Enterprise Console: improving scalability and performance on large networks by setting up ephemeral ports

  • N.º del artículo: 14243
  • Actualizado: 04 abr 2014

When managing large numbers of workstations (endpoints) from a single management server, you may need to increase the number of ephemeral ports that Windows can assign. This will improve scalability and performance on large networks (those with thousands of computers).

Symptoms suggesting that more ephemeral ports are needed include:

  • an error message in the Application event log (see below)
  • delays in managing workstations from the console
  • the management server is unable to perform other common tasks which need an outbound connection, e.g.connecting to a network resource.

By default, Windows limits the number of ephemeral ports that can be used by a computer. To indicate when this limit is likely to be reached, a message is written to the Application event log by the Sophos Message Router:

Sophos Enterprise Console has detected that the number of ephemeral ports being used on this computer is approaching the maximum permitted. You may need to make changes to the computer's TCP/IP configuration to prevent network problems.

There are xxx ephemeral ports in use. The maximum number of ephemeral ports available on this machine is yyy.

See Sophos KnowledgeBase Article 4243 at http://www.sophos.com/en-us/support/knowledgebase.aspx

This message is logged when the number of ports used reaches 85% of the total number permitted by the system. This happens regardless of whether those ports are taken up by the Sophos Message Router, or by something else.

Ephemeral ports are temporary ports assigned by a computer's IP stack. Their number is controlled by the value MaxUserPort. This value limits the number of outgoing connections from one computer to a specific service on a remote computer.

What to do

These changes involve the use of the Windows registry editor. Please read the warning about editing the registry.

1. Configuring the maximum number of ports

Using the Windows registry editor, navigate to:

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

Add the following registry value

  • Name
    MaxUserPort
  • Type
    DWORD
  • Recommended value
    30000 (decimal)

Three factors should be taken into account when calculating this value:

  • a basic figure of 1024
  • the number of managed endpoints
  • the number of ports used by other applications.

Thus, for 10000 endpoints, a suitable value would be 13000 (1024 + 10000 + c. 2000).

If a value for MaxUserPort is already present, take this into account when setting the new value. The default is 5000 and the maximum value is 65535. Any value in this range is valid. However using a very high value may not allow for inbound connections.

2. Editing the TIME-WAIT value

On Windows 2000 servers, and on Windows 2003 servers not running Service Pack 1 (SP1) or higher, you can also improve scalability and performance by reducing the length of time that a connection stays in the TIME-WAIT state.

Using the Windows registry editor, navigate to:

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\

Add the following registry value

  • Name
    TcpTimedWaitDelay
  • Type
    DWORD
  • Recommended value
    200 (decimal)

If the TcpTimedWaitDelay value already exists, take this into account when setting the new value. The default is 240; a value in the range 50 to 250 is acceptable.

3. Restarting the computer

The computer will need to be restarted for the above new values to be used by Windows.

For more information on the use of these values, search for 'MaxUserPort' and 'TcpTimedWaitDelay' on the Microsoft website.

 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios