Appendix A: TCP/IP Configuration Parameters

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The TCP/IP protocol suite implementation for Windows Server 2003 obtains all of its configuration data from the registry. This information is written to the registry by the Setup program. Some of this information is also supplied by the Dynamic Host Configuration Protocol (DHCP) client service, if it is enabled. This appendix defines all of the registry parameters used to configure the protocol driver, Tcpip.sys, which implements the standard TCP/IP network protocols.

The implementation of the protocol suite should perform properly and efficiently in most environments using only the configuration information gathered by Setup and DHCP. Optimal default values for all other configurable aspects of the protocols for most cases have been encoded into the drivers. Some customer installations may require changes to certain default values. To handle these cases, optional registry parameters can be created to modify the default behavior of some parts of the protocol drivers.

Note

The Windows TCP/IP implementation is largely self-tuning. Adjusting registry parameters may adversely affect system performance.

All of the TCP/IP parameters are registry values located under the registry key

HKEY_LOCAL_MACHINE

     \SYSTEM

          \CurrentControlSet

               \Services:

                    \Tcpip

                         \Parameters

Adapter-specific values are listed under subkeys for each adapter identified by the adapter's globally unique identifier (GUID).

To determine the GUID value for an adapter corresponding to a LAN connection in the Network Connections folder, do the following:

  1. Open the Network Connections folder and note the name of the LAN connection, such as "Local Area Connection."

  2. Click Start, click Run, type regedit.exe, and then click OK.

  3. Use the tree view (the left pane) of the Registry Editor tool to open the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}

  4. Under this key are one or more keys for the globally unique identifiers (GUIDs) corresponding to the installed LAN connections. Each of these GUID keys has a Connection subkey. Open each of the GUID\Connection keys and look for the Name setting in the contents pane whose value matches the name of your LAN connection from step 1.

  5. When you have found the GUID\Connection key that contains the Name setting that matches the name of your LAN connection, write down or otherwise note the GUID value.

Depending on whether the system or adapter is DHCP-configured or static override values are specified, parameters may have both DHCP and statically configured values. If any of these parameters are changed using the registry editor, a restart of the system is generally required for the change to take effect. A restart is usually not required if values are changed using the Network Connections folder.

Parameters Configurable Using the Registry Editor

The following parameters receive default values during the installation of the TCP/IP components. To modify any of these values, use the Registry Editor (Regedit.exe). A few of the parameters are visible in the registry by default, but most must be created to modify the default behavior of the TCP/IP protocol driver. Parameters configurable from the user interface are listed separately.

AllowUserRawAccess

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

Valid Range: 0, 1 (False, True)

Default: 0 (False)

Description: This parameter controls access to raw sockets. If true, non-administrative users have access to raw sockets. By default, only administrators have access to raw sockets. For more information about raw sockets, see Windows Sockets 2 (https://go.microsoft.com/fwlink/?LinkID=31786).

ArpAlwaysSourceRoute

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1, or not present (false, true, or not present)

Default: not present

Description: By default, the stack transmits ARP queries without source routing first and retries with source routing enabled if no reply is received. Setting this parameter to 0 causes all IP broadcasts to be sent without source routing. Setting this parameter to 1 forces TCP/IP to transmit all ARP queries with source routing enabled on Token Ring networks.

ArpCacheLife

Key: Tcpip\Parameters

Value Type: REG_DWORD—Number of seconds

Valid Range: 0–0xFFFFFFFF

Default: In absence of an ArpCacheLife parameter, the defaults for ARP cache time-outs are a two-minute time-out on unused entries and a ten-minute time-out on used entries.

Description: See ArpCacheMinReferencedLife 

ArpCacheMinReferencedLife

Key: Tcpip\Parameters

Value Type: REG_DWORD—Number of seconds

Valid Range: 0–0xFFFFFFFF

Default: 600 seconds (10 minutes)

Description: ArpCacheMinReferencedLife controls the minimum time until a referenced ARP cache entry expires. This parameter can be used in combination with the ArpCacheLife parameter, as follows:

  • If ArpCacheLife is greater than or equal to ArpCacheMinReferencedLife, referenced and unreferenced ARP cache entries expire in ArpCacheLife seconds.

  • If ArpCacheLife is less than ArpCacheMinReferencedLife, unreferenced entries expire in ArpCacheLife seconds, and referenced entries expire in ArpCacheMinReferencedLife seconds.

Entries in the ARP cache are referenced each time that an outbound packet is sent to the IP address in the entry.

ArpRetryCount

Key: Tcpip\Parameters

Value Type: REG_DWORD—Number

Valid Range: 0–3

Default: 3

Description: This parameter controls the number of times that the computer sends a gratuitous ARP for its own IP address(es) while initializing. Gratuitous ARPs are sent to ensure that the IP address is not already in use on the locally attached subnet. The value controls the actual number of ARPs sent, not the number of retries.

ArpTRSingleRoute

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: Setting this parameter to 1 causes ARP broadcasts that are source-routed (Token Ring) to be sent as single-route broadcasts, instead of all-routes broadcasts.

ArpUseEtherSNAP

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: Setting this parameter to 1 forces TCP/IP to transmit Ethernet packets using IEEE 802.3 SNAP encoding. By default, the stack transmits packets in Ethernet II format, also known as Ethernet DIX format. It always receives both formats.

