We’re monitoring our servers and other network based devices, via WhatsUp, a monitoring program developed by Ipswitch.

Unfortunately I receive numerous alerts, while servers are running normally. After viewing the eventlog I noticed some events of DCOM:

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Description:
DCOM was unable to communicate with the computer 10.100.130.40 using any of the configured protocols.

After searching with google I came across a technet article of Microsoft (KB 910695). Scrolling to the lower page, it states “Verify TCP port usage”.

So going to KB 301512 I read about the maximum number of TCP Connections. Running “netstat -n” on my monitoring server, revealed to me that indeed the maximum number of TCP connections where used.

On to KB 196271. Here is explained that there is a maximum and a way of changing the maximum number of TCP connections. So now we have a solution…

You can edit the folliwing in the registry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

Create a new DWORD entry : MaxUserPort
Fill it with a new value : default = 5000 (decimal)
Description of MaxUserPort: This parameter controls the maximum port number that is used when a program requests any available user port from the system. Typically , ephemeral (short-lived) ports are allocated between the values of 1024 and 5000 inclusive.

After rebooting the server, I checked with ‘netstat -n’ and indeed, the maximum number of TCP connections went up. Hopefully this will get rid of some of the false alerts.

Besides the maximum numbers of TCP connections, Windows also uses a default time out for TCP connections. This is 4 minutes (240 seconds). If you want to decrease or increase this time out, you can change TcpTimedWaitDelay (Registry TcpTimedWaitDelay).