EvilPeppard
asked on
TCP/IP Error with Event ID 4227
I did a search and found a recent posting on EE here, but there was little information other than running a malware scan: https://www.experts-exchange.com/questions/28273755/TCP-IP-Error-Event-ID-4227.html
I also have responded to this same issue over on the Windows 8 forums: http://www.eightforums.com/network-sharing/28502-windows-8-stops-allowing-new-connections-3.html#post306663
Here is the issue: About every 4-6 days I start getting the 'error 4227' in my Windows Event log: 'Warning, TCP/IP, Event 4227: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint'.
I can always tell when the issue starts because I can no longer remote into my home computer from work using LogMeIn. After I found this thread, I decided before I did anything else, to close Chrome, and the ~25 tabs I had open at the time. Within just a few moments, all my internet connections, and other network connections started coming back online. I didn't reboot or anything, I simply closed Chrome and left Chrome closed.
I have been chasing this problem for a while now, trying to narrow down what was using all my TCP/IP ports up. When I would reboot my computer, the first thing I would do was reopen all the windows I previously had open, including all the tabs I was in while using Chrome. I figured this must be when the countdown to all my TCP/IP ports being used up starts, so when I get to 4-6 days in, I start having network/internet port issues. I never realized leaving my internet browser (Chrome) open with several tabs would cause this problem.
Although many of my local network services restored themselves after closing Chrome, it appears my Internet is still not fully functional. It looks like I will still have to either bounce my NIC, or reboot my machine to fully restore functionality. So, although closing Chrome helped, it was not the the only culprit. Something else is still not releasing all my TCP/IP ports.
After I got home I still had to reboot my computer to fully regain Internet connectivity, so all the ports were not released. I still would like to figure out what is doing this, since I run with a ton of stuff open on my work computer, including ~30 open tabs in Chrome, and my computer stays up for a month or more before I reboot it for security updates. My work computer (also Windows 8.1) never has any issues, so the problem on my home computer must be larger than just leaving Chrome open for a few days with a bunch of tabs. My wife's computer (Windows 8.1) is up for weeks at a time with several things open too, yet she never has the issue of running out of TCP/IP ports either.
In all my research I have also read the problem could be attributed to either a bad NIC card, bad network cable, or a need for upgraded NIC drivers on my current NIC. Anyone want to weigh in on this perspective? I don't want to go buy a new NIC arbitrarily without having a better idea of what my issue may be.
To summarize, I am running Windows 8.1 Pro, with all the latest Windows updates. This is my gaming rig, but I also have other things running on it like Steam, Mumble, Trillian Pro, Argus Monitor, Moo0 system monitor, eMClient (email), Chrome, Internet Explorer (Work OWA email), Logitech Gaming Software (keyboard and mouse config software).
I have MalwareBytes Pro loaded with 'real time' protection running. I have run several FULL system scans on my computer, always coming back clean. I have tried three different versions of NIC drivers for my Broadcom NetLink Gigabit Ethernet adapter, and the problem continues to persist.
My next step is to buy a new Intel NIC and install it to see if that stops my issue, unless there is more info I can provide here to assist with a solid diagnosis.
Thanks in advance for any suggestions or feedback.
I also have responded to this same issue over on the Windows 8 forums: http://www.eightforums.com/network-sharing/28502-windows-8-stops-allowing-new-connections-3.html#post306663
Here is the issue: About every 4-6 days I start getting the 'error 4227' in my Windows Event log: 'Warning, TCP/IP, Event 4227: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint'.
I can always tell when the issue starts because I can no longer remote into my home computer from work using LogMeIn. After I found this thread, I decided before I did anything else, to close Chrome, and the ~25 tabs I had open at the time. Within just a few moments, all my internet connections, and other network connections started coming back online. I didn't reboot or anything, I simply closed Chrome and left Chrome closed.
I have been chasing this problem for a while now, trying to narrow down what was using all my TCP/IP ports up. When I would reboot my computer, the first thing I would do was reopen all the windows I previously had open, including all the tabs I was in while using Chrome. I figured this must be when the countdown to all my TCP/IP ports being used up starts, so when I get to 4-6 days in, I start having network/internet port issues. I never realized leaving my internet browser (Chrome) open with several tabs would cause this problem.
Although many of my local network services restored themselves after closing Chrome, it appears my Internet is still not fully functional. It looks like I will still have to either bounce my NIC, or reboot my machine to fully restore functionality. So, although closing Chrome helped, it was not the the only culprit. Something else is still not releasing all my TCP/IP ports.