DatabasePath

Key: Tcpip\Parameters

Value Type: REG_EXPAND_SZ—Character string

ValidRange: A valid file path

Default: %SystemRoot%\system32\drivers\etc

Description: This parameter specifies the path to the standard Internet database files (Hosts, Lmhosts, Network, Protocols, Services). It is used by the Windows Sockets interface.

DefaultTTL

Key: Tcpip\Parameters

Value Type: REG_DWORD—Number of seconds/hops

ValidRange: 0–0xff (0–255 decimal)

Default: 128

Description: Specifies the default time-to-live (TTL) value set in the header of outgoing IP packets. The TTL determines the maximum amount of time that an IP packet may live in the network without reaching its destination. It is effectively a limit on the number of links on which an IP packet is allowed to travel before being discarded.

DisableDHCPMediaSense

Key:  Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: This parameter can be used to control DHCP Media Sense behavior. If set to 1, the DHCP client ignores Media Sense events from the interface. By default, Media Sense events trigger the DHCP client to take an action, such as attempting to obtain a lease (when a connect event occurs), or invalidating the interface and routes (when a disconnect event occurs).

DisableIPSourceRouting

Key:  Tcpip\Parameters

Value Type: REG_DWORD—Boolean

Valid Range: 0, 1, 2

0 - forward all packets

1 - do not forward Source Routed packets

2 - drop all incoming Source Routed packets

Default: 1 (for Windows Server 2003 with no service packs installed), 2 (for Windows Server 2003 with Service Pack 1)

Description: IP source routing is a mechanism allowing the sender to determine the IP route that a datagram should take through the network. The Ping and Tracert tools have options to specify source routing.

DisableMediaSenseEventLog

Key:  Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: This parameter can be used to disable logging of DHCP Media Sense events. By default, Media Sense events (connection/disconnection from the network) are logged in the event log for troubleshooting purposes.

DisableTaskOffload

Key:  Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: This parameter instructs the TCP/IP stack to disable offloading of tasks to the network interface card for troubleshooting and test purposes.

DisableUserTOSSetting

Key:  Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: This parameter can be used to allow programs to manipulate the Type Of Service (TOS) bits in the header of outgoing IP packets. In Windows Server 2003, this defaults to True. In general, individual applications should not be allowed to manipulate TOS bits.

DontAddDefaultGateway

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0

Description: When you make a remote access connection that uses TCP/IP, a new default route is added to the route table with a metric lower than all other existing default routes. You can disable the automatic adding of this new default route by setting this registry parameter to 1. You can also disable this behavior from the properties of the TCP/IP protocol for a remote access connection in Network Connections. After doing so, you may need to configure static routes for destinations that are reachable across the remote access connection.

EnableAddrMaskReply

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: This parameter controls whether the computer responds to an ICMP address mask request.

EnableBcastArpReply

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: This parameter controls whether the computer responds to an ARP request when the source Ethernet address in the ARP is not unicast. Network Load Balancing Service (NLBS) will not work properly if this value is set to 0.

EnableDeadGWDetect

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: When this parameter is set to 1, TCP is allowed to perform dead gateway detection. With this feature enabled, TCP informs IP to change to a backup default gateway if a number of connections are experiencing difficulty. Backup default gateways are configured as advanced TCP/IP settings from the Network Connections folder. See the “Dead Gateway Detection” section in this article for details.

EnableICMPRedirects

Key:  Tcpip\Parameters  

Value Type: REG_DWORD--BOOLEAN

Valid Range:  0, 1 (False, True)

Default: 1 (True)

Recommendation: 0 (False)

Description: This parameter controls whether Windows Server 2003 TCP/IP will update its route table in response to ICMP Redirect messages that are sent to it by network devices such as a routers.

EnableFastRouteLookup

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: Fast route look-up is enabled if this flag is set. This can make route lookups faster at the expense of non-paged pool memory. This flag is used only if the computer runs Windows Server 2003 and falls into the medium or large class (in other words, contains at least 64 MB of memory). This parameter is created by the Routing and Remote Access service.

EnableMulticastForwarding

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: The routing service uses this parameter to control whether or not IP multicasts are forwarded. This parameter is created by the Routing and Remote Access service.

EnablePMTUBHDetect

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: Setting this parameter to 1 (true) causes TCP to try to detect PMTU black hole routers while doing Path MTU Discovery. A PMTU black hole router does not return ICMP Destination Unreachable messages when it needs to fragment an IP datagram with the Don’t Fragment bit set. TCP depends on receiving these messages to perform Path MTU Discovery. With this feature enabled, TCP tries to send segments without the Don’t Fragment bit set if several retransmissions of a segment go unacknowledged91. If the segment is acknowledged as a result, the MSS is decreased and the Don’t Fragment bit is set in future packets on the connection. Enabling PMTU black hole detection increases the maximum number of retransmissions that are performed for a given segment.

EnablePMTUDiscovery

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: When this parameter is set to 1 (true) TCP attempts to discover the Maximum Transmission Unit (MTU), or largest packet size, over the path to a remote host. By discovering the Path MTU (PMTU) and limiting TCP segments to this size, TCP can eliminate fragmentation at routers along the path that connect networks with different MTUs. Fragmentation adversely affects TCP throughput and network congestion. Setting this parameter to 0 (not recommended) causes an MTU of 576 bytes to be used for all connections that are not to destinations on a locally attached subnet.

