Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 4226 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event ID: 4226
Event Source: system
Event Type: Warning
Event Description: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

For more information see Help and Support Center at
Event ID: 4226
Event Source:  
Event Type: -
Event Description: -
Comment: The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.

Index: 0
Event ID: 4226
Event Source: Tcpip
Event Type: -
Event Description: -
Comment: I just encountered this event when running an app that automagically backs up network devices configs (Kiwi CatTools). If more than 10 devices happen to be unreachable at the time the app runs, it triggers this event. Index: 4252
Event ID: 4226
Event Source: Tcpip
Event Type: -
Event Description: -
Comment: This event could be caused by Mozilla Firefox (at its launch having a lot of tabs from the previous session) or Skype.
Here's a primitive task for nnCron that can help to identify what process has caused event 4226:

#( CLASSIC-TASK-#-Event_4226
WatchEventLog: "System"
    FOUND-EVENT evEventID W@ 4226 = IF
     START-APPW: cmd /c echo %%date%% %%time%% >> c:\4226.txt
     START-APPW: cmd /c netstat -no >> c:\4226.txt
     START-APP: cmd /c tasklist >> c:\4226.txt
     MSG: "Event 4226 found!"

On event 4226 a message will appear on the screen and file c:\4226.txt will be created. Index: 4252

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.