Event ID 2025 is logged in the System log on a 64-bit version of Windows Server 2003 (898468)


The information in this article applies to:

  • Microsoft Windows Server 2003, Datacenter x64 Edition
  • Microsoft Windows Server 2003, Enterprise x64 Edition
  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Important This article contains information about how to modify the registry. Make sure to back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to back up, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows registry

SYMPTOMS

The following event is logged in the System log of Event Viewer on a computer that is running a 64-bit version of Microsoft Windows Server 2003: Event ID: 2025
Source: SRV
Description: "The server has detected an attempted Denial-Of-Service attack from client \\computer_name, and has disconnected the connection." Additionally, client computers are disconnected from the server.

CAUSE

This problem may occur under high-stress conditions, such as when there is heavy traffic on the network.

WORKAROUND

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

To work around this problem, use one of the following methods.

Method 1: Increase the MaxMpxCt value

Increase the MaxMpxCt value for the Server Service. MaxMpxCt is the maximum number of concurrent outstanding network requests that are allowed. By default, this value is set to 50 in Windows Server 2003. To avoid this issue, increase the MaxMpxCt value.

To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type MaxMpxCt for the name of the DWORD value, and then press ENTER.
  5. Right-click MaxMpxCt, and then click Modify.
  6. In the Value data box, type a value from the range of 50 through 65535, and then click OK.

    Note By following these steps, you increase the upper limit on the number of concurrent commands that can be outstanding between a client and a server. However, make sure that you do not set this value too high. The larger the number of outstanding connections, the more memory that will be used by the server. If you set this value too high, the server may run out of resources such as paged pool memory. Therefore, do not significantly increase this value unless you know that there will be a limited number of clients that are connected to the server at the same time.
  7. Quit Registry Editor.

Method 2: Disable denial of service attack detection

Important These steps may increase your security risk. These steps may also make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We recommend the process that this article describes to enable programs to operate as they are designed to, or to implement specific program capabilities. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this process in your particular environment. If you choose to implement this process, take any appropriate additional steps to help protect your system. We recommend that you use this process only if you really require this process. You can disable denial of service attack detection at the operating system level. By doing this, you prevent errors from being logged. To do this, follow these steps:
  1. Click Start, click Run, type regedit in the Open box, and then click OK.
  2. Locate and then click the following registry subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters

  3. On the Edit menu, point to New, and then click DWORD Value.
  4. Type DisableDos for the name of the DWORD value, and then press ENTER.
  5. Right-click DisableDos, and then click Modify.
  6. In the Value data box, type 1 to disable denial of service attack detection, and then click OK.

    Note To enable denial of service attack detection, type 0 in the Value data box.
  7. Quit Registry Editor.

Technical support for Windows x64 editions

Your hardware manufacturer provides technical support and assistance for Microsoft Windows x64 editions. Your hardware manufacturer provides support because a Windows x64 edition was included with your hardware. Your hardware manufacturer might have customized the Windows x64 edition installation with unique components. Unique components might include specific device drivers or might include optional settings to maximize the performance of the hardware. Microsoft will provide reasonable-effort assistance if you need technical help with your Windows x64 edition. However, you might have to contact your manufacturer directly. Your manufacturer is best qualified to support the software that your manufacturer installed on the hardware.

For product information about Microsoft Windows XP Professional x64 Edition, visit the following Microsoft Web site:

http://www.microsoft.com/windowsxp/64bit/default.mspx

For product information about Microsoft Windows Server 2003 x64 editions, visit the following Microsoft Web site:

http://www.microsoft.com/windowsserver2003/64bit/x64/default.mspx

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Modification Type:MajorLast Reviewed:1/31/2006
Keywords:kbtshoot kbnetwork kbwinservnetwork KB898468 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.