Windows 10 ephemeral port exhaustion but netstat says otherwise?

3

0

Recently I discovered that, after a while of using my computer, websites and certain tools stop connecting to the internet, while continuous TCP connections remain functional. The error message Chrome gives is just "error connection failed".

I ONCE saw the event 4227 in Windows Event Viewer, which is why I started searching for information about it, and discovered the following command:

netsh int ipv4 set dynamicport tcp start=10000 num=20000

After executing this command, everything works again, but running the computer for much longer causes the phenomenon again and I have to increase num to 30000. I'm assuming this would keep going on, but I usually just reboot.

Many sources on the internet are using netstat to show which processes are potentially consuming all the ephemeral ports, and in their cases it shows a very long list, however, in my case, netstat never shows more than like 20-30 entries, yet performing

netsh int ipv4 show dynamicport tcp

after a restart, results in:

Protocol tcp Dynamic Port Range

Start Port : 10000

Number of Ports : 21025

A large number of ports, that eventually all get consumed, while netstat's amount of entries never really changes.

This computer is not yet very old either (a month or so) with a Dell OEM Windows 10 (admittedly a lot of bloatware is factory installed). I'm not sure where to go from here.

I've also tried TCPView but that also doesn't show an unhealthy amount of connections. I've disabled a couple of services and programs on startup already, thinking one of them is buggy and causing this, but not really helping.

Besides the bloatware, I have installed the same programs as my previous computer, who never had this issue.

Thanks in advance for the help!

UPDATE 1:

Perhaps it's worth mentioning that I have a network drive mounted to Z: on startup, which is hosted by a Linux SMB.

UPDATE 2: In light of question: Windows 10 loss of TCP connectivity

I am monitoring TCPView and noticing this: Chrome regularly opening new ports and closing them, but number increases

Chrome keeps making new connections, but the port number keeps increasing. Additionally, Tobii eye tracking software is doing the same with one port.

And just to note that it is NOT a duplicate, the effect is the same as described in the above question, but the cause is different, and I need help finding out what the cause is. However, I will definitely perform the suggested actions already and keep this updated.

UPDATE 3: I've executed a couple of actions which I thought could affect it:

  1. Uninstalled VMWare Player (because it created an adapter and added something to my Wi-Fi adapter)
  2. Disabled IPv6 on the Wi-Fi adapter Secondary TCPView image: Second image I don't know how this is supposed to behave, is it normal that the port number keeps increasing globally? I would assume it re-uses released ports instead of grabbing the next one all the time.

UPDATE 4:

Even though this question was warked as duplicate, it is NOT. I have since found a solution, and it is not described in the "duplicate" question, nor would it have solved that question.

Limnic

Posted 2018-08-11T06:45:29.040

Reputation: 181

It's in fact the same issue as this: https://superuser.com/questions/1150744/windows-10-loss-of-tcp-connectivity, I will closely monitor TCPView to see if there is an application that rapidly uses connections.

– Limnic – 2018-08-11T06:51:46.017

1OK, the question has been reopened.  Now it’s your turn to post the answer that you found. – Scott – 2018-08-15T19:34:20.113

I experience the same problem for a few days now. I've also noticed that in this state, CPU usage seems to "globally increase", as in, all processes seem to use more CPU than they normally do (around 2-3x). First attempts of profiling didn't show anything special though. Also, switching from one network to another will give me Internet for a few seconds, then it gets stuck again. Did you see this as well? I'm scratching my head about the cause of all of this, since like you I didn't find any issues in netstat or TCPView... – CherryDT – 2019-07-08T17:37:20.633

Since your post was in August - did you find a permanent solution since then? – CherryDT – 2019-07-08T17:37:36.500

@CherryDT I used Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending in a PowerShell terminal in order to find which application was creating so many connections (and thus using all the ports) and I found that it's TobiiService. Once identified, restarting this service will release all ports. While not a fix, it's a workaround. – Limnic – 2019-07-08T21:48:03.023

Thanks, I'll test this the next time it happens. I wonder though why I was unable to see any used ports (or ports in TIME_WAIT state) using netstat, TcpView or Process Hacker... (well, not "not any" but just 50 or so) – CherryDT – 2019-07-09T22:03:30.907

Huh. It seems it's all WSL node processes (mostly coming from using VSCode's WSL remote) which have ports on status Bound. That's very weird. – CherryDT – 2019-07-09T22:17:54.977

Hm: https://github.com/microsoft/WSL/issues/3951

– CherryDT – 2019-07-09T22:28:35.773

Answers

1

Having monitored TCPView for a while, I never found any application doing anything particularly strange that could warrant the exhaustion. After more searching I put together a workaround that is working so far (since the time of the question), there is no more exhaustion occurring.

I modified some registry values:

Apply workaround:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"MaxUserPort"=dword:0000fffe
"TcpTimedWaitDelay"=dword:0000001e
"TcpNumConnections"=dword:00fffffe
"TcpMaxDataRetransmissions"=dword:00000005

Revert workaround:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"MaxUserPort"=dword:00007930
"TcpTimedWaitDelay"=-
"TcpNumConnections"=-
"TcpMaxDataRetransmissions"=-

Basically, the workaround allows for more ports to be used and for the used ones to be cleaned up faster. I have not yet found the root cause, but it even happens in safe mode so I have no idea what's up. I might just leave it be, as long as the workaround works and I no longer lose connections!

UPDATE: Running this Get-NetTCPConnection | Group-Object -Property State, OwningProcess | Select -Property Count, Name, @{Name="ProcessName";Expression={(Get-Process -PID ($_.Name.Split(',')[-1].Trim(' '))).Name}}, Group | Sort Count -Descending as administrator in CMD or PowerShell revealed the Tobii service to be the problem.

As you can see here:

Count Name               ProcessName
----- ----               -----------    
30818 Bound, 4940        Tobii.Service

This is a service running in the background for Tobii eye tracker. Simply restarting this resolves the issue in the proper way (without modifying any limits like first mentioned above). Even though this is still not a FIX, this is out of my hands because that's up to the developers of that service.

Limnic

Posted 2018-08-11T06:45:29.040

Reputation: 181

Technically, why couldn't this be an answer to the other question? – Kamil Maciorowski – 2018-08-16T05:08:43.090

@KamilMaciorowski Because there the user DID have an application acting up, and that application would just fill it all up again. For me, it doesn't seem like it's an application acting up (considering it happens in safe mode). – Limnic – 2018-08-16T08:10:32.400

Asked: 2018-08-11T06:45:29.040

Viewed: 1 487 times

Active: 2019-08-23T08:49:56.660