TCP/IP Error with Event ID 4227

I did a search and found a recent posting on EE here, but there was little information other than running a malware scan:

I also have responded to this same issue over on the Windows 8 forums:

Here is the issue: About every 4-6 days I start getting the 'error 4227' in my Windows Event log: 'Warning, TCP/IP, Event 4227: TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint'.

I can always tell when the issue starts because I can no longer remote into my home computer from work using LogMeIn. After I found this thread, I decided before I did anything else, to close Chrome, and the ~25 tabs I had open at the time. Within just a few moments, all my internet connections, and other network connections started coming back online. I didn't reboot or anything, I simply closed Chrome and left Chrome closed.

I have been chasing this problem for a while now, trying to narrow down what was using all my TCP/IP ports up. When I would reboot my computer, the first thing I would do was reopen all the windows I previously had open, including all the tabs I was in while using Chrome. I figured this must be when the countdown to all my TCP/IP ports being used up starts, so when I get to 4-6 days in, I start having network/internet port issues. I never realized leaving my internet browser (Chrome) open with several tabs would cause this problem.

Although many of my local network services restored themselves after closing Chrome, it appears my Internet is still not fully functional. It looks like I will still have to either bounce my NIC, or reboot my machine to fully restore functionality. So, although closing Chrome helped, it was not the the only culprit. Something else is still not releasing all my TCP/IP ports.

After I got home I still had to reboot my computer to fully regain Internet connectivity, so all the ports were not released. I still would like to figure out what is doing this, since I run with a ton of stuff open on my work computer, including ~30 open tabs in Chrome, and my computer stays up for a month or more before I reboot it for security updates. My work computer (also Windows 8.1) never has any issues, so the problem on my home computer must be larger than just leaving Chrome open for a few days with a bunch of tabs. My wife's computer (Windows 8.1) is up for weeks at a time with several things open too, yet she never has the issue of running out of TCP/IP ports either.

In all my research I have also read the problem could be attributed to either a bad NIC card, bad network cable, or a need for upgraded NIC drivers on my current NIC. Anyone want to weigh in on this perspective? I don't want to go buy a new NIC arbitrarily without having a better idea of what my issue may be.

To summarize, I am running Windows 8.1 Pro, with all the latest Windows updates. This is my gaming rig, but I also have other things running on it like Steam, Mumble, Trillian Pro, Argus Monitor, Moo0 system monitor, eMClient (email), Chrome, Internet Explorer (Work OWA email), Logitech Gaming Software (keyboard and mouse config software).

I have MalwareBytes Pro loaded with 'real time' protection running. I have run several FULL system scans on my computer, always coming back clean. I have tried three different versions of NIC drivers for my Broadcom NetLink Gigabit Ethernet adapter, and the problem continues to persist.

My next step is to buy a new Intel NIC and install it to see if that stops my issue, unless there is more info I can provide here to assist with a solid diagnosis.

Thanks in advance for any suggestions or feedback.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netstat -an should give you a list of all tcp port connections.
Dave BaldwinFixer of ProblemsCommented:
You might see if TCPView will work.  It has a GUI view of netstat.

Also you may be exceeding the number of allowed TCP connections.  Here is an article from IBM about changing the number of connections allowed in Windows:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EvilPeppardAuthor Commented:

I know running netstat will give me a list of what TCP ports I have open, but I don't know what to do from there. I'll have the info, but then what? I can see the processes listed in there, but that info really means nothing to me. I am not sure how to interpret it.

I see @DaveBaldwin referred to TCPView, a GUI version of Netstat. Perhaps that will help me understand the netstat results better?

I have seen other articles about increasing my TCP ports, but I am more concerned as to why I am running out and what is making me run out. Like I stated originally, my work computer is up for over a month at a time, with significantly more things running on it than my game rig at home, and my work computer NEVER has this Event 4227 issue.

I am more concerned about figuring out why I am running out of ports, and what is using my ports so I can eliminate the problem. I don't want to just increase the amount of ports available without understanding why I am running out on a home computer first.

Please let me know your thoughts. Thank you again for all the feedback.
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Dave BaldwinFixer of ProblemsCommented:
The 'why' is probably because you have too much running at once.  I suspect that you don't have as many things running at work as you do at home.  Run TCPView both at home and at work to see what the differences are.

And I don't believe in running computers non-stop unless they are server grade machines.  There are too many programs in Windows that leave trash behind.  It would be informative if the problem stopped when you rebooted daily.  That would probably mean that one or more of your programs are not cleaning up after themselves.
EvilPeppardAuthor Commented:

On the contrary, I run even more on my work machine than I do on my home machine. My game rig is a very high end machine. So is my work rig. My work machine stays up for well over a month with all my applications left open, including ~25+ Chrome tabs, several tabs in IE, and a couple tabs in FireFox, as well as several other programs.

I agree it seems some program is not cleaning up properly. Yes, when I reboot the problem goes away, then after about 4-6 days of uptime, the problem returns and I start seeing Event 4227 logging in my Windows System Log.

In my research I have also read I can clear this message by just bouncing my NIC, meaning disable/enable it, and the issue is supposed to clear up. Microsoft refers to that procedure here:

Although I can quickly recover from running out of TCP ports by following Microsoft's guide, I would prefer to know what is actually causing me to run out of ports on this specific machine so I can either remove the software, or make some other change to prevent it from happening.

I personally like to keep my machines up for as long as possible, and there really should be no reason I cannot do just that. This is the first time I have ever experienced this problem, and since it is isolated to just one machine, there has to be a logical explanation, and resolution.

