strange errors from TCP in event viewer


Cybot

Active member
Local time
6:57 PM
Posts
9
OS
Windows 11 Pro
Since about October, i have been seeing three strange error messages from TCP in the windows event viewer. i have no idea what they mean or what it is the errors are saying is wrong. They are certainly (imho) uncommon errors that i have never seen before. i am hoping someone here can shed some light on the issue.

event ID 4227
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.

event 4226
A request to allocate an ephemeral port number from the global UDP port space has failed due to all such ports being in use.

Event ID 4231
A request to allocate an ephemeral port number from the global TCP port space has failed due to all such ports being in use.
 
Windows Build/Version
Windows 11 Pro 22H2 22621.900

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    MSI GE73 RGB 9RE
    CPU
    i7 8750H@2.2Ghz
    Motherboard
    MS-17CS
    Memory
    16 Gb DDR4
    Graphics Card(s)
    Nvidia GTX 1060 6Gb
    Sound Card
    Realtek
    Monitor(s) Displays
    Built-in + Lenovo Yoga tab 13 via HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    C:\ 256Gb SSD
    D:\ 1Tb HDD + 32Gb Intel Optane
    E:\ 5Tb HDD (WD Black P10 Game Drive)
    PSU
    MSI 19.5V 9.23A
    Case
    MSI
    Cooling
    4x Opolar vacuum coolers
    Keyboard
    built-in Steel Series
    Mouse
    Steel Series Rival 710
    Internet Speed
    10 Mbps download 1 Mbps Upload
    Browser
    Edge
    Antivirus
    Microsoft Defender
    Other Info
    Microsoft 365
  • Operating System
    Android 12L
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo
    CPU
    Snapdragon 860
    Motherboard
    ?
    Memory
    ?
    Graphics card(s)
    ?
    Sound Card
    ?
    Monitor(s) Displays
    built in 13 inch touch screen display
    Screen Resolution
    1660x1440?
    Hard Drives
    ?
    PSU
    ?
    Case
    ?
    Cooling
    ?
    Mouse
    none
    Keyboard
    none
    Internet Speed
    3 Mbps download 720 Mbps upload
    Browser
    Chrime, Edge
    Antivirus
    MalwareBytes Premium
    Other Info
    device can act as a Monitor for a PC via HDMI to Micro USB port
First obvious question - has anything changed from around the same time that this error started appearing (new device on your network, like a cell phone, new router, additional mesh satellite, etc.)?
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
funny you should ask that..... several things happened actually.
i will list them in chronological order of occurrence.

My ISP finished installing fiberoptic internet nearby (yet my house is miraculously just out of the range of that). around that time there started to be connection issues across all devices. calls to the ISP revealed an issue "somewhere" in the lines (i am still stuck with good old fashioned copper) between the ISP and my House. in the end, the ISP made some sort of repair "somewhere" between here and there. they also did something at the junction box that gives phones service to me and all my neighbhors. they also replaced the the ADSL modem. during this period, I chose to upgrade my Netgear R8000P router firmware, which turned out to be a big mistake. in the middle of reverting back to the previous version if the router firmware, the firmware became unwritable. So the router got replaced with a new Netgear RAXE500 router. I realize that the router is beyond overkill for a 10 Mbps connection. in all honesty, we could probably get by with a wireless A or B router, if they were still being made with up to date security and features. My ISP unfortunately does not seem to interested in further expanding their new fiberoptic 2Gb internet into the area i live. so there is 2gb internet from the ISP coming from two directions, and then there's me, smack dab in the middle of this gap inbetween the two zones. but except for the strange messages from TCP in windows things seem to be operating smoothly online.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    MSI GE73 RGB 9RE
    CPU
    i7 8750H@2.2Ghz
    Motherboard
    MS-17CS
    Memory
    16 Gb DDR4
    Graphics Card(s)
    Nvidia GTX 1060 6Gb
    Sound Card
    Realtek
    Monitor(s) Displays
    Built-in + Lenovo Yoga tab 13 via HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    C:\ 256Gb SSD
    D:\ 1Tb HDD + 32Gb Intel Optane
    E:\ 5Tb HDD (WD Black P10 Game Drive)
    PSU
    MSI 19.5V 9.23A
    Case
    MSI
    Cooling
    4x Opolar vacuum coolers
    Keyboard
    built-in Steel Series
    Mouse
    Steel Series Rival 710
    Internet Speed
    10 Mbps download 1 Mbps Upload
    Browser
    Edge
    Antivirus
    Microsoft Defender
    Other Info
    Microsoft 365
  • Operating System
    Android 12L
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo
    CPU
    Snapdragon 860
    Motherboard
    ?
    Memory
    ?
    Graphics card(s)
    ?
    Sound Card
    ?
    Monitor(s) Displays
    built in 13 inch touch screen display
    Screen Resolution
    1660x1440?
    Hard Drives
    ?
    PSU
    ?
    Case
    ?
    Cooling
    ?
    Mouse
    none
    Keyboard
    none
    Internet Speed
    3 Mbps download 720 Mbps upload
    Browser
    Chrime, Edge
    Antivirus
    MalwareBytes Premium
    Other Info
    device can act as a Monitor for a PC via HDMI to Micro USB port
Oh..... I also got out my 4Gb Seagate backup drive and hooked it up to the network using the routers USB port.

