Windows Server tcp port starvation problem


Hello everyone,
In this post I want to talk about a problem that can occur if you run out of free ports to open up connections on a server. This can happen in many situations, for example if you are using a web server that hosts multiple sites or a cluster of servers that uses different services to connect to the internet, or a page that is very accessed etc.
The thing is that every service or application that runs on a server, at layer 4 in the tcp/ip stack uses a so called port number. A port is used on a device to specify a specific service or applicaiton that runs on that particular device. There are many known well ports like 80 for http, 53 for dns, 110 for pop3 etc., that are reserved for applications that run on that particular port ony. The well known ports are from 0 to 1023. The ports from 1024 to 49151 are so called registered ports and are used by companies that released software that needs to connect to the internet in order to work. An example of such software is yahoo messenger or skype. The ports from 49152 through 65535 are dynamic or private ports (also called ephemeral ports read more about them on: http://www.ncftp.com/ncftpd/doc/misc/ephemeral_ports.html ) that are used by the local server/machine to connect to the internet or to establish connections locally by different services or applications. You can find out more about ports on sites like wikipedia :
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://en.wikipedia.org/wiki/Ephemeral_port
The thing is that when for example you have too many tcp connections, you can find yourself in the situation where there are no free ports available. One way to see that is by looking in the event viewer on the server for the event with the id of 4227:

Windows Event Viewer

If you open that particular event you can see a short description of the problem:

Microsoft Windows Event Viewer
A good site that describes different events is http://www.eventid.net/ . On this site you can find common reasons for many problems and also in many cases what can you do to get rid of that issue.
The thing is that in many cases there are one or few events in the event viewer with the 4227 id that signals you this problem so it’s hard to identify the cause.
The resolution to this problem is to increase the tcp port pool and in many cases to decrease the TcpTimedWaitDelay. TcpTimedWaitDelay is used by machines to specify the time that must pass in order to return a specified port to the dynamic tcp port pool. More about this parameter on http://technet.microsoft.com/en-us/library/cc938217.aspx.
Enter registry editor (regedit.exe) and follow the path : HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
The default value of the TcpTimedWaitDelay is 240 seconds. Make that value smaller (it is good 60 or even 30 seconds):

 

TcpTimedWaitDelay registry
OK, after you finish this try chaging the dynamic port rage pool in the command prompt. To do this first open up a cmd.exe and type the following:
Netsh command
You can see in the bottom of the image there is an example of using this command.
Now try to restart the server in order to apply the new port pool and see if the problem has been resolved. You can find more about port starvation in the links below:
If you want to see the active tcp ports you can type the following in a cmd.exe:
netstat command
This will export active ports in numerical order (-n) with the coresponding application (-b), in a .txt file. You can find out more about netstat command by typing netstat ? in cmd:
netstat command prompt
If you have followed the steps indicated above, your problem regarding the tcp port starvation should be resolved. I hope you enjoyed this post, don’t hesitate to leave a comment, have a nice day.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s