All Products
Search

This Product

    :What do I do if a Windows instance cannot access external networks when a large number of connections stay in the TIME_WAIT state?

    Document Center

    :What do I do if a Windows instance cannot access external networks when a large number of connections stay in the TIME_WAIT state?

    Last Updated:Mar 15, 2023

    This topic describes the following issue, the cause of the issue, and the solution to the issue: A Windows Elastic Compute Service (ECS) instance cannot access external networks when a large number of connections stay in the TIME_WAIT state on the instance.

    Problem description

    An external network can be pinged from a Windows instance, but the external network cannot be accessed by using a browser from the instance, excessive time is required to load external webpages, or a network connectivity exception occurs in applications that are hosted on the instance. After you run the netstat -an |find "TIME_WAIT" /c command in Command Prompt on the instance, the command output indicates that a large number of TCP connections are in the TIME_WAIT state. The following figure shows a sample command output.View connections that are in the TIME_WAIT state

    Cause

    In Windows Server 2008 and later, 16,384 dynamic ports (from port 49152 to port 65535) are provided by default. By default, a TCP connection stays in the TIME_WAIT state for 4 minutes before the connection is closed. If a large number of TCP connections are active on an instance, many connections may simultaneously stay in the TIME_WAIT state and continue to consume a large number of ports after these connections end. As a result, new connections or applications have no ports to consume and exceptions occur.

    Solution

    Note

    This section describes how to resolve the issue. In the example, an instance that runs Windows Server 2012 R2 is used. The operations that you must perform may vary based on the operating system of your instance.

    1. Connect to the Windows instance by using Virtual Network Computing (VNC).

      For more information, see Connect to a Windows instance by using a password.

    2. Start Command Prompt.

      1. In the lower-left corner of the desktop, click the Start icon icon and then click the Search iconicon.

      2. In the search box, enter cmd. Click Command Prompt

      3. Click Command Prompt.

        Open the Command Prompt window. Open the Command Prompt window

    3. Run the following command to view the configurations of dynamic ports: 

      netsh int ipv4 show dynamicport tcp

      The following figure shows a sample command output, which indicates that 16,384 dynamic ports (from port 49152 to port 65535) are provided.

      20230209142221

    4. Run the following command to extend the dynamic port range: 

      netsh int ipv4 set dynamicport tcp start=1025 num=60000
      Note

      The start parameter specifies the start port of the dynamic port range. The num parameter specifies the number of dynamic ports. You can configure the parameters based on your needs.

      The following figure shows a sample command output, which indicates that the number of dynamic ports is increased to 60,000 and the new dynamic port range starts at port 1025 and ends at port 61024.

      20230209142347

    5. Access the external network again or connect applications to the external network.

      • If the external network can be accessed or connected, the issue is resolved.

      • If the external network cannot be accessed or connected, change the value of the TcpTimedWaitDelay registry key to reduce the length of time that a TCP connection stays in the TIME_WAIT state before the connection is closed.

    6. If the issue is not completely resolved after the dynamic port range is extended, you can reduce the value of the TcpTimedWaitDelay registry key to 30 seconds. The minimum value of the TcpTimedWaitDelay registry key is 30 seconds.

      Important

      To prevent operating system issues or data loss caused by accidental operations on the registry, create snapshots for the system disk and data disks of the instance before you modify the registry. After the registry is modified, you must restart the instance for the modifications to take effect.

      1. Start Registry Editor.

        1. In the lower-left corner of the desktop, click the Start icon icon and then click the Search iconicon.

        2. In the search box, enter regedit. Start Registry Editor

        3. Click regedit.

          Open the Registry Editor window. Registry Editor for Windows Server 2012

      2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters path and set the TcpTimedWaitDelay registry key to the decimal value 30.

        If the TcpTimedWaitDelay key does not exist, perform the following operations to create the key and change its value:

        1. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters path in the Registry Editor window, right-click a blank area in the right-side pane and choose New > DWORD (32-bit) Value. Create the TcpTimedWaitDelay key

        2. Enter TcpTimedWaitDelay and press the Enter key.

        3. Right-click TcpTimedWaitDelay and select Modify. Modify the TcpTimedWaitDelay key

        4. In the dialog box that appears, select Decimal and change the value in the Value data field to 30.Change the value to 30

        5. Click OK.

    References