Microsoft KB Archive/898468

= Event ID 2025 is logged in the System log on a Windows Server 2003-based computer =

Article ID: 898468

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry



SYMPTOMS
The following event is logged in the System log of Event Viewer on a computer that is running Microsoft Windows Server 2003: Event ID: 2025

Source: SRV

Description: &quot;The server has detected an attempted Denial-Of-Service attack from client \\, and has disconnected the connection.&quot;

Additionally, client computers are disconnected from the server.



CAUSE
This problem may occur under high-stress conditions, such as when there is heavy traffic on the network.



WORKAROUND
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this problem, use one of the following methods.

Method 1: Increase the MaxMpxCt value
Increase the MaxMpxCt value for the Server Service. MaxMpxCt is the maximum number of concurrent outstanding network requests that are allowed. By default, this value is set to 50 in Windows Server 2003. To avoid this issue, increase the MaxMpxCt value.

To do this, follow these steps:  Click Start, click Run, type regedit in the Open box, and then click OK. Locate and then click the following registry subkey:

 

 On the Edit menu, point to New, and then click DWORD Value. Type MaxMpxCt for the name of the DWORD value, and then press ENTER. Right-click MaxMpxCt, and then click Modify. In the Value data box, type a value from the range of 50 through 65535, and then click OK.

Note By following these steps, you increase the upper limit on the number of concurrent commands that can be outstanding between a client and a server. However, make sure that you do not set this value too high. The larger the number of outstanding connections, the more memory that will be used by the server. If you set this value too high, the server may run out of resources such as paged pool memory. Therefore, do not significantly increase this value unless you know that there will be a limited number of clients that are connected to the server at the same time.</li> Quit Registry Editor.</li></ol>

Method 2: Disable denial of service attack detection
Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process. You can disable denial of service attack detection at the operating system level. By doing this, you prevent errors from being logged. To do this, follow these steps: <ol> Click Start, click Run, type regedit in the Open box, and then click OK.</li> Locate and then click the following registry subkey:

 

</li> On the Edit menu, point to New, and then click DWORD Value.</li> Type DisableDos for the name of the DWORD value, and then press ENTER.</li> Right-click DisableDos, and then click Modify.</li> In the Value data box, type 1 to disable denial of service attack detection, and then click OK.

Note To enable denial of service attack detection, type 0 in the Value data box.</li> Quit Registry Editor.</li></ol>

<div class="moreinformation_section">

Technical support for x64-based versions of Microsoft Windows
If your hardware came with a Microsoft Windows x64 edition already installed, your hardware manufacturer provides technical support and assistance for the Windows x64 edition. In this case, your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation by using unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with a Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware. If you purchased a Windows x64 edition such as a Microsoft Windows Server 2003 x64 edition separately, contact Microsoft for technical support.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx

For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/default.mspx

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

Additional query words: Winx64 Windowsx64 64bit 64-bit

Keywords: kbtshoot kbnetwork kbwinservnetwork KB898468

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.