FFPControlFlags

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: If this parameter is set to 1, Fast Forwarding Path (FFP) is enabled. If it is set to 0, TCP/IP instructs all FFP-capable adapters not to do any fast forwarding on this computer. FFP-capable network adapters can receive routing information from the stack and forward subsequent packets in hardware without passing them up to the stack. FFP parameters are located in the TCP/IP registry key, but are actually placed there by the Routing and Remote Access service.

FFPFastForwardingCacheSize

Key: Tcpip\Parameters

Value Type: REG_DWORD—Number of bytes

Valid Range: 0–0xFFFFFFFF

Default: 100,000 bytes

Description: This is the maximum amount of memory that a driver that supports fast forwarding path (FFP) can allocate for its fast-forwarding cache if it uses system memory for its cache. If the device has its own memory for fast-forwarding cache, this value is ignored.

GlobalMaxTcpWindowSize

Key: Tcpip\Parameters 

Value Type: REG_DWORD—Number of bytes

Valid Range: 0–0x3FFFFFFF (1073741823 decimal; however, values greater than 64 KB can only be achieved when connecting to other systems that support RFC 1323 window scaling, which is discussed in the TCP section of this article.)

Default: This parameter does not exist by default.

Description: The TcpWindowSize parameter can be used to set the receive window on a per-interface basis. This parameter can be used to set a global limit for the TCP window size on a system-wide basis.

IPAutoconfigurationAddress

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—String

ValidRange: A valid IP address

Default: None

Description: The DHCP client stores the IP address chosen using APIPA autoconfiguration here. This value should not be altered.

IPAutoconfigurationEnabled

Key: Tcpip\Parameters, Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: This parameter enables or disables IP autoconfiguration using APIPA. See the “Automatic Client Configuration and Media Sense” section of this article for details. This parameter can be set globally or per interface. If a per-interface value is present, it overrides the global value for that interface.

IPAutoconfigurationMask

Key: Tcpip\Parameters, Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—String

ValidRange: A valid IP subnet mask

Default: 255.255.0.0

Description: This parameter controls the subnet mask assigned to the client using APIPA autoconfiguration. See the “Automatic Client Configuration and Media Sense” section of this article for details. This parameter can be set globally or per interface. If a per-interface value is present, it overrides the global value for that interface.

IPAutoconfigurationSeed

Key: Tcpip\Parameters, Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—Number

Valid Range: 0–0xFFFF

Default: 0

Description: This parameter is used internally by the DHCP client and should not be modified.

IPAutoconfigurationSubnet

Key: Tcpip\Parameters, Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—String

ValidRange: A valid IP subnet

Default: 169.254.0.0

Description: This parameter controls the initial network ID used by APIPA autoconfiguration to pick an IP address for the client. See the “Automatic Client Configuration and Media Sense” section of this article for details. This parameter can be set globally or per interface. If a per-interface value is present, it overrides the global value for that interface.

IGMPLevel

Key: Tcpip\Parameters

Value Type: REG_DWORD—Number

Valid Range: 0,1,2

Default: 2

Description: This parameter determines to what extent the system supports IP multicasting and participates in the Internet Group Management Protocol. At level 0, the system provides no multicast support. At level 1, the system can send IP multicast packets but cannot receive them. At level 2, the system can send IP multicast packets and fully participate in IGMP to receive multicast packets.

IPEnableRouter

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: Setting this parameter to 1 (true) causes the system to forward IP packets that have a destination address that is not assigned to it.

IPEnableRouterBackup

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: Setup writes the previous value of IPEnableRouter to this key. It should not be adjusted manually.

KeepAliveInterval

Key: Tcpip\Parameters

Value Type: REG_DWORD—time in milliseconds

Valid Range: 1–0xFFFFFFFF

Default: 1000 (one second)

Description: This parameter determines the interval between TCP keep-alive retransmissions until a response is received. Once a response is received, the delay until the next keep-alive transmission is again controlled by the value of KeepAliveTime. The connection is aborted after the number of retransmissions specified by TcpMaxDataRetransmissions have gone unanswered.

KeepAliveTime

Key: Tcpip\Parameters

Value Type: REG_DWORD—time in milliseconds

Valid Range: 1–0xFFFFFFFF

Default: 7,200,000 (two hours)

Description: The parameter controls how often TCP attempts to verify that an idle connection is still intact by sending a keep-alive packet. If the remote system is still reachable and functioning, it acknowledges the keep-alive transmission. Keep-alive packets are not sent by default. This feature may be enabled on a connection by an application.

MaxForwardBufferMemory

Key: Tcpip\Parameters

Value Type: REG_DWORD—number of bytes

ValidRange: network MTU–0xFFFFFFFF

Default: 2097152 decimal (2 MB)

Description: This parameter limits the total amount of memory that IP can allocate to store packet data in the router packet queue. This value must be greater than or equal to the value of the ForwardBufferMemory parameter. See the description of ForwardBufferMemory for more details.

MaxForwardPending

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—number of packets

Valid Range: 1–0xFFFFFFFF

Default: 0x1388 (5000 decimal)

Description: This parameter limits the number of packets that the IP forwarding engine can submit for transmission to a specific network interface at any time. Additional packets are queued in IP until outstanding transmissions on the interface complete. Most network adapters transmit packets very quickly, so the default value is sufficient. A single remote access interface, however, may multiplex many slow serial lines. Configuring a larger value for this type of interface may improve its performance. The appropriate value depends on the number of outgoing lines and their load characteristics.

