the maximum connections per second that uTorrent will do are 5. That will slow things down, I know, but may be a temporary fix until something good comes along and a patch to tcpip.sys is released. But I don't know how to disable the net lockup part. What's causing that? I see nothing in my logs, about some component of vista restricting one of my running apps, it just... freezes, and what's connected remains connected, what not, ... tough luck!

Any more ideas?

i had the this same exact problem. in order to resolve this, they say you have to disable spi in your router. it has something to do with vista's tcp window scaling not being compatible with most routers. although sometimes that doesn't fix it completely.

for my router (linksys rv042), i had to disable the router firewall completely and i no longer have connection problems. try either one and see if it works for you.

as soon as linksys updates their firmware for the rv042 to support tcp window scaling, i should be able to enable the firewall again.

0

Share this post


Link to post
Share on other sites

actually, cable modems aren't really routers. only dsl modems act as routers.

i'm currently using utorrent and emule with 4 half-open connections for utorrent and 4 half-open connections for emule. i'm getting the 4226 event id only once a day. but it doesn't kill my net connection. double check your other apps to see if they aren't hogging your half open connections.

and if you still are having problems, the last thing you can do to try to resolve your net problems is to turn of vista's auto tuning.

Turning off auto-tuning is a simple command line command (running with Admin rights):

netsh interface tcp set global autotuninglevel=disabled

and to enable again:

netsh interface tcp set global autotuninglevel=normal

0

Share this post


Link to post
Share on other sites

10 half-open concurrent connections is too little in todays world..

30 - bearable, 50 - why not, 100 - just perfect, 10 - ffs, it's not 1980

0

Share this post


Link to post
Share on other sites

your right, its not 1980, if it was 1980 the hacker idiots wouldn't be exploiting everything they could. As it is, its the way it is because of those hacker idiots who produce the stuff that takes advantage of a generous allowance of more then the current limit.

10 half-open concurrent connections is too little in todays world..

30 - bearable, 50 - why not, 100 - just perfect, 10 - ffs, it's not 1980

0

Share this post


Link to post
Share on other sites

Well, if you want, I can generate a report for you and you could see what's on my system. Anyways, I'm running Windows Vista Professional 6.0 (Build #6000).

My specs (short) are: OS: Windows Vista Professional 6.0 (Build #6000) CPU: AMD Athlon 64 3500+, 2.50 GHz, 512KB Video: NVIDIA GeForce 7600 GT (1024x768x32bpp 75Hz) Sound: Speakers (NVIDIA nForce Audio) Memory: Used: 488/1023MB Uptime: 7m 32s HD: Free: 54.42 GB/298.10 GB Connection: NVIDIA nForce Networking Controller @ 100.0 Mbps (Rec: 14.56MB Sent: 8.09MB).

The drivers I'm using are from Microsoft Update, since they installed at the first update. So they're WHQL signed, and Microsoft trusts them and tested them. And no apps in the background that could be making other connections. mIRC and Yahoo Messenger are connected, but they're in ESTABLISHED state. I don't know what to do...

0

Share this post


Link to post
Share on other sites

Well I have changed the adapters between them, as a little try of resolving my problems:

I forgot to mention I have two adapters in my Computer:

1. nVidia nForce networking controller (inet connection with ics enabled)

2. Realtek RTL8319/810x Family Fast Ethernet NIC

The net got to my computer through nVidia Network and then got to my mom's pc through Realtek.

I changed the roles, now the net comes through Realtek and goes to my mom's through nVidia.

Maybe this will help, I dunno. I also got a "patched" (or so he said) tcpip.sys from a friend who said that there limit in that .sys is patched. I don't know for that, but problems still arose after installing of the new .sys file. We'll see how it will behave in this configuration.

Anyways thank you all for trying to help!

0

Share this post


Link to post
Share on other sites
there's no patched tcpip.sys file for vista..

I don't know what to say, but I saw something in my logs today looking like this:

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/25/2006 4:00:05 PM

Event ID: 5032

Task Category: Other System Events

Level: Information

Keywords: Audit Failure

User: N/A

Computer: DarkMind

Description:

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

<EventID>5032</EventID>

<Version>0</Version>

<Level>0</Level>

<Task>12292</Task>

<Opcode>0</Opcode>

<Keywords>0x8010000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T14:00:05.847Z" />

<EventRecordID>898</EventRecordID>

<Correlation />

<Execution ProcessID="612" ThreadID="3380" />

<Channel>Security</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="ErrorCode">2</Data>

</EventData>

</Event>

What to do? What is happening?

