You are currently offline, waiting for your internet to reconnect

Event ID 2025 is logged in the System log on a Windows Server 2003-based computer

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

SYMPTOMS
The following event is logged in the System log of Event Viewer on a computer that is running Microsoft Windows Server 2003:

Event ID: 2025
Source: SRV
Description: "The server has detected an attempted Denial-Of-Service attack from client \\computer_name, and has disconnected the connection."

Additionally, client computers are disconnected from the server.
CAUSE
This problem may occur under high-stress conditions, such as when there is heavy traffic on the network.
WORKAROUND
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows


To work around this problem, use one of the following methods.

Method 1: Increase the MaxMpxCt value

Increase the MaxMpxCt value for the Server Service. MaxMpxCt is the maximum number of concurrent outstanding network requests that are allowed. By default, this value is set to 50 in Windows Server 2003. To avoid this issue, increase the MaxMpxCt value.

To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type MaxMpxCt for the name of the DWORD value, and then press ENTER.
  5. Right-click MaxMpxCt, and then click Modify.
  6. In the Value data box, type a value from the range of 50 through 65535, and then click OK.

    Note By following these steps, you increase the upper limit on the number of concurrent commands that can be outstanding between a client and a server. However, make sure that you do not set this value too high. The larger the number of outstanding connections, the more memory that will be used by the server. If you set this value too high, the server may run out of resources such as paged pool memory. Therefore, do not significantly increase this value unless you know that there will be a limited number of clients that are connected to the server at the same time.
  7. Quit Registry Editor.

Method 2: Disable denial of service attack detection

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process.You can disable denial of service attack detection at the operating system level. By doing this, you prevent errors from being logged. To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters
  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableDos for the name of the DWORD value, and then press ENTER.
  5. Right-click DisableDos, and then click Modify.
  6. In the Value data box, type 1 to disable denial of service attack detection, and then click OK.

    Note To enable denial of service attack detection, type 0 in the Value data box.
  7. Quit Registry Editor.

Technical support for x64-based versions of Microsoft Windows

If your hardware came with a Microsoft Windows x64 edition already installed, your hardware manufacturer provides technical support and assistance for the Windows x64 edition. In this case, your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation by using unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with a Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware. If you purchased a Windows x64 edition such as a Microsoft Windows Server 2003 x64 edition separately, contact Microsoft for technical support.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site: For product information about x64-based versions of Microsoft Windows Server 2003, visit the following Microsoft Web site:
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Winx64 Windowsx64 64bit 64-bit
Properties

Article ID: 898468 - Last Review: 12/10/2010 09:06:00 - Revision: 7.0

Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Standard x64 Edition, Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems, Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems, Microsoft Windows Server 2003, Standard Edition (32-bit x86), Windows Server 2008 Enterprise, Windows Server 2008 R2 Enterprise, Windows Server 2008 Standard, Windows Server 2008 R2 Standard

  • kbtshoot kbnetwork kbwinservnetwork KB898468
Feedback