MaxFreeTcbs

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 0–0xFFFFFFFF

Default: The following default values are used (note that small is defined as a computer with less than 19 MB of RAM, medium is 19–63 MB of RAM, and large is 64 MB or more of RAM. Although this code still exists, nearly all computers are large now).

For Windows Server 2003:

  • Small system—500

  • Medium system—1000

  • Large system—2000

For Windows XP:

  • Small system—250

  • Medium system—500

  • Large system—1000

Description: This parameter controls the number of cached (pre-allocated) Transport Control Blocks (TCBs) that are available. A TCB is a data structure that is maintained for each TCP connection.

MaxHashTableSize

Key: Tcpip\Parameters

Value Type: REG_DWORD—number (must be a power of 2)

ValidRange: 0x40–0x10000 (64-65536 decimal)

Default: 512

Description: This value should be set to a power of 2 (for example, 512, 1024, 2048, and so on.) If this value is not a power of 2, the system configures the hash table to the next power of 2 value (for example, a setting of 513 is rounded up to 1024.) This value controls how fast the system can find a TCB and should be increased if MaxFreeTcbs is increased from the default.

MaxICMPHostRoutes

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

ValidRange: 0–0x7FFFFFFE

Default: 0x3E8 (1000 in decimal) or 0x2710 (10000 in decimal) with the update to Windows Server 2003 SP1, which is available in article 898060 from the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkID=67906).

Description: This value restricts the number of host routes that can be added to the local IP route table by receiving ICMP Redirect messages. You should not change this value unless the computer needs to be able to add a large number of host routes by receiving ICMP Redirect messages.

MaxNormLookupMemory

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

ValidRange: Any DWORD (0xFFFFFFFF means no limit on memory.)

Default: The following default values are used (Small is defined as a computer with less than 19 MB of RAM, Medium is 19–63 MB of RAM, and Large is 64 MB or more of RAM. Although this code still exists, nearly all computers are Large now).

For Windows Server 2003:

  • Small system—150,000 bytes, which accommodates 1000 routes

  • Medium system—1,500,000 bytes, which accommodates 10,000 routes

  • Large system—5,000,000 bytes, which accommodates 40,000 routes

For Windows XP:

  • 150,000 bytes, which accommodates 1000 routes

Description: This parameter controls the maximum amount of memory that the system allows for the route table data and the routes themselves. It is designed to prevent memory exhaustion on the computer caused by adding large numbers of routes.

MaxNumForwardPackets

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 1–0xFFFFFFFF

Default: 0xFFFFFFFF

Description: This parameter limits the total number of IP packet headers that can be allocated for the router packet queue. This value must be greater than or equal to the value of the NumForwardPackets parameter. See the description of NumForwardPackets for more details.

MaxUserPort

Key: Tcpip\Parameters

Value Type: REG_DWORD—maximum port number

ValidRange: 5000–65534 (decimal)

Default: 0x1388 (5000 decimal)

Description: This parameter controls the maximum port number used when an application requests any available user port from the system. Normally, short-lived ports are allocated in the range from 1024 through 5000. Setting this parameter to a value outside of the valid range causes the nearest valid value to be used (5000 or 65534).

MTU

Key:  Tcpip\Parameters\Interfaces\interfaceGUID 

Value Type: REG_DWORD—number

ValidRange: 88–the MTU of the underlying network

Default: 0xFFFFFFFF

Description: This parameter overrides the default Maximum Transmission Unit (MTU) for a network interface. The MTU is the maximum IP packet size, in bytes, that can be transmitted over the underlying network. For values larger than the default for the underlying network, the network default MTU is used. For values smaller than 88, the MTU of 88 is used.

Note

Windows Server 2003 TCP/IP uses PMTU detection by default and queries the network interface card driver to find out what local MTU is supported. Altering the MTU parameter is generally not necessary and may result in reduced performance. See the "Path Maximum Transmission Unit (PMTU) Discovery" section of this article for more details.

NumForwardPackets

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

ValidRange: 1—some reasonable value smaller than 0xFFFFFFFF

Default: 0x32 (50 decimal)

Description: This parameter determines the number of IP packet headers that are allocated for the router packet queue. When all headers are in use, the system attempts to allocate more, up to the value configured for MaxNumForwardPackets. This value should be at least as large as the ForwardBufferMemory value divided by the maximum IP data size of the networks that are connected to the router. It should be no larger than the ForwardBufferMemory value divided by 256 because at least 256 bytes of forward buffer memory is used for each packet. The optimal number of forward packets for a given ForwardBufferMemory size depends on the type of traffic that is carried on the network and is somewhere between these two values. This parameter is ignored and no headers are allocated if routing is not enabled.

NumTcbTablePartitions

Key:  Tcpip\Parameters

Value Type: REG_DWORD—number of TCB table partitions

Valid Range: 1–0xFFFF

Default: 4

Description: This parameter controls the number of TCB table partitions. The TCB table can be portioned to improve scalability on multi-processor systems by reducing contention on the TCB table. This value should not be modified without a careful performance study. A suggested maximum value is (number of CPUs)(2.

PerformRouterDiscovery

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD

Valid Range:  0, 1, 2

0 (disabled)

1 (enabled)

2 (enable only if DHCP sends the Perform Router Discovery option)

Default: 2, DHCP-controlled but off by default.