this little journey down memory lane has me wondering if the rapid open and closing of connections mentioned by one of the errors is the file transfers being made by the backup software i use (ReBit Pro)
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    MSI GE73 RGB 9RE
    CPU
    i7 8750H@2.2Ghz
    Motherboard
    MS-17CS
    Memory
    16 Gb DDR4
    Graphics Card(s)
    Nvidia GTX 1060 6Gb
    Sound Card
    Realtek
    Monitor(s) Displays
    Built-in + Lenovo Yoga tab 13 via HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    C:\ 256Gb SSD
    D:\ 1Tb HDD + 32Gb Intel Optane
    E:\ 5Tb HDD (WD Black P10 Game Drive)
    PSU
    MSI 19.5V 9.23A
    Case
    MSI
    Cooling
    4x Opolar vacuum coolers
    Keyboard
    built-in Steel Series
    Mouse
    Steel Series Rival 710
    Internet Speed
    10 Mbps download 1 Mbps Upload
    Browser
    Edge
    Antivirus
    Microsoft Defender
    Other Info
    Microsoft 365
  • Operating System
    Android 12L
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo
    CPU
    Snapdragon 860
    Motherboard
    ?
    Memory
    ?
    Graphics card(s)
    ?
    Sound Card
    ?
    Monitor(s) Displays
    built in 13 inch touch screen display
    Screen Resolution
    1660x1440?
    Hard Drives
    ?
    PSU
    ?
    Case
    ?
    Cooling
    ?
    Mouse
    none
    Keyboard
    none
    Internet Speed
    3 Mbps download 720 Mbps upload
    Browser
    Chrime, Edge
    Antivirus
    MalwareBytes Premium
    Other Info
    device can act as a Monitor for a PC via HDMI to Micro USB port
i was talking to somebody and about these errors and they suggested that they might be caused by either a badly mis-configured bittorrent client or me being heavily port scanned. I really don't have the bandwidth for bittorent, so i stay away from that, so that's ruled out. which leaves me being port scanned. how would i tell if i am being subjected to a heavy port scan?
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    MSI GE73 RGB 9RE
    CPU
    i7 8750H@2.2Ghz
    Motherboard
    MS-17CS
    Memory
    16 Gb DDR4
    Graphics Card(s)
    Nvidia GTX 1060 6Gb
    Sound Card
    Realtek
    Monitor(s) Displays
    Built-in + Lenovo Yoga tab 13 via HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    C:\ 256Gb SSD
    D:\ 1Tb HDD + 32Gb Intel Optane
    E:\ 5Tb HDD (WD Black P10 Game Drive)
    PSU
    MSI 19.5V 9.23A
    Case
    MSI
    Cooling
    4x Opolar vacuum coolers
    Keyboard
    built-in Steel Series
    Mouse
    Steel Series Rival 710
    Internet Speed
    10 Mbps download 1 Mbps Upload
    Browser
    Edge
    Antivirus
    Microsoft Defender
    Other Info
    Microsoft 365
  • Operating System
    Android 12L
    Computer type
    Tablet
    Manufacturer/Model
    Lenovo
    CPU
    Snapdragon 860
    Motherboard
    ?
    Memory
    ?
    Graphics card(s)
    ?
    Sound Card
    ?
    Monitor(s) Displays
    built in 13 inch touch screen display
    Screen Resolution
    1660x1440?
    Hard Drives
    ?
    PSU
    ?
    Case
    ?
    Cooling
    ?
    Mouse
    none
    Keyboard
    none
    Internet Speed
    3 Mbps download 720 Mbps upload
    Browser
    Chrime, Edge
    Antivirus
    MalwareBytes Premium
    Other Info
    device can act as a Monitor for a PC via HDMI to Micro USB port
or me being heavily port scanned.