After I got home I still had to reboot my computer to fully regain Internet connectivity, so all the ports were not released. I still would like to figure out what is doing this, since I run with a ton of stuff open on my work computer, including ~30 open tabs in Chrome, and my computer stays up for a month or more before I reboot it for security updates. My work computer (also Windows 8.1) never has any issues, so the problem on my home computer must be larger than just leaving Chrome open for a few days with a bunch of tabs. My wife's computer (Windows 8.1) is up for weeks at a time with several things open too, yet she never has the issue of running out of TCP/IP ports either.
In all my research I have also read the problem could be attributed to either a bad NIC card, bad network cable, or a need for upgraded NIC drivers on my current NIC. Anyone want to weigh in on this perspective? I don't want to go buy a new NIC arbitrarily without having a better idea of what my issue may be.
To summarize, I am running Windows 8.1 Pro, with all the latest Windows updates. This is my gaming rig, but I also have other things running on it like Steam, Mumble, Trillian Pro, Argus Monitor, Moo0 system monitor, eMClient (email), Chrome, Internet Explorer (Work OWA email), Logitech Gaming Software (keyboard and mouse config software).
I have MalwareBytes Pro loaded with 'real time' protection running. I have run several FULL system scans on my computer, always coming back clean. I have tried three different versions of NIC drivers for my Broadcom NetLink Gigabit Ethernet adapter, and the problem continues to persist.
My next step is to buy a new Intel NIC and install it to see if that stops my issue, unless there is more info I can provide here to assist with a solid diagnosis.
Thanks in advance for any suggestions or feedback.
Netstat -an should give you a list of all tcp port connections.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@tmoore1962:
I know running netstat will give me a list of what TCP ports I have open, but I don't know what to do from there. I'll have the info, but then what? I can see the processes listed in there, but that info really means nothing to me. I am not sure how to interpret it.
I see @DaveBaldwin referred to TCPView, a GUI version of Netstat. Perhaps that will help me understand the netstat results better?
@DaveBaldwin:
I have seen other articles about increasing my TCP ports, but I am more concerned as to why I am running out and what is making me run out. Like I stated originally, my work computer is up for over a month at a time, with significantly more things running on it than my game rig at home, and my work computer NEVER has this Event 4227 issue.
I am more concerned about figuring out why I am running out of ports, and what is using my ports so I can eliminate the problem. I don't want to just increase the amount of ports available without understanding why I am running out on a home computer first.
Please let me know your thoughts. Thank you again for all the feedback.
I know running netstat will give me a list of what TCP ports I have open, but I don't know what to do from there. I'll have the info, but then what? I can see the processes listed in there, but that info really means nothing to me. I am not sure how to interpret it.
I see @DaveBaldwin referred to TCPView, a GUI version of Netstat. Perhaps that will help me understand the netstat results better?
@DaveBaldwin:
I have seen other articles about increasing my TCP ports, but I am more concerned as to why I am running out and what is making me run out. Like I stated originally, my work computer is up for over a month at a time, with significantly more things running on it than my game rig at home, and my work computer NEVER has this Event 4227 issue.
I am more concerned about figuring out why I am running out of ports, and what is using my ports so I can eliminate the problem. I don't want to just increase the amount of ports available without understanding why I am running out on a home computer first.
Please let me know your thoughts. Thank you again for all the feedback.
The 'why' is probably because you have too much running at once. I suspect that you don't have as many things running at work as you do at home. Run TCPView both at home and at work to see what the differences are.
And I don't believe in running computers non-stop unless they are server grade machines. There are too many programs in Windows that leave trash behind. It would be informative if the problem stopped when you rebooted daily. That would probably mean that one or more of your programs are not cleaning up after themselves.
And I don't believe in running computers non-stop unless they are server grade machines. There are too many programs in Windows that leave trash behind. It would be informative if the problem stopped when you rebooted daily. That would probably mean that one or more of your programs are not cleaning up after themselves.
ASKER
@DaveBaldwin
On the contrary, I run even more on my work machine than I do on my home machine. My game rig is a very high end machine. So is my work rig. My work machine stays up for well over a month with all my applications left open, including ~25+ Chrome tabs, several tabs in IE, and a couple tabs in FireFox, as well as several other programs.
I agree it seems some program is not cleaning up properly. Yes, when I reboot the problem goes away, then after about 4-6 days of uptime, the problem returns and I start seeing Event 4227 logging in my Windows System Log.