Description: This parameter controls whether Windows Server 2003 TCP/IP attempts to perform router discovery per RFC 1256 on a per-interface basis. See also SolicitationAddressBcast.

PerformRouterDiscoveryBackup

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: none

Description: This parameter is used internally to keep a back-up copy of the PerformRouterDiscovery value. It should not be modified.

PPTPTcpMaxDataRetransmissions

Key: Tcpip\Parameters

Value Type: REG_DWORD—number of times to retransmit a PPTP packet

Valid Range: 0–0xFF

Default: 5

Description: This parameter controls the number of times that a PPTP packet is retransmitted if it is not acknowledged. This parameter was added to allow retransmission of PPTP traffic to be configured separately from regular TCP traffic.

ReservedPorts

Key: Tcpip\Parameters

Value Type: REG_MULTI_SZ

ValidRange: xxxx-yyyy  The string uses the format xxxx-yyyy.  (port range)

Default: NA

Description: Allows ports to be reserved so that they are not used as part of the 1024 or greater range. This is useful for applications that want a specific port range.

SackOpts

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: This parameter controls whether or not Selective Acknowledgment (SACK) support, as specified in RFC 2018, is enabled. SACK is described in more detail in the “Transmission Control Protocol (TCP)” section of this article.

SolicitationAddressBcast

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: This parameter can be used to configure Windows to send router discovery messages as broadcasts instead of multicasts, as described in RFC 1256. By default, if router discovery is enabled, router discovery solicitations are sent to the all-routers multicast group (224.0.0.2). See also PerformRouterDiscovery.

StrictARPUpdate

Key: Tcpip\Parameters

Value Type: REG_DWORD

Valid Range: 0-1

Default: 0

Description: Specifies whether TCP/IP in Windows Server 2003 SP1 will store in the ARP cache the MAC address of the last ARP reply received (StrictARPUpdate=0) or the MAC address of the first ARP reply received (StrictARPUpdate=1). With StrictARPUpdate set to 1, TCP/IP will not update the MAC address of an existing ARP cache entry if it receives additional unsolicited ARP replies.

SynAttackProtect

Key:  Tcpip\Parameters

Value Type: REG_DWORD

Valid Range: 0, 1

0 (no SYN attack protection)

1 (reduced retransmission retries and delayed RCE [route cache entry] creation if the TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are satisfied and a delayed indication to Winsock is made.)

Note

When the system finds itself under attack the following options on any socket can no longer be enabled: scalable windows (RFC 1323) and per adapter configured TCP parameters (Initial RTT, window size). This is because when protection is functioning the route cache entry is not queried before the SYN-ACK is sent and the Winsock options are not available at this stage of the connection.

Default: 1 - enabled for Windows Server 2003 Service Pack 1, 0 -disabled for Windows Server 2003 with no service packs installed

Recommendation: 1

Description: SYN attack protection involves reducing the amount of retransmissions for the SYN-ACKS, which will reduce the time for which resources have to remain allocated. The allocation of route cache entry resources is delayed until a connection is made and the connection indication to AFD is delayed until the three-way handshake is completed. Note that the actions taken by the protection mechanism only occur if TcpMaxHalfOpen and TcpMaxHalfOpenRetried settings are exceeded.

Tcp1323Opts

Key: Tcpip\Parameters

Value Type: REG_DWORD—number (flags)

Valid Range: 0, 1, 2, 3

0 (disable RFC 1323 options)

1 (window scaling enabled only)

2 (timestamps enabled only)

3 (both options enabled)

Default: No value. The default behavior is as follows: do not use the Timestamp and Window Scale options when initiating TCP connections but use them if the TCP peer that is initiating communication includes them in the SYN segment.

Description: This parameter controls the use of RFC 1323 Timestamp and Window Scale TCP options. Explicit settings for timestamps and window scaling are manipulated with flag bits. Bit 0 controls window scaling, and bit 1 controls timestamps.

TcpAckFrequency

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—number

Valid Range: 0–255

Default: 2

Description: Specifies the number of ACKs that will be outstanding before the delayed ACK timer is ignored. Microsoft does not recommend changing this value from the default without careful study of the environment.

TcpDelAckTicks

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—number

Valid Range: 2–6

Default: 2

Description: Specifies the number of 100-millisecond intervals to use for the delayed-ACK timer on a per-interface basis. By default, the delayed-ACK timer is 200 milliseconds. If you set this value to 0 or 1, the delayed-ACK time is 200 milliseconds. Microsoft does not recommend changing this value from the default without careful study of the environment.

TcpInitialRTT

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—number

Valid Range: 0–0xFFFF

Default: 3

Description: This parameter controls the initial time-out in seconds used for a TCP connection request and initial data retransmission on a per-interface basis. Use caution when tuning with this parameter because exponential backoff is used. Setting this value to larger than 3 results in much longer time-outs to nonexistent addresses.

TcpMaxConnectResponseRetransmissions

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 0–255

Default: 2

Description: This parameter controls the number of times that a SYN-ACK is retransmitted in response to a connection request if the SYN is not acknowledged. If this value is greater than or equal to 2, the stack employs SYN attack protection internally. If this value is less than 2, the stack does not read the registry values at all for SYN attack protection. See also SynAttackProtect, TCPMaxPortsExhausted, TCPMaxHalfOpen, and TCPMaxHalfOpenRetried.

