We're deploying a new image out to the field, and we're seeing tcp/ip event id 4227 warnings periodically throughout the day (1-3 a day).
The event message reads as follows:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
I created a script that listens for this eventid and immediately checks "netstat -ano". The script summarizes what state the ports are in, but I don't see an immense amount of ports opened. Here's the output from the script:
50 ports in state LISTENING
3 ports in state TIME_WAIT
58 ports in state ESTABLISHED
I don't understand why such a small amount of ports would trigger the 4227 warning. Does anyone have any insight into this?
PS> I've set the TcpTimedWaitDelay reg entry to 30 seconds a la this link. I've also configured the dynamic port range to be larger using these commands:
Netsh int ipv4 set dynamicport udp start=35535 num=30000
Netsh int ipv4 set dynamicport tcp start=35535 num=30000