In my research I have also read I can clear this message by just bouncing my NIC, meaning disable/enable it, and the issue is supposed to clear up. Microsoft refers to that procedure here: http://technet.microsoft.com/en-us/library/cc735929(v=ws.10).aspx
Although I can quickly recover from running out of TCP ports by following Microsoft's guide, I would prefer to know what is actually causing me to run out of ports on this specific machine so I can either remove the software, or make some other change to prevent it from happening.
I personally like to keep my machines up for as long as possible, and there really should be no reason I cannot do just that. This is the first time I have ever experienced this problem, and since it is isolated to just one machine, there has to be a logical explanation, and resolution.
Thank you again for your assistance and feedback.
On the contrary, I run even more on my work machine than I do on my home machine. My game rig is a very high end machine. So is my work rig. My work machine stays up for well over a month with all my applications left open, including ~25+ Chrome tabs, several tabs in IE, and a couple tabs in FireFox, as well as several other programs.
I agree it seems some program is not cleaning up properly. Yes, when I reboot the problem goes away, then after about 4-6 days of uptime, the problem returns and I start seeing Event 4227 logging in my Windows System Log.
In my research I have also read I can clear this message by just bouncing my NIC, meaning disable/enable it, and the issue is supposed to clear up. Microsoft refers to that procedure here: http://technet.microsoft.com/en-us/library/cc735929(v=ws.10).aspx
Although I can quickly recover from running out of TCP ports by following Microsoft's guide, I would prefer to know what is actually causing me to run out of ports on this specific machine so I can either remove the software, or make some other change to prevent it from happening.
I personally like to keep my machines up for as long as possible, and there really should be no reason I cannot do just that. This is the first time I have ever experienced this problem, and since it is isolated to just one machine, there has to be a logical explanation, and resolution.
Thank you again for your assistance and feedback.
there has to be a logical explanation, and resolution.Probably but the question sometimes becomes is it worth the time and effort to find it. You can take two apparently identical computers and find that in the fine details that they are not. Maybe the ram in one can't run at quite the same temperature as the other or the signal thresholds in the NIC aren't quite the same.
there really should be no reason I cannot do just that.Sorry but I don't believe that kind of 'should'. The first computer I used to do some work would reboot if you bumped the table it was on. Things are a Whole lot better now. But still not 'perfect'.
You said you run them for a month. Is updates the only reason you reboot them? (And today is second Tuesday in Windows land)
What socket is the Event Log reporting being already taken?
LogMeIn should only be using port 443.
Otherwise, I'd think it had something to do with Win8's new dynamic port range (e.g. http://support.microsoft.com/kb/929851 ).
LogMeIn should only be using port 443.
Otherwise, I'd think it had something to do with Win8's new dynamic port range (e.g. http://support.microsoft.com/kb/929851 ).
ASKER
Well, I installed and ran the TCPView. To be sure I am using it correctly, how should I interpret the red bars? Are those all ports waiting to be used, or are they problem ports?
While watching the TCPView last night, all of a sudden I had literally about 25 or so rows of red, all for IP address 69.167.156.21, which is iNET Interactive - Overclockers.com. Those rows stayed highlighted in red for quite some time, maybe 30 seconds or so. I had a tab open in Chrome to Overclockers.com, so I closed the tab, and all the red rows disappeared, and did not return.
Anyway, I want to know what I should be looking for with TCPView. I see some rows are red, some are green or yellow, and many rows that are not highlighted at all.
@Darr247, the Event log doesn't report a socket being taken, the event states exactly what I posted in my original post. I have a screenshot I will post here as well.
Event-4227---TCP-error.JPG
While watching the TCPView last night, all of a sudden I had literally about 25 or so rows of red, all for IP address 69.167.156.21, which is iNET Interactive - Overclockers.com. Those rows stayed highlighted in red for quite some time, maybe 30 seconds or so. I had a tab open in Chrome to Overclockers.com, so I closed the tab, and all the red rows disappeared, and did not return.
Anyway, I want to know what I should be looking for with TCPView. I see some rows are red, some are green or yellow, and many rows that are not highlighted at all.
@Darr247, the Event log doesn't report a socket being taken, the event states exactly what I posted in my original post. I have a screenshot I will post here as well.
Event-4227---TCP-error.JPG
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
@tmoore1962
Thanks. Any particular reason you suggested the SysInternals Process Explorer over the TCPView?
I have downloaded and configured Process Explorer. These two programs (Process Explorer and TCPView) should help me determine what is causing the problem.
