Event ID 2027 — Shared Folders (SMB) Server Service Availability
Applies To: Windows Server 2008 R2
.jpg)
The Server Message Block (SMB) protocol is what Windows uses to share files, printers, serial ports, and communicate this information between computers. The service must be running for the server to identify and share resources.
Event Details
| Product: | Windows Operating System |
| ID: | 2027 |
| Source: | Server |
| Version: | 6.1 |
| Symbolic Name: | EVENT_SRV_OUT_OF_WORK_ITEM_DOS |
| Message: | The server has detected a potential Denial-of-Service attack caused by consuming all the work-items. Some connections were disconnected to protect against this. If this is not the case, please raise the MaxWorkItems for the server or disable DoS detection. This event will not be logged again for 24 hours. |
Resolve
Raise the MaxWorkItems for the server or disable DoS detection
Denial of service (DoS) attacks are network attacks that are aimed at making a computer or a particular service on a computer unavailable to network users. Before using this procedure, please verify that the server is not experiencing a DoS attack. For more information to help you understand network security and DoS attacks, see the Microsoft Security Central website at https://www.microsoft.com/security. If the server is not under a DoS attack, you can use the procedure below to allow the server to keep up with the demand for network work items.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
Caution: Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
To increase MaxWorkItems for the server:
- Click Start, click Run, type regedit, and then click OK.
- Locate and then click to select the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters
- On the Edit menu, point to New, and then click DWORD Value.
- Type MaxWorkItems, and then press Enter.
- Right-click MaxWorkItems, and then click Modify.
- In the Value data box, type the desired value, and then click OK.
Note: The MaxWorkItems value specifies the maximum number of work items that the server is permitted to allocate at one time. If this limit is reached, then the transport must initiate flow control, which can significantly reduce performance. In some cases, this may disallow new connections to be made to the server. There is no set default value for this entry, because it is determined by the computer's hardware configuration and the server, and may have to be adjusted. For additional information about configuring MaxWorkItems point your browser to https://support.microsoft.com/kb/317249.
Verify
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To verify the Shared Folder (SMB) server is available:
- Open an elevated Command Prompt window. Click Start, point to All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator.
- Type net config server.
- Verify that NetbiosSmb appears under the Server is active on section in the results.