TcpMaxConnectRetransmissions

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

ValidRange: 0–255 (decimal)

Default: 2

Description: This parameter determines the number of times that TCP retransmits a connect request (a SYN segment) before aborting the attempt. The retransmission time-out is doubled with each successive retransmission in a given connect attempt. The initial time-out is controlled by the TcpInitialRtt registry value.

TcpMaxDataRetransmissions

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 0–0xFFFFFFFF

Default: 5

Description: This parameter controls the number of times that TCP retransmits an individual data segment (not connection request segments) before aborting the connection. The retransmission time-out is doubled with each successive retransmission on a connection. It is reset when responses resume. The Retransmission Timeout (RTO) value is dynamically adjusted, using the historical measured round-trip time (Smoothed Round Trip Time) on each connection. The starting RTO on a new connection is controlled by the TcpInitialRtt registry value.

TcpMaxDupAcks

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 1–3

Default: 2

Description: This parameter determines the number of duplicate ACKs that must be received for the same sequence number of sent data before fast retransmit is triggered to resend the segment that has been dropped in transit. This mechanism is described in more detail in the “Transmission Control Protocol (TCP)” section of this article.

TcpMaxSendFree

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 0–0xFFFF

Default: 5000

Description: This parameter controls the size limit of the TCP header table. On machines with large amounts of RAM increasing this setting can improve responsiveness during a SYN attack.

TcpNumConnections

Key: Tcpip\Parameters

Value Type: REG_DWORD—number

Valid Range: 0–0xFFFFFE

Default: 0xFFFFFE

Description: This parameter limits the maximum number of connections that TCP can have open simultaneously.

TcpTimedWaitDelay

Key: Tcpip\Parameters

Value Type: REG_DWORD—time in seconds

ValidRange: 30-300 (decimal)

Default: 0xF0 (120 decimal)

Description: This parameter determines the length of time that a connection stays in the TIME_WAIT state when being closed. While a connection is in the TIME_WAIT state, the socket pair cannot be reused. This is also known as the 2MSL state because the value should be twice the maximum segment lifetime on the network. See RFC 793 for further details.

TcpUseRFC1122UrgentPointer

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: This parameter determines whether TCP uses the RFC 1122 or RFC 793 specification for urgent data (used by BSD-derived systems). There are two ways to interpret the value of the Urgent Pointer field in the TCP header: RFC 793 defines the value as indicating the first byte of normal data, RFC 1122 defines the value as indicating the last byte of urgent data. These two interpretations are not interoperable. Windows Server 2003 TCP/IP defaults to the RFC 793 interpretation (BSD mode).

TcpWindowSize

Key: Tcpip\Parameters, Tcpip\Parameters\Interface\interfaceGUID

Value Type: REG_DWORD—number of bytes

ValidRange: 0–0x3FFFFFFF (1073741823 decimal). In practice the TCP/IP stack will round the number set to the nearest multiple of maximum segment size (MSS). Values greater than 64 KB can be achieved only when connecting to other systems that support RFC 1323 Window Scaling, which is discussed in the “Transmission Control Protocol (TCP)” section of this article.

Default: The smaller of the following values:

  • 0xFFFF

  • GlobalMaxTcpWindowSize (another registry parameter)

  • The larger of four times the MSS

  • 16384 rounded up to an even multiple of the MSS

The stack also tunes itself based on the media speed:

  • Below 1 Mbps: 8 KB

  • 1 Mbps – 100 Mbps: 17 KB

  • Greater than 100 Mbps: 64 KB

The default can start at 17520 for Ethernet, but may shrink slightly when the connection is established to another computer that supports extended TCP header options, such as Selective Acknowledgements (SACK) and TCP Timestamps, because these options increase the size of the TCP header beyond the usual 20 bytes, leaving slightly less room for data.

Description: This parameter determines the maximum TCP receive window size offered. The receive window specifies the number of bytes that a sender can transmit without receiving an acknowledgment. In general, larger receive windows improve performance over high-delay, high-bandwidth networks. For greatest efficiency, the receive window should be an even multiple of the TCP Maximum Segment Size (MSS). This parameter is both a per-interface parameter and a global parameter, depending upon where the registry key is located. If there is a value for a specific interface, that value overrides the system-wide value. See also GobalMaxTcpWindowSize.

TrFunctionalMcastAddress

Key: Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 1 (true)

Description: This parameter determines whether IP multicasts are sent using the Token Ring functional address of 0xC0-00-00-04-00-00 (=1) or the MAC-level broadcast address of 0xFF-FF-FF-FF-FF-FF (=0). For more information, see RFC 1469.

TypeOfInterface

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD

Valid Range: 0, 1, 2, 3

Default: 0 (allow multicast and unicast)

Description: This parameter determines whether the interface gets routes plumbed for unicast, multicast, or both traffic types, and whether those traffic types can be forwarded. If it is set to 0, both unicast and multicast traffic are allowed. If it is set to 1, unicast traffic is disabled. If it is set to 2, multicast traffic is disabled. If it set to 3, both unicast and multicast traffic are disabled. Since this parameter affects forwarding and routes, it may still be possible for a local application to send multicasts out over an interface, if there are no other interfaces in the computer that are enabled for multicast, and a default route exists.

UseZeroBroadcast

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: If this parameter is set to 1 (true), IP will use the all 0s address for the limited broadcast address (0.0.0.0) instead of the all 1s address (255.255.255.255). Most systems use the all 1s broadcasts, but some systems derived from BSD implementations use the all 0s broadcasts. Systems that use different broadcasts do not interoperate well on the same network.