0

Share this post


Link to post
Share on other sites

"Description:

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network."

Specifically: "Windows Firewall was unable to notify"

Did you disable UAC and defender? Both of these need to be on to receive notifications from the firewall.

there's no patched tcpip.sys file for vista..

I don't know what to say, but I saw something in my logs today looking like this:

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/25/2006 4:00:05 PM

Event ID: 5032

Task Category: Other System Events

Level: Information

Keywords: Audit Failure

User: N/A

Computer: DarkMind

Description:

Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

<EventID>5032</EventID>

<Version>0</Version>

<Level>0</Level>

<Task>12292</Task>

<Opcode>0</Opcode>

<Keywords>0x8010000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T14:00:05.847Z" />

<EventRecordID>898</EventRecordID>

<Correlation />

<Execution ProcessID="612" ThreadID="3380" />

<Channel>Security</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="ErrorCode">2</Data>

</EventData>

</Event>

What to do? What is happening?

0

Share this post


Link to post
Share on other sites

I disabled UAC, but not defender. Anyways, I don't want UAC since I want to run all of my programs as administrator, I know it's risky but I hate always pressing the As administrator button and so on, anyways, is what's causing the internet lockups? If yes, what do I need to do? It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone. I just want to fix this. My patience is getting out of hand here, since I am really beginning to get annoyed by this stupid lockup. Please tell me if I can do something to avoid the lockups or not. Thank you.

PS: It doesn't restrict the application to accept incoming connections. It restricts all aplications from accepting or making new connections.

Edited by Tassadaru
0

Share this post


Link to post
Share on other sites

Hmm, thought of that, but I can't leave my PC unprotected by a firewall... Since problems can and WILL arise from stupid viruses and so on that may appear... Any other ideas someone?

why don't you disable the vista firewall and see if that works.
0

Share this post


Link to post
Share on other sites

well you can try it for a bit to see if it really is the firewall that is blocking your programs from making new connections. if it doesn't make any difference after you disable it, then we can rule out the firewall as the cause of the problem.

0

Share this post


Link to post
Share on other sites

"It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone."

Hmmmm, something isn't right here. If there is not already a rule to block something the Vista firewall doesn't block anything new until it sees a threat. If the Vista firewall is actually blocking all new connections then your problem is not with the 4226 event because the firewall blocking something doesn't have a thing to do with the 4226 event. And your not experiencing lock-ups either, even though thats what it looks like to you. I didn't realize what you were seeing until now, in your post, when you said "It doesn't just block ONE application, it blocks ALL applications ..." I'm just now seeing the context. I saw a very similar problem with someone else about two weeks after Vista went RTM and after your last post I remembered it. Are you sure your using an RTM version of Vista, thats properly licensed, actually from Microsoft? And...your not using any sort of KMS. If your running a legitimate properly licensed version actually from MS and not using any sort of KMS then something is seriously screwed up with your install, i'd suggest a re-install.

Another thought also,,,,are you sure your bandwidth is OK? have you checked your connection and made sure your actually getting the bandwidth from your ISP to support your connections? I's also take another look at that Scientific Atlanta cable modem too, someone else said that only DSL modems act as routers, thats not exactly true, Scientific Atlanta and Motorola cable modems will both act as routers its just that the capability to physically access the router portion is not there.

I disabled UAC, but not defender. Anyways, I don't want UAC since I want to run all of my programs as administrator, I know it's risky but I hate always pressing the As administrator button and so on, anyways, is what's causing the internet lockups? If yes, what do I need to do? It doesn't just block ONE application, it blocks ALL applications from whatever connection they're wanting to attempt, and leaves the applications already connected alone. I just want to fix this. My patience is getting out of hand here, since I am really beginning to get annoyed by this stupid lockup. Please tell me if I can do something to avoid the lockups or not. Thank you.

PS: It doesn't restrict the application to accept incoming connections. It restricts all aplications from accepting or making new connections.

Edited by Spooky
0

Share this post


Link to post
Share on other sites

I tried disabling Windows Firewall... as duceyaj mentioned, now I'll see what's happening. And yes, I am sure it's the RTM version I'm using, activated and with all updates installed, I don't know what KMS is, but anyway, I'll see how it behaves without Windows Firewall turned on.