Thank you again for your assistance and feedback.
Dave BaldwinFixer of ProblemsCommented:
there has to be a logical explanation, and resolution.
Probably but the question sometimes becomes is it worth the time and effort to find it.  You can take two apparently identical computers and find that in the fine details that they are not.  Maybe the ram in one can't run at quite the same temperature as the other or the signal thresholds in the NIC aren't quite the same.
there really should be no reason I cannot do just that.
Sorry but I don't believe that kind of 'should'.  The first computer I used to do some work would reboot if you bumped the table it was on.  Things are a Whole lot better now.  But still not 'perfect'.

You said you run them for a month.  Is updates the only reason you reboot them?  (And today is second Tuesday in Windows land)
What socket is the Event Log reporting being already taken?

LogMeIn should only be using port 443.

Otherwise, I'd think it had something to do with Win8's new dynamic port range (e.g. ).
EvilPeppardAuthor Commented:
Well, I installed and ran the TCPView. To be sure I am using it correctly, how should I interpret the red bars? Are those all ports waiting to be used, or are they problem ports?

While watching the TCPView last night, all of a sudden I had literally about 25 or so rows of red, all for IP address, which is iNET Interactive - Those rows stayed highlighted in red for quite some time, maybe 30 seconds or so. I had a tab open in Chrome to, so I closed the tab, and all the red rows disappeared, and did not return.

Anyway, I want to know what I should be looking for with TCPView. I see some rows are red, some are green or yellow, and many rows that are not highlighted at all.

@Darr247, the Event log doesn't report a socket being taken, the event states exactly what I posted in my original post. I have a screenshot I will post here as well.
Google sysinternals and get process explorer.  Run NETSTAT -o to get a list of port connections and their processes.  Run process explorer add the command line to the columns viewed.  You can now determine what app is running the process and what process is using what port.  One of you applications is connect.  But what I think is happening is that one of the apps that access the internet is dropping the connection and attempting to re-establish connection before the default timeout, don't know if reducing the default will get it in the apps programmed window but here is the basic instructions for XP svr 2003 but should work for 8.
Reduce the client TCP/IP socket connection timeout value from the default value of 240 seconds.  Hope it helps...

a. Start Registry Editor.
b. Browse to, and then click the following key in the registry:


c. On the Edit menu, click New, DWORD Value, and then add the following registry value to reduce the length of time that a connection stays in the TIME_WAIT state when the connection is being closed. While a connection is in the TIME_WAIT state, the socket pair cannot be reused:

Value name
Value data
<Enter a decimal value between 30 and 240 here>

d. Close Registry Editor.

You must restart your computer for this change to take effect.
The valid range of this value is 30 through 300 (decimal). The default value is 240.
EvilPeppardAuthor Commented:

Thanks. Any particular reason you suggested the SysInternals Process Explorer over the TCPView?

I have downloaded and configured Process Explorer. These two programs (Process Explorer and TCPView) should help me determine what is causing the problem.

I am going to wait on the registry edit until my machine acts up again, so I hopefully can capture what the problem is. The problem should pop back up any day now.
Dave BaldwinFixer of ProblemsCommented:
I suggested TCPView so you could see how many connections were being used and where the connections were going to.
From the TCPView Help dialog:
By default, TCPView updates every second, but you can use the View|Update Speed menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green.
EvilPeppardAuthor Commented:

Thanks for the explanation of the color codes in TCPView. I guess I will run these programs once the problem pops up. I still am not quite sure what I am looking for, even now knowing the color codes, though.
Dave BaldwinFixer of ProblemsCommented:
I think that what you are looking for too much stuff... connections and where are they coming from.  Many programs will make multiple connections.  Firefox is likely to make up to 4 connections for each page you have open.  They usually close pretty quick after the page is loaded.  But if the pages are self-updating like Facebooks pages, you could have a bunch of connections opening at once.

Anyway, TCPView and Process Explorer are tools to find what happens when it happens.  Since it's a TCP error, I would think that TCPView is more likely to show what's going on.
Set the computer up to reboot once or twice a week during when you would normally be asleep.
EvilPeppardAuthor Commented:

I don't want to do that. The point of my computer at home is like my computer at work; to have everything setup and running so I can just unlock my screen and get after it. I don't want to have to reopen everything, re-position windows, log into pages, re-open all my tabs. That all takes time, and is something I never had to do before, and something I do not do on any of my other computers.

Unfortunately, right now I have no choice but to reboot about once per week since my ports get all used up and rebooting was the only way I knew to clear them. I now can just reset my NIC, but still, rebooting just masks the problem, it doesn't help me solve it.

BTW, I have not seen any comments on if it is possible that my NIC may be bad. Can that cause my ports to not get released correctly, or is it all pointing toward some software programs that I should see in TCPView and Process Explorer?
Dave BaldwinFixer of ProblemsCommented:
I don't think your NIC hardware has anything to do with the ports being used up.  Ports are at a software level above the NIC and the NIC knows nothing about ports.
EvilPeppardAuthor Commented:

Ok, thanks for the clarification. I was assuming that too, but wanted to make sure.
EvilPeppardAuthor Commented:
I don't have any further updates at this time. I am still waiting for the problem to happen again.
EvilPeppardAuthor Commented:
Well, the problem is no longer happening. The issue seems to be coming from a particular website tab I was keeping open in Chrome. One of the tabs I had open was to (owned by iNet Interactive). By leaving that tab open, I would start running out of TCP ports within four days.

When I ran TCPView.exe, I could see a TON of traffic related to this website waiting for ports to close. I no longer keep that tab open and my TCP ports are opening and closing with no issues. Not sure what it is about that particular website, but it was definitely the issue.

After closing that website's tab and no longer keeping it open, my computer was up for 29 days with ZERO issue. I only restarted it because I needed to install some updates.

Thank you again for everyone's help with this issue.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.