I have a Windows 8.1 desktop machine (spec below) that has been running fine for over a year.
Over the last couple of months, roughly once a week, my network connections stop working. If I reboot Windows, it all starts working again until next time. Network is physical with static IP. Wireless on same machine also fails when this occurs. Other devices on wireless or physical cable continue to work.
What I see when this happens is:
- The DropBox system tray icon shows there is no connection (i.e no sync or green tick icons)
- No web page will load from any browser. I don't get an error, browser just does nothing, but shows URL in address field
- RDP/SSH to other machines fails. I have a permanent RDP connection open to another local machine that continues to work when the rest of the networking stops. If I close it, it won't reconnect.
I checked the Event Logs, and have found nothing that points to the problem. I have also tried Google and found nothing.
Can't remember what happens if I try to PING an IP locally or remotely. I think it works, but as I am not in front of that machine right now I cannot say for sure. I will update later.
Although the reboots don't take too long, it is becoming annoying to keep having to do this. So I'd like to find a solution...
Machine Specification
- Windows 8.1 Pro
- Intel Core i7-4770K 3.5GHz
- Asus Z87 Deluxe Quad Motherboard
- 16GB RAM (4 x 4GB Crucial Memory)
- Samsung 840 128GB SSD Hard Disk
Answer
This sounds like ephemeral port exhaustion.
When you start a new TCP connection to another network address, it needs to have a source port number. When lots of connections are established, Windows runs out of source ports, and cannot create new connections. Existing, established connections still work OK. Ping still works, because it uses ICMP, not TCP - and DNS lookups should still work because they largely use UDP instead of TCP.
To find out what's causing all these connections, you need to open an elevated command prompt. Run netstat -anb, and look for processes with a large number of connections in the ESTABLISHED or TIME_WAIT state. You can get a count of these by running netstat -an | find /C "TIME_WAIT".
If the process with the most such connections is SYSTEM (with PID 4), this means that the connections were started by a process which is no longer running, so keep an eye out for processes starting and closing very quickly.
Hopefully, you can identify which process is/was responsible for the port exhaustion and either fix it (maybe a patch available for the software?) or remove it.
You can tweak Windows a bit, too - by changing the number of ephemeral ports it has available to it. By default, it can use ports 49,152 to 65,535 - giving a total of 16,384. You can verify this setting with the command netsh int ipv4 show dynamicport tcp.
If you want to adjust this, you can change the setting with a command like netsh int ipv4 set dynamicport tcp start=32767 num=32768, which tells Windows it can use 32,768 ports, starting from port number 32,767 (taking it up to the highest port possible; 65,535). Changing the port range from the default isn't a permanent fix. It's better to find out what is causing the problem in the first place, and address that. It might be some kind of malware, eg a botnet infection which is causing your computer to send thousands of spam emails per minute, or might be being used as part of a DDoS attack. Or it could just be a bug in some legitimate software.
No comments:
Post a Comment