0

Share this post


Link to post
Share on other sites

Later edit. It did it again, without Windows Firewall active. And nothing shows in event log but this:

A crash in Application log, that has been 3-4 hours before lockdown,

Security (3-3:30 hours before the lockdown):

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/25/2006 8:54:22 PM

Event ID: 4672

Task Category: Special Logon

Level: Information

Keywords: Audit Success

User: N/A

Computer: DarkMind

Description:

Special privileges assigned to new logon.

Subject:

Security ID: SYSTEM

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

<EventID>4672</EventID>

<Version>0</Version>

<Level>0</Level>

<Task>12548</Task>

<Opcode>0</Opcode>

<Keywords>0x8020000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T18:54:22.991Z" />

<EventRecordID>904</EventRecordID>

<Correlation />

<Execution ProcessID="612" ThreadID="1464" />

<Channel>Security</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="SubjectUserSid">S-1-5-18</Data>

<Data Name="SubjectUserName">SYSTEM</Data>

<Data Name="SubjectDomainName">NT AUTHORITY</Data>

<Data Name="SubjectLogonId">0x3e7</Data>

<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege</Data>

</EventData>

</Event>

And in System logs, the following events (dunno the exact hour of the lockdown):

Log Name: System

Source: Tcpip

Date: 12/26/2006 12:00:31 AM

Event ID: 4226

Task Category: None

Level: Warning

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Tcpip" />

<EventID Qualifiers="32768">4226</EventID>

<Level>3</Level>

<Task>0</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:00:31.201Z" />

<EventRecordID>1971</EventRecordID>

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data>

</Data>

<Binary>00000000010000000000000082100080000000000000000000000000000000000000000000000000</Binary>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:13:18 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:13:18.000Z" />

<EventRecordID>1972</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">running</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:29:48 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:29:48.000Z" />

<EventRecordID>1973</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">stopped</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-SharedAccess_NAT

Date: 12/26/2006 12:59:35 AM

Event ID: 31004

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />

<EventID Qualifiers="0">31004</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:59:35.000Z" />

<EventRecordID>1974</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">

<Data Name="param1">0</Data>

</EventData>

</Event>

What's happening? For the lockdown to be removed, I closed my torrent program and started it again. But I had NO PROBLEMS WHATSOEVER in XP SP2 with Windows Firewall ON and Nod32 as an antivirus. I don't know what the heck is wrong here.

post-119172-1167088604_thumb.jpg

0

Share this post


Link to post
Share on other sites

Event ID: 4672 - thats normal activity, no problems there

Event ID: 7036 - this should be have started then stopped within a few minutes or so but yours ran for a little bit longer. Doesn't mean theres a problem, but check your connection settings/LAN settings and make sure nothing is checked there. Are you on a home network?

Event ID: 31004: How much memory you have in this machine? Do you have shared access enabled? If you do have access sharing enabled, turn it off and see what happens. Access sharing enabled (even if your not using it) and then running some P2P programs can cause problems, can also in certain conditions make Vista think there are more connections then there really are (certain FTP and P2P clients) - don't know if your in this state tho. Also, do you have more then IE installed for a browser (firefox, mozilla, opera, etc...), if so check the services and make sure a service for those browsers is not running. Do you have a messenger client installed (MSN, etc...)? If so check to make sure its not really running (check services, etc..remember the messenger service in XP - same thing here, will run without starting up and make connections just to be ready for you when it does start.)

What services have you disabled? Contrary to popular belief its not necessarly a good thing to disable services on Vista. Is your TCP/IP NetBIOS helper service running?

Later edit. It did it again, without Windows Firewall active. And nothing shows in event log but this:

A crash in Application log, that has been 3-4 hours before lockdown,

Security (3-3:30 hours before the lockdown):

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 12/25/2006 8:54:22 PM

Event ID: 4672

Task Category: Special Logon

Level: Information

Keywords: Audit Success

User: N/A

Computer: DarkMind

Description:

Special privileges assigned to new logon.

