Use the search and browse feature to view Kepware's repository of more than 500 Knowledge Base articles. Narrow your results or type your query into the search field below.

Search Solutions Results By: View All Solutions

Kepware Knowledge Base: Solution


Windows XP SP2 Project Sometimes Loses Communication to Devices, but the Same Project in Server 2003 Will Not


Last Update: 11/7/2018

Problem:
A PC is communicating with several devices, some of which become unreachable. Even though the devices come back on line, users can only recover by rebooting the PC.

Solution:
This is the result of a security feature that was introduced by Microsoft in XP SP2 to protect PCs from viruses. These viruses usually propagate by finding connection points on other PCs in the subnet of the affected PC. For more information, refer to the except from Microsoft below.

What Does TCP/IP do?
Transmission Control Protocol/Internet Protocol (TCP/IP) is a suite of standard protocols for connecting computers across networks. TCP/IP enables Windows-based computers to connect and share information with other Microsoft and non-Microsoft systems.

Who does this feature apply to?
All users who use TCP/IP to connect and communicate information over a network should be aware of the changes incorporated in Windows XP Service Pack 2.

What new functionality is added to this feature in Windows XP Service Pack 2?
[...]

Limited number of simultaneous incomplete outbound TCP connection attempts
The TCP/IP stack now limits the number of simultaneous incomplete outbound TCP connection attempts. After the limit has been reached, subsequent connection attempts are put in a queue and will be resolved at a fixed rate. Under normal operation, when applications are connecting to available hosts at valid IP addresses, no connection rate-limiting will occur. When it does occur, a new event, with ID 4226, appears in the system's event log.

Why is this change important? What threats does it help mitigate?
This change helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in a failed connection, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.

What works differently?
This change may cause certain security tools, such as port scanners, to run more slowly.

How do I resolve these issues?
Stop the application that is responsible for the failing connection attempts.

Related Products
KEPServerEX