7

I'm currently investigating an issue in which we suspect port exhaustion from too many outgoing connections is a factor. I'd like be able to identify when the server is at or near to port exhaustion, and it seems that there should be some wmi counter which will indicate this, although I don't know which

Thanks in advance.

Foo42
  • 213
  • 2
  • 5

1 Answers1

6

To get the currently active connections count you could Powershell it:

$a=gwmi -class Win32_PerfFormattedData_Tcpip_TCPv4 |select ConnectionsEstablished

$a.ConnectionsEstablished

Note that there is also a ConnectionsActive in the same class which displays cumulative rather than current connection count. Here is a class reference.

As detailed in this MSDN blog post there are two system tweaks you can use to increase the system tolerance when client port exhaustion is a threat:

[Begin quote]

Increase the upper range of ephemeral ports that are dynamically allocated to client TCP/IP socket connections.

  1. Start Registry Editor.

  2. Browse to, and then click the following key in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

  3. On the Edit menu, click New, DWORD Value, and then add the following registry value to increase the number of ephemeral ports that can by dynamically allocated to clients:

Value name MaxUserPort

Value data <Enter a decimal value between 5000 and 65534 here>

You must restart your computer for this change to take effect. Increasing the range of ephemeral ports used for client TCP/IP connections consumes Windows kernel memory. Do not increase the upper limit for this setting to a value higher than is required to accommodate client application socket connections so as to minimize unnecessary consumption of Windows kernel memory.

Reduce the client TCP/IP socket connection timeout value from the default value of 240 seconds

  1. Browse to, and then click the following key in the registry:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

  2. On the Edit menu, click New, DWORD Value, and then add the following registry value to reduce the length of time that a connection stays in the TIME_WAIT state when the connection is being closed. While a connection is in the TIME_WAIT state, the socket pair cannot be reused:

Value name TcpTimedWaitDelay

Value data <Enter a decimal value between 30 and 240 here>

You must restart your computer for this change to take effect. The valid range of this value is 30 through 300 (decimal). The default value is 240.

[End quote]

ErikE
  • 4,676
  • 1
  • 19
  • 25
  • Unfortunately Win32_PerfFormattedData_Tcpip_TCPv4 shows *cumulative* state transitions, not current socket status. See https://github.com/bosun-monitor/bosun/blob/6c2eb6de89bf446687dd7651ad40246fe2441672/cmd/scollector/collectors/network_windows.go#L354-L364 for reference. – Mauricio Scheffer Mar 15 '16 at 12:03