Parameters Configurable from the User Interface

The following parameters are created and modified automatically by configuring TCP/IP properties from Network Connections. There should be no need to configure them directly in the registry.

DefaultGateway

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of dotted decimal IP addresses

ValidRange: Any set of valid IP addresses

Default: None

Description: This parameter specifies the list of gateways to be used to route packets that are not destined for a subnet that the computer is directly connected to, and for which a more specific route does not exist. This parameter, if it has a valid value, overrides the DhcpDefaultGateway parameter. There is only one active default gateway for the computer at any time, so adding multiple addresses is only done for redundancy. See the “Dead Gateway Detection” section in this article for details.

Domain

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—character string

ValidRange: Any valid DNS domain name

Default: None

Description: This parameter specifies the DNS domain name of the interface. In Windows Server 2003, this and NameServer are per-interface parameters, rather than system-wide parameters. This parameter overrides the DhcpDomain parameter (filled in by the DHCP client), if it exists.

EnableDhcp

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: If this parameter is set to 1 (true), the DHCP client service attempts to use DHCP to configure the first IP interface on this adapter.

EnableSecurityFilters

Key:  Tcpip\Parameters

Value Type: REG_DWORD—Boolean

ValidRange: 0, 1 (false, true)

Default: 0 (false)

Description: If this parameter is set to 1 (true), IP security filters are enabled. See TcpAllowedPorts, UdpAllowedPorts, and RawIPAllowedPorts. To configure these values, on the Start menu, point to Settings, then click Network Connections, right-click Local Area Connection, and then click Properties. Select Internet Protocol (TCP/IP), and click Properties, then click Advanced. Click the Options tab, select TCP/IP filtering, and click Properties.

Hostname

Key: Tcpip\Parameters

Value Type: REG_SZ—character string

ValidRange: Any valid DNS hostname

Default: The computer name of the system

Description: This parameter specifies the DNS host name of the system, which is returned by the hostname command.

IPAddress

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of dotted-decimal IP addresses

ValidRange: Any set of valid IP addresses

Default: None

Description: This parameter specifies the IP addresses of the IP interfaces to be bound to the adapter. If the first address in the list is 0.0.0.0, the primary interface on the adapter is configured from DHCP. A system with more than one IP interface for an adapter is logically multihomed. There must be a valid subnet mask value in the SubnetMask parameter for each IP address that is specified in this parameter. To add parameters with Regedit.exe, select this key and type the list of IP addresses, pressing Enter after each one. Then modify the SubnetMask value, and type a corresponding list of subnet masks.

NameServer

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—a space delimited list of dotted decimal IP addresses

ValidRange: Any set of valid IP address

Default: None (blank)

Description: This parameter specifies the DNS name servers that Windows Sockets queries to resolve names. In Windows Server 2003, this and the DomainName are per-interface settings.

RawIpAllowedProtocols

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of IP protocol numbers

ValidRange: Any set of valid IP protocol numbers

Default: None

Description: This parameter specifies the list of IP protocol numbers for which incoming datagrams are accepted on an IP interface when security filtering is enabled (EnableSecurityFilters = 1). The parameter controls the acceptance of IP datagrams by the raw IP transport, which is used to provide raw sockets. It does not control IP datagrams that are passed to other transports (for example, TCP). An empty list indicates that no values are acceptable. A single value of 0 indicates that all values are acceptable. The behavior of a list containing the value 0 mixed with other, nonzero values is undefined. If this parameter is missing from an interface, all values are acceptable. This parameter applies to all IP interfaces that are configured on a specific adapter.

SearchList

Key: Tcpip\Parameters

Value Type: REG_SZ—space delimited list of DNS domain name suffixes

Valid Range: 1-50

Default: None

Description: This parameter specifies a list of domain name suffixes to append to a name to be resolved through DNS if resolution of the unadorned name fails. By default, only the value of the Domain parameter is appended. This parameter is used by the Windows Sockets interface. See also the AllowUnqualifiedQuery parameter.

SubnetMask

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of dotted decimal subnet masks

ValidRange: Any set of valid subnet masks.

Default: None

Description: This parameter specifies the subnet masks to be used with the IP interfaces bound to the adapter. If the first mask in the list is 0.0.0.0, the primary interface on the adapter is configured using DHCP. There must be a valid subnet mask value in this parameter for each IP address specified in the IPAddress parameter.

TcpAllowedPorts

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of TCP port numbers

ValidRange: Any set of valid TCP port numbers

Default: None

Description: This parameter specifies the list of TCP port numbers for which incoming SYNs are accepted on an IP interface when security filtering is enabled (EnableSecurityFilters = 1). An empty list indicates that no values are acceptable. A single value of 0 indicates that all values are acceptable. The behavior of a list containing the value 0 mixed with other, nonzero values is undefined. If this parameter is missing from an interface, all values are acceptable. This parameter applies to all IP interfaces configured on a specified adapter.

UdpAllowedPorts

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of UDP port numbers

ValidRange: Any set of valid UDP port numbers

Default: None

Description: This parameter specifies the list of UDP port numbers for which incoming datagrams are accepted on an IP interface when security filtering is enabled (EnableSecurityFilters = 1). An empty list indicates that no values are acceptable. A single value of 0 indicates that all values are acceptable. The behavior of a list containing the value 0 mixed with other, nonzero values is undefined. If this parameter is missing from an interface, all values are acceptable. This parameter applies to all IP interfaces configured on a specified adapter.