Subject:

Security ID: SYSTEM

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

<EventID>4672</EventID>

<Version>0</Version>

<Level>0</Level>

<Task>12548</Task>

<Opcode>0</Opcode>

<Keywords>0x8020000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T18:54:22.991Z" />

<EventRecordID>904</EventRecordID>

<Correlation />

<Execution ProcessID="612" ThreadID="1464" />

<Channel>Security</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="SubjectUserSid">S-1-5-18</Data>

<Data Name="SubjectUserName">SYSTEM</Data>

<Data Name="SubjectDomainName">NT AUTHORITY</Data>

<Data Name="SubjectLogonId">0x3e7</Data>

<Data Name="PrivilegeList">SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege</Data>

</EventData>

</Event>

And in System logs, the following events (dunno the exact hour of the lockdown):

Log Name: System

Source: Tcpip

Date: 12/26/2006 12:00:31 AM

Event ID: 4226

Task Category: None

Level: Warning

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Tcpip" />

<EventID Qualifiers="32768">4226</EventID>

<Level>3</Level>

<Task>0</Task>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:00:31.201Z" />

<EventRecordID>1971</EventRecordID>

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data>

</Data>

<Binary>00000000010000000000000082100080000000000000000000000000000000000000000000000000</Binary>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:13:18 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the running state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:13:18.000Z" />

<EventRecordID>1972</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">running</Data>

</EventData>

</Event>

Log Name: System

Source: Service Control Manager

Date: 12/26/2006 12:29:48 AM

Event ID: 7036

Task Category: None

Level: Information

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The WinHTTP Web Proxy Auto-Discovery Service service entered the stopped state.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Service Control Manager" Guid="{555908D1-A6D7-4695-8E1E-26931D2012F4}" EventSourceName="Service Control Manager" />

<EventID Qualifiers="16384">7036</EventID>

<Version>0</Version>

<Level>4</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:29:48.000Z" />

<EventRecordID>1973</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData>

<Data Name="param1">WinHTTP Web Proxy Auto-Discovery Service</Data>

<Data Name="param2">stopped</Data>

</EventData>

</Event>

Log Name: System

Source: Microsoft-Windows-SharedAccess_NAT

Date: 12/26/2006 12:59:35 AM

Event ID: 31004

Task Category: None

Level: Error

Keywords: Classic

User: N/A

Computer: DarkMind

Description:

The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

<System>

<Provider Name="Microsoft-Windows-SharedAccess_NAT" Guid="{A6F32731-9A38-4159-A220-3D9B7FC5FE5D}" EventSourceName="ipnathlp" />

<EventID Qualifiers="0">31004</EventID>

<Version>0</Version>

<Level>2</Level>

<Task>0</Task>

<Opcode>0</Opcode>

<Keywords>0x80000000000000</Keywords>

<TimeCreated SystemTime="2006-12-25T22:59:35.000Z" />

<EventRecordID>1974</EventRecordID>

<Correlation />

<Execution ProcessID="0" ThreadID="0" />

<Channel>System</Channel>

<Computer>DarkMind</Computer>

<Security />

</System>

<EventData Name="IP_DNS_PROXY_LOG_ALLOCATION_FAILED">

<Data Name="param1">0</Data>

</EventData>

</Event>

What's happening? For the lockdown to be removed, I closed my torrent program and started it again. But I had NO PROBLEMS WHATSOEVER in XP SP2 with Windows Firewall ON and Nod32 as an antivirus. I don't know what the heck is wrong here.

Edited by Spooky
0

Share this post


Link to post
Share on other sites

Well, I have ICS enabled, but I can't turn it off or my mother would kill me, since her computer need internet. No services were disabled whatsoever, NetBIOS Helper is enabled and running, it already did this thing twice, no event associated with it, just that windows firewall was unable to inform that it blocked an application from ... I don't know what to do anymore, I think I will remove vista and call it unresolved. I really didn't have ANY problems with XP SP2 installed, even if I used Windows Firewall or another firewall. It's clearly declared in Windows Firewall that uTorrent and other applications I use are ALLOWED. I don't know what to say anymore. Vista let me down. I am running one or two connected instances of mIRC, Yahoo Messenger is opened, I have narrowed my uTorrent's settings to like a minimum, but I still keep having problems. I have 1 GIG of DDR running in Dual-Channel configuration. I think that minimum system requirements for vista are 512 MB ram. I will get back to XP as soon as I get a free day from work, this can't go on like this. I'm sick of Vista and of the things it's been doing. It's a swell good operating system, but this thing is like the lamest I ever encountered, for the OS to restrict your connections without notice and without anything... It's just lame, and I guess that besides this, it's a very stable os. But I need to have no downtime on my PC whatever the reasons. And this is a reason I cannot control. If I'd knew what to do I'd do it, but I don't. If any of you got any more suggestions before Friday, let me know, since then it will be - bye bye vista. Thank you all for trying to help me.

G'day.

0

Share this post


Link to post
Share on other sites

one of your logs say that you are low on virtual mem. you should at least double check what you have that set to. the default is system managed.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.