Select the product you need help with

Event ID 2025 is logged in the System log on a Windows Server 2003-based computer

Article ID: 898468 - View products that this article applies to.

SYMPTOMS

The following event is logged in the System log of Event Viewer on a computer that is running Microsoft Windows Server 2003:

Event ID: 2025
Source: SRV
Description: "The server has detected an attempted Denial-Of-Service attack from client \\computer_name, and has disconnected the connection."

Additionally, client computers are disconnected from the server.

Back to the top | Give Feedback

CAUSE

This problem may occur under high-stress conditions, such as when there is heavy traffic on the network.

Back to the top | Give Feedback

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:

322756

(http://support.microsoft.com/kb/322756/ )

How to back up and restore the registry in Windows

To work around this problem, use one of the following methods.

Method 1: Increase the MaxMpxCt value

Increase the MaxMpxCt value for the Server Service. MaxMpxCt is the maximum number of concurrent outstanding network requests that are allowed. By default, this value is set to 50 in Windows Server 2003. To avoid this issue, increase the MaxMpxCt value.

To do this, follow these steps:

Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
On the Edit menu, point to New, and then click DWORD Value.
Type MaxMpxCt for the name of the DWORD value, and then press ENTER.
Right-click MaxMpxCt, and then click Modify.
In the Value data box, type a value from the range of 50 through 65535, and then click OK.

Note By following these steps, you increase the upper limit on the number of concurrent commands that can be outstanding between a client and a server. However, make sure that you do not set this value too high. The larger the number of outstanding connections, the more memory that will be used by the server. If you set this value too high, the server may run out of resources such as paged pool memory. Therefore, do not significantly increase this value unless you know that there will be a limited number of clients that are connected to the server at the same time.
Quit Registry Editor.

Method 2: Disable denial of service attack detection

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process. You can disable denial of service attack detection at the operating system level. By doing this, you prevent errors from being logged. To do this, follow these steps:

Click Start, click Run, type regedit in the Open box, and then click OK.
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
On the Edit menu, point to New, and then click DWORD Value.
Type DisableDos for the name of the DWORD value, and then press ENTER.
Right-click DisableDos, and then click Modify.
In the Value data box, type 1 to disable denial of service attack detection, and then click OK.

Note To enable denial of service attack detection, type 0 in the Value data box.
Quit Registry Editor.

Back to the top | Give Feedback

Technical support for x64-based versions of Microsoft Windows

If your hardware came with a Microsoft Windows x64 edition already installed, your hardware manufacturer provides technical support and assistance for the Windows x64 edition. In this case, your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation by using unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with a Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware. If you purchased a Windows x64 edition such as a Microsoft Windows Server 2003 x64 edition separately, contact Microsoft for technical support.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx

(http://www.microsoft.com/windowsxp/64bit/default.mspx)

For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx

(http://www.microsoft.com/windowsserver2003/64bit/x64/editions.mspx)

Back to the top | Give Feedback