Parameters Configurable Using the Route Command

The route command can store persistent IP routes as values under the Tcpip\Parameters\PersistentRoutes registry key. Each route is stored in the value name string as a comma-delimited list of the form:

destination,subnet mask,gateway,metric

For example, the command:

route add 10.99.100.0 MASK 255.255.255.0 10.99.99.1 METRIC 1 /p

produces the registry value:

10.99.100.0,255.255.255.0,10.99.99.1,1

The value type is a REG_SZ. There is no value data (empty string). Addition and deletion of these values can be accomplished using the route command. There should be no need to configure them directly.

Non-Configurable Parameters

The following parameters are created and used internally by the TCP/IP components. They should never be modified using the Registry Editor. They are listed here for reference only.

DhcpDefaultGateway

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—list of dotted decimal IP addresses

ValidRange: Any set of valid IP addresses

Default: None

Description: This parameter specifies the list of default gateways to be used to route packets that are not destined for a subnet to which the computer is directly connected and for which a more specific route does not exist. This parameter is written by the DHCP client service, if enabled. This parameter is overridden by a valid DefaultGateway parameter value. Although this parameter is set on a per-interface basis, there is always only one default gateway active for the computer. Additional entries are treated as alternatives if the first one is down.

DhcpIPAddress

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—dotted decimal IP address

ValidRange: Any valid IP address

Default: None

Description: This parameter specifies the DHCP-configured IP address for the interface. If the IPAddress parameter contains a first value other than 0.0.0.0, that value overrides this parameter.

DhcpDomain

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—Character string

ValidRange: Any valid DNS domain name

Default: None (provided by DHCP server)

Description: This parameter specifies the DNS domain name of the interface. In Windows Server 2003, this and NameServer are now per-interface parameters, rather than system-wide parameters. If the Domain key exists, it overrides the DhcpDomain value.

DhcpNameServer

Key: Tcpip\Parameters

Value Type: REG_SZ—A space delimited list of dotted decimal IP addresses

ValidRange: Any set of valid IP address

Default: None

Description: This parameter specifies the DNS name servers to be queried by Windows Sockets to resolve names. It is written by the DHCP client service, if enabled. If the NameServer parameter has a valid value, it overrides this parameter.

DhcpServer

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—dotted decimal IP address

ValidRange: Any valid IP address

Default: None

Description: This parameter specifies the IP address of the DHCP server that granted the lease on the IP address in the DhcpIPAddress parameter.

DhcpSubnetMask

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—dotted decimal IP subnet mask

ValidRange: Any subnet mask that is valid for the configured IP address

Default: None

Description: This parameter specifies the DHCP-configured subnet mask for the address specified in the DhcpIPAddress parameter.

DhcpSubnetMaskOpt

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_SZ—dotted decimal IP subnet mask

ValidRange: Any subnet mask that is valid for the configured IP address

Default: None

Description: This parameter is filled in by the DHCP client service and is used to build the DhcpSubnetMask parameter, which the stack actually uses. Validity checks are performed before the value is inserted into the DhcpSubnetMask parameter.

Lease

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—time in seconds

Valid Range: 1–0xFFFFFFFF

Default: None

Description: The DHCP client service uses this parameter to store the time, in seconds, for which the lease on the IP address for this adapter is valid.

LeaseObtainedTime

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—absolute time, in seconds, since midnight of 1/1/70

Valid Range: 1–0xFFFFFFFF

Default: None

Description: The DHCP client service uses this parameter to store the time at which the lease on the IP address for this adapter was obtained.

LeaseTerminatesTime

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—absolute time, in seconds, since midnight of 1/1/70

Valid Range: 1–0xFFFFFFFF

Default: None

Description: The DHCP client service uses this parameter to store the time at which the lease on the IP address for this adapter expires.

LLInterface

Key: Tcpip\Parameters\Adapters\interfaceGUID

Value Type: REG_SZ—Windows Server 2003 device name

ValidRange: A legal Windows Server 2003 device name

Default: Empty string (blank)

Description: This parameter is used to direct IP to bind to a different link-layer protocol than the built-in ARP module. The value of the parameter is the name of the Windows Server 2003 device to which IP should bind. This parameter is used in conjunction with the RAS component, for example. It is only present when ARP modules other than LAN bind to IP.

NTEContextList

Key:  Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_MULTI_SZ—number

Valid Range: 0–0xFFFF

Default: none

Description: This parameter identifies the context of the IP address associated with an interface. Each IP address associated with an interface has its own context number. The values are used internally to identify an IP address and should not be altered.

T1

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—absolute time, in seconds, since midnight of 1/1/70

Valid Range: 1–0xFFFFFFFF

Default: None

Description: The DHCP client service uses this parameter to store the time at which the service first tries to renew the lease on the IP address for the adapter by contacting the server that granted the lease.

T2

Key: Tcpip\Parameters\Interfaces\interfaceGUID

Value Type: REG_DWORD—absolute time, in seconds, since midnight of 1/1/70

Valid Range: 1–0xFFFFFFFF

Default: None

Description: The DHCP client service uses this parameter to store the time at which the service tries to renew the lease on the IP address for the adapter by broadcasting a renewal request. Time T2 should only be reached if the service is unable to renew the lease with the original server for some reason.