I am going to wait on the registry edit until my machine acts up again, so I hopefully can capture what the problem is. The problem should pop back up any day now.
Thanks. Any particular reason you suggested the SysInternals Process Explorer over the TCPView?
I have downloaded and configured Process Explorer. These two programs (Process Explorer and TCPView) should help me determine what is causing the problem.
I am going to wait on the registry edit until my machine acts up again, so I hopefully can capture what the problem is. The problem should pop back up any day now.
I suggested TCPView so you could see how many connections were being used and where the connections were going to.
From the TCPView Help dialog:
From the TCPView Help dialog:
By default, TCPView updates every second, but you can use the View|Update Speed menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green.
ASKER
@DaveBladwin
Thanks for the explanation of the color codes in TCPView. I guess I will run these programs once the problem pops up. I still am not quite sure what I am looking for, even now knowing the color codes, though.
Thanks for the explanation of the color codes in TCPView. I guess I will run these programs once the problem pops up. I still am not quite sure what I am looking for, even now knowing the color codes, though.
I think that what you are looking for too much stuff... connections and where are they coming from. Many programs will make multiple connections. Firefox is likely to make up to 4 connections for each page you have open. They usually close pretty quick after the page is loaded. But if the pages are self-updating like Facebooks pages, you could have a bunch of connections opening at once.
Anyway, TCPView and Process Explorer are tools to find what happens when it happens. Since it's a TCP error, I would think that TCPView is more likely to show what's going on.
Anyway, TCPView and Process Explorer are tools to find what happens when it happens. Since it's a TCP error, I would think that TCPView is more likely to show what's going on.
Set the computer up to reboot once or twice a week during when you would normally be asleep.
ASKER
@FutureTechSysDOTcom
I don't want to do that. The point of my computer at home is like my computer at work; to have everything setup and running so I can just unlock my screen and get after it. I don't want to have to reopen everything, re-position windows, log into pages, re-open all my tabs. That all takes time, and is something I never had to do before, and something I do not do on any of my other computers.
Unfortunately, right now I have no choice but to reboot about once per week since my ports get all used up and rebooting was the only way I knew to clear them. I now can just reset my NIC, but still, rebooting just masks the problem, it doesn't help me solve it.
BTW, I have not seen any comments on if it is possible that my NIC may be bad. Can that cause my ports to not get released correctly, or is it all pointing toward some software programs that I should see in TCPView and Process Explorer?
I don't want to do that. The point of my computer at home is like my computer at work; to have everything setup and running so I can just unlock my screen and get after it. I don't want to have to reopen everything, re-position windows, log into pages, re-open all my tabs. That all takes time, and is something I never had to do before, and something I do not do on any of my other computers.
Unfortunately, right now I have no choice but to reboot about once per week since my ports get all used up and rebooting was the only way I knew to clear them. I now can just reset my NIC, but still, rebooting just masks the problem, it doesn't help me solve it.
BTW, I have not seen any comments on if it is possible that my NIC may be bad. Can that cause my ports to not get released correctly, or is it all pointing toward some software programs that I should see in TCPView and Process Explorer?
I don't think your NIC hardware has anything to do with the ports being used up. Ports are at a software level above the NIC and the NIC knows nothing about ports.
ASKER
@DaveBaldwin
Ok, thanks for the clarification. I was assuming that too, but wanted to make sure.
Ok, thanks for the clarification. I was assuming that too, but wanted to make sure.
ASKER
I don't have any further updates at this time. I am still waiting for the problem to happen again.
ASKER
Well, the problem is no longer happening. The issue seems to be coming from a particular website tab I was keeping open in Chrome. One of the tabs I had open was to http://www.overclockers.com/ (owned by iNet Interactive). By leaving that tab open, I would start running out of TCP ports within four days.
When I ran TCPView.exe, I could see a TON of traffic related to this website waiting for ports to close. I no longer keep that tab open and my TCP ports are opening and closing with no issues. Not sure what it is about that particular website, but it was definitely the issue.
After closing that website's tab and no longer keeping it open, my computer was up for 29 days with ZERO issue. I only restarted it because I needed to install some updates.
Thank you again for everyone's help with this issue.
When I ran TCPView.exe, I could see a TON of traffic related to this website waiting for ports to close. I no longer keep that tab open and my TCP ports are opening and closing with no issues. Not sure what it is about that particular website, but it was definitely the issue.
After closing that website's tab and no longer keeping it open, my computer was up for 29 days with ZERO issue. I only restarted it because I needed to install some updates.
Thank you again for everyone's help with this issue.