Hi,
Our local Splunk server has been working fine for months, but suddenly it started momentarily 'disappearing' off the network.
When we checked the Event log we found the following:
Log Name: System
Source: Tcpip
Date: 18/03/2015 04:34:50
Event ID: 4227
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: XXXXXXX.XXX-XX.XXX
Description:
TCP/IP failed to establish an outgoing connection because the selected local endpoint was recently used to connect to the same remote endpoint. This error typically occurs when outgoing connections are opened and closed at a high rate, causing all available local ports to be used and forcing TCP/IP to reuse a local port for an outgoing connection. To minimize the risk of data corruption, the TCP/IP standard requires a minimum time period to elapse between successive connections from a given local endpoint to a given remote endpoint.
Event Xml:
<Provider Name="Tcpip" />
<EventID Qualifiers="32768">4227</EventID>
<Level>3</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-03-18T04:34:50.945Z" />
<EventRecordID>259309</EventRecordID>
<Channel>System</Channel>
<Computer>XXXXXXX.XXX-XX.XXX</Computer>
<Security />
<Data>
</Data>
<Binary>00000000010000000000000083100080000000000000000000000000000000000000000000000000</Binary>
Restarting the server has fixed it, but does anyone know why this might have happened and, more importantly, what could be done to prevent it from happening again?
Regards
Mark
ICT
Royal Society of Chemistry
Cambridge, UK
... View more