Windows XP sp2 (And Vista) – Connection Limits

There is a lot of misinformation and confusion about how the 10-connection limit applies to XP sp2.  I can discuss the technical limitations, although not any EULA implications, nor hacks around this restriction.  The same restrictions apply to Vista’s TCP stack as well.

From a technical point of view, there are NO new restrictions on simultaneous users, or even TCP sessions. Rather, it’s the number of half-complete outbound TCP sessions which are allowed simultaneously. Windows XP sp2 will throttle you if you attempt to have more then 10 half-open sessions at once.

So what is a half-open session?  This is where a connection has been attempted, but not yet actively accepted or refused by the server.  This most commonly occurs when you connect to a server which isn’t online, or when the recipient is running a firewall configured to DROP or “stealth” ports, rather then simply refusing the connection.

So in terms of MDaemon running on a Windows XP sp2 or Vista machine as a service, inbound connections (other PCs accessing SMTP/POP3/IMAP sessions, or WorldClient/WebAdmin) aren’t counted or throttled at all, only outbound connections by MDaemon (SMTP-out, MultiPOP, DomainPOP, Dequeue, LDAP) will be affected, and then only if at least 10 sessions are in the process of connecting but not completing connections fast enough.

UDP traffic is not delayed at all, so neither DNS look ups nor minger are affected.

In a practical implementation, if you intend to use MDaemon on Windows XP, turn the number of SMTP threads down to 8 or below (lower if there are users or other applications/servers on the same machine) and you won’t be affected in most circumstances.

When it does occur, a new event, with ID 4226, appears in the system’s event log. Once throttling has started, outbound connections may still succeed, but you’ll see delays or potentially even connection timeouts.

For more details on how the implementation works, why it is effective against malware and other technical details, please see Microsoft’s write-up.

CC BY-NC-ND 4.0 Windows XP sp2 (And Vista) – Connection Limits by Dave Warren (everything-mdaemon.com) is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

2 Replies to “Windows XP sp2 (And Vista) – Connection Limits”

  1. I noticed that when I run the tcpip outbound ports test at http://www.icannotconnect.com/ the bottom 4 tcp ports are reported to be blocked, I wonder if this has something to do with windows connection limits. I’m thinking that it might be only allowing a limited number of outbound connections in a given time frame.

  2. To be honest I doubt it’s related. XP has fairly large numbers of simultaneous connections (well into the “thousands” range), XP’s only limit is the number of sessions that can be partially connected at once.

    If you can’t hit a couple specific ports then it’s likely that your ISP (or local network) block those ports.

Leave a Reply

Your email address will not be published. Required fields are marked *

*