Your Application event log contains:
Event ID: 2025
Source: SRV
Description: The server has detected an attempted Denial-Of-Service attack from client \\computer_name, and has disconnected the connection.
As indicated, clients are disconnected from the server.
This behavior will occur when the server is under high-stress, such as during very heavy network traffic.
I have scripted MaxMpxCt.bat to increase the number of concurrent commands that can be outstanding between a client and a server.
The syntax for using MaxMpxCt.bat is:
MaxMpxCt Number
Where Number is the number of concurrent outstanding network requests that are allowed, in the range of 50 - 65535.
DO NOT set the Number too high as each additional concurrent command consumes resources, such as paged pool memory.
The default value is 50.
NOTE - If you set Number to 0, instead of altering the number of concurrent outstanding network requests,
MaxMpxCt.bat will disable Denial-Of-Service detection, BUT I WOULDN'T DO THIS ON MY NETWORK.
MaxMpxCt.bat contains:
@echo off if \{%1\}==\{\} @echo Syntax: MaxMpxCt Number&goto :EOF setlocal set key=HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters if "%1" EQU "0" goto NDOS set IN=%1 set /a Number=100000%IN%%%100000 if "%IN%" NEQ "%Number%" @echo Syntax: MaxMpxCt Number&endlocal&goto :EOF @echo REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number% REG ADD %key% /V MaxMpxCt /T REG_DWORD /F /D %Number% endlocal goto :EOF :NDOS @echo REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1 REG ADD %key% /V DisableDos /T REG_DWORD /F /D 1 endlocal