That was my thought initially as well, but I wanted to make sure it was not something else.

Since you replaced your router with the new one, did you use the default password for setting up your Wi-Fi connections? Is it one that is printed on the router, or an older password that you have used before?

Reason I ask is that the first error almost seems like someone is piggybacking onto your account / connection somehow, and trying to rule out that is hard without closer access to your equipment, but I think you can manage this on your own with a bit of help. But the questions were necessary to rule out something else, and those 'fixes' that your ISP initiated could very well be something that is causing your entire connection (in your actual modem) to go crazy, as well, so until they can be ruled out, it's a big mystery.

The last 2 errors are particularly worrisome in that it is basically saying your connection has allocated all TCP and UDP ports - which should not happen unless there is a massive botnet hammering your connection, and that would make 0 sense, unless you work (from home) for a government agency or a really, really large corporation. It really makes no sense that this would be happening, but, at the same time, no way to rule it out either - it could just as easily be leftover remnants of a botnet trying to regain access to your connection that it previously had with the old router, for all we know.

So, let's start with the basics - we know that a lot of things changed, and the ones that you're mostly responsible for (meaning able to help diagnose easily) are the external drive (easy test - leave it disconnected for a couple of days and stop using the ReBit Pro software during that time, and see if the errors persist) and the new Router (don't tell us the password, but just verify if you used the default password for your connection or not, and additionally, verify if there is a setting to allow remote management for the NetGear enabled - and if so, disable it.

NetGear usually has a demo version of their router interface, so we can try to go through some of the settings that come with their interface and help lock it down, but I think this is a good start first and foremost.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
I just resolved a similar if not identical problem. My PC would indicate that I was connected to the internet but after about 4 hours of up time, I would not be able to browse the internet, connect to my LAN or use a network printer. One of the most common event ID to show up were these two:

TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint. event 4227

A request to allocate an ephemeral port number from the global TCP port space has failed due to all such ports being in use. event 4231

I opened task manager>details. Right clicked on "Name" at the top of the far left column. Pick "select columns". Select "handles". The process with the most handles was "system" which I expect, at around 6500. But one process, named "insservice.exe" had 48000 handles and the number was climbing! I right clicked on it to find where the file was and it was in EaseUS which I had installed a few weeks earlier to deal with a partition problem. I discontinued the process in task manager and immediately reestablished complete internet connection, browsing and all. Since I did not really need EaseUS anymore, I deleted it. 48 hours later and no recurrence of the problem.
 

My Computer

System One

  • OS
    Windows 10 64bit
    Computer type
    PC/Desktop
    CPU
    i7 6700k
    Motherboard
    EVGA z170 Classified K
    Memory
    Corsair Vengeance 64GB
    Graphics Card(s)
    EVGA RTX 3080 FTW3
    Monitor(s) Displays
    Dell S2417DG
    Screen Resolution
    2560x1440
    Hard Drives
    C: = Samsung SSD 950 PRO 512GB
    E, F, G, H: Samsung SSD 860 EVO 1TB
    PSU
    EVGA SuperNOVA 850 G3
    Case
    Silverstone Temjin TJ03
    Cooling
    Bequiet Pure Rock Slim
    Keyboard
    Corsair Strafe RGB
    Mouse
    Logitech G5

Latest Support Threads

Back
Top Bottom